Defensive Computing

I get more than my share of unwanted e-mail messages of all types, but a new (to me at least) scam appeared in my in-box today. The subject was "New User Letter" and the message appears below with the ID numbers changed as a precaution.

By the time I looked into it, the IP address seemed to have been taken out of service--it was unreachable both with a browser and the ping command.

One reason to lookout for this sort of thing is that the Web page it sends you to might try to install malicious software on your computer. My recent blog trilogy on DropMyRights is one way to defend against this type of attack. See "DropMyRights" Part 1, Part 2 and Part 3 .

My personal Web site has more "Examples of Bad E-mail Messages". The important lesson is to always be skeptical about e-mail messages, and, not to judge them based on the from address. It is very easy to forge the from address in an e-mail message.

In Windows XP, Task Manager is like the dashboard of a car. It's your interface into what's going on under the hood. It can tell you things such as: what programs are running in the background that you can't see, how busy the processor (CPU) is, which programs are making the greatest demands on the processor, how much ram is free, the number of hard disk reads/writes by each program, etc. etc. When your computer is running slow, or seemingly frozen, Task Manager should be the first thing you turn to.

For whatever reason, Microsoft has hidden Task Manager. If you look for it in the usual way, Start -> Programs, it's not there. It should be under Accessories -> System Tools, but instead Microsoft included the Character Map program.

Since Task Manager is both useful and hidden, I suggest having it run automatically when Windows starts up and instructions for doing this follow.

The end result of the steps below is a dark green square in the system tray (a.k.a. notification area). If the square remains dark green, the processor is on a virtual coffee break. The box is like a vertical bar graph, where light green on the bottom indicates how busy the processor is. If the bottom half of the box is light green, the processor is using half of its total capacity. If the square turns entirely light green, the processor is running at 100% capacity.

One warning that your computer might be infected with something malicious (virus, spyware, Trojan, etc.) is that processor is busy when you're not. That is, if you are not running anything on the computer and Task Manager indicates the processor is consistently more than 10% busy (give or take), it's worth looking into, to see which program is using the processor.

Running Task Manager at System Startup

In Windows XP, right click on the Start button and select "Open All Users". Then double click on the Programs folder, then double click on the Startup folder. Minimize this instance of Windows Explorer, we'll return to it later.

Open another copy of windows explorer and navigate to
C:\WINDOWS\system32\taskmgr.exe

Right click on the taskmgr.exe file and opt to '"Create Shortcut". Then right click on the shortcut you just made and Cut it.

Go back to the first instance of Windows Explorer (positioned at the Startup folder) and Paste the shortcut into the Startup folder.

Although not required, I suggest right clicking on the shortcut and renaming it "Task Manger". Then right click on the shortcut again and get the Properties. Change it from running in a "Normal window", to running "Minimized" and click the OK button.

Next, double click on the same shortcut to run Task Manager. It should show up in the system tray. Open Task Manager and on the Options menu, turn off "Always on top" and turn on "Hide When Minimized".

There are many data items that Task Manager can display. To see them, from the View menu, select "Select Columns...". It defaults to showing the User Name which I don't find useful. I suggest adding the "CPU Time" column to see the total CPU used by a program (technically a process). The column labeled CPU shows only the current CPU usage.

Click the OK button when you are done selecting columns. If you like, you can change the sequence of the columns in the display just by dragging the column heading.

Restart Windows XP and you should see the dark green box in the system tray. If not, join the crowd. I suspect this is due to a video driver bug, but it may be a Windows bug. I've seen it all too often.

Update: I typically use the classic, single column, Start menu. On one Windows XP Professional machine, the Settings menu has a sub-menu called "Windows Security" that links directly to Task Manager. I checked a number of Windows XP machines, Home and Pro, but found this on only one. August 5, 2007.

Most of us have personal computer questions and it's not too hard to get answers. What is hard though, is getting an answer from someone qualified, thoughtful and reasoned. And a constant stream of good answers, for free, is too much to hope for.

Unless you know about Leo.

At his ask-leo.com web site, Leo Notenboom answers computer questions from anyone. Each week he answers a handful of questions, and, if you subscribe to his free newsletter, you get a weekly email with the current weeks questions. He can't answer every one, but he tries his best.

To illustrate, here are some recently asked and answered questions:

• I'm being notified of an intrusion attempt, what should I do?
• Where can I download Windows XP?
• Why can't I connect with a 169.254.x.x IP address?
• How do I translate a URL to an IP address?
• What is thumbs.db, and can I delete it?
• How do I change the icon of a desktop shortcut?
• Why can't I access the Documents and Settings or Local Settings folders in Windows Vista?

Computer nerds don't really have an equivalent of the board certification that doctors do. Still, Mr. Notenboom previously worked for Microsoft, which should count for something. And as they say, it takes one to know one, so trust me, Leo is more than qualified to answer your tech questions. Maybe he already has.

System Restore is a feature of Windows XP that periodically backs up the Windows system folders. It does this in case some piece of software is not doing something today that it was doing yesterday. In that event, you can restore the latest System Restore backup and hopefully fix things.

Microsoft refers to System Restore backups as "restore points". They reside on the C disk in a folder Windows tries to keep hidden.

System Restore runs silently in the background, thus, you can use a Windows XP machine for years and not be aware of its existence - which is both good and bad.

Tip One

The bad part leads to the first tip - every now and then make a restore point manually, just to be sure you can (instructions for doing so are below). There are three reasons for this.

First, under some conditions, System Restore will purposely turn itself off and not tell you that it's no longer running. Therefore, just before you manually make a restore point, check that System Restore has made some recent restore points. You do this by starting the restore procedure, then browsing the calendar of previous restore points without actually restoring anything. I would feel reasonably safe with one restore point a week.

Second, the rules for when System Restore makes a restore point are numerous and confusing. Thus it can be functioning within normal parameters but still go weeks without making a restore point.

Finally, I've seen System Restore break (as opposed to turning itself off by design). That is, when I tried to manually make a restore point it failed. It's better to know that this has happened than not know.

There is no one right answer for how often to manually make a restore point. I'd suggest monthly as a starting point, more often if the computer is very important, less often if not. The process of making a restore point takes about 10 seconds.

Tip Two

Always make a restore point before installing new software. Some software makes restore points as part of the installation process, but not all. Better safe than sorry. In addition to new software, also make a restore point before installing a new version of existing software and prior to installing bug fixes (a.k.a. patches, updates). And, leading to the next tip, make a restore point before letting antivirus or antispyware software remove something malicious.

Tip Three

Once upon a time I was working on a Windows XP machine that was infected with lots of malicious software (viruses, trojans, adware, spyware, etc.). When I got the machine, infected though it was, Windows was able to boot. At some point though, the cleanup process got too aggressive.

Something I did in removing the malware prevented Windows from fully booting. It got to the point of displaying the desktop wallpaper, but that was about it. The desktop icons never appeared and none of the auto-started applications ran. Even in safe mode, Windows got to the same halfway point in the boot process and stopped. I had followed my own advice and made a recent restore point, but how to restore to it?

The third tip is that System Restore can be used even in this case. Start the machine and use the F8 key to invoke the "Windows Advanced Options menu" just as if you were going into safe mode. Then chose the option to boot to "Safe Mode with Command Prompt". This disables more of Windows than regular Safe Mode does. In my case, it disabled the broken part of Windows and the machine was able to boot to a command prompt.

From the command prompt, you can run System Restore with this command:

  c:\windows\system32\restore\rstrui.exe

This invokes the normal System Restore application (not a text mode version), except there is no option to make a restore point. All you can do in Safe Mode or Safe Mode with Command Prompt is restore previously taken restore points. Pick the most recent restore point and hopefully your problem will disappear. In my case it did, Windows was able to boot after restoring the latest restore point. If not, try an earlier restore point.

Tip Four

The last tip is simply to try booting to "Safe Mode with Command Prompt" now, while everything is working correctly. Consider it a dress rehearsal.

Invoking

With Windows XP running, System Restore is invoked from the Start button with:

  Start -> Programs -> Accessories -> System Tools -> System Restore

You can make System Restore easier to find by creating a shortcut to it on the desktop. When hovering over System Restore in the last step above, right click instead of left clicking and then "Send To" -> "Desktop (create shortcut)". Another way is to navigate to this folder:

  c:\windows\system32\restore\

and right click on file rstrui.exe. Here too, send it to the desktop.

Note: The directory where file rstrui.exe lives is, technically speaking, the system root folder. Normally the system root is "c:\windows", but this is not mandatory. To be 100% sure, do Start -> Run and in the box enter "%SystemRoot%" this will open Windows Explorer at the system root folder.

Sometimes when invoking "Safe Mode with Command Prompt" Windows asks you to log in, sometimes not. If prompted, log in as as a user that is a member of the Administrators group. The Windows userid you normally use may work fine. If not, try logging in as user Administrator with a blank password.

Update: For more on System Restore see No Restore Point for you December 28, 2007.

See a summary of all my Defensive Computing postings.

In the July 12th edition of the Wall Street Journal, Walter Mossberg reviewed two new laptop computers, the Dell M1330 and the Toshiba Portege R500. In describing the R500 he said:

"The screen is lit by LEDs instead of by traditional lamps.
That makes for more brightness and saves power."

Raise your hand if you are familiar with the use of LEDs as a light source in laptop computers.

I don't see many hands. Mine isn't raised either.

They seem to be getting popular, just last month Apple started selling their first laptop computer with LED backlighting. The Sony VAIO TX line of laptops uses LEDs as does their TZ line, due to be released very soon. Sony too, claims that LEDs offer increased brightness and decreased power consumption. In addition, they claim that their LED lit screen offers better colors.

Can LEDs really make laptop screens brighter, consume less power and offer better colors?

For those of us who didn't raise our hands, I turned to screen and monitor expert Alfred Poor for advice. For more than 20 years Alfred wrote for PC Magazine, and was their first Lead Analyst for Business Displays. He is a member of the Society for Information Display and the editor and publisher of HDTV Almanac, a web site with news and commentary about HDTV and related topics.

Starting at the beginning, Alfred explained that the liquid crystals in an LCD panel/monitor don't emit light themselves [insert your own dilithium joke here]. Rather "the molecules move in response to electrical fields, and are used as a shutter to block the light." I was surprised how inefficient the technology is. An LCD screen blocks 95% of the backlight, even when it's showing a full white screen.

Traditionally, Alfred said, the backlight source behind the crystals have been cold-cathode fluorescent lamps (CCFL). The use of LEDs in laptop screens is relatively new. According to Alfred, LEDs "already are commonplace in mobile devices such as GPS receivers, cell phones, and PDAs ... the first desktop monitors probably appeared within the past couple of years. Sony had an LCD TV with LED backlights a couple of years ago. I expect that laptops were the last to get the technology."

Cost

Since none of the companies offering LED backlit screens said anything about cost, it's reasonable to assume that LEDs are more expensive than CCFLs.

The M1330 comes with either a CCFL or LED lit screen, so it makes for a handy comparison of the two technologies. The M1330 costs $150 more with the LED lit screen.

With Sony, Toshiba and Apple, the cost of the LED screen is a hidden component of the total price. But these machines aren't cheap. As of July 22nd, the least expensive pre-configured Toshiba Portege R500 was $1,999 and the Sony TZ line started at $2,199.99 (think of it as $2,200). The 15.4 inch Macbook Pro started at $1,999.

Thin and Light

Toshiba claims that in one configuration the Portege R500 is "...the world's thinnest widescreen 12.1 inch notebook PC with an integrated DVD-SuperMulti drive..." Dell claims their M1330 laptop with the optional LED screen is the thinnest laptop computer equipped with a 13.3 inch screen. The Sony VAIO TZ machines are less than an inch thick, but only if measured at the narrowest point. At the highest point, they are 1.17 inches.

Alfred confirmed that LEDs are indeed thinner and therefore the screens can be made thinner. And, they weigh less than cold-cathode fluorescent lamps.

We can see this in the M1330. According to Dell, the LED display "starts at 3.97lbs and is 0.87 inches thick compared to the standard display which starts at 4.28lbs and is 0.97 inches thick." The difference in weight and thickness seem, to me, to be small, but, I suppose if you frequently carry a laptop computer, then perhaps every little bit helps.

Power

Mr. Mossberg gives the impression that by their very nature LEDs save power. Not true, according to our expert. Alfred pointed out that "At present LEDs generally draw more power and produce more heat than CCFL designs." Heat is a problem for all personal computers. It's more of an issue with laptops and still more important in ultraportable models where everything is so closely packed together.

So what is the basis for the claimed power savings? It turns out that the number of LEDs in a screen varies. If the number is low enough, less power is needed and less heat is generated. With a small enough number of LEDs, Alfred said you can "probably save power compared with a CCFL design. This can be used to give either a longer battery life, or to reduce the battery weight and thus get a lighter weight design overall."

I couldn't find anything from Sony, Toshiba or Apple about the number of LEDs in their screens. But in describing the M1330 Dell says "Our optional LED display uses 32 tiny, white LEDs ..." According to Alfred, "32 is a relatively high number for a small screen. Some large HDTV panels using high brightness LEDs could use that count or less for a panel with 8 or 10 times the surface area."

So, if the relatively high number of LEDs means increased heat and no power savings, why does Dell use so many? Alfred explains that LED screens "need a sophisticated lightpipe and diffuser to spread the light evenly behind the LCD panel. The fewer LEDs you use, the more difficult the diffusion process becomes."

Brightness

As to whether LEDs are brighter, Toshiba claims this is true, but offers no specific numbers. Sony claims "incredibly high brightness levels" and the specs for the screen list it at 11.1 candelas (trust me, you don't want to know the exact definition of a candela). The point is that Sony does not offer the candela ratings for their CCFL screens as a point of comparison.

The owners manual for the Dell M1330 shows the LED panel to be 36% brighter than the CCFL panel. Specifically the luminance of the LED screen is 300 cd/m² vs. 220 cd/m² for CCFL (and no, I can't explain what cd/m² means).

Better Color

Sony is the most aggressive in making claims about the better colors in their LED screens, using the terms "brilliant", "amplified" and "true-to-life" to describe them. Toshiba says that indoors, "the LED backlit display produces rich color saturation." I couldn't find anything from Dell that mentioned better colors. Alfred said it is possible that "LEDs can offer better color than CCFL, though advances in CCFL phosphor technology are rapidly diminishing this advantage."

Glossy vs. Matte finish

LED backlighting, being in the back, can be used with screens whose front has either a glossy or matte finish. A glossy screen suffers from glare, but produces more vibrant colors. Each laptop vendor has their own marketing term for glossy screens, Apple is the only company I've seen that actually uses the word glossy. A matte finish may be described as anti-glare or anti-reflective.

The Sony TX and TZ laptops have a matte finish. At the Apple online store you can chose either a glossy or matte finish when you order the 15 inch LED backlit Macbook Pro. I can't be sure about the other laptops because the claims of better colors could be either based on the LED backlighting or the glossy screen or both.

Lifespan

I didn't see any marketing material from a laptop manufacturer that mentioned the expected lifespan of LEDs vs. CCFLs. But, a company that manufacturers LEDs did claim they last longer than CCFLs. When I ran this by Alfred, he said:

The difference is probably not important, but yes, CCFLs don't last as long. Even more significant is that their output decreases over time. End of life is when they are half as bright. LEDs are solid state devices, and "fall off the cliff" in failure mode; in other words, they keep working like when they were new until they stop working. Most people aren't going to keep their notebooks long enough for the CCFL aging to show any difference.

Market Share

Alfred estimates the market share of LEDs at less than five percent, but he expects them to become more common as costs come down. DigiTimes reports that laptop and panel vendors expect that LEDs will be used in about 7% of laptop screens next year (See Nearly 100% of 10-inch-and-smaller LCD panels using LED backlight by Susie Pan and Emily Chuang, July 23, 2007). They estimate that LEDs will be used in 3-5% of laptop computers this year.

To date, LEDs have been popular mostly in smaller displays. In part this is because smaller screens use fewer LEDs which lowers the price differential over CCFL. The DigiTimes article reports that most LCD screens 10 inches and under use LED backlighting. The Sony TX and TZ screens are 11.1 inches, the Toshiba R500 screen is 12.1 inches and the Dell M1330 LED screen is 13.3 inches. The Apple Macbook Pro has the only available 15 inch screen using LEDs, but Apple appears to be having supply problems with them.

Alfred also mentioned that "environmental concerns about heavy metals in the CCFLs" may help to popularize LEDs. Apple seems to be the only laptop vendor using environmental concerns in their marketing. They tout their LED lit screens as being "mercury-free" and the company has long term plans to eliminate mercury from all their products.

Finally, I wondered why Dell and Sony mentioned that the LEDs they use are white. Alfred pointed out that some LED backlights use red, green, and blue, and mix the colors in the diffuser. I didn't bother asking what a diffuser is.

Note: You can hear both Alfred Poor and myself, weekly, on the Personal Computer Radio Show. The show hosts, Joe King and Hank Kee, have been broadcasting out of WBAI in New York City for the last 23 years.

Update July 29, 2007: Updated with a direct comparison between the brightness rating of the two screens offered by Dell for the M1330 (from the Owners Manual).

Today, July 10th, the web site of The Wall Street Journal is free, sponsored by Dell. Normally the vast majority of the site is available only to paying customers - of either the web site or the hard copy paper.

I mention this to draw attention to an editorial that appeared in the paper on July 3, 2007 entitled Google v. Microsoft.

Background

Windows Vista includes desktop search functionality out of the box and Google offers a free desktop search application that anyone can download from their web site and install. Google complained to Microsoft's antitrust regulators at the Justice Department that there isn't a level playing field when it comes to competition for Vista desktop search applications.

Mistakes

The editorial says

"Web-based applications like desktop search are increasingly central to Google's business prospects...".

The "web-based" description is off base. Desktop search is a desktop application and is not based on the Web. Google's own desktop search application can be installed and run just fine on a computer with no connection to the Internet.

At first I thought this might be just a typo. But the mistakes continued. Quoting again:

"In the original Clinton Administration case against Microsoft, the company was deemed a monopoly because it made 100% of operating systems called Windows..."

Yikes. By that logic, Apple is a monopoly because it makes 100% of the operating systems called OS X. And IBM was a monopoly way back when it made each copy of OS/2. And strike three:

"It is easy for a business with a superior service to peel away the customers of everyone else. That's what accounts for the success of Google's basic Internet search in the first place."

Google never pulled away a single "customer" back in its early days. It converted users of other search engines, such as Alta Vista and Hotbot. I see two differences between "customers" and "users".

For one, users of other search engines never paid for the service. Also, they had very little invested in Alta Vista and the other search engines. That is, there was pretty much no learning curve involved when switching from one search engine to another.

This is very different from say, the competition between Windows and the Mac OS X operating system. Switching involves paying a non-trivial amount of money to get a copy of OS X and a large learning curve to get proficient using both the new operating system and new application programs required to do the same work that was previously done under Windows.

Whatever the advantages of OS X may be, the cost of switching is huge, both in financial terms and time. Switching operating systems could not be more different from switching search engines. To quote myself:

"You don't read PC magazine for mutual fund advice and you shouldn't read the Wall Street Journal for computer advice."

When I said this in the past I was often referring to Walter Mossberg who, in my opinion, has on multiple occasions offered bad computer advice. But this editorial was written by someone who doesn't understand computers at all. It is more off base than Mr. Mossberg ever was.

To a computer nerd like myself, RAID refers not to a bug spray but to various ways of hooking together multiple hard disks. The various approaches are referred to as levels. Raid levels one through five are designed to decrease the chances that a hard disk failure will result in lost data. Typically RAID configurations are used in server machines as opposed to personal computers.

Raid level zero, however, is the black sheep of the RAID family. It's goal is performance rather than reliability. I'm writing this posting because two of my clients have been burned by their inadvertent use of RAID level zero. Consider this a word to the wise.

Client one purchased an external hard disk from LaCie. This person needed lots of storage space and, at the time, this particular model was top of the line, offering the most storage capacity. The reason it offered more storage than cheaper competing models is that internally there were two 3.5-inch hard disks instead of the usual one. While it looked to the outside world like one chunk of 500 gigabytes, the internal reality was that there were two 250 GB hard disks.

Client two owned a high end Dell XPS tower with two internal hard disks. This person wanted the latest and greatest and fastest computer. Thus, Dell configured the two internal hard disks for speed--RAID level zero. Like the old saying goes, be careful what you wish for, you may get it.

The hard disk is significantly slower than the processor and RAM. Thus to get the fastest read/write performance, RAID level zero stores half of a file on one hard disk and half on the other. Using both hard disks in parallel should reduce the total time needed to write a file.

To someone designing a computer system, the term single point of failure is like kryptonite to Superman. The term refers to a single point in the system which should it fail, would bring down the whole house of cards (so to speak). In an automobile, each tire is a single point of failure, thus they all have a spare in the trunk.

In a personal computer the hard disk is a single point of failure. However, in a RAID level zero configuration, there are three separate single points of failure involving the hard disks. Should either hard disk fail, all is lost because each disk contains half of every file. Oops.

In addition, both of my clients were also dependent on the RAID hard disk controller, the thing with the intelligence to split files as they are written out to the hard disks and re-assemble them back together when read. If the hard disk controller fails, the files may still be alive and well and happy on the hard disks, but you can't read them. Recovering from a RAID level zero controller error might cost thousands of dollars, as its a job for the most sophisticated data recovery companies.

RAID Zero with a failed disk. Click for full-size.

In the case of the client with the Dell computer, it was fairly easy to determine that the problem was with one of the hard disks. Replacing it, re-establishing the Raid zero environment and then restoring a disk image backup got the machine up and running. Disk image backups will be the subject of an upcoming posting on this blog.

The client with the external hard disk lost everything. Not that it mattered, but I couldn't even determine if the problem was with one of the hard disks or the RAID controller.

Update: July 8, 2007. Originally I had said the hard drive was the slowest thing inside the computer, except for the fan. Someone pointed out that optical drives are even slower, so that sentence now says the hard disk is slower than the processor and ram, which was the point I was trying to make.
Note: See the comments on the original posting.

Update: July 13, 2007. See Following up on RAID Level Zero