How to Unlock Extra Functions on Canon Compact Digital Cameras

Canon like most manufacturers employ product crippling on their firmware to create different product options. An enterprising software development CHDK has hacked the firmware for a range of Canon compact cameras.

The upgrade gives users access to options normally reserved for SLR level cameras. Examples include longer shutter speeds, live histogram display, saving RAW files and changing bitrate used for video clips. Scripts are also supported allowing time-lapse photography and motion detection which has been used to make lightning photography easier.

I have just had this running on my Canon SX100 IS. Normal maximum shutter speed is 15 seconds, CHDK allows me to override to 64 seconds. The live histogram display allows me to see if the exposure is OK before I take the photograph. My high quality video is normally around 15000 kbs, using CHDK I got 47000 kbs.

The upgrade sits on your SD card and is loaded each time the camera is turned on. No permanent change is made to the camera. Check out the project here :

http://chdk.wikia.com/wiki/CHDK

As mentioned in the comments below it is worth while reading all the details. The array of options available is huge and development very active.

How to split, trim and join wmv video files with AsfBinWin?

AsfBinWin is one of the best splitters/trimmers/joiners for asf/wmv/wma files. It can look confusing at first, but it only takes a couple of minutes to understand how to use it.

Why use AsfBinWin instead of a regular video editor like Windows Live Movie maker?

The export process is 100x faster (1000-3000fps vs. 30-80fps)
Lossless editing = Better quality
Easier and faster to use


When to use AsfBinWin?

1) You have a long video and you want to split it scene by scene. Example: Concert video, and you want to save each song in a separate file.

2) You want to remove some parts from a video. Example: TV recording and you want to remove the commercial breaks from it.

3) You have a long video that has been cut in smaller parts and you want to join them back together. Example: You downloaded a video in several parts (video01.wmv, video02.wmv, video03.wmv [...] video45.wmv), and you want to put them all back in one file.

Those are only some examples and you may find other uses for AsfBinWin.



1) Split a video in scenes

Click the three dots on the top right of the window and select the folder in which your video is located.

Select the video, then click the three little arrows pointing to the left to add the video to the list of input files.

Click on "Preview" to open the preview window.

Move the first marker near the beginning of the first scene, then adjust with the slider in the preview panel. Place the second marker near the end of the scene, then adjust.

Click "+ Insert" to add the scene to the output batch list.

Repeat those steps for each scene.

When you are done, check the "Save each segment to a separate file" option, choose the Destination folder, rename the output file, then click "Cut/Copy/Join".

Each scene will be saved to a separate file.

2) Remove unwanted content from a video

Choose your folder, select the video and add it to the list of input files.

Select a portion of the video to remove, then click "+ Insert", and repeat for each selection you want to remove.

When you're done, click "Invert Ranges", then make sure "Save each segment to a separate file" is unchecked.

Choose the Destination folder, output filename, then click "Cut/Copy/Join"



3) Join videos

Remember this will only work if the videos have the same bitrate/resolution/codec... Usually, you should only join videos from a same batch.

Choose your folder, select all the video files you want to join, and add them to the list. You have to add them in the correct order. If the videos are correctly numbered, this shouldn't be a problem.

Place the markers at the beginning and end of the video, then click "+ Insert".

Choose your destination folder and output name, then click "Cut / Copy / Join".

Additional tips:

- If you get a problem with the output, click "Advanced settings", uncheck "Enable precise cutting", and restart the export process.

- Do not forget to empty the list if you process several projects one after the other.

- wmv is a kind of asf file. You can change the output extension from .asf to .wmv if you prefer.

How to Customize the Windows 7 Notification Area (System Tray)

If you have been annoyed by the clutter of icons that always seems to be in the Windows notification area (system tray), there is relief in Windows 7. Microsoft added a way to remove some system icons or to hide icons that are not in regular use. If you’d like to tidy up your notification area, here is the procedure:

In the notification area of the taskbar, find the small upward-pointing triangle and click it. Alternatively use this two-step keyboard shortcut: Windows key+B, Enter

A small window (shown on the right) will open. Click “Customize”.

A dialog box with a list of notification area entries will open. An example is shown in the figure below.

Each entry has a drop-down menu on its right where you can select from three choices:  “Show icon and notifications” or “Hide icon and notifications” or “Only show notifications”.

After making your selections, click “OK”.

For those who don’t mind a little typing, there is an alternate route that leads directly to step 3 above. Type “notification” (without quotes) in the Start search bar and click “Notification area icons” in the list that appears. This will open the dialog box below and you can proceed to step 4 above.

If you want to be entirely rid of some of the system icons, click “Turn system icons on or off” in the dialog box. The new dialog shown below will open. Make your selection of “on” or “off” and click “OK”.

If you make changes and then wish you hadn’t, you can click “Restore default icon behaviors” and then click “OK”.

How to Remove Old Windows 7 Notification Area  Icons

Are you having trouble removing a program icon from the notification area of the taskbar even after the program has been uninstalled? Old program icons can be deleted by editing the Windows Registry or with software.

If you are familiar with editing the Registry (see this article), here is the procedure for clearing the tray icon cache where the program icons are stored:

Back up the Registry before you do anything else

Open the Registry Editor

Navigate to this Registry key: HKCU \Software \Classes \LocalSettings \Software \Microsoft \Windows \CurrentVersion \TrayNotify

In the right side pane of Regedit, delete the value IconStreams

Also in the right side pane, delete the  value PastIconsStream

Log off and back on for the Registry edit to take effect. Alternatively stop and restart Explorer.exe if you are familiar with that process.

If you are not used to Registry editing, there are software possibilities. CCleaner has a function to clean the tray icon cache. It is labeled Tray Notification Cache and is in the Windows advanced section. You may have to run CCleaner as administrator.

Two New Ways to Boot into Safe Mode in Windows 8

Sometimes, things just don’t work right and you need to boot into Safe Mode, where only a minimum of drivers and Windows components are loaded. A previous tip explained how to boot into safe mode for Windows XP/Vista/7 but Windows 8 has two new procedures. Here they are:

1. Use the Troubleshooting and Repair Feature to Boot into Safe Mode

You can access the boot menu with an option to open in Safe Mode this way:

Open the troubleshooting and repair feature that is described in this previous tip.  You can also see screenshots there of the  windows referred to below.

In the window titled “Choose an Option”, click “Troubleshoot”

Next click “Advanced Options”

In the Advanced Options window, click “Startup Settings”

In the “Startup Settings” window that opens, click the button “Restart”

The boot menu shown in the figure below will open.

Use the down arrow key to highlight “Safe Mode” and press the Enter key.

Windows will open in Safe Mode.

2. Bring Back the F8 Way to Boot into Safe Mode in Windows 8

If you try to use the old keyboard method of pressing F8 to boot into safe mode in Windows 8, you will find that it doesn’t work. Windows 8 has a new boot process designed for the BIOS replacement called UEFI.

 However, most current PCs are still using the old BIOS and if you want to restore the familiar way of booting to a black-and-white options menu that includes safe mode, you need to change a system setting.

The procedure is straightforward and is done by opening the command prompt with elevated privileges and then entering a single command.

Use the keyboard shortcut Winkey+X to open the Quick Access menu (shown in this previous tip)

In the Quick Access menu, select “Command Prompt (Admin)”

Say “Yes” to the UAC challenge

A command window will open

Enter this command:  bcdedit /set {default} bootmenupolicy legacy

Note that there are curly brackets around the parameter “default”, not the usual parentheses.

A message will appear “The operation completed successfully”. Now the method using the F8 key is supposed to work again.The figure below illustrates the command and the completion message.  To undo the change, enter the command:

        bcdedit /set {default} bootmenupolicy standard

As is true for other versions of Windows, getting into Safe Mode with the F8 key can be tricky. You have to hit the key at just the right time. Try tapping the F8 key as soon as you see the blue Windows flag appear on the screen. Some recommend holding the key down. I include this procedure because you see it a lot on the web but, personally, I have pretty mixed results trying to get into Safe Mode with the F8 key. If you know a way to do it reliably, let us know in the comments.

How to Reduce Spam

As spam recipients go, I'm a class act. I get hundreds every day and on some days, more than 1,000. Yet in my mail box I hardly see any. Here's how I do it.

First, a little history. I used to use a Bayesian spam filter running on my PC. The product I used was an Outlook add-in called JunkOut. Like most Bayesian filters it took a while to train but once trained it worked just fine. The spam detection rate was around 98% and the number of false positives (good mail wrongly classified as spam) was vanishingly small.

But there was a problem. As my spam mail volume grew, the time taken by the spam filter to process my mail was growing to the point of being unacceptable. Some days it was taking 10 minutes or more to process my mail.

I needed a different solution. I tried rule-based spam filters that used less processing than Bayesian filters. I tried setting up my own mail server on a dedicated PC. I tried various commercial spam filtering services and other options as well. None of these gave me what I was looking for. But then I tried Google's GMail and bingo! I found what I had been looking for.

Unlike some other webmail services, Gmail provides spam filtering for free. That's no big deal; Yahoo!, Hotmail and others do that as well. What's different about Gmail is that it also provides free POP3 mail access.

Most of my spam mail is sent to the address editor@techsupportalert.com. That's no surprise; that address appears in every issue of this newsletter and on my website as well.

What I do is to forward all mail from that address to my Gmail account where it is spam filtered automatically.

The GMail spam filter detection rate is good, around 95%, so around 950 of the 1000 spam messages I receive daily never get to my Google Inbox.

I then use POP3 access to download the contents of my Google Inbox to Outlook. The incoming mail is then filtered using the excellent network-based Cloudmark spam filter that is installed on my PC.

Cloudmark's detection rate is around 92%. So of the 50 or so spam emails in my Google Inbox each day, fewer than five make it through to my Outlook Inbox.

Now here's the crunch. Both the Google GMail spam filter and the Cloudmark spam filter have the same characteristic; they virtually never classify my real mail as spam. That means I don't need to regularly check my spam folders to see if they contain genuine correspondence. That's a real plus with large spam folders.

The spam detection rates for GMail and Cloudmark are good, though a long way from the best in their class. But that doesn't matter. By chaining the two systems together I increase my aggregate spam detection rate to 99% plus and that rate IS right up there with the best.

So the end result is that of 1,000 spam emails per day I see fewer than five. At the same time my real mail is virtually never sent to a spam folder. Problem solved.
Users may not have the facility to redirect mail from their normal mail account to a GMail account. Some mail services provide this feature, others don't; you'll have to check your service to find out.

Even if your account doesn't allow mail forwarding you can do it yourself using a free utility called ERC. This runs on your PC and can be scheduled to automatically log into your mail account and forward the mail to another account. In fact, it can forward mail from up to three different accounts.

A better solution in the long run, though, may be to shift your permanent email address to Gmail.

I use Cloudmark for my secondary spam filter but a good Bayesian filter would perform well in the role provided you have the patience to train it. SpamBayes and K9 are good examples and both are free. The Thunderbird mail client of course has its own built in Bayesian spam filter so there is no need for another.

Whatever product you chose, I do suggest you try this combination of remote and local spam filtering. It could be just what you have been looking for.

How To Avoid Spam

Spam is difficult to get rid of once you're on the spammers lists. However, it is relatively easy to avoid in the first place. Below I have explained some simple strategies that, if followed correctly, will render you all but immune to the ravages of spam.



Index

1.  Be Very Careful With Your Email Address

2. Use a Secondary Email Address

3. What To Do With Received Spam

    A) Don't Buy Anything From Spam Advertised Sites

   B) How To Protect Yourself From Received Spam

   C) How To Report Spam

4. Educate Others About How To Avoid Spam



1. Be Very Careful With Your Email Address

First, I think it's important to recognize the tactics spammers use to harvest your email address. If you know how they're going to attack, then you should be able to avoid falling prey. One thing to remember is that spammers have programs that constantly search forums, and other publically available sites, for email addresses that people have posted. Thus it's a good idea to never post your email address anywhere it can be viewed by the general public.

Also, if you decide to set a vacation autoresponder, or an autoresponder of any kind, make sure that you set it to only respond to people who are already in your contacts list. Most major email services provide this option. Also, if your email provider does not provide this option I would strongly advise that you do not autorespond to emails. If you reply to a spam then the spammers know that your email address is active and they will send you even more spam.

Also, it's a good idea to refrain from signing up for any offers that require an email address, unless you trust the website. If you're not confident then you should investigate the site using the methods discussed in How to Tell If A Website Is Dangerous. Also, to automatically provide some sort of protection against these sorts of sites, please read my article about How to Harden Your Browser Against Malware and Privacy Concerns. There are some very useful extensions mentioned in that article.

There are also websites which will intentionally try to impersonate a safe site in order to trick you into giving them information. This information can include passwords, your email address, credit card information, or many other types of sensitive information. These are known as phishing sites. In order to better recognize phishing scams, and thus avoid them, please see the examples on this page.



2. Use a Secondary Email Address

Sometimes you will find yourself in a position where you have to break some of these rules. For those times it's a good idea to have two separate email addresses. Use one only for communicating with friends and people you trust. The other should be reserved for interacting with sites you don't have complete confidence in. The benefit of this is that only your secondary email should get any spam. If the spam becomes unreasonable you can just delete the account and start another.

Of course instead of maintaining a second email address another option is to use disposable email addresses. For ideas for some helpful services which allow you to create disposable email addresses please see the article on this page.

3. What To Do With Received Spam

The sad truth is that even if you open a fresh email address, and follow all the advice provided above, you may still receive some spam periodically. One of the things spammers do is send spam out to a very large number of email addresses which they think may exist. Thus, if this is where the spam in your inbox came from, the spammers may not even know your email address is even active. Below I have explained what steps to follow to both make sure the spam problem does not get worse and to help solve the problem once and for all. Note that these steps are also helpful if you are receiving a large quantity of spam.

A) Don't Buy Anything From Spam Advertised Sites

Although this should be obvious I will quickly mention it. Please do your part to stop spam by refraining from purchasing anything from a site that you were directed to via spam. For one thing, you have no reason to trust the company with your credit card information, or really with any information at all. Also, giving your money to companies that advertise in this way only continues to make it profitable for people to send spam. You will be hurting not just yourself, but everyone else as well. Please don't fund spam.


B) How To Protect Yourself From Received Spam

One of the most potent defenses against spam is your own common sense. Never respond to an email unless you know, and trust, the sender. This includes unsubscribing from emails. If you don't remember doing business with the company then I'd advise against trying to unsubscribe from the email. If you try to unsubscribe from something that turns out to be spam, they will know your email is active. In the same line of reasoning you should never click on any links, or pictures, in spam. Many of these will have code in them that alerts the spammers that the email has been opened. Even clicking on the website URL could have this effect.

Following this same line of reasoning you also want to make sure that your webmail client is not configured to load external images automatically. Luckily, most webmail clients do have this disabled by default. Also make sure that you do not click to load external images yourself. Loading these images may have exactly the same effect as actually clicking on a link, or a picture. It may alert the spammers that the email has arrived and has been opened. Then they will know that your email address is active and will add you to their lists of people to spam. After this happens the amount of spam you receive will likely increase drastically.

To make sure that your email account is properly configured please go to this page, fill in your email address, and have it send you a test email. Trust me, the site is safe. After it says the email was sent you should open your email account however you normally would. Then open the test email that was sent. However, don't select the option to show images, send return receipt, or any prompts you may receive. Just click on the link in the email that says to view the results page. If everything is configured correctly for your email all of the results boxes should still be grey. If some are red then your email account is not yet configured properly. Note that this test should take less than 20 seconds to complete after you open the email. However, it will continue updating as if it is still running tests. It is not and you can safely close the site after ensuring that everything is configured correctly.

 It's also possible that the spam could contain malware. To protect yourself from this please read my article about How to Stay Safe While Online. This article will help you to protect your computer from all types of malware.

C) How To Report Spam

In general, the best course of action it to report the spam and delete it without opening it. I have explained how to report spam, so that it will have the greatest effect, in my article about How to Report Spam. However, if you aren't absolutely certain that an email is spam you may need to open it to make sure. If that is the case then make sure all of the above advice has been followed before you open any suspect emails.

4. Educate Others About How To Avoid Spam

In addition to helping others avoid spam, which is an admirable goal by itself, educating those you are close to will also help you. Essentially, these people also have access to your email address and thus, regardless of how careful you are about providing it to sites, they can inadvertently give your email address to spammers accidently. One very important thing that those with access to your email address need to know is that if you are going to forward a particular email to a lot of people you should forward it by using BCC. This way everyone else's email addresses are masked. If you forward it to everyone normally, and that email eventually makes it into the hands of spammers, then you have essentially just signed up everyone for spam. Thus educating people about the importance of BCC is very important.

Yet another way others could accidently expose your email address to spam is as innocently as a loving relative who really wants to surprise you by signing you up for that 'free' laptop that a site is giving away. This sort of action, as I hope most of you are already aware, will likely lead to that email address getting spam. Thus for everyone's sake it's really necessary that in addition to making sure you know how to avoid spam, you also help others to know how to stay safe as well.

How & Why to switch from Yahoo! Mail to GMail

It's a hard fact that All new Yahoo! mail sucks. This may be just personal but Yahoo gave me tough times with server errors on numerous occasions. For me GMail edges out Yahoo! Mail because of its speed and spam blocking. Yahoo! has too much spam, including IM span. Also POP access and disposable addresses require paid account. I'm afraid a day might come in the future when Yahoo won't allow access to your account even if you enter the correct ID and password. Once my Yahoo mail got hacked, I had enough with it. I was about to delete my account but suddenly I noticed that there were many important e-mails in my inbox! Now what?! Before I go into what to do next, let's see why GMail wins against Yahoo Mail.

Why to switch from Yahoo! Mail to GMail?

Faster access to mails and general speed in sending & receiving mails. Powerful search function for e-mail similar to Google. Filtering out e-mails with .exe attachments possible.

Better spam blocking and less spam. Yahoo has too much spam including IM spam. Yahoo! also sucks to differentiate b/w legitimate and spam mails.

Automatic forwarding for GMail.

Supported E-mail client access for GMail:POP3, IMAP, SSL/TLS supported, SMTP restricted. Yahoo supports only POP3 that too for certain regions. (This feature is to be noted as it's useful in the article)

Gmail localization for 52 languages, Yahoo 27 languages

GMail has text ads only in viewing mail box, not in messages. Yahoo has ads in interface and mails.

Domain name customization possible in GMail using Google Apps

Custom From address can be set up in GMail

Address modifiers available in GMail (userid followed by + followed by tag)
IE, Firefox, Chrome, Opera only compatible with new version of Yahoo Mail.
Account expiration on inactivity 9 months in Gmail that too at Google's discretion vs 4 months for Yahoo Mail.

Other special features in GMail: Messages grouped into conversations, Basic HTML view gives faster access for slower net connections, Labels are used in GMail instead of folders in Yahoo.

So here I am, to share with all of you on how to import all your contacts and mails from Yahoo to Gmail at one go. There are many articles around the internet that may describe on how to do this, but most of them don't yield the desired results. So I did some mix 'n math and got it to work perfectly. 

First thing is that, you need to have POP3 access and multiple mail forwarding with Yahoo. This feature is limited to Yahoo Plus users but a tiny workaround can save your day without spending even a single buck. Also you don't need to download and install YPOPs! application for the same.

How to switch from Yahoo! mail to GMail?

Sign into your Yahoo account.

If you are using Yahoo Mail Classic switch to All new Yahoo mail. Click Options to the right of your mail box page and select All new Yahoo mail.

If you check Options(at top)->Mail Options->Forwarding, you can see that this feature is only available in Yahoo Mail Plus and you have to upgrade for $20. Oh come on, don't be sad. Read the rest.

Now go to your Yahoo inbox and select the display name on top left. It's your name written as Hi, "your name". Go to Account Info that appears in the subsequent drop down box under your display name. You may have to sign-in again to verify. 

In the Account Info page, scroll down and click on 'Set language, site, and time zone' under Account settings and set your Regional Site and language to Yahoo!United Kingdom and time zone as GMT UK. Now, save your settings.

Sign out of your account, close all browser windows and then sign back in. Click on "I accept the Terms and Service" pop up if it appears. If not, don't bother. 

Next go back to your main mail box page select Options from the top, go to Mail Options and select Forwarding from the left side bar. Surprise! You don't see the Upgrade to get this feature anymore! 

Click Access Yahoo! Mail via POP and select any of the options to download spam or not. That's all that you have to do in Yahoo.

Next log-in to your GMail account. If you are using Basic HTML version of GMail click on 'Switch to Standard View' at the top. 

Go to Options, which is the gear icon on top right and select Mail settings. In the Settings page click Accounts and Import tab. Now click on Import mail and contacts or Import from another address if you have already specified an account to import from, before.

In the wizard that appears type in your username, click continue and enter your password, click continue again. Select your import options and click Start Import. It may take a few hours or sometimes upto 2 days to start seeing your imported messages. Click Ok. 

You're done, within a few minutes or hours check your inbox or spam in GMail to see your mail and contacts that you've imported from Yahoo. If you wish to stop importing new messages click on Stop in the import mail and contacts page at GMail.

You may switch back your locale in Yahoo to your current locale, but I'm not sure whether your mails will be imported anymore. This option left to users.


Hints: In step 5 you may try other regional sites and time zone's to see if it works for you as an alternate step. 

What Everybody Should Know About the Windows Registry

I suspect that most PC users probably consider the subject of the Windows Registry to be something to avoid. Over the years a mystique has grown up around the Registry, making it sometimes sound like a set of cabalistic rites known only to the high priests of Microsoft. This article will try to shed a little light on the Registry and outline some basic facts that I believe all PC users will find worthwhile knowing. A second article on the Registry editor is for more advanced users who may wish to do some of the many useful Registry tweaks .

Why should the average PC user know anything about the Registry?

The Registry is so essential to the functioning of a Windows PC that anyone who uses a PC regularly should at least have a general idea of what the Registry does. Just a little knowledge will remove some of the fear and loathing from the subject. Everyone should also know how to back it up and restore it. A little learning here can save big headaches with computer problems. The backup and restore process is neither difficult nor lengthy and is easily mastered by the greenest of computer newcomers.

What is the Registry?

The Windows Registry is a central database containing all the varied assortment of information needed for the computer to run both the hardware and the software. The Registry is in constant use and almost anything that you do on a Windows PC will access the Registry for information. The information is divided among a number of hidden system binary files. Only highly expert professionals will ever need to access these files directly. If desired, viewing the contents of some parts of the Registry is done with the Registry Editor accessory (Regedit), which combines certain components and displays them in a readable unified text form.

Isn't it dangerous to do anything with the Registry?

Because it is involved in everything, damage to the Registry can stop a PC from functioning. For that reason Microsoft has gone out of its way to make the Registry mysterious and fearsome sounding. It is reasonable that Microsoft does not want to have to deal with service calls from ignorant people who have tried to edit the Registry but I think the constant warnings about the Registry that you see everywhere on the Internet are overdone. They are a form of CYA arising in part from our overly litigious society. Yes, you can create a lot of problems if you mess up the Registry but you can also cause problems if you go around deleting things from the Windows or Program folders. You can do stupid things with almost anything. And yes, mistakes do occur. I once misplaced a comma while editing a Windows 95 Registry and found that my computer wouldn't boot. But I had a backup and it took only a minute or two to fix the problem. Actually, the Registry has become increasingly robust with each version of Windows. It is very much harder to make the system unbootable than in the days of Windows 95.

Why does Windows need a Registry? Other operating systems don't have one

All operating systems need a way to store information about the system. There is more than one way to do this and Apple and Linux use a different method. Originally, Windows kept information in a large number of separate INI files scattered throughout the system. Then, beginning with Windows 95, Microsoft decided to centralize the information. It is true that there are a number of computer scientists who think the Registry is not the optimal way to store system information but the Registry method also has its proponents.

How to back up and restore the Registry

If there is one thing about the Registry that everyone should know, it is how to back it up, Every time you make system change- installing software, attaching new hardware or whatever- a backup should be made of the Registry. Fortunately, this is not difficult.

Backing up is often already done for you by System Restore.  Depending on how often you turn your computer off, the default setting is for System Restore to back up certain system components, including the Registry, approximately every 24 hours. However, you can also manually create a restore point whenever you wish and it's a good idea to do so whenever you make a system change. Some quick ways to make System Restore points are at this link. Those who make frequent changes to their system may wish to create a shortcut to System Restore or download one of the little scripts mentioned in the preceding reference. Put the script file on the desktop and making a restore point is just a double-click away.

One drawback to System Restore is that it doesn't provide a convenient way to back up just the Registry or parts of the Registry. Another is that the restore points cannot be placed on an external drive. A possible solution is the free program Erunt, which is included in the Best Free Security Software list.  Another method is to use the export function of Regedit, which I discuss in another article.

Cleaning the Registry

There are many programs that claim to do wonderful things by "cleaning" the Registry. That is, they prune out dead or corrupted entries. Some are better than others. However, some are actually dangerous and none that I have seen actually has any statistical evidence to back its claims. Registry cleaning can be dangerous without taking proper care. Many average PC users do not have the background knowledge to use a Registry cleaner safely. It is very easy to "clean" some Registry entry that should not be removed. I see too many posts on the Internet about Registry cleaning gone awry. Even highly rated programs that I have tried have offered to clean something that I knew should not be touched.

Back in the days of Windows 95, I was an advocate of regular housekeeping for the Registry. My own experience and anecdotal evidence indicated better performance when the Registry was occasionally cleaned.  However, the Registry in Windows XP and later is far more robust and much less prone to corruption. Those who install and uninstall a lot of software and/or those who tweak the Registry a lot may find it worthwhile to do regular Registry maintenance. For ordinary PC users, I feel that the Registry needs this type of maintenance very rarely. Windows Vista and Windows 7 Registries are even less susceptible to corruption than XP with added protective measures such as Registry virtualization. I almost never use Registry cleaners and then only on heavily used old XP systems with problems. For more about Registry cleaners see this reference.

Personally, I believe that a good uninstaller program is a better way to keep the Registry clean. The major source of unnecessary Registry entries is poorly uninstalled programs. Many programs leave behind a great deal of junk in the Registry when uninstalled. See the list of free uninstaller programs and use one of them.

Conclusion

In summary, the Registry is just a database, albeit an unusual and very important database. It’s no more mysterious than much else in Windows (and less than some things). Always back it up before any system changes and you will be prepared if it stops doing its job.

How to Stay Safe While Online

With the amount of malware currently prowling the internet it's very important to fully protect your computer from online dangers. This is important for everyone, not just the overly security conscious. Below I've compiled advice for both novice users and more advanced users. Trust me, there's something for everyone.



Index

1. Ensure Your Computer Is Not Infected

2. Basic Approaches To Staying Safe

    A) Back Up Important Files

   B) Keep Your Software Up To Date

   C) Make Sure Websites, Accounts, And Downloads Are Safe

3. Prevent Future Infections By Using Internet Security Software

    A) Pros And Cons Of Using An Antivirus

    B) Pros And Cons Of Using A Secure DNS Server

    C) Pros And Cons Of Using A Firewall With A HIPS

    D) Pros And Cons Of Sandboxing

    E) My Advice On What To Use

4. Browser Based Protection

5. Protect Your Online Privacy



1. Ensure Your Computer Is Not Infected

The first thing you should do when securing your system is to ensure that your computer is not already infected with malware. To do this please follow my article about How to Know If Your Computer Is Infected. Please make sure any infections you may have are cleaned before continuing to follow the remainder of this article.

2. Basic Approaches To Staying Safe



A) Back Up Important Files

An important aspect of protecting your computer is making sure that if anything bad does happen, your important information will still be safe. Note that I am referring to problems which can arise from both malware related issues, which this article can help protect you against, and many other types of issues, which often cannot be prevented. I find that it's best to go about this task with the realization that it's always possible that the next time you turn on your computer all of the files on it could be lost. This happened to me once when my hard-drive died. Thus, it's very important to regularly back up all of your data. One of the best ways to do this is to use a free backup program, such as Dropbox, to back up your important files. Dropbox will give you 2GB of space to backup your most critical information.

However, if you need more space to entirely backup your critical files you can also put the data on an external hard-drive, although these of course are not free. That said, another advantage to having a backup drive is that if it has enough room you can even make a clone image of everything on your computer, including the operating system. This way, if anything bad does happen, you can just reload the last backup you made. One of the best imaging programs is called Macrium Reflect Free. For more information you can read this article about the Best Free Drive Imaging Program.


B) Keep Your Software Up To Date

One of the most important things to do in order to keep your computer safe from malware, aside from making sure that your computer is protected with a password, is to make sure that Windows Update is set to automatically update. You may find other sites recommending otherwise, and updating it manually is fine for some people, but for the most part I believe that it's best to have it install the updates as quickly as possible. This will help protect you from exploits used by some of the newest malware.

In addition, I would recommend that you keep all programs on your computer up-to-date. If an update is offered for any program I would strongly suggest that you take the time to update it immediately. All programs periodically update in order to fix security holes, which could otherwise be used by malware to infect your computer. Thus, keeping all of the software on your computer up to date is a very important part of staying safe online. A good program, which can help to make sure that all programs are up to date, is called Secunia PSI. It can be downloaded from this page and is free. It will scan the programs on your computer and identify which are not up to date. It will then attempt to automatically update them for you, thus saving you time.

 Also, if you have Java installed on your computer, which most people do, you may want to consider removing it. Java is constantly being exploited by malware. Also, for most people having Java installed on their computer is not even necessary. Although there are still sites, and programs, which do require Java in order to run, they are becoming less and less common. Thus, my recommendation would be to uninstall Java and only install it if you find that it is in fact required for you.

C) Make Sure Websites, Accounts, And Downloads Are Safe

These days it can be difficult to tell whether many websites are safe or not. If you're not confident that a site is safe you should investigate it using the methods I discuss in How to Tell If A Website Is Dangerous. Also, in addition to making sure that sites are safe, you should also make sure that anything you download from a site is not dangerous. Even downloads from legitimate sites may sometimes turn out to be dangerous.

Also, even if the site is trustworthy, there is something else to consider if the site asks you to create an account. These days many legitimate sites are being hacked and users' passwords are stolen. This would not be too large a problem if that meant that the passwords could only be used on that site, but the problem is much larger than that. Many users tend to use the same password on multiple sites. This means that if criminals gain access to your password for just one site, they may also have it for many others. Thus, my advice is to not only choose a strong password for each account, but to make sure that you use different passwords for different sites. For good advice on how to do this please read this article about How to Keep Your Passwords Safe. Also, spam is currently a very large problem for many internet users. Because of this I have written an article about How to Avoid Spam. Please read this article in order to learn what behaviors will best allow you to avoid this problem.



3. Prevent Future Infections By Using Internet Security Software



There are many different approaches to protecting a computer. Below I have reviewed the main approaches which are constantly being advocated today. I conclude this section with my advice about what approaches I would advise most users to follow in order to protect their computer.



A) Pros And Cons Of Using An Antivirus

I do believe that having an up to date antivirus program running on your computer is an important component to nearly any protection regime. One of the greatest attributes of a good antivirus program is that it will automatically remove any files that it knows to be bad. Thus, the user can essentially install an antivirus and then almost forget that it is there. For the most part it will do its part protecting the user without requiring any interaction. It's very easy to use. However, make sure that you only have one antivirus program for protection. Running more than one can cause problems for your system.

 However, there are also downsides to the approach taken by antivirus programs. It really boils down to this. An antivirus cannot detect all malware. In fact, antiviruses are really quite bad at detecting new malware. Those detection statistics you see in many tests, in which antiviruses achieve detection rates such as 99%, do not apply to new pieces of malware. For real life situations these statistics would be more like 60-70%. Also, the better malware writers will test their new creations before releasing them to make sure that initially their malware won't be detected.

There is a lot more to the story, but the truth is that even if an antivirus program uses ordinary signatures, generic signatures, heuristics, cloud-based detection, and behavioral analysis it still will not be able to provide true protection from new malware. Any detection based approach to protecting your computer can be likened to playing Russian Roulette. One day you're probably going to get unlucky and wind up with your system infected. Because of this it has become apparent that additional methods are required in order to fully protect your computer. That said, an antivirus is a very good compliment to any of the other approaches reviewed in this section.

B) Pros And Cons Of Using A Secure DNS Server

The benefits of a Secure DNS Server, or at least one that will also filter known dangerous sites, are similar to those of an antivirus. It will protect your computer from any sites which are flagged as dangerous by the company operating the service. Thus, many threats will be stopped before they can even reach your computer. In addition it will also protect you from what are known as DNS Cache Poisoning attacks. These DNS servers are also relatively easy to setup and require no software. In addition, the speed you achieve by using these should be the same, or perhaps even faster, than you achieve without using one at all.



Of course, the downside to using a service like this is similar to that of an antivirus. It cannot possibly block all dangerous sites. The vast majority will likely bypass it. That said, just as with an antivirus, if you rely on this only as part of your protection regiment it is a very good addition. I find that it complements the other methods very well.



C) Pros And Cons Of Using A Firewall With A HIPS

Using a firewall with a Host Intrusion Prevention System (HIPS) can protect your computer from nearly all types of threats. It operates by preventing unknown programs from altering any part of your system. It automatically blocks any files which are not verified as safe by the security vendor. Therefore, malware is automatically prevented from doing any damage. In this way HIPS is superior to detection-based software, such as traditional antivirus applications, as it will stop any type of malware. Once the file is blocked the HIPS program will ask you if you want to give the blocked file access to your computer. Thus, control over what unknown programs are allowed to do is entirely in your hands. For a full explanation of what a HIPS is please read the explanation on this page.

Of course, the obvious downside to this approach is that just as there are many millions of malicious programs, there are also millions of safe ones. Because HIPS vendors cannot instantly analyze every possible legitimate program it's quite likely that you will receive questions about some safe programs, as well as for the dangerous ones. Of course, HIPS vendors are also acutely aware of this problem. In response many companies have developed extensive whitelists. These are databases of known safe programs. If a program is known to be safe, or is produced by a trusted vendor, you won't have to answer any questions about it and the program will be allowed complete access to your computer. Thus, for some HIPS applications, the number of alerts you get for everyday programs is so small that it is almost unnoticeable.



That said, for many people this type of protection, powerful though it may be, is too intrusive. With programs such as these there will always be at least a few popups which the user will be required to answer. In my opinion this is a very good trade-off for the very high level of protection you achieve, but for others it is not worth it. If you are looking for an install and forget kind of program a HIPS is not that. Therefore you should consider other alternatives. However, do realize that besides using a HIPS or sandboxing, which will be discussed in the next part, no other approach will be able to offer you anything approaching complete protection.



D) Pros And Cons Of Sandboxing

Using a sandboxing program can also protect your computer from nearly all types of threats. The types of sandboxing software I believe are most suitable for the majority of users are the ones which only sandbox individual applications. With these, anything run in the sandbox does not affect the real system. Thus, if something turns out to be malicious you can just delete everything in the sandbox. Thus the malware, or whatever was causing the problem, can be easily removed without it ever even touching your actual system.



However, this approach has drawbacks as well. While it is true that all applications in it are isolated from the system, it does give you the option to recover files to your real computer. This will sometimes be necessary, as most users will want to save what they are doing for future use. Thus, it's possible for malware to trick you into infecting your actual computer, even if you are using this type of sandboxing technology. In addition, for many users it may become a hassle that whatever you are working on in the sandbox will not be automatically saved for future use. I believe that many users will find this type of approach to be disagreeable.

 I don't mean to imply that sandboxing technology is not useful. It is one of the most potent forms of protection currently available. However, I would argue that, at least for most implementations of it, it is really more designed for advanced users. That said, there are a few approaches to using sandboxing which I believe may be suitable for novice users.

 E) My Advice On What To Use

Regardless of what other approaches you take to protecting your computer, I would suggest that you use a Secure DNS Server with malware blocking capabilities. The one I would most highly advise using is Norton DNS. Using this will not slow down your connection. In fact, you may even notice an increase in speed. Norton DNS blocks sites which it knows to be dangerous.

I. Use A Single Program Which Incorporates All Of The Above Technologies

My top recommendation would be to protect your computer by using all of these technologies at the same time. There is a program called Comodo Internet Security, which has combined all of these together into a single package. If you choose to use it you should download the free version from this page. This program includes an antivirus, a HIPS, an automatic sandbox, a firewall, and Comodo DNS Servers (which you can opt out of during installation if you would prefer to use Norton DNS, as advised above). Also, in my opinion this program is quite easy to use, and it keeps getting more user-friendly with each new release. The way this program works is that all files which are known to be safe will be allowed access to your real system and files known to be dangerous will be removed. However, unknown files will be automatically sandboxed and, if they require more permissions than are allowed by the sandbox, the HIPS component will ask you if you trust them enough to allow them access to your computer.



Also, much of the difficulty of using a HIPS, or a sandbox, is mitigated by the very extensive whitelist which Comodo has developed. I find it to be quite easy to use and would strongly recommend it to all levels of users. That said, there will be a few popups which will initially have to be answered, but I believe that these are relatively easy to understand and are few in number. If you like the approach this software takes, but would prefer to use a separate antivirus program, you can instead install Comodo Firewall. You can download the free version from this page. It comes with a HIPS, an automatic sandbox, a firewall, and Comodo DNS Servers. You can then install a separate antivirus program alongside it. A good list of free antivirus programs can be found in this article about the Best Free Antivirus Software. Do note that if you do choose to install Comodo Internet Security, or Comodo Firewall, you should read my guide about How to Install Comodo Firewall. This will explain how to configure it for maximum security.



After installing this program it's very easy to use. For example, you can open up your browser on your actual computer. You don't need to worry about sandboxing anything. Everything will be done automatically. What will happen is that any files you download, bookmarks saved, changes made, etc... will all be saved to your real computer. However, any files will be checked by Comodo before they are allowed to be run. If they are already known to be safe they will be allowed full access to your computer. Thus everything will work fine and you don't need to do anything. If they are known to be bad they will be removed.



However, if they are unknown they will be sandboxed. It's also important to realize that initially much malware will fall into this unknown category. That means that with this approach your computer is protected from anything these files may do, although they may still be able to run in the sandbox. Very little interaction is needed on your part for these files, and of course the number of unknown safe files that ordinary users will run into is very small. Thus, I believe that Comodo Internet Security, or Comodo Firewall, is the most user friendly, and arguably the strongest, approach to truly protecting your computer currently available. There are more user friendly approaches, but these rely on detection technology, thus not providing what I consider to be an adequate level of protection. I would strongly recommend that you try this software and see if it is suitable for you.



II. Or Just Use An Antivirus And HIPS

If you would prefer not to use Comodo Internet Security, or Comodo Firewall, then my first suggestion would be for you to install a different firewall with a HIPS component. A list of other good free firewalls, with strong HIPS protection, can be found in this section of the review of the Best Free Firewalls. I would consider the other programs in that section to be more difficult to use than Comodo Firewall, but if you find that Comodo Firewall is not a good fit for you these programs are certainly viable alternatives. However, just as I advised above, I would strongly suggest that you run an antivirus alongside it. This way, if a file is already known to be bad you will be protected from the possibility of accidently allowing it.

III. Or Just Use An Antivirus And Sandboxing

One of the most effective ways to use this program is to run your browser, or other potential threat vectors, inside of the sandbox. That way anything that enters your computer through them will automatically be isolated from the rest of the system. However, be aware that whenever something is downloaded you will be given the option to recover it to your real system. I would recommend that you only do that if you really trust the file. In order to make sure files are not dangerous please follow the advice I given in my article about How to Tell if a File is Malicious. However, please note that you will have to navigate to the Sandboxie folder in order to submit the file for analysis. When initially setting up Sandboxie I would strongly recommend that you follow this tutorial. Also, in addition to running an antivirus, I would advise that you run a good firewall alongside Sandboxie. For a listing of the best free firewalls please see this review about the Best Free Firewall.

4. Browser Based Protection

Securing your browser is another very important step in order to keep malware, and other threats, from gaining a foothold on your computer. For this please read my article about How to Harden Your Browser Against Malware and Privacy Concerns. If you are not also concerned about privacy concerns then pay particular attention to the portions which are concerned mainly with security.

5. Protect Your Online Privacy

If you are concerned about your online privacy, especially seeing as there have been more and more attempts to invade it recently, then please read my article about How to Protect Your Online Privacy. This covers many ways in which you can increase your online privacy. Many of these methods are easy to use, but some do take a little bit of effort. Please read it and use whichever methods you think best address your concerns.

How to Improve Your Security When Using a Public Terminal

Using a hotel computer, one in an internet cafe or airport is a risky business. Public terminals are fine for general browsing and even (with a few precautions) collecting your email but when it comes to logging in to your bank account or making an online purchase they really should be avoided.

We all know that but life doesn't always allow us to follow the rules; sometimes we simply have to use a public terminal to conduct a confidential transaction

Well I'd dearly like to be able to tell you a way you can use a public terminal with complete safety. I can't. What I can do is show you some ways you can do it with a high degree of security. OK it's not 100% but it's better than no security at all.

There are two main areas of risk when using a public terminal. First someone may be using a session logger to record the flow of data between the PC you are using and the websites you visit. Second there may be a keylogger fitted to the PC that allows someone to capture your keystrokes and sometimes your mouse clicks and screen session as well.

Risk 1: Session Logging

It's dead easy for an ill-intentioned internet cafe operator to record your internet traffic. Indeed I once visited a cafe and noticed the clerk at the front desk was unabashedly scanning traffic from the shop's computers using Ethereal. So believe me, it happens.

It's important that you understand when you a visiting a normal website that most of the information that flows between the PC you are using and the website you are visiting is visible and readable. It's there for anyone to see. "Anyone" includes your ISP or the clerk in the internet cafe.

If you are visiting a secure website (i.e. one whose address begins with https rather than http) your data stream is secure. That's because your data is encrypted end to end i.e. PC to server. Yes, it can still be seen but all that can be seen is a lot of gobbledygook.

If you use Gmail or Yahoo! webmail this is good news as both of these have secure website connections. The last time I used Hotmail it wasn't secure and many other webmail services aren't secure either. It's easy to tell: go to your webmail site and login. If the URL in the browser address bar starts with https it is secure. That means you can read your mail on any public terminal and no one can read your mail by intercepting the traffic between the PC you are using and the webmail service.

If your webmail service uses http rather than https then your email can be intercepted and read. If your email only includes things like a get-well message to Aunt Maud then there is no problem but if it contains your social security number, bank account and other personal details then you should start worrying.

Almost all online banking sites and e-commerce sites use https. That's comforting as it means no one can read your confidential data flowing between the computer you are using and the remote server. Sure they can see the data flow but they can't decrypt it.

Defensive counter-measures against session logging

There are however, a number of ways to convert even a standard http into a secure encrypted https connection. Using a virtual private network is one way but that's an option more readily available to corporate users than individuals. A simpler solution is to use a secure anonymizing network like the free Tor system.

Although Tor was designed to allow you to surf anonymously it has an attractive side benefit: it creates a secure https connection between your PC and the first Tor server. It's not secure beyond the first Tor server but interception is most unlikely once you get beyond the first server. The most likely location for someone to look at your web traffic is between the PC you are using and the first Tor server.

Setting up Tor is simple if you use a product like the free Firefox based XeroBank browser (formerly TorPark). Just start up XeroBank and the rest pretty well happens automatically. XeroBank is also portable so you can safely browse from a public terminal using a copy of XeroBank installed on your USB flash drive.

Surfing with XeroBank is noticeably slowed by the long chain of Tor servers through which your data passes. However a little extra time is a small price to pay for the additional security and anonymity. Besides if you really need speed you can switch back to normal non-secure browsing easily within XeroBank.

If you use XeroBank you can safely read your email even for non-secure webmail websites like HotMail. Whether the content of your webmail warrants the effort involved only you can decide.

I should note in parting that SSL (and thus https) is not immune to decryption. In particular so called "man in the middle attacks" have proven effective. However this kind of advanced attack is highly unlikely in an internet cafe.

Risk 2: Keyloggers

There is no 100% safe way to enter passwords from a public terminal. That's a fact.

Modern keyloggers can capture not only keyboard strokes but mouse clicks and the Windows Clipboard. They can also take screen shots of what you are doing. Keeping your confidential information from the prying eyes of the best of these sinister products is extremely difficult, perhaps impossible.

So the golden rule is don't ever enter confidential information into a hotel computer, an internet cafe PC or other public terminal.

That's the rule but rules get broken. Sometimes we simply have to use a public terminal. I have and I bet most of my readers have too.

So what can you do to improve your security when entering passwords?

Quite a lot actually. Of the many different options available to improve your password security, one of the most attractive is to enter your passwords using a password manager like RoboForm2Go running from your own USB flash drive. It's an option I covered in my May 2007editorial column.

When run from a USB flash drive RoboForm2Go provides excellent security. In fact I've not yet found a keylogger that can capture the information it enters into login boxes and web forms from Portable Firefox. Don't take that to mean RoboForm2Go is 100% safe. It's not; no product is.

One particular area of weakness of RoboForm2Go is the master password you must enter to activate the password manager. If a keylogger captured that and also managed to copy the encrypted RoboForm master password file from your USB drive then you are in deep trouble as they would be able to access all your passwords.

So protecting that password is critical. Some special issues apply to protecting your RoboForm2Go password and they are addressed later in the article.  Let's first look at the question of protecting passwords in general.

Defensive counter-measures against keyloggers

(a) Use strong passwords

Make your passwords (or passphrases) long and semi-random. Passwords like "SncnGnsl3Fp" are much better than something like "banana". This is not only because long random passwords are more difficult to crack but also because they are more more difficult to unscramble from a keylogger log particularly when used in concert with some of the other techniques mentioned below.

Remembering long semi random passwords is difficult but there are lots of mnemonic systems that can help.

By way of example the password "SncnGnsl3Fp" I mentioned above is actually "RoboForm2Go" transformed by a simple formula where the first letter is shifted one forward in the alphabet (R -> S) while the next letter is shifted one back (o -> n). The same alternating pattern continues for the rest of the characters.

There a lot of different techniques for creating and remembering strong passwords and phrases. You can find some in this Microsoft article. Also worth consulting is this Wikipedia article on password strength.

(c) Use password obfuscation

Obfuscation is just a fancy way of saying you can should disguise your password by entering it in more complex way than just typing it in from the keyboard.

Obfuscation works because keyloggers just record a long string of the characters you type. At some point the owner of the keylogger has to scan the string to identify passwords so you want to make this task as hard as possible. These days keyloggers make identifying passwords easier by labeling the name of the window where the keystrokes (and mouse click) were made. Even so, obfuscation can still be very effective
There are many ways of obfuscating input. Here are a few:

(i) Where you have two entry boxes on the screen such as a username and password, alternate entry between the two fields after each character is typed by using using your mouse to move between the entry fields

(ii) Rather than just entering the password from the keyboard cut and paste some of the characters that make up your password from another part of the screen. Ideally this should be from the same window as the one containing the password field but other windows will work fine too.

(iii) Drop and drag and drag some characters rather than enter them from the keyboard

(iv) Enter some character by holding down the Alt key and using the numeric keypad. For example the letter "a' can be entered by ALT 123.

(v) Use an onscreen keyboard to enter some of the characters.
(vi) Enter the last half of your password first followed by the first half. Then drop and drag the second half to the front from inside the password box.

(vi) Insert some random characters

For simplicity lets say your password is abcdefg.

Rather than enter your password as a simple sequence of letters throw in some additional dummy random characters along these lines: aMNbOcZdPQReSfgTUV

Now go back and delete the dummy letters one at a time. Delete some characters using backspace, others using the mouse to highlight the letter(s) and the then hitting the Delete key or using the right click context menu and selecting "delete."

Obfuscation works

By combining the dummy character trick with the various multiple entry techniques you can confuse  pretty well any keylogger.

However don't feel you have to use every single obfuscation trick I've mentioned; that's overkill. Indeed you may not be able to use all these techniques as some sites and products limit what you can do do. For example RoboForm2GO disables cut and paste  as well as drop and drag when you are entering the master password. It also won't allow you to access (get focus in) any window other than the password box. However you can still enter and delete dummy characters as well as entering characters using the Alt (numeric keyboard) trick and combined with a long random password that's good enough.
It's enough because any hacker reading a log from a keylogger has to read, identify, analyze and re-assemble what's recorded. That's hard work. If you use long random passwords combined with even a few obfuscation techniques then almost certainly you've made the job too hard. Possible yes, but too hard, specially when there is easy picking available elsewhere.

But you can increase your security further; use an on-screen keyboard.

(d)  Use an on-screen keyboard (OSK)
An on-screen keyboard (OSK) is, as its name implies, a screen version of a normal keyboard where you "type" characters by clicking with your mouse the appropriate key on the screen. Windows has an OSK built-in that can be accessed from Start / All Programs / Accessories / Accessibility / On Screen Keyboard or alternatively from Windows key + U.

Now many folks think that using an OSK to enter password data is more secure because a keylogger can't capture the keystrokes. Unfortunately this is only partly true.

First some OSKs (including the Windows OSK) simply emulate actual keystrokes and these can be recorded by many keyloggers. Second anyone can see what you are entering with an OSK by simply taking a screen movie or even a rapid series of screen shots. Third by recording mouse click coordinates it may be possible to deduce the characters entered with an OSK. Finally it may be possible to capture the password from the OSK using a clipboard monitor when you copy the OSK entered password into a password form field.

That's the bad news. The good news is there are some OSKs that don't emulate keyboard input. Two of these are free, portable and specifically designed for secure entry. The first is Neo's SafeKeys; the second is Monitor Only Keyboard (MOK)].

SafeKeys has some nifty features such as the ability to start up in a different screen position and with a different size every time you run it. This effectively defeats mouse click loggers. It also allows you to drag and drop the entered password into a web form thus bypassing clipboard loggers.

MOK has its own charms: it disables clipboard logging and has the option of a variable key layout. It doesn't support drag and drop but the copy implementation results in equal security to SafeKeys.

So on balance, there is little between the products; each is a perfectly viable solution. Unfortunately both are still vulnerable to screen capture. However a screen capture program would have to take very frequent snaps or a continuous movie to successfully capture all your virtual keystrokes. That's possible, though the host PC would take a big performance hit in the process.

But there is a simple way of getting around screen capture programs: enter part of your password with an OSK and the remainder with the real keyboard. Combine the keyboard entry with a little basic obfuscation and you have a pretty secure solution.

Protecting your RoboForm2Go Master Password

There are some special problems involved in protecting your RoboForm master password when using Roboform2Go from a USB flash drive connected to a public terminal.

Before I address these I want to state that I  strongly recommend using RoboForm2Go for safely accessing password-protected websites. It's one of the easiest and most valuable steps you can take to improve your mobile security.

With RoboForm2Go, all of your website passwords are safely encrypted on your USB flash drive, and it's virtually impossible for anyone to decrypt the information from the stored files.

Impossible, that is, unless they have your master password. And there's the catch.

To use RoboForm2Go you must at some point, enter your master password. If attackers use a keylogger to capture that password and also copy your RoboForm2Go password files from your USB drive, then they will have complete access to all your passwords. Hardly a pleasant thought.

So protecting your master password is absolutely critical.

In recognition of this problem, Siber Systems, the developer of RoboForm, has implemented some features that make it more difficult for keyloggers to capture your password.

First, they disable copying text from the master password window. Second, they disable drop and drag. Third, the password entry window contains no text, only graphics. Finally, and most importantly, they include in the password window a link to a special screen based keyboard (MOK) that allows you to enter your master password using mouse clicks.

Frankly, the first three of these measures are of limited benefit. They don't stop most keyloggers and, unfortunately, limit the range of obfuscation measures you can use to disguise your master password. You can't, for example, use the highly effective technique of dropping and dragging part of your entered password from the end of the password to the start. Nor can you cut and paste text from within the master password window or type dummy characters elsewhere in the window.

So these RoboForm security measures are really of limited value. So limited that I've been able to capture the RoboForm master password in every keylogger I've tried.

These particular measures may be limited in value but the MOK built into RoboForm2Go is much more useful. It's quite a secure implementation, unlike the inbuilt Windows MOK.

In total contrast to keyboard entered passwords, I'm yet to find a single keylogger that can pick up passwords entered by the RoboForm MOK.

But there's a small catch. While a keylogger may not be able to grab your password, a screen session recorder can. That's because the RoboForm MOK indicates visually each time you click a "key" with your mouse. This makes your MOK password entries plainly visible on a screen movie.

It would have been much smarter for Siber Systems to have indicated a keyboard press with a sound from the PC speaker and have no screen indication at all. That way a screen session recorder would only show the movements of your mouse over the keyboard without showing what "key" you actually clicked.

That's the bad news. The good news is that the hostile use of screen session recorders is rare compared to the use of keyboard keyloggers. In fact, very rare. That's because taking a live screen movie consumes a lot of computer resources. So much that the computer would be really slowed down and the presence of the keylogger made obvious.

Periodic screen snapshots are, however, reasonably common in keylogging programs. That's because they take far fewer resources than a video, yet still reveal a lot. Fortunately, they are most unlikely to capture enough of your MOK input to reveal your master password. Think about it. Even if the logging program took a screen shot every second it would be virtually impossible to get your entire password. But screen recorders take shots much less frequently than once a second - most operate in minutes rather than seconds.

So on balance using the RoboForm2Go MOK is the way to go. It's not perfectly safe just very safe. It is however, way safer than using keyboard input to enter your master password.

But before you enter anything with a MOK do turn around and make sure nobody is watching over your shoulder. Shoulder surfers just love MOK password entry :>)

Encryption is Not Enough

A few facts

Inconvenient fact #1 - Cryptography is harder than it looks: Not just any encryption program will do.  Most any competent programmer could grab the open-source code for a block cipher (cryptographic protocol) -- say AES -- and put together an encryption process to get from password entry to ciphertext.

But there is a special Murphy's Law for budding cryptographers: Somewhere else in the naive coder's encryption process - key generation, random number generation, hash processes, etc. - there will almost certainly be one or more fatal flaws. A skilled hacker can often find and break process vulnerabilities without much effort. Do-it-yourself encryption is much like thinking you could be competitive with Bobby Fischer or Garry Kasparov [more]

As Bruce Schneier puts it in Security Pitfalls in Cryptography:

A cryptographic system can only be as strong as the encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication codes it relies on. Break any of them, and you've broken the system. And just as it's possible to build a weak structure using strong materials, it's possible to build a weak cryptographic system using strong algorithms and protocols.
------------------
Just because an encryption program works doesn't mean it is secure. What happens with most products is that someone reads Applied Cryptography, chooses an algorithm and protocol, tests it to make sure it works, and thinks he's done. He's not.
------------------
Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely "buzzword compliant"; they use secure cryptography, but they are not secure.
A recent highly visible example shows that it's hard to know who's expertise to trust. [discussion] [examples of cryptographic vulnerabilities]

Example: The temptation to use proprietary, closed-source cryptology leads to persistent folly:

"Even the strongest of the encryption algorithms can be defenseless, if it is implemented with errors, or used inappropriately, and that is the illness of the proprietary software. Microsoft is especially infamous for that, as virtually each of its cryptographic solutions had serious vulnerabilities, often breakable in a trivial manner. One need not venture far for the examples, — Kerberos, encryption of Microsoft Office documents, PPTP VPN, NTLM authentication protocol, SysKey, EFS encryption in Windows 2000, RNG implementations in Windows 2000/XP/Vista. As history shows, that company is unable to learn on its own mistakes, therefore it is better to use anything, but the Microsoft's cryptography, since, even if you would want to, you will find no worse reputation, than the one enjoyed by the Microsoft." ~Mycotopia Forum
Inconvenient fact #2 - Operating systems are messy: They leave behind echoes (cleartext) of the data you access or process - swap files, temp files, hibernation files, browser cache files, and other artifacts.

Windows Volume Shadow Copy Service presents a special problem. Even if you wipe the file after encrypting it, the cleartext copy of previous versions remain on the drive. Even though they are hidden, it is easy enough to find and restore them.

Many simple encryption programs simply encrypt from and/or decrypt to a cleartext file. Yes, some of them delete the cleartext file after you close the program, but they may not securely purge the file (make it unrecoverable).

Using a compression -- e.g. Zip -- program for encryption can be particularly hazardous. Unless you can create, open and save files directly in the encrypted archive you'll leave clear-text version of files behind on the host computer. You must purge (not just delete) those working files. You did know that deleted files are not actually erased didn't you?

If you lose your computer, or if anyone - burglar, snatch thief, snoopy co-worker - gains access to your computer, running or not, they are likely to find cleartext echoes of your encrypted data. You may want to use full-drive encryption to prevent that. All those cleartext echoes will be encrypted when your computer is off. Be sure your program also encrypts the whole hard drive when your laptop lid is closed, not just when you turn it off.

From the TrueCrypt manual:
"System [full-drive] encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), hibernation files, swap files, etc., are always permanently encrypted (even when power supply is suddenly interrupted). Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted as well."
Full-drive encryption may not be though. Some full-drive encryption is vulnerable to attack by someone who can gain repeated physical access to your computer. [Evil-maid attack]
Best Free Drive Encryption Utility
8 Reasons for Full Disk Encryption
Bruce Schneier is a data-security expert, who recommends the PGP Whole Disk Encryption program.
full-disk-encryption.net
Full-Disk Encryption Suites
Comparison of disk encryption software
Filesystem-level encryption
Inconvenient fact #3: Any encryption program can have a secret backdoor. The backdoor may be government-mandated, or provided for convenience in recovery and other administrative functions. Other than government access, the primary hazard is that backdoors are often easily hacked by attackers.

Inconvenient fact #4: Malware presents another threat: If any computer you use to access your data is infected by spyware, the cleartext (decrypted) data can be transmitted to an exploiter over the Internet. Encryption doesn't do a thing for you in this case. Your computer security system (or lack thereof) is what lets you down.

Final worry: Your computer and/or storage devices may be subject to search. It may be better to not have your sensitive data with you if you're traveling by air. Consider storing your data in the cloud (online in encrypted form) or accessing it over a VPN when you need it.

With those factors in mind, here's what I look for when choosing an encryption program:

The program must not rely on a proprietary cipher (encryption algorithm): It must use a time proven algorithm that has been extensively reviewed by the cryptographic community. Examples are AES (Rijndael), Twofish, and Serpent, plus combinations of these used in cascade. But that's just the first hurdle.
I'm highly skeptical of programs offered by individual authors, or as a feature of software that has another primary purpose. Encryption is naturally intriguing, there are excellent public algorithms available for anyone to use, but inexperienced implementation is almost always fatally flawed. In many cases, there are clear warning signs that these programs are not secure at all.
I look for software that has been proven over time. The program should ideally have been used for several years without being breached. Even though a new encryption program uses a time-proven cipher, implementation of the rest of the cryptology has not been demonstrated.
Open-source software is a better choice than closed-source software, particularly if the software has been actively used by commercial entities.
Does the software have a backdoor? Other than government access, the primary hazard is that backdoors are often easily hacked by attackers.
Pismo File Mount Audit Package provides a useful example of my approach to vetting encryption software, based on the factors in above.

I like the Private Folder feature of this audit package. It allows you to quickly access an encrypted file that you convert to an encrypted folder using a context menu command in Windows Explorer. There is no program to open. The big advantage other than convenience is that you can read and write to this folder, completely avoiding the problem of plain-text residue on your hard drive. But is the encryption robust?

Does the program rely on a proprietary encryption algorithm? No, they state that “Private Folder utilizes AES encryption and PKCS5v2 key generation.” So far, so good.
Is the program offered by an individual author? It is offered by a commercial enterprise. That's good.
Is it a feature of software with another primary purpose? Encryption is a recently added feature to software that has a more general primary purpose. Not so assuring.
Has the software been proven over time? The program has been available for some time, but the encryption feature is recent. Also, I was unable to find any reviews by competent examiners. Not yet proven I guess.
Open-source software is a better choice than closed-source software: Source code is not available for the audit package itself, but source code is available for the core functions that the audit package uses. Good sign.
Does the software have a backdoor? In my opinion, based on the nature of the product, probably not.
Conclusion: There are better alternatives.
Fatal backup trap:

Encryption programs that create encrypted "volumes" (files that contain encrypted files) do not change the size of the container file, and often intentionally do not change "date modified", even though files in the volume have been changed or added.  The purpose is to maintain plausible deniability, but the result can be that your backup service or software will not recognize that the volume file has changed. If you use incremental backup for example, the volume file would be skipped after the first time.

TrueCrypt is an example of a program that does not change the modified date. However, some cloud backup services - Dropbox for example - check the hash value of volume files, not the date, and if they change Dropbox stores a new copy of the volume file. TrueCrypt is thus a good way to implement client-side encryption for your most sensitive files if you're using Dropbox for backup. SkyDrive, for example, uses the modified date - not a hash value - so TrueCrypt volumes will not be backed up by SkyDrive after they change