It lives!

We’re up and running again now. Some of the content hasn’t made the switch yet (and probably won’t make it due to obsolescence), but the articles and redirects are live, and that’s the heart of this site at the moment.

I’ll be working on this off and on for a while. If you find any serious bugs, let me know.

Windows XP Setup Guide

For some reason or other, you’ve decided to re-install Windows XP. Perhaps the registry was bloated and corrupted. Perhaps you ran into a bout of spyware and don’t trust the security of your system anymore. Perhaps a destructive virus laid waste to your filesystem. No matter the cause, you’ve said, “Enough is enough, Bill.” If you’re like me, you usually wipe the slate clean and begin with a freshly-formatted hard drive at least once a year. Since 2001, I’ve probably installed Windows XP for myself and others several hundred times. No kidding. The following is a personal guide that illustrates what *I* do upon a clean install. Some of my examples are for security reasons, some will remove bloat, and some are based simply on personal opinion and taste.

I make the following assumptions in this guide:

  • You have a Windows XP installation disk (Home or Pro), and NOT a recovery CD from an OEM builder (ala Compaq). Much of my guide will still apply if you have a recovery CD, but not all of it. I leave it to the reader to discern the differences.
  • You have a legal copy of Windows.
  • You have backed up your critical data and know how to restore it.
  • You know how to partition disks. This is necessary if you want to leave room for a Linux/BSD installation.
  • You actually know how to install Windows.
  • You are smart enough to USE THIS GUIDE AT YOUR OWN RISK. I am not responsible for any harm that you do to your system.

In a nutshell:

1) Create a CD that contains updates, drivers, and essential software.
2) Install Windows.
3) Install the service pack two update (and any other security updates).
4) Install device drivers.
5) Remove certain OS components.
6) Install a decent web browser, antivirus, and firewall.
7) Customize your GUI.
8) Disable unnecessary “features.”
9) Disable irritating sounds.
10) Optimize network settings.
11) Check for disk errors and fragmentation.
(Optional) Tweak registry settings.
(Optional) Create a custom, unattended install CD for future use.

1) Create a CD that contains updates, drivers, and essential software.

While this step could be considered optional, it will save you a lot of time once you’ve finished the initial installation. I recommend using a CD-RW (or DVD-RW) for this task so that you can update it later without using another disc. Data to add to disc includes:

  • XP service pack two plus any other post-SP2 updates that you find
  • All device drivers for your motherboard and peripherals
  • Major updates for applications that you want to install, such as Photoshop, SoundForge, game updates, etc.
  • A good web browser (don’t forget your old bookmarks), security / antivirus / anti-spyware software
  • Other applications that will fit on the CD, such as OpenOffice and iTunes

That is the bare minimum that I would add. Feel free to add to taste.

2) Install Windows.

You’re on your own here, but I will mention that I usually do this with the ethernet cable UNplugged from the computer. I also recommend that you use NTFS as opposed to FAT32. Good luck. See you on the other side.

3) Install the service pack two update (and any other security updates).

Congratulations, you made it through the initial install. The *first* thing that I like to do now is to go ahead and install SP2. At this point, you obviously have the least chance of causing a conflict with an existing application or device driver. Go ahead. This will take a while. When it’s finished, install any remaining security updates from the custom CD if you have any.

4) Install device drivers.

Once the updates are installed, it’s time to install device drivers. You did put these on the CD, right? Install the motherboard chipset driver first, then ethernet, audio, and video drivers (and whatever else you have). When prompted, reboot between driver installs, though I have pushed my luck by installing all drivers before rebooting.

5) Remove certain OS components.

By default, XP does not come with a lot of software, especially when compared to a typical Linux installation. Even so, I like to uninstall / remove access to certain components. Go to the Control Panel, switch to classic view, and launch ‘Add or Remove Programs.’ From there, click ‘Add / Remove Windows Components’ on the left side.

Add or Remove Programs

Uncheck Indexing Service, MSN Explorer (click ‘yes’ button to confirm), Outlook Express, and Windows Messenger.

6) Install a decent web browser, antivirus, and firewall.

Have you read my Windows Security Guide? If so, then you know how deplorable Internet Explorer is. I suggest using Firefox or Opera instead. Hopefully you already put this on your custom CD. For an antivirus, I suggest using an application like Grisoft’s AVG. Service pack two should have enabled the Windows firewall, but I usually disable it in favor of a third-party firewall, such as Zonealarm. To disable the built-in firewall, go to the Control Panel –> Network Connections –> Right click on your device and click ‘Properties’ –> Go to the ‘Advanced’ tab –> Click ‘Settings’ –> Now turn the firewall OFF. The security center will pop up and complain, but this will go away once you’ve installed a third-party firewall. Keep in mind that I do all of this stuff BEFORE plugging in my internet connection in order to give Windows a fighting chance against all the malware floating around on the internet. Sound unbelievable? Take a look at this article. Once your new browser, antivirus, and firewall are in place, go ahead and connect to the internet. Now is a good time to check if there are any other critical Windows Updates. If you’re interested, go ahead and install Windows Media Player 10 from Windows Update as well.

7) Customize your GUI.

Now it’s time to make that Fisher-Price graphical user interface (GUI) a little more livable. Here we go:

Under ‘Display properties’ (Control Panel –> Display):

  • Set your video resolution to its highest setting (Settings tab).
  • Change the color scheme to ‘Silver’ (Appearance tab).
  • Reduce the ‘Caption Buttons’ size to 20 (Appearance tab –> Advanced –> Change the ‘Item’ to ‘Caption Buttons’ and reduce the size).
  • Use ‘ClearType’ smoothing of screen fonts if you have an LCD monitor (Appearance tab –> Effects –> Change the screen font settings from ‘Standard’ to ‘ClearType.’)
  • Set a higher screen refresh rate (Settings tab –> Advanced –> Monitor tab –> Set the refresh rate to the highest supported)

General desktop settings:

  • Use toolbars, such as the Quick Launch and Windows Media Player toolbars. Right-click on the bottom toolbar, go to the toolbars menu, and select the toolbars that you want. If you use the Quick Launch bar, delete all shortcuts except for ‘Show Desktop’ and ‘Firefox.’ If you later install iTunes, you can also use an iTunes toolbar when you minimize the application.
  • Find ‘My Network Places.’ By default, Microsoft does a pretty good job of hiding networking functionality. Why? Stupidity, I guess. Let’s remedy this. Right-click on the start button, go to ‘Properties,’ click ‘Customize,’ and go the the ‘Advanced’ tab. Scroll through the list, making sure to put a check next to ‘My Network Places.’ I also set the ‘Network Connections’ to ‘Link to the Network Connections folder.’ You may also want to set the ‘System Administrative Tools’ to display on the All Programs menu.
  • Set a few desktop shortcuts. I like to have a clean desktop, but I do set a few shortcuts, namely My Computer, My Documents, and My Network Places. To add these, click the start menu, right-click your desired shortcut, and select ‘Show on Desktop.’
  • Find a better wallpaper. You’re on your own again for this one, but some nice places to look include,, and

That’s the majority of my GUI tweaks. I like to focus more on functionality than pizzazz.

8) Disable unnecessary “features.”

Now it’s time to adjust some system settings. Some of these will collectively help to speed up your system, and others remove possible chances of security breaches.

Show all file extentions. Open any folder, such as ‘My Documents.’ Click the ‘Tools’ menu, click ‘Folder Options,’ and then click the ‘View’ tab. Look down the list until you see a checkmark labeled ‘Hide Extensions for Known File Types.’ Remove the check from that box. While you are in here, scroll down to the bottom and uncheck ‘Use Simple File Sharing’ (XP Pro only).

Under ‘System Properties’ (Right-click on ‘My Computer’ –> Properties):

  • Disable ‘System Restore’ (System Restore tab –> check the box to turn it off). Though this probably isn’t necessary, in four years I’ve never had a use for it.
  • Change ‘Automatic Updates’ settings (Automatic Updates tab). Select the setting that you desire. I usually tell it to notify me, but don’t download or install anything.
  • Disable ‘Remote Assistance’ (Remote tab). Uncheck the boxes to allow users to send remote invitations and to allow users to connect remotely to your computer.
  • Disable automatic restarts (Advanced tab –> Click ‘Settings’ under ‘Startup and Recovery’ –> Uncheck the ‘automatically restart’ option). This is Microsoft’s sneaky way of hiding the blue screen of death (BSOD). Granted, it occurs much less frequently than in the 98/ME days, but it still can happen, mainly when a device driver fails. When this happens, I want to know.
  • Disable error reporting (Advanced tab –> Error Reporting). I usually leave the option to notify me when a critical error occurs.

Automatic Updates_Error Reporting

While you’re at it, delete unnecessary users. [Right-click on ‘My Computer’ –> Manage –> Expand ‘Local Users and Groups’ –> Select ‘Users.’] I usually delete all users except the Administrator, Guest, and my own account (plus others that *I* have created).

9) Disable irritating sounds.

I get really tired of the Windows default sound scheme and usually opt to disable all sounds. To do so, go to the Control Panel, open ‘Sounds and Audio Devices,’ click the ‘Sounds’ tab, and change the sound scheme to ‘No Sounds.’ Whew. That’s music to my ears.

No Sounds

10) Optimize network settings.

Right-click ‘My Network Places’ and click ‘Properties.’ Now right-click your network device and click ‘Properties.’ Select the QoS Packet Scheduler and click ‘Uninstall.’

11) Check for disk errors and fragmentation.

Though this probably will not affect you after a clean install, it is a good idea to check for errors and defragment now and then, though not as frequently as required during the 98/ME days. To do this, open ‘My Computer,’ right-click your hard drive (usually C:) and select ‘Properties.’ Now select the ‘Tools’ tab. Click ‘Check Now’ to open the ‘Check Disk’ box, and select ‘Scan for and attempt recovery of bad sectors.’ Click ‘Start’ and go get a cup of coffee.

Disk Tools

To defragment, click the ‘Defragment Now’ button. The ‘Disk Defragmenter’ window should open. Select your hard drive and click ‘Defragment.’ Go get a refill on your coffee.

(Optional) Tweak registry settings.

If you are feeling daring, there are a number of registry tweaks that you can do to further customize your system. Hundreds of them can be found here. Be careful with these, as you can destroy your Windows installation by messing with the registry. Make a backup of your old registry first.

(Optional) Create a custom, unattended install CD for future use.

One nice thing to do to speed up this process in the future is to create a Windows XP Unattended Install CD. Instructions for doing this can be found here. In essence, you can create a bootable CD that partitions your drive(s), installs Windows with your serial number, user account name, additional Windows updates, registry tweaks, and additional software ALL without any interaction from you. This is a slick tool to have if you have the time and patience to learn how to do it.

There you go. You are free to install all additional software that you like. Have fun.

—- Brian Bondari —

Fedora Core 2 – Review


Greetings everyone. Believe it or not, I’m going to attempt my first Linux distro review. First, allow me to say that I have only been using Linux for about 5 months, so I’m a comparative newbie to many in the Linux world. I don’t make presumptions to know everything. With that in mind, this review is not geared toward the Linux veteran, but for people who have more curiosity than experience with Linux.

First some hardware specs:
Motherboard: MSI “865 Neo2-PFS (Platinum Edition)” i865PE Chipset
Processor: Intel Celeron 2.0GHz (Yes I know it’s lame. I care not.)
Video Card: ATI Radeon 9500 Pro
RAM: 1024MB Kingston PC2700
Sound Card: Soundblaster Live 5.1
Hard Disks: 120GB WD “Special Edition” IDE; 40GB Seagate IDE
Optical Drives: Lite-on DVD-ROM; Sony CD-RW
Mouse: Logitech MX300 (USB)

My brief experience with Linux so far centers mainly around Fedora Core 1. Naturally, I was excited to try FC2 (Tettnang). I downloaded the 4GB DVD iso using BitTorrent, and burned it on my Mac. From there, I did a clean install of FC2. The slick, python-based Anaconda installer is very similar to FC1, and in my opinion is easier than a Windows XP install. I chose a slightly modified “Desktop” install, which took roughly 20 minutes to complete on my system. The installer correctly identified ALL of my hardware, and upon first boot I had full networking, sound, and video. My 3-button mouse had full functionality as well. The only problem is that I do not yet have full 3D-acceleration. FC2 has dropped XFree86 in favor of, and as far as I know ATI has not yet released a driver that will support If I’m wrong, let me know.

FC2 booting FC2 Desktop

Grub is the default bootloader for FC2, and during the installation it correctly identified that I also had a Windows installation and allowed me to painlessly set up a dual-boot. Somewhat humorously, it labeled the Windows partition as “Other”, but it was simple to relabel it using the “Edit” button.

Some highlights of FC2 include kernel 2.6.5, Gnome 2.6, KDE 3.2.2, Mozilla 1.6, and the GIMP 2.0. The default desktop is Gnome, which is fine with me. If you’ve never used it, Gnome 2.6 takes some getting used to. To explain, Nautilus, the file manager, is now “spatial”, focusing more on drag & drop and productivity. In a nutshell, each folder opens a new window, and files open in their respective applications rather than opening within the file manager. At first, I disliked this “spatial” UI, citing that it felt too much like Mac OS 9/Win95 for me. But, it is slowly growing on me. The best part is that switching back to the older “browser-styled” navigation scheme is easy. Simply fire up GConf (Fedora -> System Tools -> Configuration Editor) and browse to /apps/nautilus/preferences. Now check “always_use_browser”. Voila, you are now back to the old style. /* If you had any windows open, you may have to re-log in to Gnome for the changes to take effect. Also, you can fire up GConf at the terminal by typing $ gconf-editor */

Gnome 2.6 Always use browser Spatial

One of the first things I do on any Linux install is add my user name to the /etc/sudoers file. It’s a good idea to do this, because then you can execute the sudo command to make changes outside your home directory instead of running as root in the terminal. Coming from an OS X background, this makes sense to me. Fire up your favorite editor (nano in my case) and proceed as follows:

$ su
[enter your root password]
# nano -w /etc/sudoers
[now under “User privilege specification”, you should see root ALL=(ALL) ALL. In my case I’ll add brian ALL=(ALL) ALL. Substitute your user name for mine.]
[press ctrl+x to exit nano]
[press y then enter to save changes]
# exit

[EDIT] Since posting this review, I have since learned that adding your username to the etc/sudoers file is a controversial security risk. Perhaps a better way is to investigate ‘visudo.’

Now when you execute a command that requires root privileges, simply add sudo in front of it and give it your user password instead of the root password.

There are at least three ways to update software packages on FC2. The obvious one is up2date, which notifies you of updated packages by changing the blue check in the bottom right of the “tray” into a red exclamation mark. A less obvious, but more powerful method of updating is through yum. Open a terminal, and type:

$ sudo yum update
[enter your user password]
$ sudo yum upgrade

Voila, your system is up to date. You should also be aware that a port of Debian’s apt is also available for Fedora. One of the first things I do on a Fedora install is download and install apt.

Download the rpm, and install it with:
$ sudo rpm -Uvh apt-[package-name].rpm

Once it’s installed, type:
$ sudo apt-get update
$ sudo apt-get install synaptic

Synaptic is a GUI frontend for apt that makes installing software a cinch. Both yum and apt automatically handle dependencies, helping to eliminate the dreaded “RPM Hell.” From what I’ve read, up2date is slowly being phased out in favor of yum or apt.

For legal reasons, FC2 doesn’t come with built-in MP3 support. However, this is easily remedied with synaptic (Fedora -> System Tools -> Synaptic Package Manager). Or type:

$ sudo synaptic

Use synaptic to browse the available packages, and install xmms-mp3 as seen in the picture. You now have mp3 support.

MP3 Support

I like to use my computer as an FTP server,so I set one up using vsftpd. I’ve had no crashes or stability problems. One of my biggest pet peeves about FC1 was that I would occasionally have to activate my NIC (eth0) manually after a reboot. I’m pleased to say that I have not had that problem with FC2.

Positives: FC2 is a stable, reliable, professional distro that will only improve in coming months. There’s a plethora of help available on the web, and it’s easy to find support because it’s one of the more popular distros. I appreciate having the power of apt/synaptic available as well. FC2 feels noticeably faster than FC1, due in part to the nature of the 2.6 kernel. I’ve tried a lot of Linux distros, and for some reason I keep coming back to Fedora. Perhaps I’m just partial to the Bluecurve theme.

Negatives: FC2 does not have as much out of the box support and user-friendliness as other distros, such as Mandrake 10 Official. One has to do more installing and configuring of extra packages, such as the Flash player, and obtaining mp3/java support/3D acceleration. Thankfully, none of this is too difficult. Like its predecessors, FC2 is still only optimized for i386. Perhaps I’m out of line here, but who still uses 386s? More importantly, who would attempt to run kernel 2.6 and the latest KDE/Gnome on a 386? Even though FC2 is noticeably faster than FC1, I would really like to see FC2 optimized for at least i586!

Habibbijan’s recommendation and rating:
FC2 is a fine workhorse of a distro that won’t appeal too much to the Arch/Gentoo/Slackware crowd, but is stable and flexible nonetheless. However, unless you enjoy growing pains, wait a month or two to allow it to mature a bit before installing it. 8.5 out of 10.

10 Must-Have Free Applications for Mac OS X


The following is a list of free applications that greatly enhance Mac OS X at zero cost to the end user. I compiled this list with a few key points in mind.

  • The application has to be free. No shareware allowed. It IS ok if a free application also has a paid version if the paid version has added functionality, similar to AVG Free versus the paid versions in Windows.
  • The application should be relatively easy to use.
  • The application should do a good job at providing some specific functionality.
  • The application gets added points for beauty and elegance. After all, this is OS X.

I want to acknowledge that limiting myself to ten applications was difficult. Therefore, I decided to list a few runners-up at the bottom. I also want to emphasize that the items listed are in random order! All of these applications provide a different functionality, and ordering them by rank is futile and pointless. Finally, this is a subjective list; others will certainly disagree with my choices. I am fine with that. That said, here we go. This is *my* list of ten “must-have” applications for OS X.

—- (In random order) —-

1. Mozilla Firefox

Firefox is a terrific open-source browser that blocks pop-ups and features tabbed browsing. While Safari is also a great browser, Firefox adds a more functional search box, and the availability of themes and extensions greatly enhance its looks and functionality. Want to control iTunes from within Firefox? Done. Want to completely block advertisements (including flash ads)? Done. Firefox also has a slick, “find-as-you-type” search feature.

2. Cyberduck

Cyberduck is a free, open-source FTP client that is also capable of handling sFTP. The “bookmarks” are a nice touch, and it even interfaces smoothly with TextWrangler (see below)!

3. TextWrangler

Once a commercial application, TextWrangler is now free. TextWrangler is a “high-performance” text editor whose sole purpose is to produce and change content, and it excels at manipulating generic text files and source code. Not only does it include FTP and sFTP support, it also interfaces seamlessly with Cyberduck and Applescript.

4. NeoOffice/J

NeoOffice/J is an aqua port of, which includes a word processor, a spreadsheet program, a presentation program, an HTML editor, and more. Because it runs natively in aqua, it uses the same fonts as other OS X applications. While it will not yet suit the needs of those who rely heavily of Macros and scripting, NeoOffice/J will suit the needs of 95% of users. (Aside: I have had a handful of crashes on startup with NeoOffice/J, but it is still impressive enough to make the top ten. This is still “beta” software, and will improve over time at no charge to you, the user.)

5. RsyncX

RsyncX is a implementation of rsync (a Unix tool for intelligently backing up files) that has support for HFS+ file systems and also utilizes a GUI. Use this powerful tool to make backups of selected files to another place on your machine or over a network. You can even use RsyncX to “push” a copy of your booted volume to a networked computer, bless it for either OS 9 or OS X, and then reboot the remote machine.

6. VLC

About: VLC (VideoLAN Client) is an open-source, highly-portable multimedia player for various audio and video formats, as well as DVDs, VCDs, and various streaming protocols. It functions well as a stand-alone media player, but you can also use it as a server to stream in unicast or multicast.

7. Audacity

Audacity is a free, open-source audio editor. While not yet in the same league as the larger commercial applications, Audacity will easily fit the needs of someone who requires a simple, easy-to-use multi-track waveform editor. Be sure to grab the extra packages, such as Lame (for mp3 exporting), the VST-plugin enabler, and the manual.

8. WhatSize

WhatSize is a neat utility that allows you to quickly calculate the size of a given folder, its subfolders, and all files contained within. While it is calculating, you can open subfolders to browse their contents as well. WhatSize also reports information about hidden files and cache files. (Aside: This is one of those slick little applications that you do not realize how much you need until you try it.)

9. BitTorrent

BitTorrent is a tool used for distributed file sharing. It works by “seeding” files and tapping into the unused upload bandwidth of any computer running it. To use it, you have to upload while you download; no “leeching” allowed. While BitTorrent can certainly be used for “illegal” file distribution, there are many perfectly legal uses as well, such as downloading various Linux distributions. Use wisely.

10. Handbrake

Handbrake is an easy-to-use, open-source DVD to MPEG-4 (or AVI) converter. It can encode directly from DVDs or from VIDEO_TS folders. It also supports 2-pass encoding, picture deinterlacing, cropping, and scaling. It encodes audio in either AAC, MP3, or OGG formats.



The GIMP (GNU Image Manipulation Program) is a powerful image editor. Though not quite on the level of Photoshop, the GIMP is a “creme- of-the-crop” open-source application that will easily suit the needs of all but professional graphic artists. The only reason that GIMP did not make the top ten is that it has to run in X11 as there is not (to my knowledge) a native aqua port, and this may cause confusion for people who do not have X11 installed.

Adium X –

Adium X is an open-souce, multi-protocol instant messaging client that is based on GAIM. It looks similar to iChat, but allows you to connect to different IM services from within one application. It is a “must-have” for those who like to chat. (Aside: I did not include this in the top ten because I do not really like to chat. Yes, it is personal. After all, this is an opinion piece.)

SoundFlower –

SoundFlower is an open-source audio system extension that allows you to “pipe” audio from one application to another easily. Once installed, SoundFlower simply shows up as another audio device. One example of a use for SoundFlower is to record streaming audio from iTunes into Audacity. I did not include this package in the top ten simply because most people would not have much of a use for it. Also be sure to check out “soundflowerbed.”

Blender –

Blender is an open-source 3D graphics creation suite that includes modeling, animation, rendering, post-production, realtime interactive 3D, and game creation, all in one package! You have really got to see it to believe it. While extremely impressive, this package did not make it to the top ten because of the rather steep learning curve. There are lots of great tutorials available on the web site though.

3ivx D4 –

While 3ivx is more of a codec toolkit than an application per se, it is important enough to include on OS X. Not only does 3ivx allow you to decode most MPEG-4 files, it allows you to encode video MPEG-4 at a higher quality and with higher compression than Apple MPEG-4. 3ivx is completely compatible with Quicktime and Quicktime- compatible encoding applications. The only problem is that it may have some issues playing certain AVI files. Though you can download a separate application from them to fix this playback issue, it is enough to keep it from the top ten.

MacTheRipper –

This is an open-source DVD ripper that has the ability to remove CSS encryption. That said, it is intended for use on DVDs that you actually own. It works perfectly well, but due to speed issues it did not make the top ten, though perhaps that is not fair. Ripping the same DVD on my “less-beefy” PC only took one-third the time, and this may be an optimization issue with OS X or with my Superdrive, and not necessarily with MacTheRipper.

—- Brian Bondari —-
Copyright 2005

Windows Security Guide

Update: though much of this guide is still relevant, some parts are outdated. This guide is in need of an overall revamp, which might happen soon. If you have any suggestions, feel free to comment. May 2007


The following are recommendations for securing and using your Microsoft Windows operating system, compiled from years of use and observation. In a nutshell:

  1. Use common sense.
  2. Use and update antivirus software.
  3. Run Windows Update service frequently.
  4. Use a browser other than Internet Explorer.
  5. Use a software firewall.
  6. Scan for Adware/Spyware.
  7. Run as a “limited” user.
  8. Know what’s on your system.
  9. Probe your ports.
  10. Alternatives.
  11. Make backups.

1. Use common sense.

Rule number one of internet security: What you don’t know CAN hurt you. Due to the massive popularity of Microsoft Windows, and its inherent insecurity, it pays to be in control of your PC, not the other way around.

The internet is full of malicious people and programs, who want nothing more than to scam you or break into your computer. Ever received an e-mail from eBay, PayPal, or a bank asking you to “confirm your account” by entering passwords, credit card numbers, or social security numbers? It’s a scam, and if you comply, you’re almost guaranteed to become a victim of identity theft. Be smart. Question everything.

Ever received a virus as an e-mail attachment? Sure, we all have. Sometimes I receive several in one day. NEVER open an e-mail attachment unless you KNOW what it is, and why it was sent. Your friends are not immune. Don’t open an attachment just because it came from a friend. Many viruses masquerade as patches sent from Microsoft. News flash: Microsoft does NOT send patches via e-mail. Delete it immediately if you receive one.

Use Outlook or Outlook Express? Be especially careful. Many people humorously dub “Outlook” as “Lookout” because the majority of e-mail viruses target the soft underbelly of Outlook. If you use Outlook or OE, be sure to disable the “preview pane” under the “View” menu. This way, an infected attachment will not automatically execute when you click that e-mail message.

2. Use and update antivirus software.

This is critical. Running a Windows operating system on the internet without antivirus software is comparable to swimming through shark-infested waters with an open wound. Just as importantly, make sure you UPDATE the antivirus software. New viruses come out everyday, and antivirus software is only as effective as its latest virus definitions. Most new antivirus software comes with either an “automatic” or “scheduled” update feature. Know what you have and verify that it’s working!

Inevitably, the “What antivirus software should I use?” question arises. The answer is that it doesn’t really matter. Most people use and recommend big names like Norton or McAfee, but these are not the only options. You don’t even have to pay for antivirus software. My favorite free programs are AVG [], Avast [], and Antivir []. No matter what program you use, never install more than one antivirus program.

[KU specific: KU has a site-license with Sophos antivirus, which means that students, faculty, and staff can download and install their software for free. See for more information.]

3. Run Windows Update service frequently.

This is equally as critical as running antivirus software. New vulnerabilities are discovered frequently in Windows operating systems, and it’s important to patch those vulnerabilities as quickly as possible by visiting the Windows Update web site. One way to do this is to launch Internet Explorer, click the “Tools” menu, and click “Windows Update.” Make sure to install all of the “Critical” updates, but scan through the “Recommended” updates as well.

If you use Windows XP, you can set your system to automatically download and install updates at a time you specify. Right-click on “My Computer” and then click “Properties.” In the new window, click the “Automatic Updates” tab. Click the radio button for the option to download and install the updates everyday at a specific time. Choose your time, and click OK. Hint: Make sure your computer is usually on at the time you specify.

If you use Microsoft Office, you should also check for security updates. []

4. Use a browser other than Internet Explorer.

Most people equate “Internet Explorer” with the Internet, and this is a crying shame, because IE is a terrible web browser with a horrendous security record. Do you like pop-ups? No? Then don’t use IE. Some forms of spyware can automatically install when you visit malicious sites with IE. IE is also easily “hijacked” by malicious programs.

There is also a moral implication involved here. In a nutshell, there is a group called the World Wide Web Consortium [] that sets standards for how web browsers should behave and render HTML (the “code” behind web sites). Microsoft has completely ignored w3c, deciding instead to set their own standards. This has lead to a schism in web design, in that some designers code exclusively for IE, and others code for standards-compliant browsers.

My favorite alternative browser is called Firefox []. It’s free, it supports tabbed-browsing, it blocks pop-ups, and it is standards-compliant. I strongly suggest that you try it. The only reason to use IE is for Windows Update, since Microsoft does not support browsers not based on the IE-core (big surprise).

5. Use a software firewall.

A software firewall serves two purposes: It prevents unauthorized access INTO your operating system, and prevents information from LEAVING your operating system without your permission.

Without getting into too much detail, most attacks from outside come through “ports.” If your computer is behind a hardware firewall (such as at a major university or business), most ports should automatically be blocked. A software firewall provides an added layer of protection against port attacks.

Some Windows software loves to “dial home” to Microsoft or another company and report information about your computer and surfing habits. Sometimes this is justified, but sometimes it’s downright unnecessary and should be considered a violation of privacy. A correctly-configured software firewall will allow you to determine what information is sent from your computer into the unknown. Remember, your computer is not a television. Information travels both ways.

My personal favorite software firewall is called ZoneAlarm []. You can download a free version, or you can try a demo for a paid version. If you think you may be behind a hardware firewall, or are part of a larger network of computers (such as at a major university), contact your system administrator about the necessity of a software firewall. The sys admin may also have recommendations for the configuration of a software firewall.

[For advanced users: If you are feeling savvy, disable unnecessary Windows services. For a terrific guide on what services are running, their descriptions, and whether or not to disable them, visit Black Viper’s site []. Read it, decide what to disable, and lock down your system.]

6. Scan for Adware/Spyware.

If you use Windows, you need to know about Adware and Spyware. Adware is usually pretty harmless, but sometimes annoying. It usually comes bundled as third-party applications with freely downloadable programs, such as KaZaa. The purpose of Adware is to display advertisements, often in the form of annoying pop-up windows. When you installed that free screensaver program, did you actually read the license agreement? No? Congratulations! You’re now infested with Adware.

Spyware is much more serious. This includes programs that read “cookies” (text files with information about your surfing habits), key loggers (programs that record every key you press – Logged into a bank account recently?), and other malicious programs that I generically refer to as “internet flotsam.” Again, did you actually READ the license agreement when you installed that fancy cursors program? Collectively, too much adware and spyware can slow even a fast computer down to a crawl.

To exterminate Adware/Spyware, download Ad-aware [] and/or Spybot []. Update them, and run them at least once a week. You’ll be surprised at what they catch. Be careful about what you delete with these programs. Some ‘free’ programs (mainly file-sharing programs) will not function properly after their adware is removed. Still, I recommend that you delete everything they catch and then uninstall the offending programs. Be smart about what you install in the first place, and you won’t have too many problems of this nature.

7. Run as a “limited” user.

The default user in Windows XP is called the “administrator.” Newly-created user accounts have administrative privileges by default. This means that you can install software, delete the Windows folder, format your hard drive, and do just about anything else that you want. If you get infected by a virus, it can also do whatever it wants without asking your permission. This is a major reason why almost all viruses target Windows.

An often-neglected, but excellent security measure is to do your daily tasks as a limited user rather than an administrator. Limited users are prohibited against installing new software, they cannot access protected system files, and generally are protected against doing something stupid or allowing someone/something else to do it for them. This means that a malicious program will do drastically less damage under a “limited” user account.

To do this, simply go to the Control Panel (Start — Settings) and select “User Accounts”. Click on “Create a new Account”, give it a name, select “Limited User”, and assign a password. You may need to copy your documents into the “Shared Documents” folder or into the “My Documents” folder of your new profile (generally found in “C:\Documents and settings\your_username\My Documents” Then log off and log on to your new limited account and give it a whirl.

If you need to install new software or make major changes to your system, simply log out and log back into your original account. Note: Some older software may not work well under a limited account. Your best bet is to set up a limited account and try it.

Hint: If your computer has already passed through the hands of a capable systems administrator, this should not be a concern for you.

8. Know what’s on your system.

If you have followed my advice so far, you are already more secure than 95 percent of Windows users. However, there are still more things that you can do.

By default, Windows hides file extensions for known file types. While this may seem convenient, it can present a security concern. Malicious programs frequently take advantage of these hidden extensions by fooling the user into thinking it’s a different type of file. For example, you open a text file on your desktop called “patch.txt.” The next thing you know, a window opens that reads, “yuo just been pwned by l33t hax0r!” Then your hard drive is erased. Whoops! What you did not know was that the “patch.txt” file was actually an executable called “patch.txt.exe,” but Windows hid the last part from you because it was a “known file type.”

To disable this “feature,” open any folder, such as My Documents. Click the “Tools” menu, click “Folder Options,” and then click the “View” tab. Look down the list until you see a checkmark labeled “Hide Extensions for Known File Types”. Remove the check from that box. Windows will now display ALL file extensions, placing you in the driver’s seat.

9. Probe your ports.

Now it is time to test your fully patched system. Even if you think you are fully protected, new vulnerabilities are found almost daily. It pays to have constant vigilance.

Remember the “port attacks” mentioned under item five? Let’s see how secure your operating system is. Open a web browser and surf to This is a site maintained by a security guru named Steve Gibson. Click on “Shields Up!” Scroll down to “Hot Spots,” and click on “Shields Up!” again. Click on “Proceed” and then select “All Service Ports.” Wait a few minutes while you watch the ensuing test. Green results are best, blue is ok, and red means trouble, unless you know what you are doing (such as running a web server). Ideally, you should have all green results.

You can test your antivirus software by downloading the EICAR test virus []. Note: This is not a virus, but merely a test file that your antivirus software should recognize as a virus. Try to download the file to your hard drive. If your antivirus software does not catch it, check the settings to make sure it is actively scanning files. If your software still does not catch it, try different antivirus software ASAP!

10. Alternatives.

I have already mentioned an alternative to Internet Explorer, but there are also alternatives to other widely-used Windows programs. For example, I strongly recommend using a different mail client over Outlook due to security reasons mentioned under item one. Thunderbird [] and Eudora [] are excellent (and free) alternatives.

Would you like a free alternative to Microsoft Office? Try OpenOffice [].
How about a free instant messaging client with no advertisements that is compatible with AIM (Oscar and TOC protocols), ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu, and the Zephyr networks? Try Pidgin [].

If you have made it through this entire guide, and feel utterly disgusted and overwhelmed about Windows security, you should at least know that there are also alternatives to the entire Microsoft Windows operating system. Mac OS X [] and Linux [] are two alternatives. Neither are without flaws, but both have a more strongly implemented security policy than Windows.

11. Make backups.

No matter what operating system you use, it is critical to back up your data. There is no excuse not to have backups. Your hard drive could die. Your computer could be cracked by an unscrupulous person. You could get a destructive virus. There could be a flash flood. Do I make myself clear?

There are several methods of creating backups. Is your computer capable of “burning” CDs? If so, purchase some CD-R or CD-RW discs and back up your critical data. Remember to keep those discs in a safe place. You could also consider purchasing an extra hard drive (internal or external) for data storage. Most newer computers are now capable of “burning” DVDs. If you are lucky enough to have one, this is an excellent method of backing up data, as DVDs have considerably more storage space than CDs.

Are you on a network? If so, you might be able to store critical data on a server. Speak to your network administrator for more details.

[KU specific: You may be able to back up data to a network file server. Open “My Network Places” and view your workgroup computers. Look for a computer with your department name. For instance, if you’re located in Murphy Hall, connect to the MUSIC_DANCE server. Enter your username and password. If successful, you can then save files to the server. Contact your local administrator if you need assistance.]

If you made it through this guide, you are well on your way to a more secure system. Remember that no computer is invulnerable, and it is important to always be aware of new security vulnerabilities. After all, the safest computer is one that is disconnected from the internet (or at the bottom of a landfill).

—- Brian Bondari —-
© 2004

Going live…. will soon make the switch from my personally-hacked together code base to using WordPress as its foundation. While I’m somewhat sad to be “graduating” from my personally-written HTML, CSS, and PHP, working with WordPress will make maintainance and integration much easier.

I’m also switching web hosts in the process, so we’ll see how long this takes. See you soon.

Arch Linux Tips

I’m a recent Arch Linux convert. I appreciate the quickness of install and the ease of Pacman. Yet I had a few slightly annoying issues configuring my system that I would like to address here. For the sake of reference I’m currently using kernel 2.6.10 and uDev.

1) Blacklist ‘pciehp.’

Upon first boot, I noticed that there was an error loading the ‘pciehp’ module. This did not cause a problem for me as I have no need for PCI hotplugging, but it added a few seconds to the boot time. There are two ways to solve this problem. One way is to recompile the kernel and leave out the ‘pciehp’ module. The faster way is to add ‘pciehp’ to a list of blacklisted modules. Edit “/etc/hotplug/blacklist” and add the offending module name to the list.

2) Use “/dev/input/mice”

After I installed xorg (pacman -Sy xorg), I ran ‘xorgconfig’ to configure it. Once finished, I found that every time I tried to start X my machine hard locked. I could not kill X or switch to a virtual terminal. Needless to say, this was frustrating beyond belief. After extensive “googling,” I suspected that my mouse settings were incorrect. If you accept the default location for the mouse (/dev/mouse) and you’re using uDev instead of devfs, this will probably happen to you as well. I suspect that this is an issue with xorg and uDev in general and not just with Arch, but what do I know? I DO know that specifying /dev/input/mice instead of /dev/mouse solved my problem.

3) Rip CDs as a user.

After installing Grip (pacman -S grip), I tried to rip a CD as a regular user. No go. Even though I specified the correct path to my CD-ROM (/dev/cdroms/cdrom1), Grip failed to initialize the CD. However, if I ran Grip as root, it found the CD immediately. This led me to believe that it was a permission problem. For the record, here’s my ‘/etc/fstab’ entry for the CD-ROM:

/dev/cdroms/cdrom1 /mnt/cd iso9660 ro,user,noauto,unhide 0 0

First I made sure that I my user was in the ‘audio’ group (/etc/group), and then I checked the permission number of my drive (/dev/cdroms/cdrom1). It was 777, so I stewed in fury for a while. Finally, it dawned on me that “/dev/cdroms/cdrom1” was just a symbolic link to “/dev/hdd,” and the permission number for hdd was only 660! I changed it to 664, and commenced ripping of CDs as a regular user. I should have caught that sooner, but it drove me crazy for a while.

[EDIT] I’ve learned that changing permissions this way for udev only results in a temporary change. It resets if you reboot / restart uDev. To fix this permanently, it’s easier to create a special permissions file called “/etc/udev/permissions.d/00-myrules.permissions”. Then add at least the following lines to this file:

# disk devices for having access to audioripping and burning

Please see the section on “modifying permissions and rules” at this location:

4) Fix Blender’s startup problem.

Here’s another small issue. When starting Blender, I promptly received an “ERROR: File .blanguages not found” message. This is not a big deal, as the program still ran, but it got on my nerves. To fix it, you need to copy the “.Blanguages” file from “/usr/share/blender/” to your home directory.

$ cp /usr/share/blender/.Blanguages ~/

Now when you start Blender, you won’t receive that error message. Be sure to do that for each user. For more information, please see this article.

5) Get the latest version of Fluxbox.

If you wish to use Fluxbox on Arch, I suggest that you grab the development version (currently 0.9.11) instead of the older, “stable” version (0.1.14). The “development” version is much more feature-rich, and yes, it is “stable” as well. However, the latest version of Fluxbox is in the “unstable” repository. Here’s the process I used to get it. Of course, this will change when this version is officially declared “stable.”

Edit your “/etc/pacman.conf” file. Un-comment the following line:
Include = /etc/pacman.d/unstable

Open a terminal and type (as root):
# pacman -Sy fluxbox-devel

You should now have the latest version of Fluxbox. If you wish, add a comment to the “unstable” line of “/etc/pacman.conf” again. Enjoy.

Hint: You can use Pacman to search for the name of a package before you install it. For example, if I want to install Firefox but don’t know the official name of the package in the repository, what would you do?

In Fedora you would type: “apt-cache search firefox” or “yum search firefox”
In Gentoo you would type: “emerge search firefox”

In Arch you type: “pacman -Ss firefox” (without the quotes)

This drove me crazy until I learned how to do it.

I hope that helps/prevents others from having the same problems.
Arch Install Guide
Arch HowTos

—- Brian Bondari —-