Technology Report 1-8-2008

Periodically I will create a “Technology Report” for my clients when returning computers that I have worked on – whether software or hardware. As I create these, I am going to post any of them that I feel will provide important information.

Computer Issues:

  1. Had EFS setup on MyDocuments and Desktop Folder
  2. Had Privacy bit set on MyDocuments
  3. Lots of software installed/uninstalled in past
  4. Various unknown registry edits
  5. Strong WinXP password for desktop logon
  6. No established backup method.
  7. Running “double NAT” setup with Bellsouth + additional router

Recommendations:

  1. EFS is NOT recommended for file encryption. There are many issues with this system, but the most glaring is that if your user account becomes corrupted, Windows crashes, or you change your password to your local account, then you lose access to the data. Also, there are 3rd party tools that can recover data from EFS files. Thus the security supposedly provided is not great.
  2. Setting the privacy bit on folders only stops Windows users. You can easily boot to a free Linux live CD and see all the data.
  3. Installing and testing various software is great. Just make sure you have a backup point to revert too should you need too. WinXP system restore is not a good solution. Either Acronis or Norton are recommended.
  4. Editing the registry can be dangerous. It is a good idea to use imaging software – since simply backing up the registry does not mean that you can boot your OS in the event of a serious registry issue.
  5. Having a logon for WinXP only keeps people from temporarily accessing your files. Easy workarounds include booting to safe mode as the Administrator, booting to a live Linux CD, or using several free tools to reset passwords.
  6. Rule #1: You are only as good as your last successful backup from which you can recover. An easy backup solution is DVD’s or a keychain (thumb) drive.
  7. Double NAT can cause intermittent issues. Additional router was setup as a switch to provide extra LAN ports for additional computers. The Westell 6100 is not very robust in features though. In the future, the Westell may need to be bridged and use the additional router to handle the PPPoE as well as full routing/DHCP functions.

Additional Recommendations:

  • Encrypting data is very easy using TrueCrypt, which is free and open source. The recommended method is to create a 4.5GB container file and map the My Documents folder to a drive letter that is assigned to the encrypted container. Also, the email clients can be mapped to the same container or another container just for email files. Backing up the encrypted files means your backup is encrypted also.
  • Outlook and Outlook Express data files have been moved to a location in My Documents for easy back.
  • Rather than using Outlook or Outlook Express, you should use Mozilla Thunderbird with the Sunbird calendar extension. This can even be synched to your online Google Calendar, which I also recommend.
  • Start using Thunderbird for your POP3 client. Have Gmail check your Bellsouth email through the POP3 settings in Gmail so that you don’t lose any email and have a single online source of backup. Gmail provides an SSL connection on inbound and outbound which provides addition privacy and security. Also, since most ISP’s only filter port 25, the Gmail SMTP settings will work with any ISP. Gmail also keeps a copy of all mail sent from your POP3 client stored under your Gmail sent folder. This way you have access to virtually all of your email – or IMAP is supported.
  • Use Gmail’s bookmarking feature via the Google Toolbar. This gives you a central web-based solution so that your bookmarks are accessible for any Internet connected computer.
  • Software based firewalls provide no protection behind NAT. Norton’s software causes many more issues than it helps solves, and it is very bloated and resource hungry. The only time a software-based firewall would help is if your PC was already exploited and then it is too late.
  • DON’T use MS Backup.
  • Don’t use Windows Media player for managing your CD’s. You will get trapped with WMA files and eventually have to convert them to MP3. Use iTunes for managing your music, podcasts, etc.
  • Use Keepass software as a central repository of passwords.

There are many pieces of software and much advice that is purported to be the end-all solution to safety on a Windows computer. The truth is that much of the software and recommendations are worthless and overkill. Much of the software will actually cause other issues. The software and solutions I recommend are easy to follow and work – period.

*Software*
Adobe Reader 8.0 | Alzip – File Compression | Audacity 1.2.3 – Audio Editing Software | AVG 7.5 – Free antivirus | CDBurnerXP – Free CD/DVD burning software| CleanUp – temp file cleaning utility | DirectX 9c | Eraser 5.8 – secure file deletion software | Filezilla 2.x – FTP Client | Inkscape .43 – Vector drawing program | iTunes – mp3 playing/organizing software | Jave Runtime Environment 5.0 | JDiskReport 1.2.1 – file/folder reporting utility | Limewire 4.11.0 – p2p file sharing/download mp3s | Mozilla Firefox 2.x – The best web browser | Mozilla Thunderbird – The best email client | Music Rescue – iPod music recovery | OpenOffice.org 2.2 – Full Office Suite | PC Inspector Smart Recovery – SD card picture recovery | PDFCreator – PDF creation software | Picasa 2 – picture managment software | Scribus 1.3.3.8 – Desktop Publishing software | Super (c) – Video conversion software | The Gimp – Image editing software | TrueCrypt – file encryption software | VideoLAN VLC – multimedia player | Google SketchUp – Modeling program | Moz Backup – backup Firefox and Thunderbird settings | Blender – 3d Animation software | BitPim – cell phone access | Pidgin – IM client | MP3 Tag Tool | DIVx Bundle | OpenDNS / Homing Beacon