How To Subscribe and Unsubscribe is at the end of this note. Mailing List Trouble? See http://langa.com/help.htm
Questions about the advertisers? See the end of this note. Please also see legal notices at the end of this note. LangaList: ISSN 1533-1156

Please recommend the LangaList to a friend! (And maybe win a prize!)

An easier-to read formatted HTML version of this newsletter is available
<a href=" http://langa.com/newsletters/2005/2005-01-27.htm ">here</a>

The LangaList
Standard Edition

2005-01-27

A Free Email Newsletter from Fred Langa
That Helps You Get More From Your Hardware, 
Software, and Time Online

Please visit our sponsors and help keep the LangaList S.E. free!

1) Erased "Tracks" Come Back

Fred, Enjoy Langalist Plus and rely on it to help me maintain a healthy and safe computer. I have used System Restore a number of times to fix problems. It's a great tool.

I used  Microsoft Antispyware (Advance Tools - Tracks Eraser) to eliminate some files. I then used System Restore to see if it would restore them. It did!  Does this mean that spyware can be reinstalled by anyone who gains access to System Restore on your computer?  If so, what value does the Antispyware erase feature really have?

Also, with System Restore enabled, are all files "backed up" or do I need to use the Windows Backup feature as well? Will appreciate your help, John Caggiano

Your history files, cookies, "most recently viewed" and other lists are just files, John, so yes: If they're backed up and then restored, the history, cookie, tracks, etc. will also come back. What's more, if your backups contain a virus, worm, trojan, spyware, or other malware, and you then restore the infected backup, you'll also be restoring the infection.

This seems to be more of a problem with tools like GoBack and System Restore, which are always on, and so may store bad or infected copies of important files. In contrast, with full-blown backups, you can schedule them to run only after the system's been cleaned, scanned, and proven itself malware-free. That way, your backups will be clean, and you can restore without worrying about bringing back something you thought you'd gotten rid of! <g>

Tools like GoBack and System Restore are lightweight forms of protection anyway; they are *not meant* to function as your mainline backup app. They're really more like a form of glorified unerase--- very useful in their own way, but also very limited in what they can do. So, in answer to your second question, yes, you really need a full-blown backup too.

Please see "What About 'Go Back' and 'Restore' Tools?" ( http://langa.com/newsletters/2001/2001-12-03.htm#1 ; and our standard reference on optimal backup strategies: http://langa.com/backups/backups.htm

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

--- ( Your Clicks On Ad Links Help Keep The LangaList S.E. Free! ) ---

"Dear Fred, Just wanted to let you know why I (finally) subscribed to
the Plus! edition. I have been a long time reader of the standard
edition, and had really been intending to upgrade for ages. In the latest
free edition, you made a comment about a hard drive needing around 15%
free space to defrag. Now, just a few days earlier I had found this out
the hard way... This is not the first time your comments have been
topical however, just off the top of my head, a few months back you
solved the mystery of the scrollbar issues that came up after a windows
update. Of all the newsletters I subscribe too, and there are quite a
few, yours is my favorite, something I always make time to really pore
over.... With all the talk about hackers and virus writers and scammers,
it's nice to know there are some good guys online!" --Craig Lee Asbury

Thanks, Craig!

The LangaList Plus! Edition is ad-free, spam-proof,
and carries even more content--- tips, tricks, advice, downloads---
than the Standard Edition you're now reading, and for just pennies an issue!

Once joined, you can renew your annual subscription for even less!

Get all the details:
http://langa.com/plus.htm

--------------( the above is an advertisement )--------------

2) More On Spyware Hype Vs Real Threats

I kinda knew that "Spyware Hype Vs Real Threats" ( http://langa.com/newsletters/2005/2005-01-24.htm#3 ) would generate mail. Here's one of the gentler responses:

Hi Fred, Thought you might be interested in this:
http://forums.about.com/ab-windows/messages?msg=17526.1
Some knowledgeable people have taken issue with your stance on anti-spyware software. ---Louis

For example, one of the posters said "It is true that tracking cookies are only plain text and thus harmless. They are not a security threat but they are indeed an invasion on privacy. But Ad-Aware and Spybot do much more than track down cookies...."

That's mostly true, and that's why I recommend Ad-Aware and Spybot, among other tools. But the question I was answering in "Spyware Hype Vs Real Threats" was not about malware threats in general, but very specifically about tracking cookies and web bugs.

The overwhelming majority of cookies *are* utterly harmless. But that doesn't mean (and I never said) "stop using your security tools" or "all online threats are imaginary" or "no cookie has ever caused a problem." What I said was not to worry when your security tool bleats when it sees a "tracking" cookie from a reputable site: Almost always, it's nothing to be concerned about: Odds are, the cookie is just counting noses, or visits, or something equally benign.

Here's what most of the anti-cookie fanatics are forgetting: In most cases, a cookie can only contain information that YOU PROVIDED. For example, if you fill out a form on a web site and add your name, address, shoe size, pet's name, and favorite American Idol star, that information can (theoretically) be stored in a cookie. But if you don't give the site any information, all the site really knows is that you showed up at a certain time from a certain address, clicked around (or not) and left a while later. That, and generic software compatibility information provided by your browser, is all you gave the site, through your clicks, and so that's all the site can store in any cookie.

The idea that cookies "invade" your privacy is plain paranoia. A cookie can only contain what you told the site. How can it be an invasion if YOU voluntarily provided the information?

Some of the irrational fear of cookies dates back to several years ago when there was a rash of cases where unscrupulous site operators or groups of site operators gathered private and personal user info under false pretenses and then used that info, sometimes combined with other info the users entered on other sites cooperating in this scam, for spamming and such. The actual evil was in the fraudulent information-gathering (via normal fill-in-the-blank forms) and misuse of the private customer data.

Oddly enough, the cookies were actually kind of a hero in the story, because it was through examining the plain-text cookies that users discovered that sites were doing things with their data they didn't really need to. But somehow, cookies got the bad rap, instead of the fraudulent information-gathering that was the real problem. Blaming cookies is kind of like shooting the messenger; but people did.

That kind of scam has mostly stopped--- though others certainly persist. Today, overt "phishing" and other scams are far more lucrative for the ethically challenged than is playing with cookies; and malware and other active data-mining worms, viruses and trojans are a much greater threat to privacy and security than passive, plain-text cookies are or ever were. Some of these malware nasties do use cookies as part of their operation, but again, the problem isn't the cookie--- it's the malware that's creating the cookie. These far more serious malware threats do require constant vigilance, which is why we discuss security in almost every issue of this newsletter. But in guarding against the high-order, serious threats, you automatically guard against the low-order, low-risk threats. Cookies, per se, simply aren't that big a deal.

In any case, it's easy to guard against cookie abuse: Use the basic security tools we repeatedly recommend (e.g. see the list in this item: http://langa.com/newsletters/2005/2005-01-20.htm#2 ), and know the sites you're dealing with. The movement for sites to post a clear "Privacy Policy" was, in fact, a reaction to the early information-gathering abuses: Today, sites that behave honorably and ethically will have a clear, no-nonsense policy stating exactly what information they do and do not collect, and what they do with any such information. (You can see the Langa.Com privacy policy here: http://langa.com/privacy.htm ). A posted privacy policy is a form of contract--- a legal promise by the site to behave as they say they will.

If a site lacks a clear Privacy Policy, or if the policy contains items you think are not in your favor, take your clicks elsewhere: There are plenty of other sites online, and there's no need to do business with a site that seems shady or sleazy in any way. If you leave a site without having provided any personal information, the security risk is essentially zero--- the site can't know anything important about you. In short: You're safe.

When you think it through, you'll see that cookies, per se, simply aren't much of a problem any more. They're very low-order threats, easily managed; and, when so managed, are almost always completely harmless.

Keep your security tools up to date and deployed; use caution in what sites you give information to; and you'll be fine. Common sense, really.

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

3) Hosting Follow-Up: One Year Later

Almost exactly a year ago, I moved the Langa.Com site to http://www.trkhosting.com/ ; an affordable, high-quality web hosting service. The owner, Tom Koch, is an extremely knowledgeable guy who's bent over backwards to keep the Langa.Com server humming--- not an easy task, given the huge mail load that flows through the server, and the feast/famine cycle caused by the twice-weekly appearance of this newsletter.

There have been glitches--- there are with any web host--- but I've never seen anyone work as hard to make things right as does Tom. He's the diametric opposite of the lazy, bored, disaffected techs you so often run into at hosting sites.

If you're unhappy with your current web host, or even if your just getting started with a web site (Tom also has free tutorials for people just getting into web hosting), check it out: http://www.trkhosting.com/ . Highly recommended!

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

4) Spamproof Your Main Email Address

Fred, More and more web sites on the Internet require first-time visitors to "register" or "become a member" before being allowed access to the entire site.  The registration process usually requires the user to fill in a series of blank fields with personal information, including ones e-mail address.  Invariably, after clicking on the "submit" button, a message informs the applicant that an immediate reply will be sent to the e-mail address included in the registration.  This reply serves two purposes.

(1)  It includes the new user's password.  (2)  It (hopefully) precludes fraud by insuring that the person registering is really who they say they are -- that no one else is using your e-mail address to sign you up for a place you don't want to go.
 
The concept is fine -- until the junk mail begins to pour in.  Apparently, some web sites sell or make their client lists available to advertisers.  On a bad day, junk mail can outnumber "real" mail in a typical user's in-box. At some point, many people become so frustrated with the sheer volume of advertising in their in-box that they change e-mail accounts, as a form of escape.  But why should they have to go through this inconvenience?
 
Here is my personal solution.  My PoP3 e-mail account allows multiple addresses.  For example, I use one for "pure" correspondence with family and friends, and I employ a second address as a link on my personal web site -- to screen incoming messages from "wierdos."  I have also set up a third address named "junkmail" that I use whenever I "join" a new web site or register a recently purchased piece of computer hardware or software.

Let's face it, we are not dealing with a human being on the other end but rather a form of artificial intelligence.  It doesn't recognize the irony in my e-mail address.  It only cares that the address contains proper format and that I receive and use my password. 

Later, when the junk mail begins to arrive, it goes not to my personal e-mail account but rather to my specially designated "junkmail" account. I access this account occasionally -- at my convenience -- and purge it without concern for content.  After all, it's all junk mail.  When traffic for this account becomes too heavy, I simply delete the account and create a new one named, for example, "trashcan" or "dumpster."
 
This process can go on forever, but the end result is the same: my "pure" correspondence e-mail account remains virtually free of unwanted advertising or other intrusions.
 
All the best, Ron Karpinski

Having targeted mailboxes for different purposes is a good idea, Ron, and one I use myself. Most ISPs allow creation of at least a handful of mailboxes, if only so different family members can share the same account. But instead of (or in addition to) family members, you also can create a catch-all mailbox whose address you can give out to outside sites and persons on unknown trustworthiness, reserving your "real" email address for friends, family, and trusted email contacts.

If your ISP doesn't allow enough mailboxes for your needs, you can sign up for an inexpensive web-hosting plan from a reputable web host (see previous item). Most low-end hosting plans cost literally only a few dollars a month, and usually provide many, many email accounts--- all you'll need for near-total control over your email. Plus, you can have an email address with your own name in it--- like "fred@langa.com" instead of an AOL, EarthLink, Netscape, or other ISP name in the address.

In any case, multiple mailboxes are a great way to pre-sort your inbound mail, and to help prevent spam from flooding your "real" address.

(P.S. See the discussion on site Privacy Policies in #2 above; if a site is going to sell or give away your address to others, the Privacy Policy should clearly state so. This gives you a chance to bail out of registration on any site that clearly going to spam you....)

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

5) "Security Task Manager"

Hi, Fred!  Got a question for you. http://www.neuber.com/taskmanager/index.html - This link is to a site for a program called "Security Task Manager." If it's good, it should be very good. Is it legit, and safe to use?  Thank you! ---Sharon Brown

That was a new one to me, Sharon, but the buzz on Usenet is almost totally positive, and the tool looks good to me too, in the short time I've used it.

A couple of caveats:

Like many anti-malware tools, the Security Task Manager can only recognize software's potential, and not its actual intent: It may flag a totally innocuous tool or process as a security threat merely because it exhibits some behaviors that may also be used by malware. Security Task Manager is clear on this in its explanations, and false positives are a fact of life with this kind of tool, but it may be alarming nonetheless if you're not ready for it. In my case, Security Task Manager flagged 39 processes as potential security threats, one with a rating of 67 (out of 100). Not one of these was actual malware; not one was a true threat. Thus, you need to use great care when interpreting its results.

Second, it's not cheap. You get a 30 day free trial, but it's $29 thereafter. If you're using the other free and low-cost anti-malware tools we've repeatedly recommended (see the most recent list: http://langa.com/newsletters/2005/2005-01-20.htm#2 ), the odds of getting infected are low to begin with, so paying $29 for Security Task Manager seems a little steep, since it's probably not going to find anything.

But your mileage may vary. And to answer you directly ("Is it legit, and safe to use?") I believe the answer is yes.

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

6) Last Week To "Recommend And Win"

At the end of the month, January 31, I'll choose another monthly winner of one of three FREE ONE YEAR SUBSCRIPTIONS to the LangaList Plus! edition given each month. (If your name is drawn and you're already a Plus! subscriber, your current subscription will be extended by a full year.)

To have a shot at winning, just use the following link to recommend the LangaList to a friend. Your friend just may find a new source of useful information; I just may gain a new subscriber; and you just may win a FREE ONE YEAR SUBSCRIPTION! (Full details also available via this link): http://langa.com/recommend.htm

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

7) Linux Backup, In Detail

We discussed the basics of Linux backups in http://langa.com/newsletters/2005/2005-01-13.htm#7 . Here's deeper information:

Fred: A reader asked about Linux Backup solutions. Slashdot has a good article about different solutions. http://www.newsforge.com/article.pl?sid=05/01/12/0320230

I personally use rsync to backup my home directory to a remote server (at my home) from college. This can be done via

rsync -a /home/<username> <username>@<remoteserver>:/path/to/backupdir

or to another disk in your computer

rsync -a /folder/tobackup /destination/drive

Other people I know use a slightly more complicated way of backing up their computer, they use CVS to keep every version of every file ever created. ---
Stefan Georg

Thanks, Stefan, and to David J Snyder, who sent in a pointer to the same article just a few hours after Stefan did!

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

8) They Loaded The Code

Do you have a home page or website? (It doesn't matter what size.) Please click over to http://langa.com/code.htm , and maybe you can join the hundreds and hundreds of LangaList readers who have "Loaded the Code!" (If you've already "Loaded The Code" and are wondering if your site will appear here or on the Langa.Com web site, please see http://langa.com/link.txt )

Speaking of which: Here's another eclectic sample of reader sites--- some professional, some very personal:

View A Randomly-Chosen Reader Site
http://langa.com/randomlink.htm

Manually Browse All Posted-to-Date Sites Starting At
http://langa.com/readersites.htm

Legal Assistance for Whistleblowers
http://www.blowthewhistle.com

Mike Cutmore's Site
http://macutmore.diaryland.com/computer.html

Ingersoll Genealogy Research
http://www.Ingersoll.net

Veterans Resources Network
http://www.valaw.org

Digital Brian's Website
http://www.rwired.com/

metasite, sw us focus
http://swopnet.com/

nostalgia website
http://www.doyouremember.co.uk/

superstar superstore
http://superstarsuperstore.biz/index.htm

Conestoa College Software Engineering Technician Sites
http://www.conestogac.on.ca/set/relatedSites.htm

staruks net
http://www.staruks.net/

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

9) Dead Drive, Lost Files

Hey Fred! I have a question that I'm pretty sure you can help me with... I recently backed up everything to my brand new external usb 2.0 HDD and deleted the data on my PC. Unfortunately my external drive died on me and now I'm trying to retrieve the data off of my computer's internal drive...

Is there any software or solution that you can recommend for me? thanks... Kevin

The key to recovering the lost data is not to do anything more to the disk; once the stuff gets overwritten, it gets harder and harder to recover. If nothing's been done to the disk, you may be able to recover everything--- 100%.

Ideally, you'd want a tool that lets you boot from a floppy or CD. I used to use the old Norton DOS utilities for this sort of thing, but with the rise of NTFS, DOS-style tools have become less useful (DOS can't see or access NTFS natively). Fortunately, there now are many, many other tools available:

Depending on what you did to erase the old data, the keywords you need to look for in a recovery product are

undelete
unerase
unformat
unfdisk

A Google search for the free options shows a ton (see below); and the ad bar also shows many commercial options as well. But again, the less you've done to the disk, the better the odds of recovery:

http://www.google.com/search?q=unformat%2Bfree
http://www.google.com/search?hl=en&lr=&q=unerase%2Bfree
http://www.google.com/search?hl=en&lr=&q=undelete%2Bfree
http://www.google.com/search?q=unfdisk

(Note: This also is one of the reasons why I advocate burning a disk image to CD or DVD. It's nearly bulletproof, and could have had you back in business in half an hour or less.... See #1 in this issue for more information.)

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

10) Just For Grins

Fred: I vaguely remember seeing this one before, possibly as a Hot Spot item.

But in any case, do you have any idea what they are doing with this? The odd thing is that it seems to work... at least a good part of the time! And there is simply no reason why it should. The results are too consistent to be random.

You have every right to ignore this, but my curiosity...
http://www.niehs.nih.gov/kids/mindread/psychicSparkle.swf
---Joe Young

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

11) Plus! Edition Highlights:

• Store Data On Digital Video Tape?
     (here's how; and an alternative)
• New Info On An Old Problem
     (Microsoft updates Defrag/Scandisk hang info)
• Changing Dialog Box Size
     (it can be done, sort of...)

DID YOU KNOW that Plus! subscribers have access to over 100,000 additional words in special features, extra content and private links, all on a private web site? All that, plus 30% more content in every issue, for around a dollar a month!

Full Plus! Edition info: http://langa.com/plus.htm 

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page