ZoneAlarm update fixes tricky glitches

ZoneAlarm update fixes tricky glitches

By Brian Livingston

Burned users howled when they ran into problems with the new, 6.0 version of ZoneAlarm Pro and ZoneAlarm Security Suite last month — but the makers of the award-winning software have now released an update that they say corrects the errors.

I reported on Aug. 11 that the original July 21 “point-oh” release of the Zone Labs family — technically speaking, version 6.0.631 — was being blamed by users for conflicting with other applications, interfering with POP3 e-mail downloads, and worse. I quoted Zone Labs as saying that the troubles were caused by installing version 6.0 over an older version. This, of course, should have been fine and the company hadn’t previously advised users that a clean install was necessary.

The new 6.0.667 build of ZoneAlarm products, released on Sept. 6, is being credited by experienced users with fixing most or all of the reported difficulties.

“As far as I can see, they have fixed all bugs that I have reported on the beta, including a nasty BSOD [Blue Screen of Death] with a known antivirus,” says a user named Fax, a frequent contributor to Zone Alarm’s user forum.

“Do NOT install version 6.0.631.003,” writes another correspondent named GreyBird. “The version that fixed many of the problems you have read about is version 6.0.667.000. Install the newer version instead.”
 
A new build ends Zone Labs’ headaches

Every developer of complex software dreads the day that some unforeseen glitch ruins the day for users. Having been hit with just such a bad dream, Zone Labs can be complimented for recognizing the problem and issuing an update much quicker than some larger software companies I could name.

In an interview, Zone Labs spokeswoman Allison Wagda acknowledged that the new 6.0.667 release was designed to correct known issues. “The update was specifically targeted for those users who had challenges upgrading to the 6.0 product,” she states. “The primary problem was with the upgrade install process.”

Wagda says this is cleaned up in the new version, as well as a conflict version 6.0.631 had with Propel Accelerator, a dial-up enhancement offered by Earthlink and NetZero. In addition, there were no problems with the free version of the ZoneAlarm firewall, just the Pro, Antivirus, and Security Suite versions.

Considering the protests of many ZoneAlarm users who’d been bitten by the install problems, I’m surprised that the new 6.0.667 release has generated almost no notice in major news sources. A search earlier today for zonealarm 6.0.667 at news.google.com, for example, revealed just the message, “Your search did not match any documents.”

Numerous download sites and discussions groups on the Web have mentioned the new version, of course. But I feel ZoneAlarm is used by so many people and plays such an important role in protecting PC users’ security that the fixed version should be much more widely reported.

For all of the above reasons, I’m describing some tips below on how to install ZoneAlarm 6.0.631 properly, as well as how to dig yourself out of any problems 6.0.631 may have caused you.

Avoiding and correcting ZoneAlarm gotchas

1. How to upgrade. Zone Labs’ Wagda points out that people who have ZoneAlarm’s Check for updates setting turned on should have been upgraded automatically to version 6.0.667 last week. If you’ve turned this off, simply open ZoneAlarm and check for updates manually. You can install 6.0.667 right over 6.0.631 or 5.x with no problems, Wagnda says.

2. Deciding whether to uninstall. If you have such severe problems that the new version of ZoneAlarm won’t install when you check for upgrades, you should perform either a normal uninstall or a “clean uninstall,” which is different. Both forms are described below in point 3.

If you plan to install a new version of ZoneAlarm or some other firewall software, download the software or purchase a retail package before uninstalling ZoneAlarm. Before you uninstall any software firewall, physically disconnect your cable from the Internet and don’t plug it back in until your new firewall is working (unless you have a hardware firewall). Otherwise, you might get infected by hackers using automated port scans to detect vulnerable PCs. This can occur to a nonfirewalled PC in as little as one minute.

3. How to uninstall. If your problems are not severe, but Check for upgrades doesn’t work, a normal ZoneAlarm uninstall, followed by a reinstall, should correct the difficulty. For a normal uninstall of ZoneAlarm, simply click the Start button and run the uninstall routine you’ll find in the ZoneAlarm portion of the menu.

If a normal uninstall isn’t enough, or you want to uninstall ZA 6.x and go back to ZA 5.x, a clean uninstall is better. (Note: A clean uninstall will not preserve your settings if you reinstall ZoneAlarm.) To guarantee a clean uninstall, right-click ZoneAlarm’s Uninstall menu item, then click Properties. Add a space and the string /clean to the executable name, so the line looks similar to this:

“C:Program FilesZone LabsZoneAlarmzauninst.exe” /clean

Save the change and then run the menu item. The /clean switch, and other important information, is explained in detail in a post by a Zone Labs host named Don Hoover and a set of screen captures by a premium poster named Iggy.

If the automated uninstall fails, or any other problems occur, Zone Labs has posted a detailed set of instructions. Following these steps will manually remove every trace of ZoneAlarm. In addition, you should refer to several troubleshooting steps that might be needed (in the worst case) to complete a manual uninstall.

4. How to install a new version. The ZoneAlarm family now includes six different flavors, ranging from the free firewall edition to the complete Security Suite. I recommend that individual PC users buy and use the entire suite (street price about $59.95), for reasons I describe in the next section below. If you’d like to see the features of all six products, Zone Labs has a handy comparison chart. You can download the version you wish directly from that page.

If you need to roll back to a previous version, for whatever reason, Zone Labs maintains an exhaustive listing of every previously released product. You can download old versions, as well as see which features were added over time, from the release history page.

5. How to register. If you use a flavor of ZoneAlarm that’s more capable than the free version, you should read a helpful page of purchase and renewal tips provided by a user-forum guru named Jarvis. Among other things, his page advises you on when to renew a 1-year service term to get the greatest benefit.

6. Watch and learn. Running complex software on Windows requires that you stay informed on possible conflicts and any new upgrades that may be required to eliminate them. Read up on Zone Labs’ technical support. Join and monitor Zone Labs’ user forum. Finally, check out columnist Fred Langa’s readers’ comments on ZoneAlarm 6.0, some of whom report no problems while other cite specific complaints.

Why Security Suite is the version to get

I’m excited by Zone Alarm Security Suite because, for the first time, it unites antivirus, antispam, antispyware and Windows kernel protection on top of an excellent software firewall in a single package.

Windows security is a tricky and serious issue. Some technical Windows users will prefer setting up and configuring three or four different packages to get good coverage. But most PC users will find that far too daunting. Since ZoneAlarm has very strong individual components, installing just one package is the best approach for most homes and small-businesses.

I’m not alone in recommending ZoneAlarm Security Suite. I have no testing lab of my own, so I rely on respected computer publishers to release detailed results that I can analyze. Security Suite 6.0 quickly achieved Editor’s Choice awards from both PC Magazine and CNET, and rightly so. Having to install separate programs for each function that ZA Security Suite performs will go the way of the dodo, I believe.

Having said that, please note that the Security Baseline (which is published in each newsletter, below) still recommends using CounterSpy antispyware software in addition to ZA Security Suite. Sunbelt Software’s CounterSpy has won so many major awards for its spyware detection and removal that I feel it clearly provides excellent protection.

An additional level of defense is provided by letting CounterSpy and ZA Security Suite both scan your hard disk for spyware. Make sure the deep scans are set up to occur at different times of day. In addition, it’s important that you turn off ZA Security Suite’s real-time spyware scanning if you use CounterSpy’s, since the two real-time processes will conflict (as with real-time antivirus scans).

I’d like to thank all of my readers who sent comments about ZoneAlarm’s version 6.0 snafu, especially Lorin Ricker, whose analysis I published in the Aug. 11 newsletter. Hopefully, the day will come when our defenses are so strong that spammers, phishers, and virus writers give up and leave us alone. Until that day, I’ll keep updating the Security Baseline so every PC user has a chance to see exactly what’s needed for safe computing.

To send me more details about ZoneAlarm, or to send in a tip on any other subject, visit WindowsSecrets.com/contact. You’ll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print.

Brian Livingston is editor of the Windows Secrets Newsletter and the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books.

Four sites name the best LCDs

By Vickie Stevens LCD screens are what most of us look at all day, so it’s good to know when the major reviewers have released new rankings of flat panels. Out of four new reviews, Dell bested the rest on two of them, shining in the moderately priced 17-inch category as well as the giant, 24-inch widescreen division (which has, amazingly, dropped close to the $1,000 mark). We also have a new Best Buy in point-and-shoot digicams, a ranking of portable projectors in every price category, and an exhaustive review of 33 different USB Flash drives.

		20- To 24-INCHLCDs Dell tops CNET’s list of widescreen LCDs CNET puts the screws to four of the newest and biggest widescreen LCD offerings. Not only does Dell’s UltraSharp 2405FPW show up as the largest monitor in the list — a vast 24 inches (61 cm) — but it also grabs the highest rating. Dell UltraSharp 2405FPW (Score: 8.0/10.0) Link to all ratings and full review
		17-INCHLCDs PC World’s kudos also go to Dell LCD PC World Magazine revises its list of top ten LCDs, adding five newly reviewed models from Sharp, CTX, LG, NEC, and Viewsonic. The Dell UltraSharp 1704FPV (photo, left), a smaller version of CNET’s top-rated 24-inch UltraSharp (see above), fights off the competition to claim the top spot. Dell UltraSharp 1704FPV (Best Buy, Score: 4.0/5.0) Link to all ratings and full review
		20- to 21-INCHLCDs Samsung flat-panel impresses PC Mag editors PC Magazine rounds up five 20- to 21-inch LCDs, all which come in under $1000 and include such features as tilt, swivel, and height adjustment. Samsung SyncMaster 213T (Editors’ Choice, Score: 4.5/5.0) Link to all ratings and full review
		19- to 21-INCH LCDMONITORS GigaHZ Mag names best LCDs of 2005 After compiling ratings for numerous LCDs, GigaHZ Magazine announces its top five for 2005. In addition to the five models that were specifically scored, the review also includes four that are new to the market, which the editors think deserve mention. Viewsonic VP201B (Score: 5.0/5.0) Link to all ratings and full review
		USB FLASHDRIVES PC Pro picks Corsair’s USB Flash drive PC Pro Magazine tests 33 USB Flash drives — most of which are available both in the U.S. and the U.K., where the publication is based. The Corsair Voyager, with its fast transfer rates and reasonable pricing, is named the Labs Winner, with Kingston and Verbatim models coming in close behind. Corsair Flash Voyager (Labs Winner, Score: 6/6) Kingston DataTraveler Elite (Recommended, 5) Verbatim Store ‘n’ Go Pro (Recommended, 5) Link to all ratings and full review
		POINT-AND-SHOOT DIGITALCAMERAS Casio digicam takes PC World’s top spot PC World updates its point-and-shoot Top 10 list with competitive reviews of four new camera entrants. The new Casio Exilim replaces the previous winner, earning the magazine’s Best Buy award along with a new HP Photosmart model. Casio Exilim EX-Z750 (Best Buy, Score: 4.0/5.0) HP Photosmart R717 (Best Buy, 4.0) Link to all ratings and full review
		PORTABLEPROJECTORS Projectors rated in all three price categories The editors at Laptop Magazine review an array of the latest portable projectors, intelligently pitting only similarly-priced models against each other. Hitachi, shown at left, earns the top rating at the budget end of the market, with Panasonic and Plus Vision scoring at the luxury end (no award was given in the midrange). Hitachi CP-RX60 (Under $1000, Best of What’s New Award) Panasonic PT-LBNTU (Over $1500, Best of What’s New Award) Plus Vision U5-732 (Over $1500, Best of What’s New Award) Link to all ratings and full review
		CPU HEATSINK/FANCOMBOS Cooler Master wins highest CPU fan rating Maximum PC Magazine puts 10 heatsink/fan combos through a battery of tests and salutes the Cooler Master Hyper 6+ (left). The relatively quiet cooling gizmo was found to provide excellent heat dispersal for both Intel and AMD CPUs even at a 100% load. Cooler Master Hyper 6+ (Kickass Award, Score: 10/10) Thermalright XP-90 (Runner-up, Panaflo fan additional, 9) Link to all ratings and full review —————— For non-U.S. sources of information on a product reviewed above, enter the model name into a search box at one of the following links: Canada / U.K. / Elsewhere The Index of Reviews summarizes only head-to-head comparative tests by respected industry reviewers, not individual ratings of single products. Vickie Stevens is research director of WindowsSecrets.com.

iTunes gets a facelift

By Woody Leonhard

Only an Apple employee would install iTunes and expect it to replace Windows Media Player.

But if you’re as attached to your iPod as I am — both literally and figuratively — you need a program that’ll feed the little beast, and you don’t have very many choices.

Some new features that’ll grab ya

Last week, to much fanfare, Apple released iTunes version 5. Although I had no problem getting iTunes 5 to work, I’ve seen many complaints online. Suffice it to say that Apple hasn’t worked all the bugs out, by a long shot. Fortunately, if iTunes 5 gives you fits, there are alternatives. Keep reading.

While the changes in iTunes 5 hardly rate as earth-shattering, I found the new ability to organize playlists into folders (and use queries with folders for building playlists on-the-fly) worth the hassle of upgrading. The new search bar makes it easier to isolate podcasts, although it gets in the way at times. And, yes, I do sync my calendar from Outlook to iTunes. Heaven knows why.

The old iTunes Shuffle button played songs randomly, and the Party Shuffle’s Play higher rated songs more often checkbox increased your chances of hearing the songs you wanted to hear. The new Smart Shuffle has been tuned to make the selection of tracks seem more random, when in fact they aren’t. Quoth the Jobs: “We’ve actually added Smart Shuffle to make it less random. But it seems more random.” I confess that I can’t tell the difference. Guess I better spend more time plugged in, eh?

Installing iTunes 5 the safest way

Here’s how I suggest you install iTunes 5:

Step 1. There are reports of the iTunes 5 installer having problems with iTunes add-ons, so get rid of the old version of iTunes and the old version of QuickTime (which provides the foundation for iTunes). To do so, click Start, Control Panel, Add or Remove Programs. Then click iTunes, Add/Remove, and follow the instructions to get rid of iTunes. If QuickTime is still on the Add or Remove Programs list, repeat the process for QuickTime.

Step 2. Go to the iTunes download page. Uncheck both of the spam-invitation boxes (marked E-mail me New Music Tuesday and special iTunes offers and Keep me up to date with Apple news, software updates, and the latest information on products and services). Conveniently ignore the box that asks for your e-mail address, and click the button marked Download iTunes — Free. Save the file iTunesSetup.exe in some handy location.

Step 2.5. At 33 MB, downloading the setup file may take a while. While you’re waiting, consider these facts, which I find astonishing: Half of Apple’s revenue now comes from iPods. With 10,000,000 subscribers and 1,800,000 songs sold per day, Jobs claims that the iTunes music store is the second-largest online store of any kind (behind Amazon). According to Solutions Research Group, half of the people with high-capacity MP3 players have fewer than 100 songs on them, a quarter have between 100 and 499 songs, and only a quarter have more than 500. The average MP3 player — er, personal audio device — has 375 songs on it, but the average iPod sports 504 songs. Apple claims that more than 5,000,000 cars will ship with integrated iPod support in the US in 2006, including models from Acura, Audi, Honda and Volkswagen. And, yes, Apple has acquired the rights to sell all of Madonna’s albums online. Talk about living in a material world.

Step 3. When the download finally finishes, turn off your antivirus software, and run iTunesSetup.exe. iTunes sets its own Windows Restore Point. Accept the defaults (note the warnings about configuring firewalls other than Windows Firewall), but make sure you uncheck the box marked Use iTunes as the default player for audio files. If you’re using the Windows Antispyware beta, you have to approve three exceptions. After the installation is complete, turn your antivirus software back on, then re-start Windows (no, you don’t have to, but it’ll help clean up everything).

Step 4. Start iTunes. Click Edit, Preferences, Advanced, Importing. Make sure the Import using box shows MP3 Encoder (so when you rip songs off an audio CD, they’re converted into MP3 files, which can’t be copy protected). Also, consider checking the box marked Use error correction when reading Audio CDs. I check that box because I want the PC to try to fix skips and scratches on my over-worked audio CDs. Finally, click OK and you’re ready to rock ‘n roll.

If you install iTunes 5 and everything goes to Hades in a handbasket — or if you like to use great software from a small company — try WinAmp and the ml_iPod add-on. Contrariwise, if you think the world should revolve around Windows Media Player and you’re up for a real challenge, try one of the iPod-enabling add-ons for WMP 10.

My favorite iPod secret

It’s easy to copy music from your iPod back to your PC, if you know the trick. Simply use the $19.90 CopyPod, use free/donationware such as SharePod, or navigate to the iPod’s hidden directory.

Woody Leonhard‘s latest book is Windows XP Hacks & Mods For Dummies, published by Wiley.

Life goes on here after Katrina

By Chris Mosby

A lot of things have happened since my last column. The most notable, of course, was Hurricane Katrina. My family and I were lucky during this disaster. Where we live in a city in northeast Mississippi, the last of the hurricane passed over us as it was dying down. It did little damage to our town and caused few power outages.

As I’m sure you all know by now, seeing the damage that was done along the Gulf Coast, it could have been a lot worse here.

The financial firm I work for has a lot of branches down in that area, as well as along the entire path the hurricane took through Mississippi. The impact on our facilities varied. Some places suffered only minor damage, while others were entirely demolished.

My company’s loss of property was not what bothered me the most, as I’m sure a lot of you out there would agree. It was the losses that individual people had to go through that I found the most difficult to face. At one point early into the disaster, our company had almost 500 employees who were unaccounted for.

As time went by and recovery began, all of those employees have been located. Some lost everything, but everyone is still alive, which is the most important thing. Hopefully, the employee relief fund my company set up will at least be some small comfort in enabling those people to start getting their lives back.

If anyone else who’s reading this column has been affected by this disaster in any way, you should know that the rest of America cares about you, despite the slowness of our government, and we will be there when you need us. Just hang on and be safe.

Now on to the business of protecting Windows.

Dialog origin spoofing still threatens IE

I reported in my June 30, 2005, column about the so-called dialog origin spoofing problem that was plaguing several different browsers. This exploit works when you visit a dishonest Web site and you happen to click one of its links to jump to a financial site. After a few seconds, the dishonest site can open a dialog box in front of the second site’s window that looks exactly like a dialog box from the financial institution.

Since that time, most browsers have fixed this problem by releasing patches or updated versions. The only vulnerable browsers that are still left from the original list are Internet Explorer and Safari.

I haven’t seen an official response from the makers of Safari on why they haven’t fixed this problem in their browser. But Microsoft has released security advisory 902333 to explain their position on this issue.

Microsoft’s stance can be summed up in a couple sentences from this advisory’s FAQ:

• “Will Microsoft issue a security update to address this threat? No. This is an example of how current standard Web browser functionality could be used in phishing attempts.”

That’s it. No workarounds or kill-bit switches, just “it’s a feature that hackers can exploit.” Thanks a bunch, Microsoft.

What to do: I recommend one fix for this problem that Microsoft didn’t mention: Switch to Firefox. That browser’s been fixed for a while now.

If switching browsers is still not an option for you, then the advice from my previous column is still good. When visiting a site with an unknown reputation, don’t click links that take you to any site where you make financial transactions. Browsing a site you aren’t familiar with, and then following a link from that site to an online banking site, for example, can expose you to this security hole in IE.

IE frames can still be injected

As first reported in this column on Feb. 10, 2005, and also on June 30, 2005, “frame injection” is another problem that has affected multiple browsers. As Secunia shows in its advisory and browser test, a malicious site that you visit can insert content into a frame of a trusted site that you later browse to.

At the time, there was a lot of press coverage about the re-introduction of this problem into Firefox with the release of version 1.0.3. IE supporters who crowed about this forgot that the same vulnerability has gone unpatched in Internet Explorer since the problem was discovered over one year ago.

The vulnerability was corrected by Firefox again in versions 1.0.5 and higher. Microsoft, on the other hand, has dropped the ball on this issue and still offers no solution for its IE browser.

What to do: Secunia’s advisory for IE suggests disabling the Navigate sub-frames across different domains setting. If you’re still using IE and have followed Brian’s “Protect IE without SP2” article from the Nov. 18, 2004 newsletter, then you’re already taken care of. Disabling the sub-frames feature is part of his procedure.

A common COM object makes IE vulnerable

Microsoft released security advisory 906267 last month, which details reports of a possible vulnerability in a common COM object, Msdds.dll. This dynamic link library (DLL) is shipped in several pieces of Microsoft’s software. The vulnerability can, at the least, make IE crash. At worst, it allows malware to run without the user’s knowledge.

Since that advisory was published, there has been at least one working exploit published on the Web. Not good.

At first, the advisory listed several versions of Msdds.dll that were installed by several different programs that might be affected. The list was narrowed down somewhat by Microsoft on Aug. 25 to cover just DLLs installed by various versions of the following products:

• Microsoft Visual Studio 2002
• Microsoft Access 2002
• Microsoft Office XP

The affected builds of Msdds.dll are 7.0.9064.9112, 7.0.9064.9143, and 7.0.9466.0. Customers who have Msdds.dll with version 7.0.9955.0, 7.10.3077.0, or higher on their systems are not vulnerable.

What to do: If you have an affected DLL on your system, the Microsoft advisory has several workarounds available. Most of these workarounds are difficult for the average user to implement and/or strike me as just plain silly.

In my opinion, the best workaround Microsoft suggests is to unregister the DLL from your system. You can do this using the following steps:

• Click Start, Run, then type regsvr32 /u msdds.dll and click OK.
• You’ll then see a dialog box that confirms that the unregistration process has succeeded. Click OK to close the dialog box.
• Close and restart IE (if it is already open) for the changes to take effect.

Chris Mosby is a contributor to Configuring Symantec Antivirus Corporate Edition and is the Systems Management Server administrator for a regional bank. In his spare time, he runs the SMS Admin Store.

^

New W2K update rollup deserves attention

By Susan Bradley

Last Friday, I got the news that Microsoft would only have a new Malicious Software Removal Tool and a high-priority, nonsecurity patch coming out on Patch Tuesday. So I thought I’d be writing to you with my thoughts on Hurricane Katrina. Little did I know that we’d end up with quite a bit of patching news after all.

We first learned on the MSRC blog on Sept. 9 that there would be no patch and only a “high-priority, nonsecurity patch.” Although we’d been notified just the day before that there would at least been one security patch, the patch was pulled at the last minute due to quality control issues.

The “high-priority, nonsecurity” patch was a bit of a surprise, to put it mildly. It turned out, as MSRC’s blog reported to be a significant re-release of Update Rollup 1 (UR1) for Windows 2000 Service Pack 4.

Many UR1 issues are fixed with v2

In the patching community, we originally discovered several issues (the hard way) with UR1. These concerns have now been addressed with Microsoft’s v2 update.

The problems ranged from errors with Windows Update after applying the first rollup, a Stop 0x000001E error due to older Plug-and-Play–style controllers, issues with dynamic disks, and the inability of Office applications to save files to floppy disks after UR1 was installed.

If you use Windows 2000, be sure to review KB article 891861 for all the details and to see if your systems are affected. Only apply the new v2 over the top of v1 if you’ve experienced these issues.

Resolution for WSUS on SBS 2003 OEM

I reported earlier this summer that WSUS (Windows Software Update Services) was having trouble installing on SBS 2003 systems that used an OEM preinstallation kit. It turns out that the OEM install version needs a bit of grammar checking.

The install, believe it or not, fails because of the capitalization of some pre-Windows 2000 names. Fortunately, a manual workaround for this has been posted by Tim Elhajj of Microsoft. I’ve tested the procedures and they work perfectly.

More information on installing WSUS on SBS 2003 (for both OEM and non OEM installs) can be found on the Microsoft Web site.

Patch for Firefox corrects new IDN bug

I was listening to a recording of Michael Howard from Microsoft’s Tech Ed 2005 the other day. He said we’ll never have a “secure browser.” Rather, we’ll have browsers that are “secure enough.”

Well, this week shows that we’re not even as far along as that. Security researcher Tom Ferris found a vulnerability in Firefox, which Secunia rates as highly critical. The flaw involves sneaky URLs that contain international characters, which can crash Firefox 1.0.6 and earlier — or possibly run code on the user’s machine. To fall victim, a user would have to visit an untrustworthy Web site or open an HTML file with a bogus name.

I’m back to the old suggestion of changing network.enableIDN to false in Firefox’s about:config settings, as I previously recommended for Firefox 1.0 on Feb. 24, 2005. Even better, the Mozilla Foundation has released a downloadable patch that’s described in a Mozilla alert. I strongly recommend that you install this patch or make the manual configuration change the alert describes.

Lessons I.T. can learn from Katrina

One cannot let this newsletter go by without a bit of a reminder of how precious life is and how reliant we are these days on technology.

Friends of mine were involved in the evacuation of New Orleans, and a fellow Windows Secrets contributor (see Chris Mosby’s column, above) lives in northeastern Mississippi and is assisting with the rebuilding. Those of us outside the area of devastation can’t help but think “what if.” What if something happened to my house? What if something happened to my office? What if something happened to my city?

I live in California, but I’m far enough away from major earthquake faults to be relatively unaffected. Even so, the crisis on the Gulf Coast still got me thinking about how many home PCs don’t have adequate backups. Those that do certainly don’t have offsite backups.

I got to thinking about my own office, based on a Security Focus article I read. Is my own network diagram and inventory up to date? Do I have an offsite copy of the documentation and software media and licenses in case I need to recreate everything in the office? What about my home? Do I have access codes and passwords written down to re-establish routers and Dynamic DNS settings for my home TZO.com account?

My guess is that many of you who are reading this are just like me. You have way too much in your personal filing cabinet called your brain and not enough documented. You’re putting your office at risk, and possibly your family at risk, if you can’t quickly find the information they need to set things back up again as soon as possible.

Ensure that even your home network has a basic scribbled diagram to help you restore things. If you don’t have a backup device, consider one such as the Mirra Personal Server.

How not to make everyone Administrator

Summertime is when I travel and give presentations. This summer, it’s been fun to meet many of you who said you recognized my picture from the newsletter. I’ve been pleasantly surprised that when I ask folks, “Do you know that the 2nd Tuesday of the month is Patch Tuesday,” they usually say “Yes, I know.”

I’ve been slightly shocked, though, to find folks who think they’re being smart by changing their desktops to run with “Power User” rights. They think that’ll be enough to protect them from malware, which is often said to require “Administrator” privileges to silently install.

As Knowledge Base article 825069 states, even Power User status should be avoided. Instead, try to use Limited User mode. Equally important, try to deploy only certified Windows programs to ensure that the software you use doesn’t require Administrator privileges.

This week, Microsoft is hosting developers at its PDC (Professional Developers Conference) in Los Angeles. The company is showing off all the new coding techniques that will emphasize Limited User rights in Vista.

While there may be more tools by then to help us install and use PCs as restricted users, that doesn’t mean we can’t try to do it now. Nor does it mean that we shouldn’t buy software that has the “certified” logo. Ideally, when we’re ready to run our systems more securely by default, our line-of-business applications will be ready to help protect us as well.

Unfortunately, hundreds if not thousands of today’s Windows apps fail to work without Administrator privileges. You can see details of the problem at sites maintained by me, Keith Brown, MSDN, and Microsoft’s own Knowledge Base article 307091.

Until issues like these are cleaned up, surf wisely, surf safely.

Susan Bradley is a Small Business Server and Security MVP — Most Valuable Professional — a title bestowed by Microsoft on independent experts who do not work for the company. Known as the “SBS Diva” for her extensive command of the bundled version of Windows Server 2003, she’s a partner in a CPA firm and spends her days cajoling vendors into coding more securely.

Cubicle curtain provides workday cover

This is a story that gives “cloaking” new meaning. An office worker creates a life-size photo of himself (left) and covers the opening of his office door with it, so he always seems to be typing away. The bill for all this 2-dimensional creativity came to a little over $200, says the fellow, a blogger known as Tongodeon. It could have been half the price, but his doorway was 3 inches wider than the local Kinko’s could output on vinyl. They had to send it out, and the creator didn’t want to shop around for a cheaper banner printer. Tongodeon calls it the Work Blind and says it fools his co-workers for a whole second or two. What great fun. Picture and story of the Work Blind In other news: Spaghetti worshippers demand Kansas schools teach Pastafarianism