Defensive Computing

Not everyone wants to, or can, pay for a copy of Microsoft Office. Some of us, instead, chose to run free software that competes with Office, such as Open Office or Star Office or IBM's Symphony.

As a user of Open Office, I can attest that it's formatting of Word documents is far from perfect, and, there is no way to know how good a formatting job it is doing on any particular document. To get perfect rendering, I also use the free Office viewers that Microsoft provides for Word, Excel and PowerPoint. You can download them at microsoft.com/downloads (select "Office" in the left side column).

Despite the name "viewer" these programs also let you print Office files and copy data into other applications. The viewer programs are supported on Windows XP, Vista, 2000 and Server 2003.

The most popular viewers are those for PowerPoint 2007 and Word 2003. The Word 2003 Viewer, like Word itself, can read documents from earlier versions of Word.

The latest Word viewer, released in September 2007, is simply called the Word Viewer, with no version number at all. It's nice to be a monopoly. You can think of the latest Word Viewer as the Word 2007 Viewer since it lets you view the new .docx and .docm file formats. However, to get this functionality, Microsoft also requires that you install the Office Compatibility Pack.

The latest Excel Viewer, released in January 2008 also has no associated version number. A screen shot is below. I haven't used it much, but have noticed that it doesn't let you resize columns.

In part, this posting was prompted by a recent question at ask-leo.com - Do I need MS Office updates if I only have the viewers? The answer is yes, but Windows Update doesn't cut it. Just like with the real Office software, bug fixes to the viewers are detected and installed with Microsoft Update. The Word 2003 Viewer was released in August of 2005 and needs quite a few patches as shown below.

Office documents have often been booby-trapped with malicious software, so be sure to run Microsoft Update after installing any of the Viewer programs.

Many of the Word documents that I'm sent don't need to be edited, only viewed. If that's the case for you too, you may be able to save the cost of Microsoft Office by combining free Office software with the free viewers.

See a summary of all my Defensive Computing postings.

Wednesday night on Off The Hook, a radio show on WBAI in New York, Emmanuel Goldstein and the guys from 2600 discussed a feature on the Web site of the U.S. Postal Service that can only be described as ill-conceived.

If you're going to be away from home for a while, the your local post office can hold your mail to avoid an overflowing mailbox. Fine.

In the old days (and you can still do this), you went to the office and filled out a form (PDF). Someone on the show who has done this said the Postal Service doesn't validate the identity of the person who requests mail to be held. It validates only the identity of the person who comes to pick up the mail.

Government techies copied this manual system to the Internet.

You can go to https://holdmail.usps.com (or click on Hold Mail at the Postal Service home page, as shown below) and put a hold on mail delivery. Notice that I didn't say put a hold on your mail delivery. You can put a hold on mail delivered to anyone. This is true with the traditional system, too, but the Internet makes it worse, adding more anonymity and making the process easier. Too easy.

The agency site claims that it needs a name, address, and phone number to stop mail delivery. When tested, however, this turns out not to be the case. Requests with wrong names and wrong phone numbers were accepted, according to a listener who wrote in to the show. All you really need to know is an address.

And with the address, you can stop all mail delivery, not just mail to one person. Quoting from the Frequently Asked Questions: "All mail, regardless of name, will be held for the address entered. Submitting an online Hold Mail request once is all that is required to hold mail delivery for everyone at the address."

Don't have a computer? Simply call 800-ASK-USPS

Off The Hook runs for an hour, but you can listen to this 8-minute segment here

WBAI has an MP3 of the entire show.

See a summary of all my Defensive Computing postings.

On February 28, Microsoft started to distribute Service Pack 3 for Office 2003 via Microsoft Update. As I noted earlier, it's safer to avoid new software, including new bug fixes and new service packs (a big collection of bug fixes).

In the current issue* of the Windows Secrets newsletter, Susan Bradley points out a problem with service packs for Microsoft Office: there is no undo. If, for example, Service Pack 3 causes a problem, you can't roll back to Service Pack 2; instead, you have to uninstall Office 2003 and reinstall it.

In light of all this, I suggest the following for dealing with Office 2003 Service Pack 3:

• Wait awhile to install it. The idea being, if something in the service pack causes a lot of grief, Microsoft may have a fix available by the time you need it. Service Pack 3 was first released four months ago, so I wouldn't expect big problems. Still, it will now be installed on many more computers, so something new may crop up. There is no right answer for how long to wait, but considering the service pack is not very new, I'd give it a couple weeks at least.

• To prepare for problems, make a disk image backup of the entire Windows partition before installing the service pack. I'll have more to say about disk image backups in the future.

• To prepare for reinstalling Office, make sure you can find your Office 2003 CD. For good luck, check that the disc is still readable, put it in a computer, and browse around a handful of folders. If Office 2003 was pre-installed on the computer and you don't have a CD, then you've learned a valuable lesson about buying pre-installed software.

Regardless of service packs, anyone running Office 2003 on Windows XP should run it in restricted mode with DropMyRights.

Worst comes to worse, there's always the free OpenOffice.org.

*There is a free and a paid version of the newsletter. This article is in the paid version, which is why I can't link to it.

See a summary of all my Defensive Computing postings.

In todays' New York Times, David Pogue reviewed an updated version of Microsoft's Office Live Small Business, a suite of online services for making Web sites (I'm simplifying a bit).

He failed to point out an important defensive computing aspect of any Web site, divorcing it from the domain name registration. In addition, trusting Microsoft to handle domain registration is not your best option. To fully understand this, some background is required.

A domain name, such as CNET.com or JavaTester.org is a unique name on the Internet, one that is used for both e-mail and a Web site. Conceptually speaking, all domains are registered in a big master file in the sky. Hundreds of companies, called registrars, are authorized to register domains into this huge master file. Registrars offer many services, but simply registering a domain name ranges from roughly $9 to $35 a year.

Associated with each domain is a pointer to the computer running the Web site and a pointer to the computer that receives e-mail sent to the domain. The pointer system is called DNS, for Domain Name System. The pointers are indirect. That is, rather than pointing directly to the computer(s) with the Web site or e-mail, they point instead to server computers running DNS software.* A company that hosts Web sites is obliged to run a DNS server computer to handle the finger-pointing for all the Web sites under its control.

A small business setting up a new Web site is likely to be tempted by the one-stop shopping offered by Office Live Small Business. Many registrars host Web sites and any company hosting a Web site will also register a domain name. But, you are better off getting these services from different companies.

My JavaTester.org Web site, for example, is hosted at a company called A2 Hosting and the domain is registered with GoDaddy. A2 runs a pair of DNS server computers, ns1.a2webhosting.com and ns2.a2webhosting.com, which GoDaddy associates with the domain in the big master file in the sky. (If you want to impress your friends, the ns1 and ns2 computers are technically referred to as authoritative name servers.)

For one thing, using two companies makes it easier to switch Web site hosting companies in the future, should the need arise. More importantly though, it insures the domain is yours.

There have been times when a Web site hosting company registered a domain in their name rather than in the name of their customer. For example, instead of my JavaTester.org Web site being registered to me in the big master file, it would be registered to A2hosting.** In this case, it is not my domain, even though I paid for it. For a small business, this can be a really big deal.

What about e-mail? Companies hosting Web sites can also provide e-mail, as can most registrars. Then again, you don't need either one, you can have a third party handle e-mail for your domain.

Pogue on Office Live Small Business

The first Web site I ever created was hosted on a computer run by a school. The name was something like computerdeptserver.someuniversity.edu/~michael. Everyone in the class was assigned a userid on the server, and that formed the rightmost part of the Web site address.

From what Pogue says, Office Live Small Business does a similar thing, giving out names like bobsfleabag.accommodations.officelive.com (his example) to customers only interested in free services. Using your own domain, instead of one that ends with officelive.com, is what Pogue means when he refers to "customized domains." I point this out because the term "customized domain" has no real meaning--all domain names are unique.

If you want to use your own domain name with Office Live Small Business, Pogue's review said that Microsoft charges $15 per year after the first year. While the price is certainly fair, having Microsoft handle domain registration scares me.

The Defensive Computing Approach

If you are interested in using Office Live (which I have no experience with) to create a new Web site, first go to a registrar and register your own domain. The two registrars I recommend are GoDaddy and DirectNIC. GoDaddy is cheaper ($9 per year) but DirectNIC ($15 per year) is easier to use.

If you already have a Web site, but it was registered by the hosting company, I suggest first moving the registration to GoDaddy or DirectNIC before getting started with Office Live, or start over with a new domain name. For more on this, see my posting from last month on How to fire a Webmaster.

Microsoft's documentation

Registration of a domain is too important to trust to a company, such as Microsoft, that does it as a sideline rather than it being its core business.

Consider what its FAQ page had to say after Pogue's review came out:

"Will I be charged a fee when my domain name comes up for renewal?
Domain names are renewed on an annual basis. Microsoft will automatically renew your domain name for you, and you will not be charged a renewal fee. If you already own a domain name and transfer it to Microsoft Office Live, Microsoft will pay for any future renewals."

This directly conflicts with Pogue's account and I believe Pogue.

Also, it appears that Office Live Small Business domains are renewed on an annual basis. This is an accident waiting to happen. A real registrar can lock it up for many years.

The Microsoft Office Live Small Business FAQ also refers to "redirecting" a domain and "domain redelegation." The two terms are used interchangeably. But for what? I've dealt with domains and Web sites a lot. If you asked me yesterday what these terms meant, I would have given a different definition for the first term and couldn't have guessed at the meaning of the second.

The Office Live Small Business folks use these terms to mean changing the DNS server computers associated with a domain. For an existing domain with an existing Web site, that is how you point the world to the new Web site (at Office Live Small Business).

Good news, bad news

The bad news about changing DNS servers is that the actual procedure differs for each registrar.

The good news is that Microsoft provides instructions for making the change at a number of popular registrars. See How to set up your new Web site with an existing domain name.

The bad news is that the instructions for GoDaddy don't exist. Clicking on the link results in a Page Not Found error. The instructions for register.com are also missing. In fact, all the "redelegation" instructions are missing. Maybe they were filed under changing DNS servers.
Update. February 16, 2008: The instructions now exist, there are no more "page not found" errors.

* That the Internet grew to the extent it has over the years is due, in part, to the distributing of the responsibility for maintaining these pointers. No one company can screw everything up.
** I don't know that A2Hosting does this, I haven't tested it. This is only an example.

See a summary of all my Defensive Computing postings.

As a computer nerd, I hold this truth to be self-evident:

All new software contains bugs and design flaws

Thus, from a defensive computing standpoint, the latest is never the greatest. Someone who depends on his or her computer, in a serious way, is always best served by avoiding software that has just been released. With that as a backdrop, here are some thoughts as to what this means to you, in terms of current software choices.

Mac OS X Leopard 10.5

For one thing, it means don't buy a Macintosh computer--at least not now. I have nothing against Apple or Macintosh computers. People whose opinion I trust who use both Macs and Windows all say Macs are better. Fine. But the newly released Leopard is too new to trust. If you can get a Mac with Tiger installed, fine.

With Leopard, Apple has shown it is a typical software company, meaning it can't be trusted to release reliable software. The initial version of Leopard seemed like a beta. Problems with two features in particular generated a lot of bad publicity--the firewall and the Time Machine backup program. Both are brand new and featured more than their share of bugs and design flaws. This is not to pick on Apple in particular, it is just the latest example of the self-evident truth about new software.

ZoneAlarm

I like the ZoneAlarm firewall and have been using it constantly for many years, despite griping about it. My gripes have decreased as the product has matured because the basic firewall has not been drastically overhauled.

ZoneAlarm (just the firewall, not the whole software suite) is now at version 7, specifically, the fourth release (7.0.408.000) of version 7. I mention the release number because ZoneLabs (the original company behind ZoneAlarm, which is now part of Check Point) also showed itself challenged at quality assurance. Every new version of ZoneAlarm was plagued with bugs to the point that my personal policy was not to upgrade from the prior to the new version until the third release of the new version. In the worst instance, a bug fix release came out a mere six days after a new version; in another case it was 10 days. I'm happy to miss out on some new features for a little while, so that other ZoneAlarm users can help the vendor debug the software.

Maturity

Apple was responsive with Leopard, issuing a slew of bug fixes only three weeks after its initial release. Microsoft never moves that fast.

And speaking of Microsoft, its latest operating system, Vista, is also too new. If you are buying a new Windows computer, you are better served with XP as opposed to Vista.

When is software sufficiently mature or debugged to be considered reasonably reliable (again from a Defensive Computing perspective)? Reasonable people can disagree; it's a matter of opinion.

Java version 1.5 may have looked mature and debugged after eight releases (version 1.5.0.8), but then came versions 1.5.0.9, 1.5.0.10, 1.5.0.11, 1.5.0.12, 1.5.0.13, and 1.5.0.14.

I don't have the experience with Macs to make an educated guess when Leopard might be ready for prime time. With Vista, I would wait either 2.5 years from its release date or until service pack 2, whichever comes last. And keep in mind that nothing is lost by waiting even longer, as many businesses will do.

My Vista opinion is more conservative than most. In part, it stems from the fact that Vista was a long time coming. Thus more is new about it, more new code and more design changes; both reasons to wait. Apple has unquestionably done a better job of managing its operating system development--shipping new versions of OS X often enough that the changes in each release are far less drastic than the changes between XP and Vista.

Office Software

When it comes to choosing Office software, I would again avoid the latest rendition from Microsoft, Office 2007.

The prior version, Office 2003, has four years of bug fixes applied to it, making it more stable. The prior version has a user interface that is an unofficial, grooved-in standard and uses a file format that is as mainstream as mainstream gets.

In contrast, the new Office 2007 has a new user interface that is very different from the one in Office 2003, 2002/XP, and previous versions. As with any interface change, some people will like the new interface and others won't. The design mistake that I see, is that Microsoft forces the new interface on you; there is no option to fall back to the tried and true and familiar. They tried this with Internet Explorer 7 and eventually backtracked a bit and restored the menu bar.

Office 2007 also introduced a new file format, meaning that users have to tell it to use the old file formats if they want to exchange files with 98 percent of the computing world. If files are saved in the new formats, then people using older versions of Office can't read the files without installing additional software from Microsoft. Users of very old versions of Office are totally out of luck when it comes to the new file formats. Mac users running the Mac version of Office were also unable to handle the new file formats for the longest time. A purposeful zing at Apple perhaps?

Unquestionably, Office 2003 is the better choice when compared with Office 2007. Of course, Microsoft has stopped selling Office 2003. Thanks for nothing.

This leads to OpenOffice.org, which is a reasonable choice for Office software. For one thing, it's a mature product, now at version 2.3. Plus, it can read/write the old format of Office documents and uses the classic user interface. Plus, it's free. It has its quirks though, and is not as fully functional as Office, but it makes sense to try it first and, if it doesn't meet your needs, move on to something else.

If you get a new computer this holiday season, it's possible that your old one(s) may be more dependable.

P.S. If you know of a retailer still offering Office 2003 (for less than $450), please leave a comment below. Thanks.