Defensive Computing

Adobe just released version 10 of the free Flash Player Web browser plug-in. The new version (10.0.12.36) replaces version 9,0,124,0 (yes, those are commas, not periods) and includes an important fix for a security flaw known as "clickjacking," as well as fixes for other problems.

Everyone should update their copy of the Flash Player, and this post explains how to do so on Windows machines (the Flash Player also runs on OS X and Linux).

Updating the Flash Player on a Windows machine is unusually cumbersome. In part, this is because the Internet Explorer version is packaged very differently from the Firefox/Opera/Chrome version, so the Flash Player needs to be installed separately into each browser.*

Another reason for the unusual hassle is that for many years, installing a new version didn't remove old versions. Then too, if all goes well, you should be able to remove recent versions of Flash in the normal way, but all doesn't always go well. For example, on the Windows XP computer I'm writing this on, version 9,0,124,0 of the Flash Player plug-in is installed and working fine, yet it doesn't show up in the "Add or Remove programs list" in the control panel.

Thus, the safest approach is to use Adobe's Flash Player uninstaller program.

I've written about this before, so rather than rehash it fully, what follows is a seven-step cheat sheet.

Step 1: To get the lay of the land, use Adobe's Flash tester page to see which version is currently being used by your Web browsers. I say "browsers" because this needs to be done in each installed Web browser.

Uninstalling

Step2: Download the Adobe Flash Player uninstaller here. If you've done this before, do it again. The Windows uninstaller was last updated on October 15, 2008.

Step 3: Shut down all running programs, then run the uninstaller. Below are the uninstall details.

A detailed report from the Adobe Flash un-installer program

Step 4: Check the output from the uninstaller to see if you need to restart Windows. Here is what Adobe says about this:

"Internet Explorer users may have to reboot to clear all uninstalled Flash Player ActiveX control files. If you're not certain, select the "Show Details" button in the Flash Player uninstaller. If there are any log lines that begin with "Delete on Reboot..." then you'll need to reboot BEFORE running the Flash Player installer again."

Step 5: Adobe's Flash Player uninstaller is limited in a few ways. For one, it does not deal with portable versions of Firefox (see Portable Firefox and the Flash Player). It also doesn't handle other software, such as Dreamweaver, that includes its own copy of the Flash Player. Then too, there used to be a bug with its not searching for installed copies of Flash in places used by very old browsers.

The best way to get a true inventory of all instances of the Flash Player is to run the Secunia Online Software Inspector and turn on the checkbox to "Enable thorough system inspection." Expect it to take awhile.

Installing

Step 6: In Internet Explorer, first make sure that only one copy of IE is running. Then get the new version of the Flash Player at www.adobe.com/go/getflash. Look for a checkbox about also installing the Google toolbar. If there is one, I suggest turning it off on the theory that the less software installed the better.

The Flash Player installs like any other ActiveX control. Adobe warns, however, that "if you don't have administrator access, then you may not be able to install Flash Player successfully."

Step 7: For Firefox, Opera, and Chrome, Adobe also warns that you "may require administrative access to your PC" (see Flash Player installation instructions). Start any of these browsers, go to www.adobe.com/go/getflash, and download a file called install_flash_player.exe.

Downloading the Flash Player installer for the plug-in version of the Flash Player

Close all Web browsers, then run the installation program. Finally, start each non-IE Web browser on your computer and verify the installation at the Flash tester page.

Here's the pot of gold at the end of the rainbow:

The latest and greatest Flash Player

If you have any problems, see Troubleshoot Adobe Flash Player installation for Windows. You can also download flash at adobe.com/shockwave/download/alternates/.

To answer the question you may be thinking, yes, in an ideal world this posting would not be needed, let alone be so long.

*Adobe refers to the Firefox/Opera/Chrome version of the Flash Player as the "plug-in" version. In Internet Explorer, the Flash Player is an ActiveX control. You'll see them listed separately in the list of installed software in the control panel.

See a summary of all my Defensive Computing postings.

When I wrote an introduction to Netbooks a couple days ago, I mentioned some of the cheaper models but didn't include any from Asus. From what I'd read, their keyboards were on the smallish side, so that ruled them out for my adult fingers.

But I just ran across two Linux based Asus Eee PCs, model 900, selling for only $300, a price that forgives a multitude of sins.

There are too many Eee models for me to keep straight, but suffice it to say the 900 is last year's model. In the Netbook world, "last year" translates to a few months.

Best Buy is selling the 900A-WFBB01 for $299.99 with no rebates. It has no Webcam and two of the three reviews at BestBuy.com said the keyboard was small. Still, it comes with 1GB of RAM, a standard Intel Atom processor, a standard 8.9-inch screen running at the standard 1024x600 resolution, the obligatory media card reader and three USB ports. The solid state disk is only 4GB, definitely bottom of the line. The specs don't name the Linux distribution, but Asus uses a modified version of Xandros.

ZipZoomFly is selling the ASUS EEE PC 900-W017 for the same $299.99 (with free shipping), but only after a mail-in rebate. This, however, is a very different model 900. For one thing, it has 20GB of solid state storage instead of 4GB, and, it has a Celeron M processor rather than the Atom. It also includes a Webcam.

By way of comparison, two online retailers (Newegg and Microcenter) are selling yet another 900 model for $350. Each says theirs comes with an Intel Mobile processor and 16GB of solid state storage. What they share with their cheaper siblings is a gigabyte of RAM, the 8.9-inch screen and Linux. Yet again, the name of the Linux distribution remains a mystery. Newegg says there is a Webcam, Microcenter doesn't.

I haven't read any reviews of these machines, and, as I said in the previous posting, cheap isn't always the best way to go.

See a summary of all my Defensive Computing postings.

Twice this year I ordered a computer directly from Lenovo and they shipped it via UPS. Both shipments got screwed up.

Back in January I wrote about how UPS lost my computer. That machine, a desktop, was supposedly delivered to the wrong address. Lenovo built and sent a replacement computer and a few days after the replacement computer arrived, and roughly a month after the first one was shipped, the first machine magically showed up.

On October 8th Lenovo shipped me a new S10 Netbook (see The Lenovo S10 Netbook is here, count me in. On the 9th, I checked the delivery status with UPS only to find that the tracking number didn't exist.

The next day, when the UPS tracking number still wasn't in the system, I called Lenovo. They couldn't explain what happened and queued my query to another group with a promise to call back in a couple days.

By the 13th, UPS knew about package.

My package "experienced an exception". The address label was missing or illegible. That's a first for me.

Lenovo called on the 13th to say that the package had no label and they would have a new estimated delivery date tomorrow.
Update: The computer arrived before the new delivery date estimate.

Making a poor situation worse was that three out of the four times I spoke to someone from Lenovo on the telephone, I couldn't hear the person due to background noise as loud as Fenway Park in the World Series. That, combined with the accents of the Lenovo employees, meant that every sentence had to be repeated.

Of course, you can also communicate with Lenovo by email, except that an email about this wasn't responded to for 3.5 days.

UPS seems to be the only shipper used by Lenovo.

Update October 20, 2008. This did not end well.

See a summary of all my Defensive Computing postings.

If you work in a corporation, then you might be interested in a blog posting by Joel Hruska over at Ars Technica that reviews a report by Compuware on how and why corporations lose data.

(Credit: Compuware)

Compuware surveyed 1,112 "IT practitioners" and found that only 1 percent of data losses could be attributed to hackers.

The other 99 percent? Mostly negligent insiders. The next biggest sources of trouble were outsourcing and malicious employees.

Asked about their employer's ability to monitor and detect information theft, most of those surveyed said their employers did a poor job.

If you like to cut to the chase, here is Hruska's conclusion:

The report ultimately suggests that the vast majority of companies have security models that are semifunctional at best. Accountability is a hit-or-miss affair, confidence in the system as a whole is minimal, and the flaws that contribute to data breaches aren't confined to any single level of an organization.

Ouch.

See a summary of all my Defensive Computing postings.

Last time, while describing the Lenovo IdeaPad S10, I offered my opinion that Netbook computers will drastically change the computing scene. A quick look at the best selling computers at Amazon.com shows many Netbooks (as of October 15, 2008 the top three computers were all Netbooks). In writing a follow-up posting, I realized that an introduction to Netbooks might be needed. So, here I try to explain just what Netbooks are and how they differ from the millions of laptop computers that existed previously.

A Netbook is a new type of laptop computer, defined by size, price, horsepower, and operating system. They are small, cheap, under-powered, and run either an old or unfamiliar operating system.

Netbooks run either Windows XP Home edition or Linux (not only is Linux unfamiliar to many, but the versions of Linux on Netbooks are not the mainstream popular distributions). They do not run XP Professional, Vista, or OS X. Microsoft arbitrarily restricts Netbooks from running the Professional Edition of Windows XP. Likewise, Apple arbitrarily restricts OS X to Apple hardware and it has never played in the low-end realm that Netbooks occupy.* Vista requires too much horsepower to run well on a Netbook. HP has been the only company to offer Vista on a Netbook. The price, however, was so high that it's debatable whether such a machine qualifies as a Netbook.

Update: On October 24, 2008 CNET's Ina Fried reported that Microsoft has plans to make Windows 7, the upcoming version of Windows that will replace Vista, available on Netbooks.

Size-wise, Netbooks have 9- or 10-inch screens, weigh from 2 to 3 pounds, and sport keyboards sized from 80 percent to 95 percent of normal.

Price-wise, Netbooks start at about (all prices are rounded off and approximate) $330 for a Linux-based model and $350 for an XP-based machine. The high end of the Netbook price range is debatable. To me, anything over $500 isn't a Netbook. Still, many companies are marketing computers they refer to as Netbooks for more than that. When HP first released their Mini-Notes, prices ran from $500 to $1,200.
Update: As of October 15, 2008 prices at HP's website range from $400 to $780.

Despite a huge proliferation of Netbook models, these specs seem to be standard:

• Screen resolution 1024x600
• Intel Atom CPU running at 1.6-GHz
• Wi-Fi B and G
• Ethernet at 100Mbps
• A slot for a flash RAM memory card
• External VGA output jack
• Integrated graphics
• Two or three USB ports
• Built-in camera
• Headphone and microphone jacks

What's missing

What's missing is just as interesting.

For one thing, there is no optical drive. CDs and DVDs had to be thrown overboard to reduce both the size and cost. Another omission is the now legacy PC card (aka PCMCIA) slot. Most Netbooks don't include Bluetooth. And, while they do have Ethernet and Wi-Fi, they don't include the fastest version of Ethernet (known as gigabit Ethernet), the latest version of Wi-Fi (N) or the older "A" version of Wi-Fi.

I understand these omissions and many people can live with them. However, I think manufacturers are making a mistake by not including a telephone modem. For many, communication will be the main purpose of their Netbook and there are still places where the only means of getting online is dialing the telephone.

The latest technology for online access is a 3G data network. Netbooks, as a rule, don't yet support 3G networks, but that will surely change in the near future. Some will have the necessary hardware built in at the factory, others will support ExpressCard modems, the rest will make do with USB connections. Then too, a cell phone can provide mobile Internet access and communicate with the Netbook using Bluetooth.

Ever-present Internet connections could make a huge difference in the popularity of Netbooks. Look what it has done for the Kindle.

What differs

One of the big differences among Netbook models is the storage medium, some have spinning platter hard disks, other come with solid-state disks (SSDs).

Frequently the Linux based Netbooks employ SSDs whereas the Windows XP models use a standard hard disk. The reasons for this include: Windows XP needs more storage space, SSDs are more expensive and Windows itself is more expensive than Linux.

Another reason has to do with the speed of SSDs--the cheap models are very slow at writing, especially at random writes. Kevin C. Tofel at jkOnTheRun did an interesting test. He started with an SSD-based Acer Aspire One running Linux. The machine was reasonably zippy at running Linux, but just for fun he installed Windows XP on it. XP ran as slow as molasses. There is a huge variation in SSDs, and I don't know if XP performs reasonably well on the SSDs in other Netbooks. You can buy an SSD that's faster than a spinning platter disk in all respects (including random reads and random writes), but you may not want to pay for it.

Another difference among Netbooks is battery life/power, with low-end models having 3-cell batteries and higher-end models having 6 cells.

To me, a big feature is the screen surface. Most Netbooks seem to have glossy screens, which Alfred Poor points out are cheaper. I prefer an antiglare coating.
Update October 15, 2008: So too does fellow CNET blogger Dave Rosenberg.

Low-end models

There are far too many Netbook models for a blogger like me to keep up with. But, I pay attention to the cheap ones and below is a sampling of current models and pricing. Cheapest isn't necessarily the best. For example, if battery life is important to you, you'll need to spend more for stronger battery.

The Lenovo S10 is among the cheaper Windows XP machines. It starts at $400 with an 80GB spinning platter hard disk, a 10-inch antiglare screen and 512MB of ram. The XP version of the Dell Inspiron Mini 9 also sells for $400 and includes 512MB of RAM and a 9-inch glossy screen. However, the Mini 9 comes with 8GB of solid-state storage.

Perhaps the best bargain in an XP Netbook is the Acer Aspire One. It sells for as low as $350 with 1GB of RAM, a 120GB hard disk and a 9-inch glossy screen.

Acer is also a bargain on the Linux side. Pricing starts at $330 (here and here) with a 9-inch glossy screen, 512MB of RAM, 8GB of solid state storage, and Acer's own version of Linux, Linpus.

For $350 you can buy a Dell Inspiron Mini 9 running a much more standard version of Linux, Ubuntu. It comes with a 9-inch glossy screen, 512MB of RAM, and 4GB of solid state storage.

When they were first introduced, the HP Mini-Notes were seriously expensive. The keyboard was loved by all reviewers and the screen was a higher resolution and thus offered a sharper image. They were, however, released too soon to include an Atom processor and reviewers felt they were a bit under-powered. In the five or so months since they were released, they've come down in price. A low-end Linux model, the HP 2133-KR922UT with 512MB of RAM, and 4GB of solid state storage sells for $370 at Amazon.com. It runs SuSE Linux Enterprise Desktop 10 and includes an ExpressCard Slot.

If you're willing to live with last years model and a small keyboard, you can get an Asus Linux based Netbook for $300.

Keeping up

New devices mean new experts. Among the sites keeping up on the latest Netbooks are jkOnTheRun, Laptop magazine, Liliputing, and Electric Vagabond.com. I don't have a lot of experience with these sites, but jkOnTheRun is my favorite so far.

One thing to note, however: technical reviewers often get better Netbooks than you and me. Models are constantly changing and PR people get reviewers the latest and greatest. For machines that are under-powered by definition, a small upgrade, such as doubling the RAM, can make a big difference in performance. When reading any review, be aware of the specs, the model being discussed may not be the one available at your local retailer.

Also be aware that Netbooks are changing very quickly. The Wikipedia inventory of available and planned models is huge, especially considering that the first Netbook was released only a year ago. By the time the electrons dry on a Netbook review, something in it is outdated.

Going forward

Despite being underpowered, Netbooks will be extremely popular because they will go where no computer has gone before. Their small size and low cost will open up new applications, that we can only guess at.

For years techies and the public focused on the cutting edge of personal computing. Netbooks are dull technology-wise, the equivalent of last year's model. But for many applications, they are good enough. Many things have been popular because they were cheaper than the competition and although not as good, were thought to be good enough.

How will Netbooks affect personal computing going forward?

For one, they'll introduce more people to Linux. Perhaps the inherent safety of Linux, shared with OS X, will popularize it with users sick and tired of fending off malicious software.

Netbooks will help keep Windows XP alive and well, not that it needs any help. I suspect that very few people want Vista when they buy a new Windows computer. Some of them tolerate it, others don't know they have a choice. The New York Times had a story headlined How I Stopped Worrying and Learned to Tolerate Vista that included this:

"Taming Vista on my Intel chip-equipped Sony Vaio laptop became, after a while, a measure of maintaining patience, never mind sanity. Sure, there was a day recently when I could've thrown the thing out of the window and into the backyard, and then made tracks to the Mac Pro desktop in the basement."

I think that Netbooks will be the first computer for a whole generation of children, starting, perhaps, as early as the upcoming holiday season.

Netbooks will help and benefit from the transition away from plastic DVDs as a movie medium to electronic media. Likewise, they will help and be helped by the transition to SSDs and away from spinning platter hard disks. Same with cloud computing, no matter how you define it.

Netbooks may make the Kindle into a dinosaur. Why carry a small box that does one thing, when you can carry a small box that does many things? Why buy a dedicated Internet radio, when a Netbook can do that? Why buy a small DVD player if you can get a movie on a flash memory card? Why buy a high-end smart phone, when a Netbook can do all that on a larger screen? It's an exciting future for Netbooks.

For standard computing tasks, the small Netbook screen and keyboard will, no doubt, limit its audience. That said, you can always connect a Netbook to an external monitor, a real mouse and/or a real keyboard. And software tricks can be played to increase the font size when an external monitor is not available.

Soon: what Netbooks have to do with defensive computing.

*CNET's Erica Ogg wrote that it's unlikely Apple will come out with a Netbook. See Three things Apple won't do from October 15, 2008.
See a summary of all my Defensive Computing postings.

The S10 is here, I ordered one yesterday and I'm psyched. The IdeaPad S10 is Lenovo's just-released entry in the Netbook market. "Netbook" is a new term that's applied to cheap small laptops that run either Windows XP Home Edition or Linux. No Vista or OS X here (neither is cheap).

One reason Netbooks are cheap is that they are underpowered, by current standards. Yet, they have more than sufficient horsepower to do the things most people do most of the time.

(Credit: Lenovo)

I think Netbooks will drastically change the computing scene.

For some of us, they should make excellent secondary computers. For children, they could make great first computers. And, with prices starting at $325, Netbooks are almost an impulse buy. In contrast, the cheapest MacBook notebook costs $1,099. This may not be a good time to invest in Apple stock.

Netbooks are small, but I think people will find they are not so small as to be annoying.

The original Netbook, the Asus Eee had a 7-inch screen. It was wildly popular, but, to me, the screen was too small. Skype barely fit on the screen and Web pages required too much scrolling. Most Netbooks now have 9-inch screens, the S10 screen is 10.2 inches.

Another big thing to me about the S10 is the anti-glare screen. I'm wary that the glossy screens on the Acer Aspire One and the Dell Mini 9s may be a constant annoyance.

Keyboards are small too, roughly 80 percent to 90 percent of normal. The original Asus Eee keyboard was so small that I could barely type on it. My adult fingers just didn't fit. I haven't used the S10 yet, but if there ever was a company capable of making a good keyboard it's Lenovo. Their ThinkPads have excelled at keyboards for years. CNET said the S10 has a "decent-size keyboard (for a Netbook)". Wired said "Touch-typing is as easy as it gets in this category."

The keyboard on the Acer Aspire One has gotten good reviews but the placement of the mouse buttons is said to be sub-optimal. I fear that might be a constant annoyance especially for someone using the computer where an external mouse is not an option, such as on their lap. Interestingly, the Dell Mini 9 dealt with the small size of the keyboard by doing away with the row of Fx keys along the top. I've seen adults criticize the new Asus Netbooks for the keyboard still being too small. The HP Mini-Notes are said to have great keyboards, but not enough else to make them serious contenders.

When CNET wrote about the S10 way back on September 25th (2 weeks is a long time in the Netbook world) the only available model was $439. Now, there is also a $399 model for sale at Lenovo.com. CNET's demo unit had 1GB of ram and a 160GB hard disk. My only choices yesterday were 512MB of ram and an 80GB hard disk. I've run Windows XP on many computers with 512MB of ram and found it perfectly acceptable.

The two available models differ only in price and color. The $399 model is white, the $439 one is red (more colors are on way). I opted for white. Interestingly, other Netbooks are not priced by color. Comparable Dell Mini 9s are the same price regardless of the color. Newegg sells comparable models of both the Acer Aspire One and the Asus Eee for the same price regardless of the color.

Operating System

The S10 runs Windows XP Home Edition (Microsoft does not allow XP Professional on Netbook computers). Many competing Netbook vendors, such as Dell and Acer, offer both XP and Linux. In general, Linux is cheaper. The Linux version of the Acer Aspire One, for example, starts at $325. The Dell Inspiron Mini 9 starts at $349 with Linux. In each case, sister XP-based models are more expensive.

Linux needs less hard-disk space than Windows, thus many Linux-based Netbooks come with solid-state drives (SSDs). SSDs are the wave of the future but their cost limits their storage capacity in a cheap computer. Linux can fit in a few gigabytes, Windows XP can't. The one downside, to me, of the S10 is that it comes with a legacy spinning-platter hard disk. Hard disks are fragile compared to SSDs, and not the best choice for use on a moving train or bus.

One annoyance with Linux is choice, there's just too much of it. Some Netbook vendors, such as Acer and Asus, created their own versions of Linux. My preference is for one of the major Linux distributions and Dell has, to me, made the best choice here. Their Mini 9 comes with Ubuntu. I previously wrote about the Ubuntu user interface; suffice it say, I think Windows users will take to it very easily with hardly any learning curve. In fact, Ubuntu running Open Office may be a simpler transition for an XP user than moving to Vista with Office 2007.

Which brings up an interesting question. Why pay $315 for the standard edition of Office 2007, when you can get an entire Netbook computer for just a bit more and install the free Open Office?

Linux, like OS X, benefits hugely just from not being Windows, and thus being immune to the vast majority of malicious software. A Linux-based Netbook would be appropriate for a child or anyone for whom antivirus and anti-spyware software is just too much to hassle with.

My shoulder is looking forward to carrying a 2.5-pound Netbook rather than a 6-or 7-pound laptop/notebook.

Update. October 11,2008. As an indicator of how quickly things change in the new Netbook world, take the pricing of the Lenovo S10. According to jkOnTheRun, both available colors (white and red) sold for $439 on October 7, 2008. On the 8th they noted that the white model dropped to $399. On the 10th, I noticed that the red one was down to $429. Then again, on October 7th, Wired wrote about a $469 S10 model, but with beefier specs. Circuit City is planning on selling one of these higher end S10s for $450, but, today at least, they don't have any in stock.

Update October 20, 2008. This did not end well.

See a summary of all my Defensive Computing postings.

There was an interesting article recently in The New York Times about getting locked out of a Gmail account.

In August, blogger Alan Shimel of StillSecure wrote about his problems regaining access to a Yahoo e-mail account. Suffice it to say that if someone learns your Web mail password, it's a very difficult situation--one that may not end well.

For one thing, the Web mail provider may not know enough about you to determine the true account owner. Worse still, anyone using a free Web mail account from Google (Gmail), Yahoo, or Microsoft (Hotmail) can't expect to talk to a human being to resolve a problem with their account. Talking to person at Google requires a subscription to Google Apps Premier Edition for $50 a year. Microsoft and Yahoo similarly offer telephone support only to "premium" customers.

If you care about a Web mail account, then some homework may be in order.

Alternate e-mail address

One thing Web mail users should have associated with their account is an alternate e-mail address. This is typically optional, but it can be critical, should you get locked out. I think you're safer not using an address from the same provider as your alternate. That is, don't provide a Gmail e-mail address as the alternate for a Gmail account. Too many eggs in one basket.

If you're like me, with no recollection or notes about the alternate e-mail address associated with your Web mail account, here's how to check (after first logging in to your account):

Gmail: Click on the "Settings" link in the top right corner, then go to the "Accounts" tab and click on the link in the "Google Account settings" section.

Classic Hotmail: Click on "Options" in the top right corner, then View and Edit your personal information. Your alternate e-mail address is displayed along with a link to change it.

Classic Yahoo: Click on "Options" in the top right corner, then "Mail Options", then (on the left) click on "Account Information" and re-enter your password. Yahoo will then display "Alternate Email 1" and "Alternate Email 2." Yahoo supports two alternate e-mail addresses, a great safety net, since our e-mail providers change over time.

Secure connections

Gmail, Hotmail, and Yahoo Mail all offer secure connections when you initially log on and enter your password. Hotmail and Yahoo then switch back to unsecured, HTTP, connections. Gmail offers an option to always use a secure HTTPS connection, even when reading and writing e-mail. Highly recommended.

To enable this feature, Gmail users should click on "Settings" in the top-right corner, then on the default "General" tab, scroll to the bottom of the page, and turn on the radio button to "Always use https."

Truthiness

Web mail may be one of those places where little white lies are acceptable. The governor of Alaska, who recently had her Yahoo e-mail exposed to the world, set herself up for failure by truthfully answering some questions.

Every Web mail system asks for personal information as a means of identification, should you lose your password. The problem is that this personal information can also be used by a bad guy to learn your password.

Yahoo and Hotmail limit their secret questions to a handful of preselected questions. The straw that broke the camel's back for the governor of Alaska was the question of where she met her spouse. Being a public figure, it didn't take much guessing for someone to correctly answer this question and fool Yahoo into thinking that person was the governor. There were some other canned questions too, but they were also easy to answer using public information.

Public figure or not, there is no reason to answer Web mail security questions truthfully. After all, who are you really lying to? A potential bad guy trying to learn your password.

So, when asked the name of your favorite teacher, feel free to respond "xyz" or with any random word or sentence that no one will guess. Then, of course, write it down in a safe place. The price for making up random answers is the burden of recovery. This is the eternal relationship between security and convenience. More security always entails less convenience.

Gmail is the most flexible of the major providers. It lets you choose your own secret question, thus giving you a fighting chance of picking a question to which no one else knows the answer. Still, if you have a safe place for storing passwords, a totally random answer can't be guessed.

To review your security question in Gmail, click on the "Settings" link in the top-right corner, then go to the "Accounts" tab, and click on the "Google Account settings" link in the section of the same name. Finally, click on "Change security question." You will have to re-enter your Gmail password.

Users of the classic Hotmail system can review their security question by clicking on "options" in the top-right corner, then clicking on "View and edit your personal information."

Yahoo e-mail users may be in for a surprise. Simply knowing your password is not sufficient to view, let alone change, your security question. As described in How do I update my secret question? Yahoo requires you to "verify the Answer to your current Secret Question in order to update it." I'm screwed.

Does someone already know your password?

If someone learned your Web mail password, would you know? It's one thing to have your e-mail read, but it's another to have it read over and over, day after day, by someone who knows your password and is smart enough not to tip their hat by changing it.

Potentially, there is much that Web mail providers can do to let account owners know that someone else is logging into their account when they're asleep. As far as I can tell, Hotmail and Yahoo mail do absolutely nothing in this regard. Gmail, however, offers an audit trail, if you know where to look.

When Gmail users first log in, they should scroll down to the bottom of the initial page and look for a message such as:

Last account activity: 22 hours ago at IP 66.88.111.222. Details
or
Last account activity: 22 minutes ago on this computer. Details

If you didn't last log in to your Gmail account when the message indicates, then someone knows your password.

Internet Protocol addresses can be linked to both an Internet service provider and a country, for sure, and maybe even to a city within the country. For more on this, see my earlier posting "What does your IP address say about you?"

Clicking on the "Details" link offers a longer history of Gmail account activity and an indication of whether the account is currently logged on at another computer. Letting one person log in to a Gmail account simultaneously from two different computers strikes me as a design mistake. But given that design, Gmail users can log off other computers that are currently logged into the same account. Needless to say, this, too, can alert you that someone knows your password.

Information about the most recent Gmail account activity is presented on the bottom of every Gmail Web page. For more, see Last account activity in the Gmail Help.

Test password recovery

Anyone involved in backing up computer files knows the importance of testing the recovery process, and the same applies with Web mail. The best way to ensure that you can recover or reset your password is to try it.

Yahoo password recovery (thanks to the governor of Alaska, it's now the infamous Yahoo password recovery) starts out by asking for your birthday, country of residence, and postal code. Without this gatekeeper information, knowing the secret question is useless. Even something as simple as your postal code needs to be saved rather than remembered because, as Yahoo points out, it may be from your home, your office, or a prior residence or prior work location.

Hotmail password recovery starts with the option to either "Use my location information and secret answer to verify my identity" or to "Send password reset instructions to me in e-mail." If you go the first route and answer the questions correctly, you get to choose a new password.

The location information is the same as Yahoo's--country, state, and ZIP code. If you go the second route, an e-mail message is sent to the alternate e-mail account with two links, one for confirming the request and resetting the password and another for doing nothing.

Gmail error handling isn't limited to just password recovery; they deal with a whole host of problems accessing your account, including:
I forgot my password
I forgot my username
My account has been compromised
My password doesn't seem to be working
Loading issues
Another error or problem

If you forget a Gmail password, you're taken here where, as with the other two systems, you enter the user ID and get in through a Captcha. At this point, there are no options. Google sends an e-mail to the alternate e-mail address. It doesn't display the entire alternate e-mail address (Hotmail, in contrast, does); just the domain name.

I tested this using a Yahoo.com e-mail address as the alternate to a Gmail account. Word to the wise: don't do this. The message from Gmail was treated as spam by Yahoo. The message includes a link that, when clicked, takes you to a Web page where you can enter a new password.

If you no longer have access to the alternate e-mail address, Google advises you to "...try the 'Forgot your password?' link again after five days. At that point, you'll be able to reset your password by answering the security question you provided when you created your account."

Web mail accounts may start out as toys or curiosities, but for many people, they end up being important. A little homework now may save a ton of grief later.

See a summary of all my Defensive Computing postings.

Things aren't going well at Ford Motors.

The automaker just reported that September sales were down 34.6 percent compared with the same month a year ago. For the first half of 2008, Ford posted net losses of $8.6 billion.

Ford blames a weak economy and a tight lending market. But there may be another factor at work--unhappy customers.

In August, I rented a Ford Fusion from Hertz. When I saw a Microsoft logo under the dashboard, I suspected trouble ahead. Sure enough, it seems that poor design choices, so common in the computing world, have migrated to Ford cars.

When it comes to automobiles, I'm a newbie. While I can get from point A to point B, I wouldn't know a carburetor if it sat next to me on the subway. But how much do you need to know about cars to play the radio?

After listening to the radio a bit, something drove me to hit the phone button. Why? I don't know. There were two cell phones in the car, but the phone section of the radio wanted something from me that I didn't have. It was asking all sorts of questions that I didn't know the answer to. So, I gave up and turned the radio off.

But, it didn't go off.

I pushed more buttons, and more, and more. Nothing turned off the radio; in fact, nothing would get it to play AM or FM or satellite radio. I could put a CD in the dashboard, but couldn't get it to play. The radio insisted on answers to the phone questions and without them it wouldn't do anything else.

So, I called Hertz.

The person at Hertz had never dealt with a radio that refused to turn off before. He went to search for the user guide (car people call it an owners manual) and called back. We got nowhere. He suggested turning off the car (rebooting to a techie), but I was in the middle of a crowded highway on a long trip so that wasn't an option. Then the Hertz rep was nice enough to call a Ford dealer and call back.

The final answer? Push and hold the radio's phone button for about 5 or 10 seconds. That turns off the radio. Being a techie, I had tried pushing in the power button on the radio and holding it for 10 seconds, but didn't think to try it with other buttons too.

The nonfunctional radio was all the more annoying because I couldn't play my MP3 player through the car stereo.

The last car I rented, a Toyota, had an input jack in the dashboard. With the right wire, it was a simple thing to plug one end into the dashboard and the other end into the headphone jack on the MP3 player. I was a happy camper in Toyota-land.

The Ford Fusion user guide said the car could do the same thing and had a picture of where the input jack was. But the picture looked nothing like the dashboard. It didn't look anything like any part of the car. I searched every inch of the dashboard and the entire front half of the car. No stereo input jack.

The third strike was the rearview mirror. The interior of the car slopes up in the back. Thus, anyone looking in the rearview mirror can barely see an elephant standing behind the car.

Next time I rent a car, no Fords.

This is the last posting in a trilogy about adding a second router to a Local Area Network to provide an additional layer of protection for high value computers.

The first thing I noticed after setting up a network as described in the previous posting was that a newly protected computer, plugged into the second router just worked. All the hard work is in configuring the new router. Any computer using DHCP, which is the norm, shouldn't need any changes to enable the additional protection.

One side effect of the new LAN segregation is remote control. On the network I tested with, I sometimes use Real VNC to remotely control another computer on the LAN. This is no longer possible across the divide that the second router was brought in to create. To continue with the adult/kid scenario from before, it is no longer possible for an adult to remotely control the computer of a child.

The newly created digital divide also prevents file sharing between an adult and a child. Of course, that's by design.

Also by design, an adults computer can no longer connect to the kids router to make configuration changes. Or so I thought. While this is true when dealing with private IP addresses, the kids router also has a public IP address (you can see your public IP address using www.ipchicken.com). I was surprised to find that entering the public IP address into the Web browser on an adults computer, brought up the internal Web site in the kids router.

From a kids computer, the Web site in the kids router could also be accessed by its public IP address. The router in question was a Belkin Wi-Fi G F5D7230. I'm not sure that other routers will also act this way.

From outside the LAN, the website in the kids router is not reachable. This was expected as the remote administration feature was purposely turned off--a recommended Defensive Computing step.

I use an SSL VPN from WiTopia.net whenever I access an untrusted network. The VPN worked just fine from an adults computer. In fact, it worked so well, that I could no longer see the Web site in the kids router using its public IP address. Thanks to the VPN, I was accessing the Internet from WiTopia rather than from the LAN.

Leo Notenboom, whose article "How do I protect myself from my children?" prompted this trilogy, uses Hamachi, another type of VPN. He said it works fine in this type of network configuration. There are other types of VPNs, such as IPsec, which I can't test.

Wi-Fi should present no problem in a double-router LAN. In fact, each router can have its own Wi-Fi network.

In the best case, one wireless network would use the crowded 2.4GHz band (Wi-Fi B, G and N) and another would use the 5GHz band (Wi-Fi A and N) to avoid stepping on each others feet. But most consumer routers only use the 2.4GHz band, so, if possible, configure each router to use a different Wi-Fi channel.

In my case, the adults router was a Ruckus 2825 which has a "Smart select" option for the Wi-Fi channel. Testing it on different days, it did indeed chose different channels. So far, the Ruckus router has shown excellent range, but I haven't yet put it to the acid test.

Another way to avoid having the two wireless networks interfere with each other is to turn off the wireless radio in a router when not in use. This is done using the internal Web site in the router and, as noted above, an adults computer can configure both routers. I've yet to see a Wi-Fi router with a physical switch for turning off the radio, if you know of one please leave a comment below.

All in all, the cost and inconvenience seem pretty small for the extra protection a second router can offer adult/high-value computers.

Update: September 29, 2008.The point about remote control needs to be clarified. There are two approaches to establishing the connection between the two computers: direct and with a middle-man. On a normal LAN, you can use the direct approach by entering the IP address of the controllee from the controller machine. Adding a second router limits this option to adults controlling adults or children controlling children. However, since all computers can still access the Internet, the middle-man approach still works. With this scheme, each computer first connects to a middle-man website. GoToMyPC is an example of the middle-man approach whereas Real VNC is an example of the direct approach.

See a summary of all my Defensive Computing postings.