Terry's Computer Tips - Newsletter
February 26, 2006

---

Terry's Computer Tips Newsletter
http://www.terryscomputertips.com
A computer tips newsletter for users of PC's.

---

Volume 1, Number 37 — Sunday, February 26, 2006

Part 1  Part 2  Part 3

IN THIS WEEK'S E-MAIL ISSUE:
   0.   JUST FOR SUBSCRIBERS — EMAIL ONLY
   0.1   Welcome To New Subscribers!
   0.2   Sunbelt Kerio Personal Firewall -- Preview the Review
   0.3   Still More Gmail Accounts Available
   0.4   My Computer Security Software Recommendations
   0.5   Recommend my Terry's Computer Tips Newsletter to Your Friends
   0.6   Subscription FAQ
   0.7   Send me some email!
   0.8   Links to products and services mentioned above

IN THIS WEEK'S ON-LINE ISSUE:
   1.   Sunbelt Kerio Personal Firewall -- the Review
   2.   Updates Last Week
   3.   More New Web Pages at www.TerrysComputerTips.com
   4.   Feedback on Microsoft Defender
   5.   Setting a Reasonable Temporary Internet Files (Cache) Limit
   6.   My Computer Security Software Recommendations
   7.   Slow-loading Web Browser Links
   8.   Recommend my Terry's Computer Tips Newsletter to Your Friends

Welcome to the on-line version of my Terry's Computer Tips newsletter.

My free, emailed newsletter includes a special "Just for Subscribers" article, an announcement that the new issue of Terry's Computer Tips has been published on-line, and the table of contents for the issue.

The emailed newsletter is sent weekly to individuals who have subscribed to the newsletter, have received an email confirmation notice that required them to confirm their subscription request, and who confirmed their request.

Click here to subscribe. It's free!

---

1.  Sunbelt Kerio Personal Firewall — the Review

Sunbelt Software has recently released Sunbelt Kerio Personal Firewall, their new personal computer firewall software package. SKPF is available in full-function mode (paid license) and in a reduced-function free (licensed free for personal and/or non-commercial use) versions. Actually, it is the same program — after the full-function 30-day trial, you can purchase a license key to reactivate the additional functions or if you don't qualify for the free license.

Why the long name? Sunbelt purchased the existing, respected firewall program Kerio Personal Firewall from Kerio in December.

Sunbelt has reduced the price significantly, too. Sunbelt Kerio Personal Firewall will be $19.95, which includes 1 year of upgrades, as opposed to the usual $40 for firewall programs. Sunbelt's web site shows that upgrade subscriptions will be priced at $9.95 per year.

Until March 31st, Sunbelt Software is offering a special introductory price of $14.95, a 25% savings for the license and 1 year of upgrades. Since I have already registered my copy, I know that the License and the Upgrade Subscriptions are two different things. My license expires "Never," while my upgrade subscription expires next February.

First, what do you miss with the "free" version?

• It is licensed for personal and/or non-commercial use only.
• Web content filtering is not available in the free version
• The powerful Host Intrusion and Prevention System (HIPS) is not available in the free version
• It can not be used on a computer that is providing the "Internet Connection Sharing" functions for your local network (the "Internet gateway" computer). It will block the ICS data packets, since they are not destined for this computer)
• Logs can not be sent to the Windows "Syslog" server.
• You can not password-protect your firewall configuration, and
• You can not access and administer the firewall remotely.

I am currently using Sunbelt Kerio Personal Firewall on my notebook (my primary computer) and I am impressed. When you install SKPF, you can choose between the "basic user" and "advanced user" installations. Unless you're an advanced user, pick the "basic user" installation — you'll read more about this below.

I like SKPF, I have purchased my license for it and am using it on my primary computer. I prefer SKPF to ZoneAlarm, which was my previous choice. However, there are some features I do not like, which I also will discuss below.

The first thing I like is speed. SKPF starts up quickly and even its user interface (with the icon in the Windows status bar) starts up quickly -- much more quickly than my previous firewall did.

Speed in handling data is also good. The user interface is very straight-forward, especially the screen that shows the firewall settings (permit, deny or ask) for each program that wants to access the network and/or Internet.

Price is excellent, whether you choose the paid license or qualify for the reduced-function free license.

Performance: I have the Application Blocking function turned on (more about this later), so I have learned a lot more about the huge numbers of programs that trigger communications with the 'Net. I like this feature, especially the ability to set "remember my answer" rules for the future.

Problem with "Trusting" New Networks

I have a major problem with SKPF's default assumption on local networks. In my opinion, they have made a serious security error, at least for notebook users. I have flagged it to them and expect this issue to be fixed promptly. It appears to be an ease-of-use choice for home networking, without fully realizing the implication on notebook security.

When you hook up to a new network with an Ethernet cable or with a wireless connection, SKPF automatically treats the network as a "Trusted." SKPF should not do this without asking or without warning. More on this subject in the "Network - Trusted" section below.

Let's Look at the Program

Overview - Connections:  This is the first screen you'll see when you open the program. On this screen, you will see the applications and services which are currently accessing the network and/or Internet, or which have recently done so.

Overview - Preferences:  The most important items on this screen are the "automatically check for updates" checkbox, the "Check Now" button, and the "Import" and "Export" buttons for restoring or saving your SKPF configuration.

Network - Applications:  This screen shows you — and allows you to control — the applications on an individual basis. You can choose ask, permit or deny for each application that tries to use the network or Internet, and you can control it inbound and outbound, to and from your Trusted network and to and from the Internet.

Network - Predefined:  Here, you can control those specific programs and services that Sunbelt chose to permit or deny by default.

Network - Trusted:  This is the screen where you can see and control the networks to which you have connected. The networks are identified by IP address/subnet-mask or telephone number and by interface (wireless, wired, phone). I have a major issue with one of the defaults here. When you connect to a network via Ethernet or via wireless, Sunbelt Kerio Personal Firewall will classify that local network as "Trusted" without asking or warning you. This is not appropriate, in my opinion, and I have sent in a bug report on this issue. I expect this default to be promptly changed.

This default is a major issue for notebook computers, but could affect desktops if you hook them to other networks — especially if you haven't followed my wireless security recommendations and changed from the default Workgroup ("MSHOME") and IP range for your home network.

If you haven't changed your Workgroup from the default, anyone on that network to which you just connected with the same MSHOME workgroup will be able to share your files! So, you pull out your notebook in a coffee shop or other wireless venue (hotel, airport, etc), SKPF's current version (4.2.3), you'll automatically share any shared files with those other computers that similarly are using the default Workgroup name.

The other problem with default "Trust" is more insidious — firewalls will allow responses from any other computer, but they block communication requests from other computers that are not trusted. If a computer is trusted, the communication request is allowed. Scenario: you hook up via wireless at the local coffee shop. One of the other computers there has a worm that attacks newly-discovered Windows flaws -- and you haven't run your Windows Updates recently and the hole is not patched. You've just been "had."

What would I do differently? At a minimum, I believe that any firewall should default to "NOT TRUSTED" for all networks. The best thing — the easiest thing for users — would be dialog box saying something like "Sunbelt Kerio Personal Firewall has detected a new local (wired or wireless) network. Do you want to trust the computers on this network?" At that point, SKPF should act according to the answer.

Again, I've reported the issue. I trust that we'll see a new update soon with this issue addressed.

Network - Advanced:  This screen gives you some extra control of specific situations, such as blocking incoming communications while you are booting or shutting down and whether this specific computer is acting as a gateway to the Internet for other computers (Internet Connection Sharing). You might be doing the latter if you use dialup and have multiple home machines. If you use cable or DSL, you should have a cable/DSL router to provide this service and additional protection for your Windows machines.

Intrusion - Main:  This is where you can enable or disable the Network Intrusion Prevention System, the Host Intrusion Prevention System (not available with the free version), and Application Behavior Blocking.

If you pick the "advanced user install," Application Behavior Blocking is turned on by default. You'll quickly get hammered by every program that triggers another program to run — and you'll be amazed at how often that happens. Don't even think of leaving your computer while doing Windows Updates...

When you combine this application blocking (which I really do like!) with the typical smarts of a firewall that recognizes "changed/updated" programs as "different" programs (as it should!), you'll see this block a lot of items — even if you make a "rule" to accept an action. If you did the advanced user install, now you know where and what to turn off to stop those interruptions, if you want to stop them.

Web - Ad blocking:  I have hated ad blocking even before I ever started putting advertising on my web site. Now that I have ads on my web site, I really don't like users having the ability to view my content if they do not have the courtesy to view my ads also.

On the "Web - Ad blocking" control page, you can turn on or turn off "block advertisements." Independently of blocking web page ads, you can block pop-ups and pop-unders (I _do_ like to block those!). However, I have turned in a bug report on the "block pop-ups and pop-unders function" over performance. SKPF wraps the whole web page (in your browser) with a big JavaScript. I found this by searching to figure out why web pages were now loading more slowly than before SKPF. Result, I turned off SKPF's pop-up blocker -- anyway, Firefox and IE-XPSP2 have pop-up blockers.

You can also use SKPF to block JavaScript, VBScript and ActiveX. Since I don't use IE for anything but Windows Updates, VBScript and ActiveX don't bother me. I will not turn off JavaScript, as too many web sites need JavaScript to function properly.

Web - Privacy:  Let me just say that the checkboxes you see unchecked on this screen (all of checkboxes) are the ones I have unchecked for normal web surfing. There are legitimate reasons for cookies, whether they are for maintaining your shopping cart within a web site, for letting you "log in automatically" at a web site, or for enabling a web site owner to receive a commission when you purchase something from an ad on his site.

Cookies got a really bad rap a few years ago, when a couple companies announced they were going to track users all over the Internet and merge surfing habits with other personal databases. The public uproar was so great that these companies (Doubleclick was one) quickly announced that they were dropping those plans. Doubleclick went so far as to put a "Doubleclick.net ignore me" cookie generator on their web site for use by the public.

Web - Site Exceptions:  This section is pre-populated with the Microsoft Update sites. You can add, remove or edit site listings here.

Summary

That's the Sunbelt Kerio Personal Firewall in a nutshell. Extensive controls, easy-to-use controls, and very reasonable pricing.

I see a significant issue for notebook users in the current "trusted" default for newly connected wired and wireless networks.

On the other hand, even though my notebook is my primary computer, I've registered SKPF and continue to use it. I've reported the issue and expect that this issue will be resolved quickly with a new update that changes the default to "not trusted" or asks whether to trust the network.

How can you improve the security of your wireless computer and your wireless network?

Read more on my Wireless Networking Security web page.

How can Sunbelt get ahead of the competition?

I'd like to see Sunbelt or any firewall company implement an automatic profiling of a wireless network — and warn me when I connect to a different wireless network than the last one to which I connected, even if the network uses the same IP addresses.

I imagine that 90% of the wireless networks use the typical default IP address settings on a router (192.168.1.x/255.255.255.0). And, firewalls choose to "trust" computers based on their IP addresses or the network's IP addresses.

Therefore, no matter which firewall you choose, if you "trust" the computers on a wireless network with those IP addresses, you're going to trust the same IP addresses elsewhere.

Example: you trust computers on your home network with 192.168.1.x/255.255.255.0; now you go to the coffee shop, who has the same IP address range. You just trusted every computer in the coffee shop!

Wouldn't it be nice if you got a message that said "Warning - this is not the same wireless network to which you connected last. Do you want to trust all the other computers on this network?"

The test is as easy as checking the MAC address of the wireless router against the MAC address of the wireless router previously connected, and warning the user if they're different. Since MAC addresses are supposed to be unique for each piece of network hardware, an obvious extension of this idea is for the program to keep a table of wireless router MAC addresses and whether the user wants to trust their respective networks.

[Gee, did I just have a patentable idea for firewall technology and publish it in my online newsletter?]

The Bottom Line

I tried Sunbelt Kerio Personal Firewall, I like it, I use it, and I registered it.
Check out the 30-day full-function free trial and you'll see why!

---

---

2.  Updates Last Week

Microsoft (operating systems, email, web browser, office suites):
The next regularly scheduled Windows Updates are scheduled for Tuesday, March 14, 2006.

Firefox (web browser, www.mozilla.com, free):
Current version 1.5.0.1. No updates this week (v1.5.0.1 was released on February 3).

Opera (web browser, www.opera.com, free):
No updates. Current version 8.52, released on February 17th. Per the Opera site, "This release is a recommended security upgrade." It also fixed some other small issues.

Netscape (web browser, www.netscape.com, free):
Current version 8.1.

SeaMonkey (web browser, email, HTML editor, newsreader; www.mozilla.org; free):
Current version 1.0, released January 30.

Eudora (email, www.eudora.com, options: paid, sponsored or free/lite):
No updates this week. Current version 7.0.1.0, released 12/21/05.

Mozilla Thunderbird (email, www.mozilla.com, free):
Current version 1.5.

OpenOffice (office suite — spreadsheet, word processor, presentations, graphics, web design; www.openoffice.org; free):
No updates this week. Current version 2.01.

---

---

3.  More New Web Pages at www.TerrysComputerTips.com

Subscribers to my Terry's Computer Tips email newsletter saw these new web pages earlier in the week. On Wednesday they received a Special Edition which included a new article and the listing of new "unlisted" web pages &mdash new web pages that I had not added to the web site's front page or the computer tips index yet.

I still have a lot more newsletter articles to convert into web pages. As I wrote earlier, Google has indexing issues with newsletters, so I'm converting articles from older issues into individual web pages..

I'm not sure whether they index and then de-index them based on age, or whether they just have trouble because of the varying content on a page. I think it is more likely the age issue, as I can find some issues but later can not find the same issues in a Google search of my site.

My latest new pages are the following:

• XP Repair Pro — the Review
• Slow Windows XP Boot Times
• Distributed Computing — Putting PCs Spare Time to Work
• External Hard Drive Enclosures
• Running Your Computer 24/7
• Surviving the Robot Uprising
• Home-based Internet Businesses #1 - A Travel Site
• Keeping the Correct Time on Your Compute
• Firefox extension — PDF Download manager
• Hard Drive "Direct Memory Access" Modes
• Screen-Printing from your Computer Screen, part 2
• Just for Fun - NetDisaster

Subscribe to my email Terry's Computer Tips newsletter to get the latest information, be the first to see new web pages, and get Special Editions, too.

 

---

---

Part 1  Part 2  Part 3

Volume 1, Number 37 — Sunday, February 26, 2006
Part 1 | Part 2 | Part 3

Copyright © 2006 Terry A. Stockdale.  All rights reserved.