For links to every topic in this issue, scroll down to the Index

Remotely monitor your PC from anywhere SnoopStick is a USB device that allows you to securely monitor activity on your PC from any Windows-based computer, anywhere. Monitor IM, browser activity, e-mail, and control access to Internet services. Great for parents and employers. www.snoopstick.com

Forget Vista, make your XP system faster PC Pitstop's Optimize Scan 1.5 is easy-to-use software that will automatically diagnose problems with your PC and give you a custom report detailing issues that are hurting your PC's performance. Run this free scan now! www.pcpitstop.com

Deep Six anti-spam appliance for SMBs Patented technology stops spam at the network edge. Designed for SMBs: the DS200 is the lowest cost, most accurate solution available. Easy to install and maintain. Recent firmware release features new Management GUI and enhanced tools. Try it risk-free. www.tyrnstone.com

See your ad here

By Scott Dunn You see them everywhere your Wi-Fi laptop goes: unprotected wireless signals offering "Free Internet Access" or "Free Public Wi-Fi." But connect to them and you'll be disappointed. In a few cases, you may even have your computer hacked. Here's the scoop on how to protect yourself.

What are these mystery wireless networks?

Many laptop users have seen unsecured access points like "Free Internet Service" show up in their list of available wireless networks. They appear to be especially common at airports. Attempts to connect to these networks usually don't result in any Internet access. What is the source of these cyber chimeras?

The answer is that the majority of these access points are not Internet-accessible networks, but merely peer-to-peer or "ad-hoc" networks connecting one computer to another. Their ubiquity stems from the fact that when a Windows wireless computer connects to a network, it remembers the name or Service Set Identifier (SSID) of that network. The next time you use your laptop, your computer will broadcast that same SSID to other computers, and the users may confuse your signal for a legitimate Internet access point. In this way, names like "Linksys" or "Free Public Wi-Fi" are pollinated from user to user.

In most cases, attempts to connect to these networks only result in the user getting frustrated at the lack of an Internet connection and disconnecting. But, according to an advisory paper from Nomad Mobile Research Centre, the feature can be used by attackers to learn a victim's IP address and directly access the computer. The risk is especially high if you have file sharing turned on. In addition, if an attacker uses this method to plant malware on your laptop, you could place your company's network at risk the next time you connect to the network at your job.

Another hacker ploy is to set up an "evil twin" signal that broadcasts a site resembling a respectable hotspot such as an airport Wi-Fi service. You may enter credit-card information — thinking you're only buying a few hours of Internet access — but you are actually turning over your account numbers to a cyber criminal.

How to protect your wireless laptop

So, how can those of us with wireless laptops and networks protect ourselves from the kind of mistakes the security pros were making? Fortunately, you can take several steps to avoid undesired peer-to-peer access and limit your risks when connecting to a wireless hotspot in a public place.

Before going any further, however, make sure your own Wi-Fi system is using the latest encryption standard, WPA2 (Wi-Fi Protected Access 2). For details on these and other basics of Wi-Fi security, see Brian Livingston's Top Story in the May 26, 2005, issue.

1. Turn off Wi-Fi when not in use

The first and most basic way to limit your risk is to turn off your system's Wi-Fi feature when you're not using it. Many laptop computers have a physical switch to toggle the wireless capabilities.

If you don't have a physical switch, you can turn off Wi-Fi in XP by right-clicking the wireless icon in the taskbar "tray" (the area near the clock) and choosing Disable. To turn it back on, go to Control Panel and open the Network Connections window. Right-click the Wireless Network Connection icon and choose Enable.

In Vista, go to Control Panel and launch the Network and Sharing Center. Click Manage network connections on the left. Then, right-click the Wireless Network Connection icon and choose Disable. Click Continue if prompted by User Account Control. To reverse this setting, return to this window, right-click the same icon, and choose Enable. As before, click Continue if prompted by User Account Control. Then use the Network and Sharing Center to connect to a network.

2. Install and enable a firewall

Make sure you have a firewall enabled on your laptop. If you don't have a third-party firewall, you can turn on Windows built-in firewall by opening Control Panel and launching Windows Firewall. If you have XP Service Pack 2 or Vista, the firewall should be enabled by default.

3. Know the difference

The best way to avoid potential attacks via peer-to-peer connections is simply to refuse to connect to an unknown ad-hoc network. Fortunately for XP users, the Wireless Network Connection window clearly distinguishes between the two types of networks. Each ad-hoc network is labeled as a "computer-to-computer network." Infrastructure networks are labeled as "wireless networks."

In addition, XP uses distinctive icons to differentiate between the two types of networks: Ad-hoc network icons show two computers, while infrastructure network icons show an antenna (see Figure 1).

Figure 1: XP shows peer-to-peer networks as two computers, but access points as an antenna.

Vista, however, is a lot less clear on this point. The display of available networks doesn't offer any description to distinguish between ad-hoc and infrastructure networks. The user is forced to rely solely on inscrutable icons. Ad-hoc networks are depicted with three computers connected by green lines, while infrastructure networks are shown as two computers sitting on a network cable (see Figure 2).

Figure 2: In Vista, peer-to-peer network icons show three computers, while access point network icons show only two.

4. Clean up your network list

In XP, use Windows Control Panel to open the Network Connections window. Right-click Wireless Network Connection and choose Properties. Click the Wireless Networks tab, which displays (among other things) a list of preferred networks (those you have connected to in the past). While you're there, select any suspicious-looking networks (like "Free Public Wi-Fi") and click Remove.

In Vista, use Control Panel to open the Network and Sharing Center. Click Manage Wireless Networks in the task pane on the left. Right-click any suspect networks and choose Remove Network.

In addition, you should set all of your preferred networks to manual so your system doesn't automatically connect to a rogue network with a matching name. To do that, follow these steps:

Step 1. Select any network in the list with "(Automatic)" after its name (XP) or displaying Automatic mode (Vista).

Step 2. Click Properties.

Step 3. Click the Connection tab.

Step 4. Uncheck Connect when this network is in range.

Step 5. Click OK.

Step 6. Repeat for each automatic connection in the list.

5. Turn off ad-hoc networking in XP

While you're in the Wireless Network Connection dialog box (XP only), you may want to take the advice of the Nomad advisory paper, which recommends that users turn off ad-hoc networking:

Step 1. In the Wireless Network Connection Properties dialog box, with the Wireless Networks tab selected, click the Advanced button near the bottom of the dialog.

Step 2. In the Advanced dialog box, select Access points (infrastructure) networks only. Also, make sure there is no checkmark next to Automatically connect to non-preferred networks.

Step 3. Click Close.

Unfortunately, changing this setting does not stop ad-hoc networks from appearing in the list of available wireless networks in the Wireless Network Connection window. Nor does it prevent you from connecting to them manually. It does, however, filter out ad-hoc networks from appearing in the list of preferred networks.

This setting is not in Vista, which always requires manual connections to ad-hoc networks.

6. Turn off file sharing

If you're going to be connected to a public network, such as an airport hotspot, you can reduce the risk of mischief by turning off file sharing:

Step 1. In XP, launch Windows Explorer and right-click the folder or drive that's shared.

Step 2. Choose Sharing and Security, and turn off sharing for that folder.

Step 3. Click OK.

Things are much easier in Vista. When you connect to a Wi-Fi network for the first time, you are prompted to designate the network as private or public. Selecting Public automatically turns off file sharing. If you have already connected to the network, you can change this setting by going to Control Panel and launching Network and Sharing Center. Click Customize on the right. Select Public, click Apply, and follow the remaining prompts on screen.

7. Turn off network discovery in Vista

Another risk-reducer with public Internet connections is to make your computer invisible on the network you joined. If you designated the connection in Vista as Public, as described above, that's already done for you. If not, you can change that setting independently in the same Network and Sharing Center window. Under Sharing and Discovery, click the On button or the down arrow to the right to display more options. Select Turn off network discovery and click Apply.

8. Use a Virtual Private Network (VPN)

Perhaps the best way to protect your wireless communications when using a public network or hotspot is through virtual private networking. For tips on doing so, see the discussion of VPNs in our May 26, 2005, issue.

Contents  Index

Learn to use Vista like a pro Master Vista with 19+ hours of video training that covers everything. Step-by-step instruction guides you through what's new in Vista, Installation, Group Policy, Security, Networking, Administration, IE7, and lots more. View our free demo now! www.TrainSignal.com

Back up just got easier with Backup4all What happens when your hard disk dies? Will your business survive if your documents are lost? What about losing those precious photos of your children growing up? Back up with Backup4all to avoid such risks! Windows Secrets readers get a 25% discount www.backup4all.com

Backup your data with ZipBackup Finally, a backup program that is easy to use. ZipBackup's Wizard makes backups a snap for beginners. Filtering, scheduling, and disk spanning make it a powerful tool for experts. For a limited time, Windows Secrets readers receive 25% off. www.zipbackup.com

See your ad here

• "I am extremely pleased to be able to bring you good news. After several sentencing delays, on June 6 Judge Strackbein granted Julie a new trial. As quoted by Greg Smith in his article for the Norwich Bulletin, the judge said, 'The jury may have relied, at least in part, on that false information,' referring to the evidence presented by the prosecution's expert. In short, as I had said in my original article, the prosecution had bad evidence. Smith's article has a PDF of the motion, if you would like to read the whole thing.
  
  "She's not out of the woods yet. A new trial could go the wrong way as well. However, Rick Green, writing for the Hartford Courant, speculates that she may not be tried again. He writes, 'Today, [prosecutor] Smith said state would take no position on [defense attorney] Dow's motion for a new trial, making it unlikely she will be tried again.' I hope that will be the outcome.
  
  "I have had some limited contact with Julie's family, and when I asked specifically, I was told that they are still accepting donations for her defense fund. You can find the link to donate on the Julie Amero blog.
  

• "My experience is that most people installing software pay no attention to the EULA. It is merely an extra click on the way to installing the software. I don't know much about legal challenges to the enforceability of EULAs, but I know that often the end user never even sees it.
  
  "For example, I work for a software and services company as a field services technician. One part of my job is to install our software on our clients' systems. Do you think I pause the installation when I get to the EULA and invite the user to read through and agree to it before continuing? Of course not. I just do what most users do. I click 'Agree' and continue with the installation.
  
  "So precisely who has agreed to the EULA in this case? I represent the company whose software is being installed. So, the company agrees to its own EULA, and the client never sees it. I doubt very much that any provisions of a EULA agreed to under such circumstances would be legally enforceable."
  

• "One aspect of some EULAs that I particularly hate is when you cannot print, copy, or otherwise access them later on (but of course the vendor can). You rarely get a chance to see the EULA until you have paid for the product and have it half-installed.
  
  "Maybe they should have to put the EULA on the outside of the box (or in clear sight on the e-shop Web page) in 100 words or less (and reasonable font size) for it to be legal? That way we could make an informed choice before we select and buy."
  

• "Can we see a list of known good and known bad EULAs for programs people may be likely to download? I use the EULAlyzer too and I agree it is not enough, but the alternative is to spend all one's time reading legalese.
  
  "For example, browsers: There are differences among the EULAs of IE, Netscape, Opera, and Firefox. I'm suspicious enough of Netscape's not to download their browser. Are my suspicions justified? How about QuickTime or products from Adobe or Real Networks? What media players, weather programs, toolbars carry snakes in the grass? Experts know the answers, and we need to hear from them."
  

• "If EasyFlow doesn't work: tough. If you lose millions because EasyFlow messes up, it's you that's out the millions, not us. If you don't like this disclaimer: tough. We reserve the right to do the absolute minimum provided by the law, up to and including nothing. This is basically the same disclaimer that comes with all software packages, but ours is written in plain English and theirs is in legalese. We didn't want to include any disclaimer at all, but our lawyers insisted."
  

• "I purchased ZA Internet Security Suite (retail) because it clearly stated 'Vista Ready' on the packaging. Yet when I tried to install it, I got an error message that the product is not supported by the OS. When I tried to take it back, the retail store refused to refund the price but did state that the phrase on the package meant it would install on Vista OS.
  
  "I then tried ZA support. All I got there was a referral to customer service, who stated they would 'consider' a refund only if I returned all packaging with the product and sales receipt. If I do that, then I have no proof of the false advertising on the package. I had to go with another antivirus suite or use no antivirus at all, which left me no choice but to buy another suite."
  

• "Who would actually acquire a new Windows license just for a simple upgrade like more memory? We would go broke if we did that. I'm shocked by this requirement, even for system builders."
  

Contents  Index

New add-on for parental control software New software is a great addition to any parental control suite. BuyBlock prevents kids from shopping, filling out registration forms, and signing onto social networks. No setup or monitoring required. Get your risk-free trial here! www.buyblock.com

Get your product seen by 270,000 readers Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 270,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement. www.WindowsSecrets.com

See your ad here

Contents  Index

Everybody needs a way to mark those special occasions — birthdays, weddings, graduations, nervous breakdowns... And, of course, there are plenty of e-card Web sites to help you send just the right message, usually for a fee. But sometimes you yearn for something a little edgier that you just can't find in the standard Hallmark offerings. Check out the free e-card site, SomeEcards.com. You'll find just the right (or wrong) message to convey whatever bizarre, offbeat, or kinky mood you're in. Please be aware that some cards at this site use adult language. More info

Contents  Index

Contents  Index

• Visit our Unsubscribe page.
  

Contents  Index