Delete duplicate files, speed up your PC Is your computer loaded with duplicate files? Find out now with a free scan by Easy Duplicate Finder. There may be dozens of duplicate photos, MP3s, videos, and documents taking up space on your computer. By removing duplicate files, you'll regain storage space, realize faster backups, and reduce file clutter on your hard drive. You may be surprised by just how many duplicate files are found. Easy Duplicate Finder

Speak geek? Get certified on Windows 7 As Microsoft's heir to Windows XP, Windows 7 means enterprises large and small will need technicians who have the technical skills — like installing, troubleshooting and configuring — to bring Windows 7 into the IT infrastructure. In addition to deploying Windows 7, the tech must understand the myriad of new features and how to perform basic tasks. Windows 7 Exam Prep

Top 10 keyboard secrets of MS Windows Think the mouse is the best way to navigate your PC? No way! Having to constantly reach for the mouse not only causes muscle fatigue, it also severely hampers productivity. On the other hand, learning to use your keyboard effectively and efficiently can absolutely transform your PC experience. Want to know how? Join our Windows newsletter today and we'll also send you our special report, free. Infopackets Windows Newsletter

See your ad here

By Tracey Capen

We like to give loyal Windows Secrets subscribers a little something extra when we can.

This month, every subscriber can download a two-chapter excerpt of the new book Hacking Exposed Wireless, Second Edition by Johnny Cache, Joshua Wright, and Vincent Liu.

Hacking Exposed Wireless provides valuable updated information you need to keep your wireless networks safe from potential hackers.

New chapters in this second edition cover the latest strategies used by hackers to attack wireless Ethernet and Bluetooth networks. The new volume also gives detailed countermeasures you can use to secure your wireless systems.

The book provides vital information on how to access your networks' security, plus techniques for developing your own custom wireless security tools. It also covers current laws and regulations affecting wireless networks.

The printed volume isn't in stores yet, but all subscribers can receive our exclusive excerpt of two full chapters through August 4. Simply visit your preferences page, save any changes, and a download link will appear.

Here's the preferences link: Set your preferences and download your bonus

More info on the printed book: United States / Canada / Elsewhere

Thanks for your continuing and valuable support!

Table of contents

By Yardena Arar

Microsoft's newest Office adds some nifty Internet features, including easy access to shared documents via SkyDrive and PowerPoint Broadcast.

But putting personal and business information into the cloud opens up potential security risks that all Office 2010 users should be aware of.

Microsoft says it has done its best to balance conflicting demands of convenience and security. Still, security experts say Office 2010's Web-connectedness could present new opportunities for snoops and hackers.

This concern isn't about some obscure Office capability — these potential threats touch on at least two of the suite's coolest new features: SkyDrive and PowerPoint Broadcast. The former lets you easily share documents with colleagues, either via Office desktop apps or the new Office Web Apps. And with a simple Web link, anyone with a free Windows Live account can now run a PowerPoint 2010 slideshow, viewable by any remote user with a desktop browser.

At the very least, people who use these features should understand exactly what degree of security is and isn't provided.

You get secure transit, but unencrypted storage

As Michael Lasky reported in his June 24 Top Story, SkyDrive uses SSL encryption to protect data in transit from your PC to Microsoft's servers. But once a file arrives at its destination, security depends almost entirely on user authentication — password protection, to be more specific. "If anyone manages to compromise their credential system, you have a problem," says Nasuni CEO Andres Rodriguez. Nasuni sells businesses client-server technology that encrypts sensitive documents before they're stored online.

SkyDrive's dependence on user authentication is no different from that of many other Web applications that manipulate stored data such as Web-based e-mail; none encrypt the data on their servers, Rodriguez says. "There's no encryption at rest. There can't be. The Microsoft servers have to be able to understand that data [the format] to represent it to you [via Office desktop or Web apps]," he explains. Thus, security measures must focus on controlling access to servers, whether by physical means or by hacking or bypassing the password system.

In an e-mail, Microsoft spokesman Scott Massey described the measures in place to provide such protection. "Once your files are on our servers, we work to prevent hackers from accessing your data by employing sophisticated physical and electronic security measures. We also store multiple copies of your file on different servers and hard drives to help protect your data from hardware failure."

Businesses face biggest cloud-computing threat

For most consumers, Microsoft's cloud-security safeguards are most likely superior to their own, especially in terms of redundant data backups. But businesses may be uncomfortable with the many ways most Web services (not just SkyDrive) can be compromised — even when individual business users are careful.

"The problem could be with the [business] owner setting the incorrect permissions, or a bug in the hosting provider's solution which could leak potentially damaging information," says Symantec Security Response researcher Vikram Thakur.

Thakur points out that, since one reason for using SkyDrive is to easily share documents, permission settings are vitally important. "One minor setting ignored could potentially allow your files to be shared with everyone."

"I'm not sure that an enterprise would be happy that it's that easy to put Office documents on SkyDrive," says Adi Ruppin of Confidela, whose WatchDox add-ons for Office encrypt documents before they are sent to others. Ruppin says Office 2010's Web features appear to be designed with sharing rather than security in mind. He adds, "Once you put stuff online and you share it, you lose control."

Nasuni's Rodriguez concurs: "This model of running applications in the cloud may be appealing to consumers, but many businesses are going to have a problem with it." Businesses such as Nasuni and Confidela are, of course, depending on that perception.

PowerPoint Broadcast opens up potential risks

The new broadcasting feature in PowerPoint 2010 is impressive in action: click the broadcast button in the slideshow tab and sign in to your Windows Live account. Within a few seconds (while the presentation is uploaded to Microsoft's servers), a pop-up window presents you with a URL to distribute to your audience — usually via e-mail or instant message. (See Figure 1.) When they click on the link, they will see your slides in their browser — with you controlling the presentation.

But the potential for security breaches may be greater here than with SkyDrive. The presentation is not sent using SSL encryption — it's a garden-variety http:// URL. The primary protection from hackers and snoopers is each presentation's unique and rather lengthy assigned ID, which is embedded in the URL.


Figure 1. PowerPoint 2010 includes the ability to quickly broadcast live presentations through the use of a uniquely coded link.

Microsoft spokesman Massey says the presentations are quickly deleted from Microsoft's servers once the broadcast ends. But Rodriguez says the threat here is not so much to document privacy as it is to PC security. "This is just an unsigned, unsecure connection to someone else." He adds that a hacker who hijacks the link could potentially use it to distribute malware.

Business customers have security options not available to consumers using the free Web offerings. In his e-mail, Massey wrote, "For business use, access control is more important. When customers use the broadcast service paired with on-premise SharePoint servers or our upcoming cloud offerings, additional access controls become available due to the additional security layers those products will provide."

Treat Office 2010 as you would any Web app

While businesses can justify the expense of a SharePoint server or data protection services such as those offered by Confidela or Nasuni, they will still deploy Office 2010 on many thousands of business desktops. IT departments will have to plan for the potential security risks Office 2010 opens. The solution may lie with providing security training for Office users and possibly disabling some of Office's Web capabilities via the Group Policy options.

Consumers have fewer options: you might not want to store sensitive documents on SkyDrive, which means forgoing the use of Microsoft's free Web apps.

But remember, this potential privacy threat exists for just about all consumer Web services, not just SkyDrive. The difference is that using SkyDrive and the other Microsoft productivity apps could increase the likelihood that you'll store more of your confidential information online, where security is more difficult to manage.

And what about protecting against a hijacked PowerPoint Broadcast link? Treat it as you would any link or file attachment that arrives in e-mail or instant message: check to make sure it comes from the person it purports to come from.

Table of contents

Table of contents

By Stephanie Small Ah, Twitter. That love-it-or-hate-it social networking cosmos where the profound stands shoulder-to-shoulder with the inane and the absurd. One has images of Twitter authors obsessively banging away on their keyboards and smart phones at all hours of the day and night, 140 characters at a time. What if tweeting hit the streets, came out into the sun? Watch College Humor's Dan turn the virtual into the audible. It's Twitter made funny — or just possibly even more annoying! Play the video

Table of contents

Get your message seen by 400,000 readers Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 400,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement. Take advantage of our all-new design interface, allowing larger images and longer text, and get updated stats in real time! Windows Secrets Newsletter

See your ad here

INTRODUCTION By Tracey Capen All subscribers get a free book excerpt TOP STORY By Yardena Arar Office 2010's Web tools raise security questions You get secure transit, but unencrypted storage Businesses face biggest cloud-computing threat PowerPoint Broadcast opens up potential risks Treat Office 2010 as you would any Web app LOUNGE LIFE By Stephanie Small Unresponsive USB drivers stump Lounge member WACKY WEB WEEK By Stephanie Small The sound of Tweeting takes to the streets

	LANGALIST PLUS By Fred Langa Graphics card stuck in nonworking mode Defeat a nasty graphics system failure He hates Win7's Search, wants alternative Getting help to rescue the rescue files Last word on tracking bandwidth usage?
	INSIDER TRICKS By Lincoln Spector Good reasons not to install 64-bit Office 2010 Mixing 32-bit and 64-bit environments Add-on apps not designed for an x64 world Microsoft discourages 64-bit Office installation Take the longer route to install Office x64
	WOODY'S WINDOWS By Woody Leonhard The ultimate software deal has strings attached Technet: One source for almost all MS apps Each product key provides many activations Pick between TechNet Standard and Professional How to qualify for a TechNet subscription

	There's no fixed fee! Contribute whatever it's worth to you Readers who make a financial contribution of any amount by July 7, 2010, will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we want as many people as possible to have this information.
	A portion of your support helps children in developing countries Each month, we send a full year of sponsorship to a different child. Your contributions in July are helping us to sponsor Alfredo, an 8-year-old boy from the Philippines. Children International channels development aid from donors to Alfredo and his community. We also sponsor kids through Save the Children and Plan USA. More info

More info on how to upgrade

Table of contents

• Visit our Unsubscribe page.
  

Table of contents