Personal Computing


2012-10-17; Hard Disk Encryption using Truecrypt

Since laptops are stolen very frequently, I wanted very much to prevent a thief from gaining too much data on me or my browsing sessions. Sadly, a lot of applications handle and store PII; Personally Identifiable Information. Your average thief who steals physical hardware probably hasn't the skills or interest in scanning through a laptop hard disk looking for PII to be used in identity theft, but it seems likely to me that some of them would image the hard drive and give or sell the drive image to someone who does identity theft for a living. So I really wanted to use some form of disk encryption. There are a number of ways to go about it, but I ended up repeating the method I used on my Acer laptop. I used the Truecrypt application (www.truecrypt.org) to encrypt the whole hard drive. This method involves the following steps:
  1. Install Windows as desired;
  2. Install the Truecrypt application into the Windows system;
  3. Create a Truecrypt boot password;
  4. Encrypt the whole system disk.

When the encryption process is complete, which took about 6 hours on my dm1z, the system reboots and after running the BIOS program but before loading Windows, the Truecrypt loader demands a password. You enter the password and press the Enter key, and then Windows loads and you are presented with a normal Windows desktop. You can't really tell the system disk is encrypted, aside from the Truecrypt icon in the System Tray. Qualitatively speaking, I can't really tell any performance degradation from whole disk encryption. Benchmark studies I have read online tend to show a typical read/write performance hit of roughly 3-5%.

As I experienced with my Acer laptop, I am happy with this encryption method. If you do some web searching, you'll find a number of web pages alluding to security flaws in Truecrypt. I've looked at many such pages, and the vast majority boil down to attack methods that are beyond the scope of personal computing. While it is theoretically possible for a totalitarian foreign government to break into your hotel room and install a hardware keylogger into your laptop, then later steal your laptop, if you are that important you can afford to hire some hard-core professional security goons to guard your gear. Of course, if you are in a totalitarian country, its a lot easier for the thugs to simply charge you with a crime, haul you off to the stereotypical dungeon, and beat you with a rubber hose until you divulge your password (a method literally termed a "rubber hose attack").

Note that there is really an invisible "Step 0" missing from the above procedure; that of backing up data before starting Truecrypt. I use an external USB hard drive for that. I try to maintain two separate copies of all user data. One copy is always on an external USB hard drive. My laptop data is also copied to one of the hard disks on my desktop machine. My desktop data is copied to secondary hard disk in my desktop machine.

2012-10-17; Hard Disk Reconfiguration on the dm1z-4200

The dm1z came with a 500 GB hard disk, as discussed previously. The drive had HP's standard laptop disk layout, which looked something (not exactly, working from memory here) like this;
It turns out that HP's Recovery DVDs and the Recovery partition will simply not work unless your disk layout is how your device left the factory. I made a bootable USB thumb drive using a bootable image made from the Recovery partition, and it simply would not let me reinstall Windows into a different disk layout. I understand this from a tech support point of view, but PC means Personal Computer, and dammit I need to personalize my computer!

At some point in the future, lets say Q4 of 2013, I'll replace the 500 GB hard disk with a 256 GB SSD. Cloning from a bigger drive to a smaller drive is a huge PITA, so I really really really wanted to impose a partitioning scheme that could be cloned over to a smaller SSD without days and days of pain. Here is the approximate disk layout;
Note that if and when I clone the above layout to a 256GB SSD, the last partition will need to shrink from 348GB down to about 128 GB.

Working with HP's stuff just wasn't going to work. So, I did the same thing I did to my Acer laptop that came with the horrible, justly-maligned Vista operating system; I wiped the hard disk, partitioned it to my liking, and installed Windows the way I wanted it. Since the discs I bought from HP are truly Recovery discs, i.e. they are only able to restore Windows to the factory configuration, I went about things a different way. Note that HP's Recovery utility does allow for a "minimum system install" which is free of most of the bloatware, but you're still stuck with HP's other baggage. It turns out that Microsoft is okay with using an arbitrary Windows installation disc with a legitimate license key. Since the license key on my COA (Certificate Of Authenticity, the sticker on the underside of the netbook with the Windows license key printed on it) is for Windows 7 Home Premium 64-bit, I found an ISO file of that edition online (IIRC, from Digital River, an official Microsoft distributor) and used it for the install. This method works, with the proviso that Windows Activation has to be done using Microsoft's automated phone system. Not quite as convenient as simply clicking a button on a Windows wizard, but its really not too bad.

Note that there is probably a way to restore the disk layout to the factory configuration from the Recovery utility, so that the Recovery utility would then be willing to reinstall Windows, but I wasn't interested in figuring that out.

All partitions were formatted with the NTFS file system structure. In the re-partitioning process, I used a bootable thumb drive with the Parted Magic system on it. Parted is a generic groups of partition editor programs, all descended from Linux parted command. Parted Magic is a "Live" version of a Linux system; Live meaning it loads off of a bootable CD-R or DVD-R and runs entirely within RAM. You can delete, create, shrink, and grow partitions using Parted. I've been using various forms of Parted bootable discs for years and years, with generally perfect results. Note that you may need to choose a generic graphics mode when Parted Magic is booting up.

2012-10-17; The HP dm1z-4200 Netbook

My netbook arrived (in a rather unglamorous and small cardboard box). Much smaller and lighter than I had visualized. Its a pleasure carrying it around, though its so small it kinda slides around in most laptop pouches and whatnot. For general use, I'm getting about 5-5.5 hours of use from one battery, so buying the second battery hasn't been a great investment yet.

Likes:


Dislikes:
As I am prone to running virtual machines with VMware Player or VirtualBox, I added a second 4GB stick of RAM soon after I received the dm1z. It hasn't made a huge difference yet, though I have suspicions that the 8 GB hibernation file is causing a long delay when restoring from hibernation.



2012-08-18; Tablets, Netbooks, and Notebooks, Oh My!

My current newer laptop is a rather dilapidated Acer purchased in late 2007. I've had to repair it a couple of times and it needs another repair to its power jack. Rather than repair the thing again, I finally decided to buy another one. So, I tried to identify my needs and wants.

Must haves:
The closest thing I found was the HP dm1z. The dm1z is kind of a "super netbook". In terms of size, weight, CPU power, etc., it is roughly halfway between a typical netbook and a typical home computing laptop. Some might refuse to call it a netbook, as it comes standard with a hard disk rather than an SSD drive. The one criterion it failed to meet is the need for USB3; it only has USB2 ports. It has a flash memory card reader slot, so if I really need to transfer 50 GB quickly, I could buy an SDXC card (preferably bundled with one of those little card-to-USB3 converter gizmos). I ordered one from HP's online store, as I wanted to add some factory upgrades. I upgraded the CPU, RAM (to a single 4GB board, leaving one slot free for further RAM addition if I need it), hard drive (I upgraded to the smallest 7200 rpm drive available; 500 GB, which should be way more than enough), a 2nd battery pack, and a system recovery DVD.

I stayed with Windows 7 Home Premium, as I do not intend to use any of the features unique to Windows 7 Professional. Windows 8 will be released in late October of 2012, supposedly, at a rather low upgrade price, so I may change over to Win8. The aggravating thing about the HP online store is the wait time; I placed my order on August 16, and the expected ship date is August 27. I don't know if that is the day the thing leaves China, or the day it clears US Customs and leaves the airport in Long Beach or wherever.



2012-08-18; Blu-Ray Movie Playback

I recently swapped in a new Lite-On Blu-Ray burner drive in my home desktop, as the previous HP DVD-RW drive has been showing signs of impending failure. Blu-Ray burners are now in the same price range as DVD burners. I found out, though, that Blu-Ray movie playback is much more complicated than DVD playback. Note that BD-R discs hold about 25 or 50 GB of data, so a Blu-Ray burner is of limited use in backing up data on hard disks. At this point in time, a burner is a "nice to have" for making archival copies of irreplaceable for you to safely store in a safety deposit box, but impractical for much else. Bootable utility discs and operating system installation discs can still be shoehorned onto DVD-Rs pretty easily.

There are two pieces of software needed to watch a typical Blu-Ray movie on your computer; a video player, and a Blu-Ray decryptor. The video player does the same thing that Windows Media Player or other video player apps does; take a digital audio/video stream and run it through your graphics and audio adapters. There are several freeware apps that can display unencrypted Blu-Ray content, but my limited testing so far indicates that many of them work poorly at best. I am currently trying is MPC-HC, which is an evolving derivative of Microsoft's Media Player Classic. So far, it is handling movie playback well.

Blu-Ray movies purchased retail have a complex and apparently ever-changing encryption scheme used by its copy-protection scheme. Some Blu-Ray drives come with a combination decryptor/playback app, such as PowerDVD, but reviews indicate that bundled apps are unacceptable. PowerDVD, for example, isn't really a free, lifetime-licensed app; its trialware. As you might expect, software companies who rely on a bait-and-switch business model don't develop particularly reliable software. There are 3rd-party decryptor apps, mostly licenseware. The app I am currently using in trial mode is AnyDVD by SlySoft. So far, its working nicely. When the trial period expires, I'm not sure what I will do; probably will explore strictly freeware methods.






2012-08-03; Sandboxing as an Anti-Malware Tool

Though everyone is familiar with the threat of viruses and other malware infiltrating personal computers via e-mail attachments, a lot of folks aren't yet aware of the ways that malware can infect your computer through the web browser. There have been countless exploits of the Java and Javascript enhancements to plain HTML, and now there's a somewhat subtle threat called "drive by downloads". These downloads mostly happen via your web browser; various types of active content that appear to be ads, instead run a script on your computer that installs some malware. The unfortunate thing is that you can get infected simply by visiting an otherwise innocuous web page. Due to the way web advertising works, you could visit a perfectly respectable web site, be served up a variety of active web content for advertising along with the page contents, and one of those "ads" is really a hack job designed to load some malware onto your system.

Off the top of my head, I can think of 4 ways to deal with drive-by-downloads:
  1. configure your browser for maximum security, with Java and Javascript disabled and no Flash or other animation plug-ins installed;
  2. use desktop virtualization and run a sacrificial Windows virtual machine, and revert the machine to its state before your web browsing session;
  3. use sandboxing;
  4. use an alternative operating system that is immune to malware written to attack either Windows or Mac (for example, the Linux family of operating systems).

Sandboxing is a programming concept where a program is only allowed to read from and write to a "sandbox" of memory that is isolated from the rest of the system. The concept gained a lot of fame with the emergence of the Java programming language and its application towards active web content. Note that when you terminate the program that created the sandbox, all data in the sandbox is lost. That means both any malware you may have picked up, and any files or work you've created, are completely wiped. The sandbox resides in your system's RAM, and thus can also reside in your swapfile. Note that the memory management coding that manages your RAM and your swapfile will recover the memory allocated by the sandbox program, and will be overwritten eventually. If the sandbox is poorly implemented, it is possible for data to "leak" out of the sandbox and onto your hard disk; these days, such programming errors should be pretty rare.

 I've recently been playing with a particular freeware implementation called Sandboxie. Sandboxie installs and runs as a normal application on your Windows system. When Sandboxie is installed, you can run it from the Start menu. Once you have the Sandboxie app running, you can choose a program to run within the sandbox using a special Start button presented to you graphically. I've run both Internet Explorer and Firefox browsers within Sandboxie, and so far it works pretty well. Note that when you try to save a file to disk, Sandboxie will ask you if you want to "archive" the file, i.e. copy it to your physical hard disk rather than the virtual disk within the sandbox. That function works pretty well. I have not figured out yet how to save bookmarks permanently. Note that I haven't tested Sandboxie for memory leaks.

Since I am running Sandboxie on my laptop, which is old and underpowered, I have been very pleased with how little Sandboxie impacts system resources. If you have enough CPU, RAM, and disk space (typically the case on desktop systems) I would still recommend desktop virtualization for advanced users; virtualization has more flexibility. But if you are a basic user or don't have the system resources to run a full virtual machine, you might give Sandboxie a try.



2012-06-30; Resolving Malware Infestations

This subject keeps coming up, so its time for a How-To.

When your personal computer (as opposed to your computer at work) becomes infected with some type of malware, it seems that the urge is to look for the fast, cheap, easy solution. Well, there is no such thing. You essentially have 4 options; throw your computer in the dumpster and buy another one, fix it yourself, get a skilled friend to fix it, or take it to a shop. Most people do the latter, which often goes awry. Aside from the expense, multiple problems can occur when taking your computer to a shop, including (but not limited to):

It is not a trivial task to find a local shop that is honest and reliable, especially if you're not an IT type. So I'm going to outline the Do It Yourself method. If the procedure seems too much for you, you probably know someone who can handle it.

  1. Disconnect your machine from the Internet! I assume you don't want the malware to be e-mailing or otherwise sending your personal data (name, address, SSN, bank account number) to some hacker in Eastern Europe.
  2. Back up your critical personal data, if at all possible! As long as you can boot your machine, and you have a removable drive for backups, go ahead and back up your data. If your system is in really bad shape, you can consider booting from a bootable recovery CD (see below) and performing a simple backup of personal data.
  3. On a known clean computer, either at work or at a friend's, download the ISO file for a bootable recovery disc. The one I currently use is Hiren's CD (http://www.hirensbootcd.org). It is free, and contains quite a few anti-malware programs. The set of programs that are pre-installed on Hiren's seems to evolve over time, but it always has some good software on it.
  4. Burn the ISO file to a CD-R*.
  5. Put the CD-R in the CD drive of the infected machine and boot up. You might need to interrupt the boot process to change the BIOS settings so that the system will try to boot from the CD drive first and the hard drive second.
  6. Run at least one program from the following categories: anti-rootkit, anti-virus, anti-spyware. For example, run RootkitRevealer, Malwarebyte's Anti-Malware, and SuperAntiSpyware.
  7. Remove the CD and reboot.
  8. Connect to the Internet, download and install the freeware recommended in my 2012-02-27 entry on this page. 
  9. Update the malware definitions on the installed freeware.
  10. Run manual scans.
That's pretty much it. Your system should now be clean. There's no getting around the fact that you must spend a lot of time resolving this problem, one way or the other. With malware, an ounce of prevention is truly worth a pound of cure; to be precise, a minute of preventative maintenance prevents hours of recovery operations.


* Note that optical drives are slowly going away, particularly for laptops and other portables. The functional replacement is USB thumb drives; cheaper, faster, and higher capacity. Newer systems have the ability to boot from a USB thumb drive; older machines do not. And you can "burn" an ISO image to a thumb drive to make it appear to be a bootable disk. The software and procedure for doing so seems to vary between operating systems, so you'll need to perform a web search using keywords such as "Windows 7" and "make a bootable thumb drive".


2012-04-16; I caught a Phish!!!

Today I received an e-mail addressed to Chase Manhattan Bank customers, giving a warning about dormant accounts being declared fraudulent and thus closed, unless customers logged in online to keep their account active. And of course there was a handy link in the e-mail, taking victims to a fake Chase Manhattan web server to steal account numbers and passwords.

Be careful out there!!!



2012-03-11; Followup on online banking - Phishing Attacks

Now that almost everyone must do online banking, criminals have stepped up their attempts at fraud. A common attack now is that of Phishing. Typically, the criminals send you a legitimate-looking e-mail from your bank, or perhaps some government agency, "requiring" you to update your software, log in to change your password, or some other action. A handy hyperlink is given in the e-mail. And there's the problem. Hyperlinks embedded in e-mails and web pages consist of two elements; the readable text label, and the actual URL that your browser will load when you click on the hyperlink. For example, look at the following hyperlink;

BigRespectableBank.com

It certainly looks legit, doesn't it? Well, go ahead and click on it. Trust me!

See what happened? The link text indicated it went to Big Respectable Bank, but the actual URL went to that massive evil empire that watches every online move you make. If I were a cybercriminal, the hyperlink pretending to go to Big Respectable Bank would actually go to a numerical IP address belonging to my web server in some distant country with weak or no cybercrime laws. That web server would be set up to look exactly like Big Respectable Bank, but when you attempt to log in, it would simply record your account number and password, and then later try to drain some money out of your account.

A similar mechanism can be done via telephone. If your bank calls your home phone number and asks for your password, or asks you to verify personal information, hang up and call them back using the number on your bank statements.

So the moral of the story is: Never, ever, trust e-mails or phone calls from your banks, the IRS, the Federal Reserve, or any other governmental entity. When in doubt, call the 800 number listed on your bank statements (NOT any phone numbers listed in a suspicious e-mail or phone message!). Note that one of the very few phone calls you'll get from a financial institution is from their fraud departments. I received such a call last September on my home answering machine, concerning a potential fraudulent charge on one of my credit cards. I called the number on the back of the card, and it did turn out to be fraudulent. I had stayed in a motel recently, and someone who had access to those records gave them to a fraudster, who put a small charge on the card (I think it was about $5, from an upscale hotel in a city I hadn't visited in about 15 years). It surprised me how quick the fraud department worked; it was less than 4 hours between the fraudulent charge and the phone call, during which my card was cancelled and a new card issued. Sadly, it took about 2 weeks to get the new card, but at least I wasn't having to pay any fraudulent charges.


2012-03-07; Another note on backups

As USB thumb drives continue to grow in capacity and drop in price per GB of capacity, a backup method you should consider is this. USB thumb drives are currently about $8 for an 8 GB drive (at www.newegg.com). You could buy two, and use them as follows:

  1. Create a "USB-backup" folder on one of your hard drives.
  2. On a monthly basis, empty one of your thumb drives and copy that folder to it. Put the drive in a quart Ziploc baggie.
  3. Go to your bank and put the recent backup into your safe deposit box, and remove the old backup and take it home.
  4. Go to step 2.

Your computer(s) could go up in flames, your house could be washed away by a hurricane or shredded by a tornado, thieves could steal all of your electronics, doesn't matter. You have your irreplaceable data in a very secure yet easy to find location. Keep in mind that personal financial records and other sensitive data on the drive not in your safety deposit box are vulnerable, so encryption is recommended. More on that later.


2012-03-04; A quick note on backups

Here is why you should have some sort of simple backup strategy that you implement on your home computer(s). While editing some digital photos for this website, the I accidentally pressed the Save button on the photo editing application, saving a downsized version of the photo over the original high-resolution image. The photo would have been lost forever, had I not had a backup from which I restored the original disk file.

My backup system is probably more tedious than most people would use, but here it is. In the chassis of my desktop computer, I have two hard drives. I have created NTFS partitions on them such that there are two identically-sized partitions for user data, one on each drive. On a monthly basis, I wipe the backup partitions and copy the user data to them anew, then unplug the drive and store it in a different room. Then I copy the user data partitions to a USB3 removable drive. On the removable drive, I keep two backups. Thus, I have two independent backups, one of which is electrically and mechanically isolated. I am protected against power surges, lightning strikes, to some extent malware, and most importantly, user error. Heck, if my desktop system goes up in flames, as long as I grab my removable drive on the way out the door, I'll have my data.

Of course, this backup system is predicated on accepting the loss of up to one month of work. When I am really working on something hammer-and-tongs, I sometimes will copy the folder in question to another partition.


2012-03-01; Some recommended freeware

CCleaner

CCleaner is a free file deletion utility with some nice features. It can securely delete files from your hard disk (important for banking info, passwords, etc.), and offers a one-click way to delete temporary files from a wide variety of applications. Browsers are particularly prone to clogging the hard disk with unused temporary files. It also can empty the Recycle Bin, wipe unused space on a hard drive, check the Registry for unused registry keys, and several other functions.

CutePDF

CutePDF is a freeware device driver that acts like a printer driver but generates PDF files instead of printer commands. For simple applications, it produces very good quality PDF files. I use it often to create PDF versions of Microsoft Word documents.

FSL Super Finder

Super Finder is a free file search utility available for Windows 7 with what I feel is a much better user interface than Windows Search.

Mozilla Thunderbird

Thunderbird is a free e-mail client for Windows, MacOS, and Linux. I've been using Thunderbird for several years and am satisfied with it.




2012-02-29; Netbooks, Notebooks, and Ultrabooks, oh my!

The Hot Thing two years ago was netbooks. Last year, iPads and other tablets. This year, it seems to be Ultrabooks; which are very thin, lightweight conventional notebooks with long battery life. In other words, the physical characteristics of a tablet with the high-res screen and keyboard of a notebook, with CPU power approaching that of some desktops. Of course, the prices so far are pretty high, mostly over a kilobuck. That's great if you're spending the shareholders' money, but way too expensive for personal use.

A lot of people like netbooks, and you can't argue with 6+ hours of battery life, but their cramped keyboard and small screen are not for everyone. I've stumbled across an interesting compromise between a netbook and a budget notebook; the HP Pavilion dm1z. Its price point is aimed at the home user, its CPU, RAM, and disk storage are low-to-midrange for laptops, with a decent screen and keyboard, and good battery life (they claim up to 10 hours, which probably means 6 hours when you factor in an upgraded CPU and maxed-out RAM). The big fly in the ointment is the lack of a USB3 port. These days, backing up even a laptop hard disk at USB2 speeds is excruciating. The eSATA interface offered a great method for high volume data transfer on both desktops and laptops, but the market simply didn't want eSATA removable drives. Note also that the dm1z does not have an internal DVD drive. While an optical drive is headed towards obsolescence due to the much larger capacity of flash-based drives, its still a whole lot easier to watch copy-protected content such as movie DVDs directly from a real DVD drive. Since the dm1z is designed for home users, it seems likely to me that most buyers will want to watch movies on it. HP offers a external DVD drive (USB2) for $68, and an external Blu-Ray drive for $127. They can write CD-Rs and DVD-Rs, but at USB2 speeds that capability will probably not be used much. If/when HP offers this sort of design with at least one USB3 port, I think this will be a killer product. My only concern is that HP doesn't seem to be advertising it very much, so there is the chance that they will give up on the category due to poor sales.

2012-02-29; Windows 8

It looks like the release of Windows 8, the successor to Windows 7, into the wild is coming down the pike at a pretty good clip. It looks like the two marketed features are the Metro interface and native support of the ARM processor family.

Metro is supposed to provide an interface familiar to iPad and smartphone users. It presumably is designed around touchscreen input, rather than mouse input. There are persistent claims that a traditional desktop-style interface will be available and easily activated. I hope so, but this won't be the first time that user interface designers screw up big time. My preliminary exposure to the Gnome 3 GUI for Linux was pretty bad. Yes, there was a way to put a Gnome 2 "skin" over Gnome 3, but it felt like I was trying to steer a car by using two ropes tied to the steering wheel. I can't help but be cynical about Microsoft's tendency to snatch defeat from the jaws of victory. Microsoft spent a small fortune developing the Aero theme for Windows Vista, which few experienced users seem to like. That time and money would have been better spent working on the severe performance issues introduced in the jump from Windows XP to Vista. Windows 7 seems to have fixed those performance issues pretty well; and unlike Vista, Windows 7 has enjoyed excellent acceptance in both the enterprise and home markets.

While native ARM support is a Good Thing, I'm going to speculate that getting 8 to run on phones and tablets may mean that Microsoft has put a lot of effort into trimming down the superfluous use of CPU, RAM, and disk resources. If so, that will be a Great Thing.

However, given the history of Microsoft's OS releases, I recommend that readers not be early adopters of Windows 8. The shift from Windows 95 Service Release 2 to Windows 98 was kinda painful, the shift from 98 to Windows Me was disastrous, the transition from Me to Windows XP was a godsend, XP to Vista a debacle, and Vista to 7 another godsend. So its easy to project that upgrading from 7 to 8 might be painful, if not disastrous. Just like the teenagers in the haunted house, don't be in the first wave to go investigating the noise in the basement. 


2012-02-27; Malware & Security

As personal computing continues to involve more of our daily activities, IT security is everyone's concern. Identity theft, credit card fraud, and bank account theft are all real-world problems going on right now.
Two activities which involve substantial risk are online shopping and online banking. Malware which has invaded your PC days, weeks, or even months ago can simply wait for you to enter your credit card info at an online store, or for you to log on to your bank's online banking system. Those activities expose all the personal data the cybercriminals need. Keep in mind that malware can get onto your PC from many possible directions, including thumb drives, e-mail, instant messaging, website drive-by downloads, and downloaded freeware.

I take the following steps and recommend that readers do likewise;

Basic System Configuration
  1. Install a "primary" anti-virus program that will launch on startup and monitor e-mail, websites, etc.; I currently use avast! (yes, the exclamation point is part of the name). I use the freeware version.
  2. Ensure that Windows Firewall is running.
  3. Install "secondary" malware programs and configure them to not run on startup. I currently use Malwarebytes, Spybot Search and Destroy, and SUPERAntispyware. Again, I use their freeware versions. 
  4. Tighten security settings on your applications, particularly: e-mail client(s), IM apps, browsers, and Adobe Reader (disable JavaScript).


Routine Operations



return to Devon's home page