|
|
|
|
Windows Secrets Newsletter • Issue 99 • 2007-03-08 • Circulation: over 265,000
|
|
For links to every subtopic in this issue, scroll down to the
Index |
|
ADS
|
|
LANGALIST TIPS User Account Control offers improved security
Is disabling Vista's User Account Control wise? If you use Vista, then you're probably aware that it has a new security feature called User Account Control (UAC). This feature enables you log in as a regular user without administrator privileges (which is a more secure way of using your computer), but quickly elevate your privileges when a program needs greater access to your computer than is allowed for a regular user account. Overall, UAC is a good feature. But some people find it to be bothersome, due to the prompts that appear, asking if you want to elevate a program's privileges. So, the question arises whether or not to disable UAC. If you do disable it, and then log in with an account that has administrator privileges, you need to be aware that your system is less protected than it would be if you had left UAC enabled. The reason this is true is because many forms of malware typically try to create or modify Registry keys and Windows system files. They might also try to write files to areas of the system where a regular user account would not normally write files. With UAC enabled, actions that require administrator-level access are prohibited unless you specifically allow them by approving a UAC prompt. Keep in mind that while UAC does help prevent many forms of malware from infecting your system, malware can still find its way in to your system even with UAC enabled. UAC simply protects the system from actions that would normally require administrator-level access. So, it's a good idea to leave it enabled. On the other hand, if you consider yourself to be somewhat of an expert at protecting your computer, then disabling UAC and running as admin may be something you'd be comfortable with. After all, if you've used Windows for years and have yet to experience a serious infiltration of your system by some type of malware, then it's possible that you can continue in that way without UAC. Keep in mind that if you share your computer with other people who have their own user accounts, you can disable UAC but it might break usability for other user accounts. Woody Leonard pointed out to me that when UAC is disabled via the Control Panel for one user account, other regular user accounts are no longer able to elevate their privileges. A regular user account can't even change Vista's system time, unless UAC is available so the user can authorize the change. Disabling UAC isn't good if you have other regular user accounts for people who share your computer. Instead of disabling UAC using the Control Panel, a better approach might be to use an account with administrator-level access as your usual user login account, and then disable UAC only for accounts that have administrator-level access. That way, your user account won't be subject to UAC prompts, but other user accounts will be. On any version of Vista, except Home Basic and Home Premium, you can disable UAC for administrator accounts by following these steps: Step 1. Click the Start button and launch the Local Security Policy editor by entering secpol.msc in the Search box. Step 2. Select the Local Policies item in the left panel to expand the tree, then expand Security Options under Local Policies. Step 3. Scroll down the list in the right panel to locate User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode. Right-click that item and choose Properties. Step 4. Select Elevate without prompting and close the dialog. If you use Vista Home Basic or Home Premium, the Local Security Policy editor, unfortunately, isn't included. To disable UAC for administrator accounts, you'll need to edit the Registry. Follow these steps to do that — and be extremely careful, since mistakes could render your system unusable! Step 1. Click Start and enter regedit in the Search box to launch the Registry Editor. Step 2. Navigate to the following key: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System Step 3. Double-click the ConsentPromptBehaviorAdmin item. Step 4. Change the value to 00000000. Step 5. Close the dialog and exit the Registry Editor. That's all there is to it! How to make Windows boot faster The more programs that launch at boot time, the longer it takes for Windows to boot up. Sometimes you might want Windows to boot as fast as possible, and there's a way to make that happen. Donald Parkyn wrote to ask about a quirk he noticed when booting XP:
If you hold down the Shift key during the entire bootup process, Windows won't launch at startup any programs located in the following places: %systemdrive%\Documents and Settings\Username\Start Menu\Programs\Startup %systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup %windir%\Profiles\Username\Start Menu\Programs\Startup %windir%\Profiles\All Users\Start Menu\Programs\Startup In the above locations, %systemdrive% refers to the drive where Windows is installed — typically the C: drive. %Windir% refers to the Windows installation directory, whatever it may have been named when Windows was first installed. Find your true Internet connection speed When you use a dial-up modem connection, you can be reasonably sure what speed you're getting when you connect, since your modem tells you what speed it connects at. But that's not always the case with DSL, cable, and wireless connections. So how do you find out what your real throughput rates are? There are a number of sites on the Internet that can help you test your network connection to determine what your upload and download speeds are. It's important to use the tests once in a while to make sure you're getting what you pay for. As an example, my Internet provider recently said it was upgrading all its connections to allow more bandwidth for both upload and download speeds. I wondered if the company had made the changes in my particular area yet. When a serviceman was at my house, I asked him, and he said he believed that they had made the changes. We then tried a speed-testing site to measur the throughput. As it turns out, the company had not made the speed increases in my area yet, so I was still running at the lower network speeds. The test I used is offered by Speakeasy. It works in a browser, uses Flash, and lets me select the destination to test from a list of eight possible choices in the United States. But there are other tests you can try, too. Bandwidth Place offers a test you can use up to three times a month for free. Their test doesn't let you choose the end point, though. Ookla offers a really slick, Flash-based speed test that lets you choose a destination from numerous places all over the world. This is probably the most useful test available, if you're curious about your connection speed, because of its location specificity. Windows User Group Network (WUGNET) has a good test, too. It uses Java and displays the results in a clear graph for easy comparisons to various types of connections (modem, DSL, cable, satellite, T1, T2, etc.). It doesn't, however, let you select a destination endpoint. Regardless, I found both WUGNET's and Speakeasy's tests to be the most useful and the most accurate. Your results may vary, so try a variety of tests. Use a search engine to search for “speed test” or “speedtest” and you'll find lots of others. How to tweak TCP/IP settings for faster throughput Transmission Control Protocol/Internet Protocol (TCP/IP) is the communication language used on the Internet. Various parameters control how TCP/IP operates, and understanding what those settings mean and what they do can be very confusing. A.B. Calvin wrote to ask about TCP/IP settings:
An even better tool is SpeedGuide's SG TCP Optimizer. It lets you select the bandwidth that you use (56K, 256K, 1MB, etc.) and makes suggestions about how to adjust the settings. It also lets you save your current settings before making any changes. You canthen revert to those saved settings if, for some reason, your new settings don't work correctly. Be careful when adjusting your TCP/IP settings, and make certain that you save your current settings. Sometimes changes can render your connection entirely useless. In that case, you'll definitely be glad that you saved your previous settings. Be sure to read Speedguide's TCP Optimizer Help section, where you'll also find a link to the related TCP Optimizer FAQ. Before you change your TCP/IP settings, use one of the speed-test sites that's described in the section above to test your connection speed. Then test the speed again after you've made changes to see if there are any significant improvements. Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and writes the weekly email newsletter Security UPDATE. He's a network engineer, freelance writer, and the author of Internet Security with Windows NT. |
|
ADS
|
|
READER COMMENTS The ethics of installing Windows Vista
Support for revealing the secrets of Vista Most of my readers thought it was highly interesting that Vista doesn't perform even the simplest test for a qualifying operating system before the upgrade version will install. Any running Windows OS, from NT 4.0 to Vista itself, will do. Vista's complete lack of any version-testing code makes it possible to clean-install the upgrade version of the new OS to a blank hard drive — a capability that Microsoft claimed it had deliberately eliminated from the product. Reader Bill Tomlinson supplies some thoughts that are typical of readers who feel Vista's little-known clean-install features can be useful:
The only question is how high up the approval for this decision went. Did Microsoft executives intend to promote the "upgrade" price as a bargain over the "full" price, and one that almost anyone could use? I'll delve further into this question after the following reader's comment. When does use of a product become stealing? Some other readers questioned the ethics of clean-installing Windows Vista to a new hard drive, when Microsoft's End User License Agreement (EULA) doesn't allow this. Reader Gary Castro has a bone to pick with my Feb. 1 article:
Understanding these principles is important. There's huge confusion in the press these days about consumers' rights to use products they've paid for. The difference between piracy and fair use Some readers wrote that, since I reported on how Vista allows itself to be clean-installed, I might as well encourage people to run red lights and rob the homes of people who leave their doors unlocked. That's far from what I condone, so let's clear a few things up. • I definitely warned readers that a clean-install of Vista, or using the upgrade version of Vista to upgrade itself, could violate the Microsoft EULA. I never encouraged people to exploit these tricks for gain or do anything dishonest. • "Software piracy" is the mass distribution and sale of unauthorized copies of programs. I loathe software pirates and think they should face jail time. (In some countries, however, there are no laws against software piracy.) • "Fair use" is the catch-all term for the rights that a buyer of a copyrighted work has to make copies for his or her own personal use. For example, it's well established under the U.S. Copyright Act (and the laws of several other countries) that someone who buys a music recording has a right to make a copy to play in his car or elsewhere. Copying and "time-shifting" TV programs is another well-established example of fair use that is perfectly legal. Microsoft's "product activation" schemes, whether for Windows XP or Vista, have never been aimed at stopping mass software piracy. I reported in InfoWorld Magazine on Oct. 10, 2001, that Microsoft had built into XP a small text file, Wpa.dbl, that allowed pirates to build and sell thousands of working PCs with XP fully activated. (Vista has a different feature with a similar effect, as I'll disclose in a future newsletter.) Instead, product activation has always been designed to make fair use difficult for average PC owners. For example, a traveling salesman might wish to install Windows on a PC in his home office and install another copy on a laptop to use in his car. This is exactly the same as buying a music CD and then making a copy to play on the road. Under the fair-use provisions of copyright law, this is perfectly legal. Product activation is primarly intended to prevent this kind of personal copying, not mass piracy. Since making a copy for personal use isn't prohibited by copyright law — in fact, in several countries it's specifically permitted — Microsoft and other software companies have promoted the idea that fair use is illegal because it violates the End User License Agreement. Microsoft and other big players spend enormous sums to build up case law that EULAs, which are never signed by consumers, have the same force as law. I hate to burst the bubble of some of my friends in the software industry, but it's quite unsettled whether consumers clicking "OK" to verbiage in a scrolling window has the same enforceability as a written signature on a contract. Under Windows XP's activation scheme, a consumer can install XP on a different machine, and activate each copy, approximately every six months. (I most recently wrote about this fact on June 29, 2006.) I've never heard of a single case in which a court of law found an individual "guilty" of this kind of double use. I don't believe a court ever will. When I rent a power tool, or I pay for dinner with a credit card, I'm required to put my signature on a piece of paper. The tool shop won't let me take the gizmo, and the restaurant won't let me walk out the door, without me physically signing a rental contract or an agreement to observe my card's payment policies. These transactions involve far smaller dollar amounts than buying, say, Vista Home Premium for 100 bucks. Several software companies that sell high-value products do require signed agreements. But Microsoft long ago decided not to require a signed form when consumers purchase Windows, say, in a retail store. Knowing that copyright law specifically permits some copying for personal use, the Redmond company decided it would make more money by skipping a signed contract and tolerating some double usage. Corporations that sign a Volume Licensing Agreement with Microsoft are in a completely different situation. They get discount pricing and are duty-bound to obey any restrictions they agreed to in writing. Click-wrap "agreements," by contrast, are another matter. Courts have ruled again and again, in other contexts, that objectionable provisions of take-it-or-leave-it contracts are simply unenforceable. All we can say for sure is that some clauses in a EULA may be enforceable and others may not be. As I've stated above, I've never encouraged anyone to exploit weaknesses in Windows for piracy or to cheat a software publisher out of its due. All of the copies of Windows in my office are duly paid for. As an ethical journalist, however, it's my responsibility to report to you when Windows acts in ways that are sharply different from how its publisher says it will act. I'll never post a method to release a zero-day virus or any other harmful exploit. But when Windows has a function that's clearly been programmed in by its in-house developers specifically to be used by consumers, I've going to find it and tell you about it. It's not me who's violating Microsoft's EULA. Microsoft's in-house Vista development team made deliberate decisions to violate the company's EULA. Here are some examples: • Upgrade vs. full edition. Microsoft states that the upgrade version of Vista will only install over a qualifying, previous version of Windows. But the Vista development team deliberately omitted any test in Vista's setup.exe program to look for qualifying products. The decision of the team, as documented in e-mails that I quoted from in my Feb. 8 story, was to ignore the requirements of the EULA. • Clean-install vs. upgrade only. Microsoft states that the upgrade version of Vista will only install over a running copy of Windows. But the Vista development team decided that Vista should be able to install to an empty hard drive, once again ignoring the EULA. • 30-day deadline vs. 120 days. Microsoft states that a retail copy of Vista must be activated by contacting Redmond's servers within 30 days of installation. But the Vista development team inserted a command-line program, as I described in my Feb. 15 story, that any novice can use to extend the deadline to 120 days, in violation of the EULA. The Vista development team isn't stupid. I believe that these features were built into Vista only after the developers got them approved by higher executives. The rationale would be that Microsoft would sell more copies of Vista if the software allowed more flexibility than the EULA supposedly permitted. I've asked Microsoft officials for an explanation, but I haven't received one yet. To be sure, Microsoft can easily disprove my theory. The software maker can simply indicate which of its developers were dismissed for inserting these functions into Vista without authorization. I haven't heard of anyone being terminated, so I believe my argument is a strong one. Is clean-installing Vista a fully supported and permitted use of the product for individuals who first bought XP and then bought Vista? Or is it like a widely tolerated misdemeanor, such as crossing the street when the Don't Walk sign is blinking? Or is it more like a serious felony, such as monopoly restraint of trade? I believe this is a healthy debate for us to have. I honor those who have differing opinions and who've shared them with me. I can promise you this: you'll have even more to talk about when I reveal in the coming weeks some additional features that I've found in Windows Vista! Thanks for your support. Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books. |
|
ADS
|
|
USEFUL LINKS Will Outlook 2007 wreck your e-mail? If you switch to Outlook 2007 from some earlier Microsoft e-mail program — such as Outlook 2003 or Outlook Express — many of the messages you receive will start looking very weird. (By Brian Livingston, Datamation) More info |
|
WACKY WEB WEEK A fine rant about technology for idiots
|
|
YOUR SUBSCRIPTION The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. Vacation breaks occur in late August, Thanksgiving Week, and Christmas/New Year's. Publisher: WindowsSecrets.com LLC, 300 Queen Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editorial Director: Brian Livingston. Editor: Fred Langa. Contributing Editors: Susan Bradley, Scott Dunn, Mark Edwards, Woody Leonhard, Chris Mosby, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Managing Editor: Jody Braverman. Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page. WE GUARANTEE YOUR PRIVACY: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
|
