How to simulate User Account Control in XP

Home

WinFind

Reviews

Polls

Contact

Past issues

Upgrade

Prefs

Unsubscribe

Windows Secrets Newsletter • Issue 118 • 2007-08-02 • Circulation: over 270,000

Contents
INTRODUCTION: Make sure you get the e-mails you want
TOP STORY: How to simulate User Account Control in XP
KNOWN ISSUES: Drive encryption not just for hard disks
WACKY WEB WEEK: Apple takes on iRack
PC TUNE-UP: Does the future of Windows include adware?
OVER THE HORIZON: IE 7 allows Firefox exploit to work
PATCH WATCH: How to clean up after MS's .NET patches
YOUR SUBSCRIPTION: How to change your address or unsubscribe

For links to every topic in this issue, scroll down to the Index

ADS

Make Windows XP Run Faster!

Make Windows XP Run Faster!
PC Pitstop's Free Optimize Scan will automatically diagnose problems with your PC and give you a custom report detailing issues that are hurting your PC's performance. Scan your PC for free today!
www.pcpitstop.com

Backup your data with ZipBackup

Backup your data with ZipBackup
Finally, a backup program that is easy to use. ZipBackup's Wizard makes backups a snap for beginners. Filtering, scheduling, and disk spanning make it a powerful tool for experts. For a limited time, Windows Secrets readers receive 25% off.
www.zipbackup.com

Get your product seen by 270,000 readers

Get your product seen by 270,000 readers
Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 270,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
www.WindowsSecrets.com

See your ad here

INTRODUCTION

Make sure you get the e-mails you want

Brian Livingston

By Brian Livingston

We've made some improvements in the systems that send you the Windows Secrets Newsletter.

But, as they say, no good deed goes unpunished, so our upgrades meant that some readers didn't receive the last issue at all!

Simple steps to let good mail through

Last month, ActionMessage.com, the company that broadcasts our e-mail newsletter, doubled the memory of its server and moved to a new Web-hosting facility. This makes the system more responsive, which is good. But some Internet service providers (ISPs) had a funny reaction to the server's new IP (Internet Protocol) address.

Despite our best efforts to stay in the good graces of large ISPs, some rejected our newsletters simply for arriving from an IP address that hadn't been seen before.

About 12% of our 277,000 subscribers didn't receive the newsletter on July 19, due to "bounces" from ISPs. After we saw the problem and took steps to correct it, 6.5% of our subscribers still bounced on July 26. That contrasts with fewer than 0.7% bounces for every other newsletter we e-mailed in June and July.

One ISP with notable problems was RoadRunner (rr.com). Last week, more than half of the bounces affected subscribers who have rr.com e-mail addresses.

We're working overtime to make sure you receive the newsletters you've requested. But we also need you to do two or three things that we've found to be effective:

Step 1. Help your e-mail program recognize our "From" address. Place our "Editor at" address, shown below in an image, in your e-mail program's address book and any safe-senders list it uses.

All mail from us will bear this "From" address, even our personal replies when you send us a tip. If your e-mail program doesn't allow you to specify the "From" address of senders you want to receive mail from, you should consider upgrading to a more modern program.

Step 2. Whitelist our new IP addresses in your mail server. If your company administers its own mail server, ask your administrator to place the following IP addresses on the server's "whitelist." This ensures that you'll receive (a) the newsletters from our e-mail broadcast server, (b) admin messages from our Web server, and (c) personal e-mail replies from our in-house mail system, respectively:

72.9.103.50 and 72.9.103.51
216.182.80.209
64.81.169.38

These IP addresses are controlled by ActionMessage.com and WindowsSecrets.com, neither of which tolerate spammers. Your mail admin can be confident that whitelisting our IP addresses will get you only good mail.

Step 3. Resend the current newsletter to yourself. Sometimes, an ISP deletes important e-mail without even notifying you. When we find that an ISP has bounced your newsletter, we e-mail you a short text notice, using our Web server's IP address, to alert you to the problem.

If you ever miss an issue of the newsletter, you can send it to yourself again, as long as the next issue hasn't been published yet. To resend the current issue, simply use one of our links to your preferences page. Once you're there, click the "Resend" link. You can do this several times a day, if need be, to test your e-mail system until the e-mails you want get through.

It's frustrating that the spam problem has made some ISPs unreliable in transmitting basic, wanted e-mails. Rest assured that we'll do everything we can to deliver the mail to you, through snow or rain or gloom of night!

Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.

TOP STORY

How to simulate User Account Control in XP

Scott Dunn

By Scott Dunn

Vista users love to complain about the intrusiveness of User Account Control, but it does provide a degree of security.

If you're using Windows XP, I'll show you what steps you can take to give yourself a similar level of safety.

Protect your system from attacks

One of the most common complaints about Windows Vista is its frequent requests for confirmation. Vista User Account Control (UAC) feature pops up when you launch certain kinds of programs, attempt to customize the Start menu, configure parental controls, install applications or drivers, and so on.

But annoying or not, this feature provides important safeguards against intrusions by viruses and malicious users. UAC is also an important component of Internet Explorer 7 in Vista. It allows IE 7 to run in "protected mode," in which the browser lacks the rights to install start-up programs or directly reconfigure Windows.

If you use Windows XP, you can't add all the protections afforded by UAC, but you can take steps to limit the damage malware can do.

Don't run as administrator all the time

Most people using Windows XP routinely log in administrator privileges. At first glance, this makes sense — why wouldn't you want to have all the rights necessary to control your own system?

The answer is that doing so also gives unlimited access to every program you run. The single best way to simulate user account control in Windows XP is to run as an ordinary user. Don't worry; I'll show you how to get around the limitations when you really need to.

Step 1. Start anew. Since your existing administrator account might come in handy, don't demote it. Instead, create a new, restricted account: In XP, click Start, Run. Type lusrmgr.msc and press Enter. With Users selected in the left pane, choose Action, New User. Fill out the dialog box with the new user name and other desired options. Click Create.

To make sure your new profile is a restricted account, double-click its name in the list of users. Click the Member Of tab. If "Administrators" or "Power Users" appears in the Member Of list, select them and click Remove. To keep the new profile as safe as possible, you want it to be a member of Users only. Click OK. Close Local Users and Groups by choosing File, Exit.

To test your new profile, click Start, Log Off {Your Name} or (if you don't see that command) click Start, Shut Down, and choose Log Off {Your Name} from the drop-down list and click OK. Now log in using the new account name and password.

Step 2. Transfer your settings. At this point, you may be thinking of all the custom settings you'll need to re-create in this new account. Fortunately, Windows gives you a quick way to transfer these to your new profile.

First, make sure you've logged into the new profile at least once (as explained in the previous paragraph). You'll also need to reboot the computer at least once before proceeding. Also, be aware that any changes you made or files you added to the new profile will be obliterated in this process, so it's best to do this to a brand new profile that has no vital information.

At this point, log into a profile that is neither the one you are copying from or copying to (preferably, another administrator account you've created). In Explorer, right-click on My Computer and choose Properties. Click the Advanced tab and, under User Profiles, click Settings. Select the profile whose settings you want to copy to the new, restricted profile and click Copy To. In the Copy To dialog box, click Browse and navigate to the folder corresponding to the new profile you created (it should be in the Documents and Settings folder). Select it and click OK. Now click OK and wait while the transfer takes place. Then close the remaining dialogs.

Step 3. Get around limitations. As you use your new profile, you'll discover some of its restrictions. For example, you won't be able to install applications and drivers; create or change users and groups; stop or start services (for example, using services.msc) that are not started by default; and more. For some such tasks, you'll simply have to log out and log back into your administrator profile.

But, in some cases, you can simply make an application itself run as an administrator for the current session. For example, to run an application with your old privileges without logging out, simply right-click its shortcut or its .exe file and choose Run As. Select the option The following user and, if necessary, edit the user name to the profile you want (using the form computer\user). Type the password and click OK.

Some programs (such as Microsoft Installer files with an .msi extension) don't display the Run As command on their context menus. In that case, you can use Run As on the command prompt (Start, All Programs, Accessories, Command Prompt) to launch the installer with administrator privileges. Any application you launch from that command prompt will have administrator privileges as well.

If you find that you frequently need a command prompt with administrative rights, you can create a batch file that launches one. Open Notepad and type:

runas /user:computer\user cmd.exe

Press Enter to end the line. Replace computer\user with the name of your computer and the name of your administrator account, respectively. Then save the file, giving it a .cmd extension (not .txt). Anytime you need this "power prompt," just double-click the file, type your password, and press Enter.

Remember, using Run As to give applications administrator privileges gives that application the same access to your computer as if you launched it in your administrator profile. So avoid running applications with elevated rights unless you really need to do so.

Use NTFS for added PC security

Here's another important security measure: If your hard disk is not already using the NTFS format, consider converting it. NTFS provides more security than the older FAT32 file system, as well as allowing encryption and compression. For example, NTFS is required for administrators to control the permission levels of the various users of a computer.

You can convert an existing volume to NTFS by opening a command prompt and typing:

convert x: /fs:ntfs

where x is the letter of the drive you want to convert. Be aware that once you've made the change, you can't convert back to the old file system without reformatting the drive, effectively wiping out all its data. If you're unsure, make a complete backup of the partition first. And consider opening Windows Help and searching for the topic "Choosing between NTFS, FAT, and FAT32."

These measures don't provide all the protections of Vista's UAC. For example, the UAC protections provided to Internet Explorer 7 are only available in Vista. But the above steps can limit the damage an attack can do to your system.

Now it's your turn: What are your favorite tips for securing your computer? We'll publish the best ones in an upcoming issue. Use our Windows Secrets contact page. We'll send a gift certificate for a book, CD, or DVD of your choice if you send a tip we print.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.

KNOWN ISSUES

Drive encryption not just for hard disks

By Scott Dunn

I pointed out in our July 19 issue some programs that encrypt hard-disk partitions — a feature of the more-expensive Ultimate and Enterprise versions of Windows Vista.

But these days, you may want protection for more than just hard disks, such as Flash drives.

Get portable encryption on Flash drives

Reader Richard Niolon has a question about the hard-drive encryption programs I described:

"I read the column by Scott Dunn about file security in Vista and how you can get similar protection for your XP system. But it discusses computer hard drives.

"I've been looking for something for my Flash drive that is portable, is easy to use, doesn't slow down file access unbearably, and most of all... that does not require administrator privileges.

"That way, I can access my Flash drive on the public computers at my school. Any ideas? Free is nice, but not required."

The freeware encryption tool TrueCrypt will probably fill the bill. Although it requires an administrator account to set up an encrypted file, you don't need to be an administrator to mount the encrypted container later on. TrueCrypt can encrypt entire Flash drives or just create an encrypted container on part of the Flash drive.

Since you want it to be portable, you'll need this second option. According to the FAQ on the TrueCrypt Web site, as long as you create an encrypted container on one part of the Flash drive, and put TrueCrypt on another part of the drive (i.e., not in the container), you should be able to accomplish what you are want. For details, see the Traveller Mode chapter of the user guide.

Virtual PC works on XP and Vista Home

The July 19 issue also mentioned that the system requirements for Microsoft's Virtual PC application don't include XP Home or Vista's Home Premium edition. But reader Pete Green writes to tell a different story:

"I thought you might like to know that, despite what Microsoft says, both in its requirements and when you install the program, Virtual PC does in fact work fine on XP Home. I've been using it on my Home install ever since it became available."

In a similar vein, Mike Simpson writes:

"You mention Virtual PC not being compatible with XP Home. A similar message appears if you attempt to install it on Vista Home Premium, stating you are not licensed to use Virtual PC. However, if you do not care if you are licensed or not, you can still install it with no problems under Vista Premium Home."

Other readers wrote in with similar comments. Naturally, using a product in a way not contemplated by the license means you can't expect to receive any support from Microsoft if something goes wrong.

Run old DOS programs under Windows

A number of readers commented on a letter in the July 26 issue, in which reader Gerhard Oberschlick wondered how to get MS Word for DOS to run on his XP Home computer. For example, Howard Wexler writes:

"Don't know what Gerhard Oberschlick is talking about. I have XP Professional, but I have always been able to run Word for DOS 5.0 from XP without any added software."

But many more readers pointed to the solution first proposed by a reader named Tommy:

"Since the user wanted to run DOS programs, I'd suggest he investigate using DOSBox from dosbox.sourceforge.net."

According to its Web site, DOSBox emulates an Intel x86 machine. This permits older DOS programs (including but not limited to games) to run in newer operating systems like Windows 2000 and XP, including support for sound, graphics, mice, and more. It also includes a rudimentary command prompt for helping you install your old applications.

The downloads page includes add-ons for languages other than English. The product appears to be free, but the site does solicit donations.

We're sending a gift certificate for a book, CD, or DVD of their choice to readers Green, Simpson, Wexler, and Tommy for sending us tips that we printed. Send us your tricks using the Windows Secrets contact page.

TELL A FRIEND

How you can share this information

We love it when you send your friends links to our articles. But please don't forward your copy of our e-mail newsletter to people, which subjects us to spam complaints. Instead, simply suggest that your friends visit this issue's permanent Web address, shown below. A complete index at the bottom of the Web page provides you with hyperlinks to any article you'd like to recommend.

The address of this issue is http://WindowsSecrets.com/comp/070802

EDITOR'S BOOKSHELF

Windows Vista Secrets

Get the tips you need about Windows Vista
The all-new Windows Vista Secrets helps novices and experts alike understand Microsoft's latest operating system. "To really appreciate what is in Vista, you almost need to read through the leading book on the product, Windows Vista Secrets, by Brian Livingston and Paul Thurrott," writes Rob Enderle, principal analyst of the Enderle Group, in TechNewsWorld. "It's 595 pages of things you can do with this product — most of which you probably wouldn't have discovered for some time, let alone right at first." Check the book out now for tips you can use.
More information: United States (B&N) / Canada / Elsewhere

Spam-Proof Your E-Mail Address, 2nd Ed.

Spam-Proof Your E-Mail Address, 2nd Ed.
This 32-page e-book by Brian Livingston gives you step-by-step instructions that can prevent 97% of the spam that would otherwise clog an e-mail account. You could call it "Livingston's Spam Secrets." The PDF e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can make your e-mail addresses invisible to spammers, not just battle an ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info

WACKY WEB WEEK

Apple takes on iRack

The Apple iRack

Sure, Apple Inc. is famous for cool products with trendy designs. But what would happen if the high-tech corporation took on something different, something even bigger than it already has?

That's the question MadTV asks in this skit about the most daring Apple product to date — the iRack. Watch the video

INDEX

The following topics appear in the free version

INTRODUCTION	Make sure you get the e-mails you want
	Simple steps to let good mail through

TOP STORY	How to simulate User Account Control in XP
	Protect your system from attacks
	Don't run as administrator all the time
	Use NTFS for added PC security

KNOWN ISSUES	Drive encryption not just for hard disks
	Get portable encryption on Flash drives
	Virtual PC works on XP and Vista Home
	Run old DOS programs under Windows

WACKY WEB WEEK	Apple takes on iRack

You get all of the following in the paid version
PC TUNE-UP	Does the future of Windows include adware?
	Microsoft's ominous adware patent application
	K9 Web Protection, a free content filter
	Ways to bypass Web content filters
	McAfee offers free Rootkit Detective

OVER THE HORIZON	IE 7 allows Firefox exploit to work
	URI flaw has new exploit method
	A Windows flaw makes Firefox vulnerable

PATCH WATCH	How to clean up after MS's .NET patches
	Here we go with .NET one more time
	Exchange message filter infrequently updated
	New resources on Vista's resume problems
	Will your Windows Home Server need patching?
	You may want to skip one "stability patch"
	An Apple patch today keeps bad guys away
	U.S. bans speaker from attending BlackHat

Paid subscribers can access all old and new paid newsletter content Make a contribution to support our research into Windows and you'll immediately be able to read and search through scores of valuable articles. In addition, paid subscribers are entitled to download valuable content that we license for you at least once every calendar quarter. To upgrade, simply make a contribution of any amount you choose. If you do this by Aug. 8, 2007, you'll instantly be sent the full, paid version of today's newsletter. To upgrade to the paid version of the Windows Secrets Newsletter, please visit our upgrade page. Thanks in advance.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, plus the week of Thanksgiving and the last two weeks of August and December.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Editor-at-Large: Fred Langa. Associate Editor: Scott Dunn. Contributing Editors: Susan Bradley, Mark Edwards, Woody Leonhard, Chris Mosby, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period. Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,

Visit our Unsubscribe page.

Copyright © 2007 by WindowsSecrets.com LLC. All rights reserved.