Defensive Computing

The May 15th issue of the Support Alert newsletter has an interesting article on converting PDF files into Word documents. Initially, the newsletter author, Ian Richards, tested a couple free online conversion services, then he got readers with seven different commercial products to convert his sample document.

He called the results "fascinating" and found that "the products varied markedly". The most expensive product produced one the worst conversions. Overall, he likes Zamzar, a free web-based conversion service, saying "Most users who have only a casual need to convert PDFs to DOC should save their pennies and use Zamzar rather than buy a commercial product." The list of file types that Zamar converts from and to is huge.

The original PDF used for the tests was posted at techsupportalert.com, but it's no longer there. So, I searched news.com and ran across a PDF formatted profile of someone named Kathy White (I haven't read the document) from 2002 that seemed like it might be hard to convert. You can see the results of the Zamzar conversion here michaelhorowitz.com/zamzar.test.white.doc.

Looks pretty good to me.

Update. June 5, 2008: Someone just told me about another review of PDF to Word software and services at www.freewaregenius.com, How to convert PDF to Word DOC for free: a comparative test. The comparison testing, done in March 2008, included six products, all freeware. The favorite was the Koolwire.com service.

See a summary of all my Defensive Computing postings.

After my previous posting about the free Starter Edition of Spyware Doctor version 5, someone claiming to be a spokesperson for the vendor, PC Tools, left a long rebuttal comment. I can't verify that the writer, claiming to be Marketing Communications Manager Magida Ezzat, actually works for PC Tools because they never contacted me directly. What follows is my rebuttal to the rebuttal. Think debate team.

No Network Drives For You

OK. But having every scan of a network drive report that all is well is misleading since no scanning was done. If the product won't scan a network drive on purpose, it should say so.

Who Does The Updating?

Interesting. This implies that the Starter Edition of Spyware Doctor will run just fine even if the Google updater is uninstalled.

Latest Version

Good to know. But, it is now a week since the comments above were written, and the main version number is no longer the same for both editions of Spyware Doctor. The product's home page currently says that version 5.5.0.178 is the latest for the "Full Version". My copy of the Starter Edition is version 5.1.0.272 and it reports that it is up-to-date. Adding to the confusion, Help -> About doesn't identify the Starter Edition.

Other Reviews

I was not looking for critical reviews, just for reviews. Magida provided links to three positive reviews. One link was to an old version of the software. To me, reviews of old versions are irrelevant. The other two links were, in fact, to the same review by Ryan Naraine. It originally appeared at PC World in August 2007 and then reappeared at UK-based PC Advisor in September 2007.

I read the lone positive review, and it said "PC Tools Spyware Doctor 5.0 spotted only 27 percent of our inactive banking-related spyware and 43 percent of password-stealing spyware." No anti-spyware program is perfect, perhaps these percentages are par for the course. I don't know. But the review also said:

"Spyware Doctor 5.0 didn't detect changes to the Hosts file, which spyware can use to redirect your PC to a malicious website."

It is inexcusable for an anti-spyware product not to prevent updates to the hosts file. Malicious software has targeted the hosts file for a long time; this is nothing new. Even the free version of the ZoneAlarm firewall has an option to prevent changes to the hosts file.

The reason to care about the hosts file is that it can translate the name of a website into an underlying IP address. If your hosts file is zapped by malicious software you can type in the name of your bank (or use a Bookmark/Favorite) and end up at a website that looks exactly like that of your bank, but is in fact, operated by bad guys. Kiss your identity good-bye.

Not protecting the hosts file is, to me, a fatal flaw for an anti-spyware product.*

Another point from the positive review: "By default, PC Tools Spyware Doctor 5.0 does not turn on anti-rootkit protection". Gee.

CNET Review

I notified Robert Vamosi of the above comments and, if he so chooses, he can speak for himself. To judge for yourself, see CNET Top 10 Antispyware apps 2007 and How we test: Antispyware software.

Last Update Date

Yes, I missed it, the last update date is reported (I updated the initial review to reflect this). However, the last time I checked the software, it said it was updated three days ago and had a green check mark. In the anti-malware world, missing three days of updates is not an all green condition. I would consider it a yellow warning. Sure enough, the software was missing an update to the "database".

High CPU Usage

That Spyware Doctor is doing anything at all just after installation is not obvious to the user and it should be. In an effort to be usable by non-techies the product is overly simple. To me, software that consumes a large amount of computer resources and slows down the machine, should at least say what it's doing.

If you know a computer user that is better off without a message on the order of "A scan of all the files on your computer is now in progress. This scan is necessary because .." then Spyware Doctor is an appropriate choice for that person.

That a scan takes "some processing power" goes without saying. Magida did not address the fact that it took all the processing power on my machine, thus the denial of service comment.

What To Ask The User

If the product won't even display the fact that a scan is in progress, then of course it won't ask for permission first. But, the net effect of this design choice is that the computer slows to a crawl every now and then and stays slow for the duration of the stealth background scan. And because Spyware Doctor is mute about what it's doing, many users won't know to blame it for the slowdown. How convenient.

NOD32, which I just wrote about, solves the problem of dealing with users with different levels of technical awareness by defaulting to a simple user interface and offering an option for an advanced interface. To me, this is a better design.

Missing Tools Button

OK. Let me suggest adding these three sentences to the getting started documentation.

Number of Downloads

The software available at download.com is the free trial edition. The Starter Edition, that I wrote about, is only available as part of Google Pack at pack.google.com.

*Not blocking the hosts file is a limitation of the full/paid version of Spyware Doctor. The free Starter Edition does not claim to block most avenues of infection. That's why it's free.

See a summary of all my Defensive Computing postings.

Although it has it's annoyances, in general, I like NOD32 antivirus vesion 2, from ESET. But a new version was recently released and new software scares me. As I wrote about in November, I hold this truth to be self-evident:

All new software contains bugs and design mistakes.

I recently worked on a Windows XP computer whose copy of NOD32 version 2 had expired the day before. If it's possible to renew a copy of NOD32 v2, then finding out how eluded me. After clicking around everywhere in the user interface, and not being able to learn anything about renewing, I gave up and un-installed it.

(Credit: ESET)

The only indication I found, that the software had expired, was a single message buried in the middle of one of the log files. It would seem that a novice user could continue on their merry way without a warning that their software had expired.

But, that's a version 2 issue and I moved on to version 3, hoping that it was ready for prime time. Since the initial release, NOD32 version 3 has been revised three times.

Here is a first look.

The first thing any anti-malware (malicious software) program has to do just after it's installed is update itself with new malware definitions. This has been true since the product category was invented.

At this point in the game, it's reasonable to expect some sort of notice that the virus definitions are old and need to be updated. But NOD32 is mute. After installation, the user interface just sits there. It doesn't say anything or ask anything. In fairness, it might have triggered a warning from the Windows Security Center, but I turn off the Security Center because it is next to useless.

Turns out that NOD32 is smart enough to determine that an update is needed, and it performs the update in the background. But, just like Spyware Doctor, this is kept secret while the update is in-flight.

Despite the web site touting a 30 day free trial, I installed the trial software on January 1, 2008 and the license was only valid until January 19, 2008. Doesn't inspire confidence.

One of the first things I did was run some scans and then view the scan log. The difference here between Spyware Doctor and NOD32 was night and day. Whereas Spyware Doctor hardly logs anything about each scan, the NOD32 logs are very detailed and a pleasure to review (if you like that sort of thing).

In the course of running some custom scans, I noticed that each new scan included the files and folders selected for the prior scan (great activity logging). This turned out to be a small bug in the display of files/folders selected for the scan.

As the screen shot on the right shows, the selection tree view is pretty standard stuff. What is not standard however, is the checkboxes next to folders with sub-folders. As you can see, all the checkboxes are white, which normally means that no files or folders under that folder are selected. The bug is that there were some selected sub-folders but since the checkboxes were not the standard gray color, I didn't realize it.

While a scan is in-flight NOD32 shows the percent completed so far. During one scan, however, a second percentage was displayed underneath the main one. Adding to the confusion, the bottom percentage went up, then down, then back up, then down again, etc. etc. etc. I think this is because a large zip file was being scanned and my guess is that the bottom percentage is within the zip file. But other files didn't show a processing percentage, and it doesn't explain why the percentage kept going up and down.

Like version 2, a full scan with NOD32 version 3 generates oodles of messages, many of them errors. Again, I appreciate the level of detail, but some of the errors seem avoidable. The first one, as shown above, was an error opening the Windows page file. Windows has had a page file for a very long time. You would think ESET could have learned to deal with it by now.

The second error above was a problem opening a file. I mention it because the file, CACHE.NDB, belongs to NOD32. One part of the product is protecting files from being scanned by another part of the product.

Not to be too negative, the revised user interface in version 3 is an improvement. One thing in particular stands out, the option to use the product with a simple or advanced interface. I think this is a great idea, as it lets both non-technical and technical people use the software with an interface they are comfortable with.

But, there is more

This should have been the end of the story. When I first started writing this, it was. But the next morning (January 2nd), the computer owner contacted me about an error from NOD32. As the screen shot below shows, it complained about a userid and password.

To understand the error message you need to know that instead of simply getting a serial number as proof of ownership, ESET gives their customers a userid and password. When you install the free trial, a default userid and password is generated for you. The password is obscured, on one computer the userid was eavtrial48.

When you install the version 3 trial, none of this explained. All you are told is to enter the userid/password that ESET provides after you pay for the software. Nowhere in the instructions does say what trial users are supposed to do.

In this case, the same user/password that worked on New Years day, was now invalid.

Since I no longer had direct access to the computer in question, I downloaded the trial version of NOD32 v3 another Windows XP computer.

The download procedure had also changed overnight. On the first computer, I had to fill in a form on a web page and provide an email address before I could download the trial software. Not any more.

The basic installation of NOD32 on the second machine went fine, but then this copy too, couldn't update itself. It failed with the same error about an invalid userid/password. And, like the first computer, the trial expired on January 19th rather than in the advertised 30 days.

I contacted technical support at ESET and they responded fairly quickly:

"... In regards to your inquiry, the user name and password that was provided during installation has expired on our end and is not your fault. We are currently working on this issue. As soon as a new user name and password has been issued for the trial version you will be able to download and/or update your trial version of NOD32. If you have additional questions regarding your case or if the issue continues to persist please let us know by replying to this email..."

Three revisions to version 3 were apparently not enough. This is all too typical. As I mentioned earlier, new software scares me. It should scare you too.

Update: January 4, 2008. The problem with the invalid userid/password cleared itself up with no action on my part. The issue was on an ESET server, not on my computer. Added the simple and advanced interfaces.

FYI: CPU magazine just gave NOD32 an excellent review. They also tested the core anti-virus functionality, which I didn't. I'm just a blogger.

Technical information about NOD32 version 3 on the second computer
Product version 3.0.566.0
Virus signature database: 2658 (20071114)
Update module: 1019 (20071030)
Antivirus and antispyware scanner module: 1100 (20071112)
Advanced heuristics module: 1066 (20070917)
Archive support module: 1065 (20071109)
Cleaner module: 1021 (20071101)

See a summary of all my Defensive Computing postings.

Spyware Doctor is a popular commercial anti-spyware program. The product's home page is littered with accolades, though a few are for version 3.8, and others are for version 4, whereas the current version is 5. The CNET review at download.com gave it 3 stars (out of 5)* and 2,362 people at download.com rated it the same 3 stars.

PC Tools sells the full version for (approximately) $30 for one computer, $50 for two and up. That you can get a mostly functional version of the software for free, may have passed under your personal radar. It did mine.

The free trial version has been downloaded a whopping 17.4 million times at CNET's download.com. According to the vendor, PC Tools, "The trial offers time unlimited real-time protection (free spyware blocking), but does not remove threats detected during on-demand scans."

But, there is another free version, a "Starter Edition". The bottom of the product's home page says: "The Starter Edition offers full scan and removal of threats, and basic real-time protection, is available for free as part of the Google Pack."

Full spyware removal for free? This I had to check out.

You can see the difference between the free Starter Edition and the full version here . In short, the Starter Edition will find and remove spyware and adware on a par with the paid version. What it's lacking, is most of the protection features that prevent infection in the first place. Interestingly, this is almost the mirror image of the free trial which offers all the protection, but none of the removal. The Starter Edition even offers tech support by email, the paid version adds phone support.

Google lets you pick and chose Google Pack applications

The Google Pack download page, shown above, let's you pick and chose applications. You can download just Spyware Doctor by itself, which I did. Google Pack works with Windows XP and Vista.

First Impression

The Google download and install process is straightforward. However, even though it said Spyware Doctor was up-to-date, that was not the case.

The just-installed software was old in two respects. According to PC Tools, the latest version is 5.1.0.273, Google installed version 5.1.0.272. The Spyware Doctor self-update facility (called "smart update") found a bunch of missing updates and easily installed them. But, even after bringing it up to date and re-booting, the version number remained 5.1.0.272.

You may forgive things like this since Google Pack is in beta, but Google has re-defined the term beta, their software retains that label for years on end. Google Pack, in particular, was first released two years ago.

Old software though, was the least of my problems. Spyware Doctor seemed to be conducting a denial of service attack on me. It (program swdsvc.exe, the PC Tools security service) was consuming all the processor cycles on the machine. Mind you, I hadn't asked it to do anything other than update itself.

If software thinks it knows best, fine. But it should ask the user before doing something resource intensive, or, at least, say what's going on and let the user cancel it. Spyware Doctor didn't indicate that it was doing anything, so I shut it down to prevent the machine from overheating.

You may prefer your anti-malware software to run quietly in the background and not ask you or tell you anything about what it's doing. But that shouldn't be the default behavior. And there is no excuse for not indicating somewhere in the user interface what's going on.

One thing I will say for it though, it fully shut down. Not all anti-malware software is so polite.

Is the last update date here somewhere?

One of the first things I look for with new anti-malware software is the date of the last definitions update. Spyware Doctor has a "Database Version" but, as shown above, "5.08870e" doesn't resemble a date in any way, shape or form. It also has a count of "Intelli-Signatures" whose meaning is a mystery.
I take this as a bad sign. If anti-malware software can't do something as easy as reporting the last update date (so that I can insure it's current), then maybe it won't report other important information in a clear, simple way. The last update date is low hanging fruit.

Update: January 6, 2008. I was wrong about this, the last update date is reported. However, the last time I checked the software, it said it was updated three days ago and had a green check mark. In the anti-malware world, missing three days of updates is not an all green condition. If anything, it's a yellow. Sure enough, the software was missing an update to the "database".

Sure enough, after running some scans, Spyware Doctor showed itself to be weak at reporting. After a few scans, I did a "view history" and the last few scans didn't appear in the history. Unlike Windows Explorer, Spyware Doctor doesn't have a Refresh option.

The data recorded about each scan was also incomplete. I did some scans of selected folders and the log doesn't show the folders that were scanned. Custom scans let you chose among a host of different "scanners". Also missing from the scan log is the type of scanners that were used.

To C or not to C

I discovered a couple undocumented missing features in the Starter Edition.

For one, scans seemed limited to the C disk. All the scans I ran on drive letters that represented mapped network drives were refused. There was no error or warning, the scans just always examined zero files.

The other missing item is the Tools button. It is shown in the getting started documentation and also visible in the CNET video at download.com. What the tools are though neither says.

Updates

Long term, it's not clear who owns what with regard to software updates. Both Spyware Doctor and Google Pack have their own self-updating features. When it comes time to upgrade to version 5.2 or version 6 is Google or Spyware Doctor or both or neither going to perform the update? So far, the answer has been neither.

Google Pack installs two processes that run all the time in the background. One is a normal program, one is a service. Since Google offers instructions on how to un-install the Google Pack updater, I can only assume that it is not necessary for Spyware Doctor to function correctly.

Keep in mind, this was just a first impression, my experience using Spyware Doctor spans all of an hour or so. Still, for a mature, well reviewed product, I expected better.

Update:As you can see below, someone claiming to be from the marketing department at PC Tools left a long comment. See my long reply Spyware Doctor Starter Edition - a second look. January 7, 2008.

Update: December 29, 2007. It wasn't hard to find critical reviews of Spyware Doctor version 5. There were quite a few negative comments at Amazon.com, indicating I wasn't the only one to find it a resource hog. At CNET, Robert Vamosi reviewed it shortly after it was released in March and gave it 6 stars out of 10. He review included this "...until this recent release [Spyware Doctor], was one of the better choices. Version 5 introduces new under-the-hood protection--and a number of nettlesome software glitches. In testing done by CNET Labs ... it failed to remove the load points for more than half the spyware samples within our test group."

*The review at download.com doesn't specifically say which version was reviewed, is undated and doesn't indicate which version(s) of Windows were used for the testing.

See a summary of all my Defensive Computing postings.

My previous posting was an introduction to both DNS and OpenDNS. Here, I offer a brief review of the features and services offered by OpenDNS.

First though, let's consider what happens when DNS breaks. As noted previously, the DNS system translates computer names into IP addresses. So if it breaks, it may seem that your Internet connection is broken when in fact, it's fully functional. That is, from your ISP's perspective everything can be working fine, all the lights on your modem and router* can be normal, but still, you can't get to any Web sites without DNS being alive and well.

To see if DNS is the problem, try to access a few Web sites by their underlying IP address. Here are some to try:

Speed and reliability

OpenDNS claims to be fast. I don't doubt this is true, but this is probably not reason enough to switch. For one, it may or may not be faster than the DNS servers you now use. And even if it is faster, the speed boost may not be noticeable (it wasn't to me). Still, it's not hard to find people who claim the Internet runs faster after switching to OpenDNS [here and here]

You can get a feel for the speed at SiteUptime, which offers a free Quick Check that can be used to compare the speed of OpenDNS with your current DNS servers. The OpenDNS DNS servers are 208.67.222.222 and 208.67.220.220. Its Getting Started page shows you how to determine your current DNS servers for many operating systems.

Take all these IP addresses to SiteUptime, chose the city closest to you, in the drop-down menu chose "DNS 53," and enter an IP addresses in the "HostName or URL" box. When I tried this, the two OpenDNS servers responded in 0.010 and 0.009 second, whereas my ISP's DNS servers responded in 0.025 and .027 second. Your mileage will vary.

Unlike speed, reliability may well be a reason, in and of itself, to switch. OpenDNS operates servers in five physical locations, two on the East Coast of the U.S., two on the West Coast, and one in London. This is likely a much more robust setup than that offered by your ISP. It also accounts, in part, for its speed claims--it responds to queries from the location closest to you.

Phishing

Phishing protection is perhaps the most defensive computing reason to use OpenDNS. Heck, anything that helps prevent ID theft is a plus.

Of course, the latest versions of Firefox and Internet Explorer also include phishing protection. There should be no conflict between the protection from your browser and from OpenDNS.

Neither Mozilla nor Microsoft say where their phishing data (the list of known bad Web sites) comes from. In typical corporate-speak, Microsoft says it comes from "several industry partners." OpenDNS gets its list of phishing Web sites from PhishTank, a sister company it describes as "...a collaborative clearing house for data and information about phishing on the Internet." Anyone can report suspected phishing Web sites to PhishTank. And you've got to love the name.

Typos

Another type of intelligence added to the DNS name -> IP address translation involves typing mistakes. OpenDNS fixes a handful of common mistakes and sends you to the place you probably wanted to go in the first place. For example, typing www.javatester.og (missing r) will take you to javatester.org. So, too, will wwww.javatester.org (four leading w's) take you to my JavaTester Web site.

Five w's at the front is too much though, that OpenDNS considers an error. But, the error page wisely asks if you meant to go to javatester.org. OpenDNS users can get to CNET using either cnet.cmo or cnet.comm. Not earth-shattering, but all in all, a nice feature to have.

Site blocking

If you sign up for an account at OpenDNS, then it can block Web sites for you. At home, this could be used to keep children from playing online games while they are supposed to be doing their homework. In a corporate setting, it can be used to prevent access to Webmail as a way of encouraging employees to use the corporate e-mail system. OpenDNS is able to, for example, block Yahoo e-mail (mail.yahoo.com), while still allowing access to the rest of Yahoo.

The bad news here is that I can't see how this blocking can be enforced. A knowledgeable computer user can simply change the DNS servers used by the operating system.

If you're dealing with children though, the "adult" Web site blocking might be very handy, and it's free. OpenDNS has partnered with the iGuard team at St. Bernard Software to provide it with a list of "adult" Web sites it claims is updated daily. How good is this list? Test it for yourself at opendns.com/support/adult/. If it blocks a Web site by mistake, you can override it using a white-listing feature.

Setting it up

The instructions for enabling OpenDNS on its site are pretty good, but they are click-here-type-this instructions and not defensively oriented.

One thing I would add to the instructions is to make a note of your current DNS servers so that, if need be, you can revert back to them. Also, if you have multiple computers on a LAN and want to kick the tires on OpenDNS before fully converting, then change only one computer to use the service.

Finally, you may think you have converted an entire network to OpenDNS, but all the ducks may not be in a row. Normally, computers on a LAN are assigned their DNS servers at the same time they are assigned an IP address, using a protocol called DHCP. Thus, the standard way to convert all machines to OpenDNS is by modifying the DHCP server software. In non-techie terms, this means making a configuration change to the router. However, it is possible for a computer to always use certain DNS servers regardless of DHCP. So after modifying the router, I suggest restarting each computer and verifying that it is, in fact, using OpenDNS.

Its start page will tell you if OpenDNS is being used or not, as will itsbuttons page (see above).

Making money

All the services described so far are free, as are a couple I skipped over. So how does OpenDNS make money? Quoting its Knowledge Base:

"OpenDNS makes money by offering clearly labeled advertisements alongside organic search results when the domain entered is not valid and not a typo we can fix. OpenDNS will provide additional services on top of its enhanced DNS service, and some of them may cost money. Speedy, reliable DNS will always be free."

Time will tell how profitable this is, if at all. The founder, David Ulevitch, claimed the company was "nearly profitable" in back in July.

Wrapping up

OpenDNS is a service worth paying for. My hope is that ISPs will pay for it and brag about it as a way to obtain or retain customers. This would be a win for the ISP, which no longer needs to be bothered doing its own DNS, a win for their customers and a win for OpenDNS. The only loser would be the bad guys.

If you take the OpenDNS plunge, you're not alone. Its home page shows how many name -> IP address translations it is doing per second. The last few days it has varied between 37,000 and 46,000. Multiplied out, this comes out to more than 3 billion requests a day. Five months ago, it was handling only 1.4 billion requests a day.

Even if you don't use OpenDNS now, it can come in handy as an emergency fallback, should something go wrong with your current DNS servers.

* I wrote The blinking lights on a router are talking to you back in July.

See a summary of all my Defensive Computing postings.

OpenDNS is a free online service that offers an extra layer of safety on the Internet. Technically, the service is DNS resolution, which I'll explain below. The main defensive computing advantage it provides is protection from bad Web sites, most importantly from phishing scams. ID theft is, to me at least, the worst thing that can happen to a computer user, so any extra protection helps. You also get some flexibility in deciding which other types of Web sites should be restricted.

You don't have to register to use the service, and there is no software to download or install. All that's involved is a change to the networking configuration of either your computer or your router. This is a one-time change--OpenDNS requires no ongoing care and feeding. Should you ever want to stop using the service, simply reverse the configuration change. I've used it for quite a while and fail to see a downside.

What is DNS resolution?

This topic can be a bit technical, but some background is required to understand where OpenDNS fits and how it can provide the services it does. I'll be as brief as possible.

Every computer on the Internet is assigned a unique number. Americans can think of it as a Social Security number for their computer. When two computers talk to each other on the Internet, they address each other using this number, which us nerds call an IP address. You can see the IP address of the computer you're reading this blog posting with by visiting www.ipchicken.com, whatismyip.com, whatismyipaddress.com, www.myipaddress.com or other similar Web sites.

Technically an IP address is a 32 bit (binary digit) binary number. For example, when going to www.cnet.com, under the covers, your computer is talking to a CNET machine at this IP address: 11011000111011110111101000110011

For simplicity sake, an IP address is written in decimal rather than binary. To make it especially simple, clumps of eight bits are converted to decimal and the four clumps are separated by periods. Thus, the standard way of representing the above IP address is 216.239.122.51 (without a dot/period at the end).

As proof, enter this IP address in the address bar of your Web browser as shown above. You will end up at cnet.com.*

Just as people have both names and phone numbers, computers on the Internet have both names (www.cnet.com) and IP addresses (216.239.122.51). DNS resolution can be thought of as a telephone book. It is the process of converting the name of a computer to its IP address.

DNS (Domain Name System) is a huge distributed system that functions amazing well, especially considering the initial design predates the Internet as we now know it by many years.

When your computer goes to www.cnet.com (or any other Web site) it first obtains the IP address by making a translation request to a computer called a DNS server. The translation (technically DNS resolution) happens so quickly and transparently you are not aware of it.

DNS is a core service provided by every ISP which runs a pair of computers called DNS servers (at least a pair, maybe more). When you first connect to the Internet, you are assigned a pair of DNS servers. Should one fail, your computer automatically tries to use the other one. Windows Vista, XP and 2000 users can see this by entering the command "ipconfig /all" at a command prompt. Sample XP output from this command is shown below.

As the name implies, OpenDNS runs their own DNS servers. To use their service, you change the TCP/IP networking software on your computer to point to their DNS servers instead of those from your ISP. OpenDNS provides excellent instructions for doing this.

Why OpenDNS?

Running DNS servers is not a trivial thing--there are many configuration options that need to be understood and correctly set up. In addition, speed and redundancy are critical issues. A cable TV company or a telephone company may not have the in-house expertise to do this well. OpenDNS is a specialist. Consider that the first reason to use them.

Hopefully, because they are specialists, their DNS servers will be more resistant to attack by the bad guys.

Nothing is worse than a compromised DNS server.

I don't say this lightly. If your computer is talking to a compromised DNS server, you can enter "www.citibank.com" (for example) into the address bar of your Web browser and not end up at Citibank's Web site, but instead be looking at a phony imitation Web site. Kiss your identity goodbye.

In addition to infrastructure, OpenDNS adds intelligence to the translation process that was not part of the original design of the DNS system. That intelligence, such as preventing you from accessing known bad Web sites, is the big selling point (if a free service can have a selling point). Next time, I'll go into more detail on the various types of protection offered by OpenDNS.

Let me end by pointing out that OpenDNS protection applies to your Internet connection. Any program that accesses computers by name will be protected, whether it be a Web browser, e-mail program, instant-messaging program, FTP or whatever. I mention this for a couple reasons.

First, malicious e-mail messages sometimes include links based on an IP address (e.g., http://1.2.3.4) rather the name of the computer. Since referencing a computer by IP address does not involve DNS, you always have to be on the lookout for this, as the link is bound to be bad news.

Also, if you have multiple ways of connecting to the Internet on your computer, then you'll have to make the necessary TCP/IP configuration changes for each connection. For example, laptop users interested in OpenDNS should change the wired Ethernet, modem dial-up, and wireless Wi-Fi connection. The same heads-up applies to anyone using one of the wireless data services from a cell phone company.

To be continued...

*It's actually more complicated than this. For example, multiple Web sites can share a single IP address, one computer can have multiple IP addresses and, in a LAN environment where multiple computers share a single high-speed Internet connection, only the router has an IP address on the Internet. The other computers have IP addresses, but these are IP addresses that have been set aside for internal use only, they are never used on the Internet.

See a summary of all my Defensive Computing postings.

If you need to send files to someone and they are too large to email, there are untold numbers of web sites offering this service, both for free and commercially. However, if you need to transfer very big files, your choices are more limited. When I recently needed to transfer some files of 650MB to a client, I tried a handful of these services. Previously I wrote about free services from SendThisFile and EatLime. Here I relate my experiences with the free services from DropSend and TransferBigFiles.

All these services operate by letting you upload files to their servers, notifying the recipient that the files are ready to be downloaded and providing a link that points to the file(s). Some of the services have optional software, but installing software scares me, so I used nothing but a web browser (except in one instance).

DropSend

DropSend offers to send files up to 1 gigabyte for free (the same limit applies to their paid accounts). They allow only five file transfers per month, but also include 250MB of permanent online storage. The limit of five transfers does not apply to uploads to the permanent storage.

Shortly after writing about SendThisFile, I had to transfer some large files to a client. It's one thing to read about a product and kick the tires, but quite another to battle-test it. Here was a battle.

Since transferring large files can take hours, you need to be concerned with your computer going to sleep midstream. Many computers go into assorted suspended states when they haven't been used in a while. For example, the Power Options in the Windows XP Control Panel lets you set time limits after which the hard disk stops spinning, the entire computer goes into standby, or even turns itself off (hibernate). In the tests described below, I disabled all these "sleeping" options.

Although SendThisFile has no limit on the size of a file being sent/transferred, I started with the smallest file, which was 178MB. During the transfer, the status is shown visually with a dashed yellow bar that turns red from left to right. You also see the percent completed and the number of bytes transferred so far (megabytes would be much more useful). They show the elapsed time, but there is no estimate of the time remaining and no display of the transfer rate.

As previously described, the catch, if you will, with SendThisFile is that free uploads get slower and slower the more data you upload. This is visually indicated with a horizontal line that starts out all blue (for fast) and slowly migrates to yellow (for slow). In the screenshot, above the dashed line on the bottom is all blue because the file was small.

It took me 5 hours and 4 minutes to upload the 178MB on a cable connection where the upload speed is typically measured at 400 to 500Kbps. Since the other files I needed to transfer were 650MB, I decided to look elsewhere.

One thing is unresolved though. SendThisFile claims it is the only service that notifies the sender when the e-mail notification to the recipient can't be delivered. I tested this three times, however, and was never notified that the recipient e-mail address didn't exist.

FTP

There are many online services to transfer large files, files that e-mail can't handle. But 650MB apparently qualifies as really large, so the free options I found to transfer this big a file were few. Among the services whose limit was too small were YouSendIt, 4shared, MediaFire, and MailBigFile which each have a 100MB limit on single files. At GigaSize, the limit is 300MB, and at ShareBig, it is 350MB. Couriervault has no free service at all.

To nerds like us, the classic way to send big files is FTP (File Transfer Protocol). FTP is an oldie but goodie in the TCP/IP world and one of its advantages is it can handle files of pretty much any size. I'm fairly sure that FTP itself has no limit on file size. If you encounter FTP limits, they may be due to the host file system, the particular FTP software being used, or perhaps bandwidth limits on either the sending or receiving end.

On November 21 I tried to send one of the 650MB files to an FTP account I have at 1and1.com. The first upload aborted halfway through, but a second attempt completed.

On November 25, I sent another of the 650MB files to an FTP account I have at Pair.com. It completed the first (and thus only) time in roughly 3.5 hours (I wasn't watching the time closely).

Although there are many FTP programs, in general they are not as easy to use as the newer online services. They are certainly more complicated.

EatLime

EatLime was recommended by someone who commented on my initial writeup of SendThisFile. If you register, it will transfer files up to 1GB, so I gave it a try. It's not clear from the Web site what the file size limit is if you don't register.

Registration was unusually easy; just provide an e-mail address. There wasn't the usual confirmation e-mail message with a special code or link to complete the registration.

The service couldn't be any easier to use without registering. All you have to do is select a file and the upload starts. You don't even need to provide an e-mail address for the recipient of your file. Instead, as soon as the file upload starts, you are shown a link like

http://www.eatlime.com/download.lc?sid=xxxxxxxxxxxxxxx

Simply click on this link to download the file. You can provide this link to someone even before the upload has completed.

Small files are confusing though. I uploaded a file of 71K and after the upload completed, the file size was shown as 0MB, which looks like the upload failed. But, the upload ran fine; this is poor programming dealing with rounding error. When I went to download the file, the size was reported as 0.1MB.

While a file is uploading you can watch the percent complete and the upload speed, but there is no display of the elapsed time and no estimate of the completion time.

I first tried to upload a 650MB file on November 24. It got to 39 percent complete and failed with a "read/write error." A few days later it occurred to me to try and use the provided download link, just for the heck of it. When I did, EatLime reported that the full 650MB file existed on its servers.

Not only did the file upload fail but it screwed up my router. The two computers on my LAN couldn't get to any Web sites, with either Internet Explorer or Firefox. They could each do e-mail and other online services, but HTTP seemed to be broken. Rebooting the router fixed things.

I tried it again. This time, the upload got to 23 percent before the "upload failed with a read/write error" again. The router was not affected this time.

I waited about an hour and tried again. This time it died at 36 percent complete and, again, I had to restart my router because I couldn't get to any Web sites afterwards.

The next day, I tried yet again with the same file. This time it got all the way to 61 percent complete before failing with the same read/write error.

Next time, my experience sending a 650MB file using DropSend and TransferBigFiles.

Sending large files is frequently a nuisance. I recently ran across SendThisFile and it made a good first impression. Perhaps most important, it does not require the installation of any software, either by the sender or the recipient.

Its approach is like that of many other services: you upload a file to the SendThisFile servers and the recipient gets an e-mail message with a link to the file to download it. If you use one of the SendThisFile free accounts, files stay on its servers for three days; paid accounts allow keeping the file for 6 to 14 days.

In March of this year, someone sent me a large file using YouSendIt. While the service was free, it required me, as the recipient, to register with an e-mail address before I could download the file. I get a lot of spam, so I hate to give out my e-mail address. SendThisFile does not require the recipient to have an account.
Update: YouSendIt no longer requires the recipient to register. November 20, 2007.

Just today I read a newsletter by David Strom in which he recommended Box.net for transferring large files. I've used Box.net and been frustrated by its 10-megabyte limit on individual files. YouSendIt is more generous, allowing files up to 100MB for free. But you can't beat SendThisFile, which has no limit on file sizes, even for the free accounts.

Also, the main business of Box.net is storing files rather than transferring them. The service is branching out in many ways and, to me, there is something to be said for the KISS principle. SendThisFile only sends files, nothing else.

If rooting for the little guy appeals to you, then you've got to like SendThisFile. According to a recent article in The Wall Street Journal, the company has only four full-time employees. And, according to the company Web site, they are based in Wichita, Kan.

Being Defensive

One fear with any company offering this service is the harvesting of e-mail addresses. Every time you send someone a file, the file transfer company learns another e-mail address.

If this concerns you (or the file recipient) you can send the file to yourself. This way you get the e-mail message with the link to download the file and you can forward it to the actual recipient. Some other companies display the download link, but to get it using SendThisFile, you have to receive their e-mail message. I'm just being defensive here by nature, I have no reason to either trust or distrust SendThisFile.

Another fear with any Web site or company that requires registering with an e-mail address is that it will direct spam to your e-mail account. Site Advisor is both a service and a Web browser plug-in from McAfee. Among the things it checks Web sites for is spam. Its automated service signs up with a Web site and then evaluates the e-mail messages that come from the site. According to Site Advisor, SendThisFile is not a spammer.

The Web site

If there is anything that gives me pause about SendThisFile, it is its amateurish Web site. The site navigation is inconsistent and poorly structured, some pages don't display properly in Firefox, and some information seems contradictory, incomplete, and unclear.

Information on the free accounts can be found on the Overview page. Signing up is routine: just provide a valid e-mail address and make up a password. The service sends a confirmation e-mail message to the address you provide, with a link that needs to be clicked on to confirm your registration.

When you login to a free SendThisFile account, you can see daily totals of the number of bytes uploaded and downloaded. It does not, however, show the number of files, let alone the name of the files, uploaded or downloaded on a given day.

I stumbled onto the MyFiles page by accident (it is not an option on the My Account menu, where logically it belongs). It lists your files on the SendThisFile servers and for each file it shows the name, the size, and the number of times it was downloaded. The file name is a link, so this provides another way to send a file without SendThisFile learning the recipient's e-mail address: send the file to nonexistent e-mail address. The upload will run just fine and then you can get the link from the MyFiles page.

There are multiple paid accounts starting at the very approachable $5/month. Both Box.net and YouSendIt start at $10/month.

Unfortunately, what you get for your money is not particularly clear on the Web site. The page detailing the various paid plans doesn't mention the free service at all. Likewise the feature matrix doesn't show it either. A paid account may be worth the money, but without a direct comparison of the free account to the paid services, it's hard to know.

The various accounts

Among the features offered by paid accounts are no ads, the option of requiring a password before a file can be downloaded, better notifications of what's going on, and unlimited storage space. This isn't permanent storage though, files are removed after 6 to 14 days, depending on the plan.

With a free account a single file can be downloaded a maximum of three times; with a paid account there is no limit on the number of times a single file can be downloaded. The free accounts at YouSendIt allow a file to be downloaded 100 times. But with both YouSendIt and SendThisFile, downloads are capped with a monthly bandwidth allowance.

The following is not on SendThisFile.com, but instead came from a series of e-mailed responses from the company to a host of questions I asked. The company responded very quickly to my questions and had no knowledge of this posting.

When the Web site touts "unlimited downloads" it refers to number of times a single file can be downloaded. Your total downloads are not unlimited, they are still subject to caps on bandwidth.

When the Web site mentions "unrestricted bandwidth" it is referring only to uploads, not to downloads. Rather than limit the size of uploaded files, SendThisFile slows down uploads made by people with free accounts. The term "unrestricted bandwidth" refers to paid accounts where uploads are not artificially slowed down. Unrestricted bandwidth does not mean unlimited bandwidth.

When a paid customer uploads a file, SendThisFile will accept the file as fast as the customers' Internet connection can send it. The company told me the service can accept files at 8MB to 10MB per second. I just tested my cable connection using the speed test at Speakeasy.net and it uploaded at 483K per second--well below their ability to accept files.

I was particularly confused when, in describing the free accounts, the Web site said, "We do not limit the number of monthly uploads." According to the company, "there is no limit on the number of files, or the size of the files you can send (although files over 2GB have to be split)." Instead, the service slows down uploads over 20MB. The bigger the file, the slower the upload; it may even get as slow as dial-up speeds.

It looks like there is a typo in the description of the various paid plans. The "Pro" plan is $20/month and allows for 10GB bandwidth upstream and 10GB downstream. Yet if you step up to the next higher plan, the "Enterprise" plan for $64.70/month, you get only 5GB of bandwidth in each direction. Three times the price for half the bandwidth?

The Pro plan is bare-bones: it sends files and nothing else, there are no bells and whistles. The Enterprise plan is chock full of features that the cheaper plans don't offer. For example, in a large company every employee can get their own user ID, and SendThisFile will generate usage reports on a departmental level. The company also said the phone support is better on the Enterprise plan and it allows for purchasing much higher bandwidth with a volume discount.

Downsides

The one problem I had using SendThisFile was when I purposely sent a file to a nonexisting e-mail address. The upload ran fine but I was never notified that the message couldn't be delivered. A feature of the free accounts is "Sender notified when notification email is undeliverable." That was not my experience.

The e-mail message that the recipient gets telling them a file is ready to be downloaded, is sent from "files@sendthisfile.com" so when it can't be delivered the delivery failure notification goes to SendThisFile.

One thing that would worry me with the paid accounts is that you can't limit your expenses. If you use more bandwidth than your plan allows, SendThisFile charges you for the overage. There is no way to prevent the overage and thus limit the credit card charges.

And if you're not careful, someone might guess your password. While it's customary for there to be some rules applied to passwords to insure that you don't chose one that's brutally simple, I was shocked to find that I could register an account with SendThisFile using a single character password.

Their privacy policy doesn't contain much legal terminology and the description of the service's cookie policy was fairly easy to follow. It described two types of cookies, but, in checking my Web browser I found 21 cookies:
  7 cookies assigned to sendthisfile.com
  5 assigned to www11.sendthisfile.com
  5 assigned to www4.sendthisfile.com
  4 assigned to www7.sendthisfile.com

The privacy policy also says there may be a cookie in e-mail messages they send. As far as I know, e-mail doesn't support cookies, they are a Web browser thing.

You Tell Me

I have not used SendThisFile other than to test it and fight through the poor documentation. If you've had any good or bad experiences with it, please leave a comment below.