Rant: Bad Uninstallers

I recently started having problems with a program I needed; it kept coming up with errors when I tried to run it.  No problem, I thought.  I'll just uninstall it and reinstall and all will be well.

It wasn't.  I keep getting errors from the uninstaller.  First, it has to "verify application requirements."  Huh?  If the program has been installed, obviously the requirements have been met. Why on Earth is it checking?  And why does it fail?

I've seen other variations.  Some programs search for the original installation file.  If you deleted it, or installed it in a temporary folder, it can't find it, so the program can't be deleted.

The worst was many years ago (back in the days of DOS) when I installed a demo program.  I didn't like it, so I uninstalled.  But the uninstaller didn't work properly, so my program kept trying to run the demo program.  When I contacted the company, they told me to go into debug mode.

For those who don't know, debug mode let you edit and change the actual code of the operating system.  It requires someone who, if not an expert in code, at least knows something about what the various hexidecimal codes meant.  To tell the average user to mess with this is like telling someone to take a hammer to a fragile glass sculpture in order to get it into position.  It might work, but if you make the wrong move, it will wreck everything.

For me, an uninstaller should do two things:  delete the files from your hard drive and remove all registry entries that were put in by the installer.  It shouldn't be too hard, but programmers seem to want to combine the installer and uninstaller, thus making it impossible to fix problems because you can't do a new, clean install.

Be careful where you save!

Many students use e-mail to send documents to themselves when working in labs. This is fine, but be very careful when you save.

If you open the file by clicking on an e-mail, it will not be saved in “My Documents.” When you log off the computer, your work will be lost. We get questions about these missing files from students this time of year, and there’s usually nothing we can do to help.

To prevent this:

• Use a flash drive to save your documents instead of e-mailing them to yourself.
• If you do e-mail, do not open the file by clicking on it. Instead, save the file in “My Documents” and open it there.

If you just click "save," the file will be lost when you log off. Don’t find this out the hard way.

Did you know? Files saved in “My Documents” are available on any I&TS lab computer. If you save the file there, you don’t need to e-mail it to yourself. Just log on and you’ll find it in “My Documents.”

It's about Time! (Threatfire)

There's a new tool in the antivirus toolbox that looks very promising.  Threatfire works with other antivirus to detect viruses and spyware in a different way:  it detect malware behavior, and not specific malware infections.

This is big.  For many years, I've been making the point about antivirus software:  it's flawed because it depends on virus definitions -- an identifying code specific to a particular virus -- for detection.  This means you need to constantly update.  And now, with the constant mutations of Antivirus XP and its clones, the updates are always way behind the virus makers.

Threatfire doesn't need updated definitions.  Bad behavior is bad behavior no matter what the software.  If something is causing popups, it will find the process and fix it, even if it never saw that particular code before.

You would think this could have been done before now. It actually has been tried, but the nature of computer journalism gave people the impression that the virus definition model was superior.  Years ago, computer magazines would test both behavior-based and definition-based antivirus.  Both would be equally good at detecting viruses and protecting the computer.  But the definition-based antivirus would say "You were infected by the stoned virus" while the behavior-based one would say "You were infected with a virus."  Because definition-based antivirus could name the actual virus, it got higher ratings even though it was no better at protection than the other.

Threatfire is not a replacement for your antivirus, but rather a supplement to it. It will protect against the malware your McAfee or Avast or AVG or Symantec doesn't know about it.

I have only been able to give it a limited test; it seems to work quietly in the background and I haven't had any viruses to test it with.  But assuming it works even close to as advertised, it's an solution that's a decade or more overdue.

Save Ink!

Here's a neat little way to save in when printing:  EcoFont.

It's a great idea: a font with small holes in it. Because of the holes, less ink is required.

At small sizes, like 12 points, the holes are barely noticeable.  It's a tiny big gray, but not enough to make it hard to read.

Just download the font and install it to increase the life of your print cartridges.

(Suggested by Kim Komando).

Basics: The Task Manager

One of the most useful tools for determining what's going on with your computer is the Task Manager. This program lists what currently running on your computer and lets you determine what's using up memory.  You can also use it to shut down things that you don't want running.

To access the Task Manager, press Ctrl-Alt-Delete (all three keys at once). In some cases, it will pop up; in other configurations, this will bring up a list of options. "Task Manager" is one of them.

There are several tabs on the Task Manager.

• Applications -- these are programs currently running on the computer. If you click on one and then select "End Task," the program will close. This can be useful if the program stops responding (which will show in the status). You can end the program if it's frozen.
• Processes -- This is trickier.  These are various processes running on the computer. Sometimes, you can kill a rogue process like a virus so that you can run other programs. You can also use it to shut down things that are taking up too much memory. The processes can be sorted so you can see which one is taking up memory (ignore "System Idle Processes"; that's just free memory, so you want it to be high). Note: If you end the wrong process, the computer might crash. But don't let this faze you:  a restart will fix things.
• Performance -- Shows how much memory is being used.  If the CPU usage is at 100%, your computer is going to run slow.  The task manager also puts an icon near the clock on the taskbar; it will indicate how much memory is being used with a bright green bar. 
• Networking -- Shows how your local area connection is working.

How is this useful?  In several ways:

• If a program is not responding, open the Task Manager and look at the Applications tab.  Look for tasks listed as "not responding."  Click on them and then on "End Task" to free things up (you will get a warning window before they shut down).  It may take a few moments for it to work, but it's quicker than restarting the computer.
• If your computer is running very slowly, open the Task Manager and look at the processes.  Click on the heading "CPU" twice to sort largest to smallest.  The processes at the top (not counting "System Idle Process") are taking up the most CPU time.  If you can determine what they are, you can end them, or reconfigure. 
• Occasionally, you may find that your taskbar has disappeared and you can't get it back.  Go into the Task Manager, click on "File" on the menu, and then "New Task (Run)."  Type "Explorer" in the space and click OK.  The taskbar should return.

The Task Manager is a handy way to maintain your computer.

Don't Fall for it

We've been getting some cases of people's e-mail accounts being compromised and used for sending spam. This was generally because the user gave out his password.  Most commonly, people are tricked into it by an e-mail requesting the password.  Here is one example:

From: <Address removed>

Sent: Wednesday, April 01, 2009 7:03 PM

Subject: ATTN: EDU WEBMAIL SUBSCRIBER:

 

ATTN: EDU WEBMAIL SUBSCRIBER:

 

This mail is to inform all our {EDU WEBMAIL} users that we will be upgrading our site in a couple of days from now. So you as a Subscriber of our site you are required to send us your Email account details so as to enable us know if you are still making use of your mail box.

 

Further informed that we will be deleting all mail account that is not functioning so as to create more space for new user. so you are to send us your mail account details which are as follows:

 

*User name:

*Password:

 

Failure to do this will immediately render your email address deactivated from our database.

 

Your response should be send to the following e-mail address.

 

Your Admin Manager: <email address removed>

 

Yours In Service.

 

<name>

 

FROM THE EDU WEBMAIL SUPPORT TEAM

There are several things about this that should raise alarms.

• First of all, no I&TS department will ever ask for your password. There is absolutely no need for it. In the case above, if we were upgrading our site, we'd would use your same user settings.  If, for some reason, we couldn't use your current username and password, we would create new accounts and let you know what the new information is. We would never have to ask for your password.
• Note the phrase:  "we will be deleting all mail account that is not functioning." IT departments know the English language well enough to handle basic subject/verb agreement.
• Though I hid it, the e-mail address for the Admin Manager was not a siena.edu address (it was from the .info domain, which is not all that reputable in any case).  Even if we for some reason needed this information (as I mentioned, we don't), we would ask you to send the e-mail to a siena.edu e-mail address.  This is a given.
• At a college, it's pretty easy to know what student accounts are active and which aren't.  There is no reason at all to delete an account before you graduate. 
• If space is needed, and we can't add memory, the solution would be to set quotas, not delete accounts.
• "FROM THE EDU EMAIL SUPPORT TEAM."  Maybe it's just me, but I'm always suspicious about anything that comes from a "team."  Scammers always seem to use it.  While it can be legitimate, it's at least a warning flag.

There are many other signs of that an e-mail is fake; if you have an example, add a comment.  But the first rule is always the best: never give out personal information when replying to an e-mail.  If you have any doubts, contact the "sender" by another means -- by phone (finding the number in the phone book, not in the e-mail) or by visiting their web page (by typing the address into the address bar, not clicking on a link).

Here's a good overview of how to remain safe from phishing e-mails like this.

Filefixer Pro Repair Tools

I mentioned Filefixer Pro a few days ago.  At the time, there was no tool to repair files encrypted by the program.

That's changed.  The first was reported here by "Bobby" in the comments to my post.  Anti-Filefix does seem to be able to unencrypt the files.  I haven't been able to test it (I don't have any infected computers), but is looks pretty simple.  I can't guarantee it, but it was worth a try.

And now, Symantec has come up with a decrypting tool.  (Link is at the bottom of the page or you can download it directly).

So, for now, the tools are there.  But who knows what tomorrow may bring?

I had a particularly stubborn infections yesterday.  The software prevented Malwarebytes, SuperAntispyware, or Combofix from working, even in safe mode (I didn't have a chance to use Smitfraudfix).  The student was finally able to clean it using Norman Malware Cleaner, a tool I'd never tried before and which I don't recall where I found.  Evidently, Antivirus 360 didn't know about it either, since it didn't stop it from running.

I did learn one trick that I didn't get a chance to test out, though. Some sources say that if you can't install Malwarebytes to clean the computer, rename the Malwarebytes installation file (the name doesn't matter).  It looks like the virus identifies the software by name and will let it install if it's not called "malwarebytes."  You may also need to rename the executable in addition to the installation file.

AVG 7.5 Support Discontinued

AVG has announced that they have discontinued support for version 7.5 of they software at the end of February.  This means that if you're using it, you will no longer get updates.

You will need to update your antivirus. If you have AVG 7.5, you probably have already seen a warning screen. 

First of all, don't be fooled; the "warning screen" may, upon closer inspection, be an Antivirus 360 warning.  You don't want to mess with that.  AVG has the AVG logo on it -- a square with four different colored sections.  Anything else is suspicious.

Another sign that this is legitimate is that when you close the window, it stays closed.  In any case, your best solution is to go directly to the AVG download page at http://free.grisoft.com and find the free version.  Current version number is 8.5.  AVG will suggest you get the paid version, of course, but the free version is easy to find.

Important!  There are reports of problems on Vista machines with AVG 8.0 running Firefox.  If you use Firefox, do not install the AVG linkscanner or toolbar when installing AVG.  If the problem still recurs, uninstall AVG and switch to Avast Antivirus.

Preventing Antivirus XP Infections

I've been talking alot about this and how aggressive and nasty it is.  Antivirus software is not effective, since it mutates constantly to sneak by — and once it's installed, it prevents any antivirus updates that might detect it.

There is one thing in your favor:  this malware is a trojan.  It cannot install itself on your computer; you need to install it yourself.  That's one reason why the warnings are so urgent — to make you take the one step required to get infected.

The problem is that when Antivirus XP 2009 pops up, it can be difficult to shut it down.  If you try to ignore the alert or close it, it will usually come back again and make it impossible for you to browse away from the infected page.

If this happens, the fix is simple:

• Press Ctrl-Alt-Delete (i.e., all three keys at once)
• A window will pop up.  Select "Task Manager."
• The Task Manager will display.  Make sure the "Applications" tab is selected.
• Look for Internet Explorer (or whatever web browser you're using).  They may be identified by the web page instead of the program name.  Identify it by the browser icon (the blue E for Internet Explorer, for instance).
• Click on it.
• Click on "End Task."
• Look for other instances of your web browser, select, and click on "End Task" until they are all gone.
• Close the Task Manager.

Your web browser is closed and the popup should be gone.

It's a good idea to use this method as soon as the Antivirus XP popup displays.

Were you infected?  It's certainly possible.  Luckily, you'll know pretty quickly if the malware was installed:  it will start nagging you to clean the computer, and you'll see virus warning you've never seen before.  If you don't notice anything different about your computer, you're probably OK.

How to Recognize a Fake Virus Alert Message

The various mutations of the Antivirus XP 2008/2009/360 viruses out there try to get you infected by giving out scary warnings about how your computer is infected with viruses.  A typical version looks like this:

 

Note these things:

• It "detects" multiple infections.  It's unusual for a real alert to find more than one at a time.
• The "online scanner" pops up in a second or so. It takes time to scan your computer -- ten minutes or more.  Anything that finds multiple viruses on your computer in only a couple of seconds is lying to you.
• If you're using a web-based scanner, you must install software before it scans. If you haven't done this, it won't detect any viruses.  So if you haven't deliberately downloaded the software first, no scan will work.
• A legitimate web-based scanner like Housecall only installs from a single site named for the scanner.  It does not show up if you don't deliberately go to it. The fake alert here will display when you're not going to a scanner website.

It's instructive to compare this alert with those of legitimate antivirus software.  Here are a few:

McAfee

Note this tells you that the file has been deleted or cleaned (click on the image and see the state).  It does not require any further action.

Symantec

(This may be an old image).

This, too, doesn't require further action.  The virus is neutralized.

AVG

AVG does give you options. "Heal" is usually the best. Note, though, that there's a single popup, and that it doesn't "strongly recommend" you remove them. 

Avast!

One nice thing about Avast! -- its warning says "There is no reason to panic."  This is quite the opposite of AV360, which wants you to panic. There are several options, and a suggestion for a recommended action.

Checking for yourself

If you're using different antivirus, or to get a better idea of what the warning looks like on your computer, download the EICAR Test File. Most antivirus software will detect as a virus (it is a harmless file used for testing antivirus).  When you download it, you should get a virus warning.  This will show that your antivirus is working, as well as giving yourself a chance to see a legitimate warning so you won't be fooled by the fakes.

Beware FileFixer Pro

The sleazes at Antivirus XP are at it again, and taking their nastiness to another level with FileFixer Pro. It is a very dangerous bit of spyware, because it keeps you from accessing your own data.

Like all the other version of Antivirus XP (2008, 2009, 360), File Fixer Pro appears as a popup while you're browsing the web that warns you in very heated terms that you files are corrupted and you'll need to install the program to fix it.

Don't do it!

Once the program is installed, it encrypts your files.  They're perfectly good, but you need to buy the software (for $60 or more) in order to read them.  If you do buy it, it will (probably) fix things -- but they now have your credit card and can run up charges on it.

While there are ways to remove File Fixer Pro, the files will remain encrypted.  At the moment, there is no way to fix this. (Added 3/25:  Tools are now available).

If a window pops up with this warning (or any other virus warning), close your web browser immediately.  The software won't install without your help.

Be very careful when browsing the web.  If you get a pop up warning you about a virus or problems with your computer, don't believe it.

Here is a discussion; information is still scarce, so be warned.

Uninstalling Software

It's a simple process, and something that all computer users need to know, but there are plenty of people who don't seem to know how to uninstall software.

It simple enough: you used the "Add or Remove Programs" option on the control panel. 

• For Windows XP, click on "Start," "Control Panel," and "Add/Remove Programs."  If the option is given again, you click on "Add/Remove Programs."
• For Windows Vista, click on "Start," "Control Panel," and find "Uninstall a program" under "Programs."

The computer will list the programs.  Click on them and the click on "Uninstall."

Which to remove? That's up to you.  If there's something you never use, it probably won't hurt to remove it, especially if it's freeware that you can always download again.  And if you try some software and decide you don't like it, use this to clean it off your computer so it's not going to cause problems.

"Anyone who Says Differently is Selling Something"

I came across a good article in Slate today about "My Faster PC.com,"* a cleaner that promises to improve computer speed.

I'm wary of those sort of claims, especially by someone who has something to sell.  One of the advantages of Windows computer is that you can find free utilities for whatever you need. You only need to buy software when the freeware doesn't do the job -- which isn't that often.

In any case, computers do tend to run more slowly over time. There are two major reasons for this, both due to software, not the registry or hard drive:

• The most common cause is the amount of software running on the computer.  If you install things that run at startup, it starts taking up memory.  The fix is to uninstall this software.  I'll discuss how in another blog.
• Updated versions of software require more memory.  Your Office 2003 worked fine, but a update to 2007 runs too slow.  Newer software is always memory intensive, so it will run slower on older machines.  The best fix for this is to upgrade your memory -- the more, the better. 

Cleaning out bad entries in the registry doesn't hurt, but it also doesn't usually make a difference.  Like the author of the article, I've found that CCleaner does this just fine.  Advanced Windows Care is another good cleaner.  Both are free.

You can also clean files from your hard drive and defragment to increase performance.  These help, but probably won't solve slowness issues.  It's best to check your software to see what is running that you don't need and to turn it off.

______________________________________________________
*Which is how they show the guy entering it.  So already they're showing something wrong.

POP goes your e-mail.

On campus, we use Microsoft Outlook for faculty/staff e-mail.  Students can use the Outlook Web Access, or can set up any e-mail client (including things like mail on mobile devices like iPhones).

Some people want to use Outlook Express.  That's fine, except that you have to be careful of the settings.

Outlook Express defaults to using POP3 e-mail. That's not uncommon and fine to use in most cases.  But Outlook Express is a bit behind the times:  the default is to move all e-mail from the server to your hard drive.

If you're not careful, all the mail in your inbox will move to your hard drive -- and be removed from the server.  In the days before portable computing, fast connections, and cheap memory, this made sense.  It was much more convenient to store your e-mail on your hard drive.

Nowadays, people want to keep e-mail on the server so it's available from anywhere. If you use Outlook Express with its default settings, your mail will no longer be on the server, and it isn't easy to restore it.

If you do want to use Outlook Express, check in the settings so that it leaves a copy of the message on the server. I'm not sure if that's part of the usual setup, so you may have to go into the settings and change it before connecting to the Internet.

We've seen several cases of people inadvertently deleting everything from the server.  If you want, you can use Outlook Express (though there are better mail clients out there), but don't make that mistake.

Browser Wars: Rating the features

I've decided to rate the five major browsers on the various features I think are important.  The links go to my analysis of the various browsers. 

I haven't updated Firefox or Opera.  All my points in the original reviews stand, and neither browser has added anything that makes the browser different.

But I have switched from Opera to Firefox as my favorite. I like Opera very much, but was ultimately defeated because too many things are designed for Firefox and MSIE, and thus don't work with Opera (Google Apps and the Google toolbar, for instance). In addition, Firefox offers add-ins that let you add some of Opera's best features, and the ability to use MSIE within Firefox.

10= highest	Google Chrome	Firefox 3.0	MSIE8	Opera 9.5	Safari
Tabbed Browsing	8	10	9	8	3
Speed	7	6	10	5	10
Customization	2	10	7	8	1
Bookmark Management	2	9	10	6	3
Special features	6	8	8	9	1
Innovations	6	8	7	10	2
Security	9	9	6	9	10
Compatibility	9	9	10	5	9
Total	49	69	67	60	40

Definitions:

• Tabbed Browsing.  How useful the tabbed browsing function works.  Ability to add additional features and manage tabs.
• Speed.  How fast the browser renders web pages.
• Customization.  The ability to customize the browser for your own web browsing habits.
• Bookmark Management.  How easy it is to add, remove, and organize bookmarks. 
• Special features.  The things that make one browser different from the rest. These are built-in features, not add-ins.
• Innovations. What about the browser is new and different.
• Security. How secure the browser is.  This isn't just lack of security holes -- Firefox had more bug last year than all other browsers combined -- but how quickly fixes are issued (very fast for Firefox) and how much a browser is a target (with MSIE as target #1).
• Compatibility.  How web pages are rendered.  People design for MSIE, so that's a big advantage; they ignore Opera and that hurts.

For another analysis, see "If Browsers Were Women."

Browser Wars: Safari 4

In the past, I've rated Safari as the weakest of the various web browsers. The main problems I found was an inability to understand tabbed browsing, a poor design for the bookmarks, and a complete lack of customization, up to an including the inability to use any other inline search engines than Google and Yahoo.

A new version of Safari does nothing to fix any of the conceptual flaws in the design of the browser.

First, the good news.  Safari is fast. It and the new Internet Explorer 8 are by far the fastest of the browsers. Some tests say that Safari is the fastest, but I doubt any human being could see any difference between it and MSIE8. But, still, fast is good and the improvement over older browsers is considerable.

They've also set things so it uses standard rendering of text, so web pages look right.  You can use Apple's scheme if you want, but it's nice that Apple gives you the option to do things the way you want for a change.

In addition, Safari has the same private browsing feature that Google Chrome and MSIE8 have.

That's about it. Safari still doesn't understand tabbed browsing. They've improved things somewhat by adding a button to add a tab -- something that's essential since browsers don't create new tabs for inline searches.*  But it's much harder to move tabs around once they're created.  In all other browsers, you click anywhere on the tab and can move it.  In Safari, you have to click on a tiny corner with a symbol whose meaning is completely opaque to the user.  Why make it difficult?

Safari still has the same horizontal design for bookmarks that I just don't care for.  It's better than in previous versions and I suppose the design allows for a cleaner look (Apple always chooses looks over functionality). But the lack of space means that you need to put your bookmarks into folders instead of just having them available.

I get the distinct impression that Safari's developers never bother with bookmarks and merely type in all the web pages they go to (It's quite clear they never use tabs).

As for customizations -- forget it. You can't even add additional search engines to the inline search.  I search Wikipedia a lot, but Safari doesn't offer even that obvious option.  The best browsers will let you search any site through inline search; Safari gives you two.

There are no add-ins. If you want a feature that's not in Safari, you're out of luck; there's no way to add it.  No skins, either (though that's not really a flaw -- it's rare to find a skin that's worth using).

And there's no sign of innovation. MSIE now has the web slices feature.  Google Chrome invented private browsing and uses the history to create favorites. Opera invented tabbed browsing, the speed dial, and Paste and Go. Firefox developed plug-ins.  All come up with new and interesting ways to make browsing better.

Safari does nothing new.  It doesn't even do many old things (like automatically creating a tab instead of opening a new browser).

But it's fast.  If that's all that's important to you, use it (but check out MSIE8).  But if you want a flexible web browser that does what you want it to do, use something else.

___________________________________________________

*Something I can't understand.  Google Toolbar has done this for ages, yet if you type in anything in the search field in all browsers, your current page changes to the search engine.  Not very useful if you're trying to look things up on the fly.