IT News & Technology update

Provide comprehensive update related to Computer, technology, software, anti virus and another electric device

Google desktop for Linux released!

Written by IT News on 2:40 AM

GoogleGoogle has finally released a native version of Google Desktop for Linux

Similar to the OS X and the Windows version, this nifty software not only allows users to search for files on the system, but also gives the ability to search for text inside documents, email messages, as well as Gmail accounts.

Basically, all the features from the first Windows version of GDS is there, plus the Quick Search Box.

The sidebar with its associated gadgets are not available in this version unfortunately. According to Google, these features would “probably” be added in the future. If you must know, it was developed primarily out of their Beijing office.

Both RPM and DEB distribution packages available.You can read more about Google Desktop for Linux, or download it here. And yes, its a beta.

10 ways to make desktop visits more effective

Written by IT News on 11:52 PM

Visiting a customer’s workplace represents a considerable investment in time and resources. As field engineers, we must take great care to derive the maximum value from each visit and make certain our time and the customer’s time isn’t spent in vain. I have compiled the following list of techniques and routine tasks I perform whenever a support call takes me to an external location. It isn’t always possible to avoid a return visit, but these methods will help keep them to a minimum.

#1: Verify that the visit is necessary

Make sure you fully understand the reported problem and the customer’s request. You could be wasting your time if you take off before assessing the customer’s situation. If you didn’t originally take the complaint, contact the customer before you leave. More than once, I have been dispatched on a less-than-accurate problem description. Call ahead, and you might save yourself the trip.

#2: Take the right spare parts

Before you leave your office, determine all the replacement parts you’ll need and double-check their location. Whether the parts are delivered directly to the client or you carry them with you, arriving at a customer site without the necessary equipment will make for a wasted trip and is a poor reflection on the help desk. Besides the job-specific equipment, you should always carry spares for commonly replaced parts — keyboard, mouse, case screws, modem, network card, CD-ROM or DVD drive, and the like.

#3: Think safety first

Quickly check the safety of the customer’s environment. Evaluate the condition of cables, trip hazards, wobbly shelves, and so forth. It takes a minute and could save you from serious injury or even death! Don’t be frightened to make your safety concerns known. I would sooner have a customer tell me I am making too much fuss than fail to point out a hazard that later claimed a life. You may also be able to make recommendations about possible future failures, such as a failing screen or worn power cable.

#4: Ask the customer to demonstrate the problem

Don’t jump in with both feet and start pulling the covers off the customer’s equipment. Before you touch anything, ask the customer to demonstrate the problem. It may be the user and not the machine. Too many times, I’ve checked a PC, found nothing wrong, and left the customer’s location, only to be called back again. During the subsequent visit, I often discover that the caller is trying to achieve the impossible.

#5: Install necessary software updates

Ensure that the operating system, antivirus software, anti-spyware applications, and the like, have all necessary updates. Although many IT organizations automatically deploy updates, it is not unusual to find unpatched machines — particularly in remote offices or businesses without in-house IT staff.

#6: Do a little house cleaning

Give the PC, keyboard, and mouse a quick cleaning. This will make the equipment look better, last longer, and possibly run better. You may even keep yourself healthier, as you avoid any germs hiding on the keyboard and mouse. Once you’ve taken care of the outside, go to work on the PC’s inside — defragment the hard drive, delete temporary files, clear out the browser cache, and so forth.

Carry basic spares with you or have them nearby. A cheap replacement keyboard can make all the difference. It’s not unusual for there to be more than one problem, and being prepared for any eventuality is always good practice. You’ll be amazed how much goodwill a wipe-over can generate. Remember the last time a petrol station filled your tank and wiped the flies off the windscreen? It’s a rare thing, especially in the United Kingdom.

#7: Double-check the asset register

If your organization manages equipment through an asset register, be sure that it’s correct when you leave the client’s location and if possible, before you leave your office. All too often, people log a call on a particular piece of kit and only after you reach the customer’s location do you realize that the computer you thought was in Southampton is actually in Plymouth — over three hours’ drive away. By the same token, I have often been called to a job on an asset number that is not the device that is giving problems– yet another reason to speak with the customer before leaving your office.

#8: Explain your repairs

Before you leave the client’s location, ensure that the customer understands the problem’s cause and your repairs. Users often believe they caused a failure, even when they didn’t. Reassuring them of their innocence puts them at ease and makes them feel more comfortable the next time they call IT support. If the user’s actions did cause the problem, politely educating them could save future visits. Effective communication is critical for building a positive customer relationship.

#9: Pick up after yourself

Don’t walk away from the area before checking that you have all your tools. Your client may discover a forgotten tool and try to use it. From personal experience, it’s extremely frustrating to know that a previous client is propping up a wilted plant with your favorite screwdriver. Worst of all, you always discover that a tool is missing when you need it most.

#10: Leave the customer with a smile

You may have to visit a client more than once, and an angry client with a grudge can make future calls a real headache. As a field engineer with no fixed base, you need as many allies on the ground as possible. You never know when you’ll need to drop in and use the bathroom, run some photocopies, or charge your laptop battery while enjoying a chat and a cup of tea. Without these “courtesy calls,” the field engineer’s day can be a lonely, frustrating one.

Edit graphics like a pro using The GIMP

Written by IT News on 11:49 PM

Macs are famous for their ability to do graphic design. Windows workstations are quickly catching up. Here's how you can use a free tool called The GIMP to get professional results without a hefty investment.

Image editing and creation is not limited to Mac or Windows. In fact, one of the flagship applications for Linux (and open source) happens to be a photo manipulation application. The GIMP (GNU Image Manipulation Project) is a very powerful tool that equals (and in some instances bests) its proprietary competition.

Unfortunately, one of the stumbling blocks to The GIMP is usage. Its unique user interface is not like Photoshop. However, it's also easy to learn and can handle many advanced features. In this article, I'm going to show you how to use The GIMP and discuss some of its advanced features.


Installing The GIMP in Linux shouldn't be an issue. Every Linux distribution comes with The GIMP. The few exceptions to this rule would be some of the smaller live CDs (i.e., Puppy Linux). If you are running a distribution that doesn't have The GIMP installed by default you can run something close to:

yum install gimp

and the installation system will take care of the dependencies.

Running The GIMP

The GIMP does not demand the resources of most graphics manipulation programs. Checking the top listing for The GIMP, you'll see the screen shown in Figure A.

Figure A

You'll never see Photoshop using fewer resources.

The GIMP's usage is on the third line of the listing. As you can see, top shows that The GIMP is only using 36 MB of RAM, 2.7% of the CPU, and 5.3% of the RAM.

Once GIMP is up and running, you'll notice two main (and separate) windows. Take a look at Figure B, which shows the three main working windows for The GIMP. The main toolbox is the main window for the application. The Layer Dialog window (as labeled below) houses the dialogs for layers, channels, paths, brushes, patterns, and gradients. As any graphic artist will tell you, you can't succeed without knowing and using layers.

Figure B

Get used to the multi-window view; it's The GIMP's way of life.

There are tricks to getting used to The GIMP's layout. First and foremost are menus. Although you see menus attributed to each window in Figure B, some share similar entries. What you don't see is the right-click menu. One of the issues hard-core users complain about is efficiency. Having to constantly move from one window to the next is a waste of time. With that understanding, GIMP developers made it easy. Right-click in the image window to see a new menu appear, as seen in Figure C.

Figure C

The right-click menu will become the most-used menu in your GIMP.

From the right-click menu, you can access nearly every tool available to The GIMP. This will save you time and effort.

Now that we have basics of the interface out of the way, let's start getting to work.


Layers make working with images much easier. Without them, working with an image would become an exercise in tedium and insanity. Layering can be seen like a transparency: On the base layer, you have a background image, but you can layer a separate image without affecting the background. Let's use an example. I am first going to deconstruct the image from Figure B in order to strip away a layer, combine layers, and add it to a layer of another image.

In Figure D, I am going to delete the background layer from the working image window. As you can see, I have highlighted the background layer and will press the delete button.

Figure D

If you hover your mouse over the trash can icon, the Delete Layer tool tip will appear.

Once the layer is deleted, the image in the Image Window will appear differently. Figure E gives an example of this.

Figure E

With the background layer deleted, the image has a transparent background.

Remember, your goal is to copy this image onto another. If you were to copy the image as is, you would only copy the active layer. In Figure E, there are three layers: Drop-Shadow, Jack, and Grow-me. Whichever layer is highlighted at the time of copying will be the layer copied to the clipboard.

In order to copy all three layers at once, the layers must be merged. Layers can be merged in two ways. First, you can merge layers down. For example, let's say you only want to combine layers one and two. To do this, you would first highlight the top layer you want to merge down. So if you wanted to merge layer one with layer two, highlight layer one. If you wanted to merge layer two with layer three, highlight layer two. Next, open the Layer Menu and select Merge Down. You will then notice only two available layers in the Layer Descriptions, as seen in Figure F.

Figure F

The only remaining layers are Jack and Grow-me.

The problem with merge down is that you still have two layers to copy. Should you want to copy the entire image, you will have to merge the layers via Merge Visible Layers. To do this, either press [Ctrl][M] or go to the Image menu and select Merge Visible Layers. Either way, you will get a dialog box of options: Expand As Necessary, Clipped To Image, or Clipped To Bottom Layer. I always stick with the default (Expand As Necessary). Once you press OK, you will notice only one remaining layer in the Layer Descriptions window (in our case, Grow-me).

Next, copy the merged layers onto another image. If you were to copy the merged layers onto an image without creating a new layer, any manipulation you try to do to the copied image will affect the base layer itself. Adding a new layer allows you to play with various aspects of the copied image without affecting the original background. Take the new image and add a new transparent layer on top of it, as seen in Figure G.

Figure G

A face: just asking for a name.

Once you click on the new layer, you will have to decide the name, size, and fill-type of the layer. It's best to get in the habit of giving layers descriptive names. When you're dealing with an image with many layers, it can get rather confusing. Since you need to keep the transparent nature of the copied image, select Transparency for the type. The size will fit the base image, so there's no need to modify. Press OK and you will notice no change in the Image Window. You will, however, see a new layer appear in the Layer Description window for the new image.

Go back to the merged layer image. To copy this, press [Ctrl][C]. Now go to the new base image. Make sure the new layer is highlighted and press [Ctrl][V]. The new layer is pasted on top of the base layer, as seen in Figure H.

Figure H

The pasted layer is much too dark.

Obviously, you can't use the layer as-is. I intentionally copied a dark image onto a dark background so I can show you a little about layer manipulation.

Take another look at Figure H: The Floating Layer is the layer you just copied but have not anchored down.

You need to adjust the opacity of the Floating Layer so that it doesn't just look like mud overlaying the base layer. Drag the Opacity slider to the left. You'll notice the Floating Layer growing more and more transparent. I am going to drag the slider to the 30.2 position and then anchor the layer. As you can see in Figure I, the image is not nearly as muddy as it would have been without the layer manipulation.

Figure I

You can now see the added layer isn't too dark.

It's not perfect, but it illustrated a good point: layer manipulation is critical to good graphic design with The GIMP.


The QuickMask tool is one of those tools that once you get the hang of, you'll use more often than not. QuickMask allows you fine-tune only selections of an image. To use QuickMask, simply click on the QuickMask button on the bottom left of the image window, as seen in Figure J.

Figure J

QuickMask helps fine tune images.

When you click the QuickMask button, the entire image will appear to have a translucent red layer over it. Figure K illustrates this.

Figure K

The red glow means you're ready to begin using QuickMask.

Press the QuickMask button again to return it to normal mode. We're going to use QuickMask to give my picture a unique look. Press the QuickMask button and then press the eraser tool. Make sure you're erasing with the color black; otherwise, QuickMask won't work. So, using the eraser with the Circle Fuzzy (13) brush, I am going to "erase" the face from my picture. I'll use the Circle Fuzzy brush so the edges aren't sharp.

Once I erase the face from the picture, I have a clown-white look, as shown in Figure L.

Figure L

Circus clown? I think not.

If you click the QuickMask button again, you will see the area erased with a dotted line around it. This means the area has been selected to be manipulated. Make sure the layer you are working on is the background layer. While the face is still selected, right-click the image and go to Filters | Distort | Whirl and Pinch. Press OK; when the filter is processed, your image is ready. Figure M shows the changes.

Figure M

Making yourself look creepy is simple with Quickmask.

Cool logos

Another really great GIMP tool is under the Xtns menu in the Main Toolbox window. Select that menu and go to Script-Fu | Logos. From the Logos sub-menu, there are a number of styles to choose from. Each has its own unique characteristics. Let's take a look at the Glossy logo. Select Glossy from the list and a new window will appear, as seen in Figure N.

Figure N

There are a ton of options in the Script-fu log window.

The most important options you'll want to configure:

  • Text: This is the actual text that will appear in the logo.
  • Font size: Actual font size.
  • Font: The font used.
  • Blend Gradients: These will be the color schemes of the logo.

There are quite a few more options to explore, but this list will get you going right away. Once you enter your text, select font and font size, and select your gradients, press OK to create the logo. As an example, I chose Jack as my Text, 100 as the Font size, and Aneurism as both Blend Gradients (if you choose different gradients for Text and Blend, the end result will not be clean). Figure O illustrates the end result of the logo.

Figure O

With the help of Script-fu, anyone can create elegant, professional logos.

Final thoughts

The GIMP is an incredible image manipulation package. I have been using it for years and have not missed my days of Photoshop for a second. Although this article only scratches the surfaces of the power and ability of The GIMP, you can see from these examples how well this application easily meets the needs of graphic artists on every level.

The SYSVOL share in Windows 2000 Server

Written by IT News on 4:45 AM

The SYSVOL share is an important component in your Windows 2000 Server, acting as a master clearinghouse for file and directory storage and replication. Learn more about the share and its role in the system.

During promotion of a member Windows 2000 Server to domain controller, you have to specify the location for a special SYSVOL share. This folder represents the primary reason you have to use the NTFS file system on your domain controllers. Active Directory itself doesn't require NTFS, but the SYSVOL share does, which means that you could conceivably have AD on a FAT partition and keep only your SYSVOL share on NTFS. But, even though that's possible, it sure doesn't mean you should do it. All Windows 2000 computers, especially a W2K server, should use NTFS. There's no excuse for using FAT on a server.

So what's so special about the SYSVOL share? Two things make it special, the first being its contents. The SYSVOL share contains some very important directories for your Windows 2000 domain. SYSVOL is also home for a part of Group Policy objects called the Group Policy Template, which isn't appropriate to store in Active Directory. Examples of SYSVOL share contents include software distribution files, scripts, ADM templates, and so on.

Underneath the SVSVOL share is also a Scripts directory that contains down-level scripts and policy files for down-level clients (Windows 9x and Windows NT). You might remember this folder from Windows NT as NETLOGON share. This share is still here, just in a different place than before. Usually the SYSVOL share is located in %systemroot%\Sysvol\sysvol, and NETLOGON share is found under %systemroot%\Sysvol\sysvol\<DOMAIN>\Scripts.

The second reason for the SYSVOL share's special status is the File Replication Service (FRS) that's configured to replicate the contents of your SYSVOL share to all other domain controllers in the domain. This way, all domain controllers in a given domain have the same scripts and Group Policy files.

Installing Virtual PC 2007

Written by IT News on 4:41 AM

Virtual PC 2007 gives you an easy and cost-efficient way of consolidating multiple operating systems and legacy applications on to a single computer. Instead of using a dedicated computer for every OS and application you require, you can install them on a single computer within virtual machines. You can switch between the virtual machines as though you are switching between applications.

In this article, I will outline the hardware and software requirements for installing Virtual PC 2007. I will then discuss how to install Virtual PC 2007 on Windows XP Professional.

System requirements

The computer that you are installing Virtual PC on (also referred to as the host computer) must meet a set of minimum hardware and software requirements. The minimum hardware requirements include:

  • 400 MHz process with L2 cache (1 GHz is recommended)
  • CD-ROM or DVD drive
  • Super VGA or higher
  • Keyboard and mouse (or other pointing device)

You can install Virtual PC 2007 on any of the following host OSs:

  • Microsoft Vista Business
  • Microsoft Vista Enterprise
  • Microsoft Vista Ultimate
  • Microsoft Windows XP Professional
  • Microsoft XP Tablet PC Edition

Disk space and memory requirements vary depending on the guest OS. The table below outlines the disk and memory requirements.

Guest OS

Minimum memory

Minimum hard-disk space

Windows 98

64 MB

500 MB

Windows ME

96 MB

2 GB

Windows 2000 Professional

96 MB

2 GB

Windows XP Home

128 MB

2 GB

Windows XP Professional

128 MB

2 GB

Windows Vista Business

512 MB

15 GB

Windows Vista Enterprise

512 MB

15 GB

Windows Vista Ultimate

512 MB

15 GB


64 MB

500 MB

Remember, these values represent the minimum requirements to run the guest OS. You also need to take into account the memory required to run the host OS.

Obtaining Virtual PC 2007

Unlike the previous version of Virtual PC, you can download and install Virtual PC 2007 at no cost. You can get a copy directly from Microsoft's Web site. Press the Download button beside the version you want to download. From the Security Warning dialog box, press Save and choose the location where you want the executable saved.

Once you have downloaded the setup file, you can proceed with the installation steps I describe in this article.

Installing Virtual PC 2007

There are two different scenarios for installing Virtual PC 2007. You can proceed with a new installation or, if you are running Virtual PC 2004, you can upgrade directly to the latest version.

Performing a clean installation

Assuming that your computer meets all the hardware and software requirements outlined earlier, you can continue with the installation steps. Complete the steps I describe below if you are installing Virtual PC 2007 on a computer that is not running Virtual PC 2004 Service Pack SP1.

  1. Locate the Virtual PC 2007 set up file. Double-click setup.exe to launch the Setup wizard.
  2. Press Run if you receive the security warning.
  3. Press Next when the Microsoft Virtual PC 2007 wizard appears.
  4. Accept the terms in the license agreement and press Next.
  5. Enter your customer information, as shown in Figure A. Choose whether to install the application for anyone who logs onto the computer (default) or for the current user only. Press Next.
  6. Set up installs the application to C:\Program Files\Microsoft Virtual PC. Press the Change button to select a different location, as shown in Figure B.
  7. Press Install.
  8. Press Finish.

Figure A

Enter your customer information. Choose whom to install the application for.

Figure B

Use the Change button to select a different location for the installation.

Upgrading to Virtual PC 2007

If you need to upgrade an existing version of Virtual PC, you can follow the steps described in the previous section for performing a clean installation. The main difference is that you must first complete these preliminary tasks to prepare the computer for the upgrade:

  • Turn off all virtual machines
  • Perform a backup of all Virtual PC files
    • Virtual PC configuration file (options.xml)
    • Virtual machine configuration (.vmc) files
    • Virtual hard disk (.vhd) files
    • Undo disk (.vud) files

You can now proceed with the numbered steps described in the section above.

You cannot upgrade from Virtual PC 2004 to Virtual PC 2007. You must uninstall Virtual PC 2004 and proceed with performing a clean installation of Virtual PC 2007.

Virtualization in a few steps

As you can see, there are minimal requirements your computer must meet before implementing Virtual PC 2007. Your main concern is making sure your computer is equipped with sufficient hardware to run both the host and guest OSs.

If your computer meets all the hardware and software requirements, you can move on to the installation. The process is very straightforward with a wizard to walk you through the setup.

Change the font Windows XP displays in Windows Explorer

Written by IT News on 4:16 AM

Windows XP uses the same font for desktop icons and Windows Explorer. If the font is too hard to read, you can change its size or the font itself with a few mouse clicks. Here's how to adjust the look of your system fonts.

Windows Explorer and My Computer display the same font that Windows XP uses for icon titles on your desktop: Tahoma, 8 point. If you want to change the font or font size used in Windows Explorer, follow these steps:

  1. Access the Display Properties dialog box by right-clicking the desktop and selecting the Properties command.
  2. Select the Appearance tab and click the Advanced button.
  3. Select Icon from the Item drop-down list.
  4. Use the Font drop-down arrow to select a font from the list.
  5. Click OK twice -- once to close the Advanced Appearance dialog box and once to close the Display Properties dialog box.

You can see the new font by launching Windows Explorer or My Computer. If you don't like what you see, repeat the steps and select a different font.

Mandriva rolls out Corporate Desktop 4.0

Written by IT News on 11:09 PM

Mandriva this week announced the general availability of Mandriva Corporate Desktop 4.0, the latest version of its enterprise-dedicated, KDE-based Linux work station. The new desktop features a 2.6.17 kernel and can be installed in under 15 minutes and extensively customized, thanks to a new post-installation tool, the company said.

"Corporate Desktop 4.0 is the result of several years of work on integrating the best open source technologies into a unified product dedicated to the enterprise desktop," said Mandriva director of engineerng Anne-Laure Nicolas. Results of this effort are said to include:

  • Directory administration and integration -- To complement directory-based authentication, Corporate Desktop 4.0 includes a new tool to set KDE user rights from an LDAP directory.

  • Mobility -- Corporate Desktop 4.0 features simplified configuration of secure remote access (DrakVPN) and simplified configuration of 3G data cards in order to remain efficient wherever you are.

  • Security -- Corporate Desktop 4.0 includes support for data encryption, high security authentication (including smart cards and fingerprint readers), secure connections and an interactive firewall.

  • Ergonomics -- Corporate Desktop 4.0 boasts a completely new, more intuitive design for the desktop plus integration of the latest 3D technologies (Xgl, AIGLX and Metisse).
Nicolas added that the new Corporate Desktop also boasts extensive compatibility with a wide range of hardware and third-party software. For example, the distribution is certified for compatibility with Intel, HP, and NVIDIA hardware, and integrates with third-party software from Arkeia, BitDefender, VMware, among others.

Additional supported hardware is said to include:
  • a large range of disk controllers -- especially JMicron IDE and SiS 966/968 SATA
  • many laptop SD card readers
  • Attansic L1 ethernet controllers
  • USB UVC-compliant video devices
  • Ralink RT2571W/RT2671-based wireless devices
Key desktop applications included in Corporate Desktop 4.0 include:
  • 2.1 office suite
  • Firefox browser
  • Pidgin 2.0 messenger
  • SeaMonkey 1.1.2 web application suite
  • Thunderbird mail client
  • GIMP 2.3.18 graphics editor
  • amaroK 1.4.6 media player
Support services available for Corporate Desktop 4.0, according to the company, include: a five-year security and bugfix maintenance lifespan; web support; professional phone support; expert consulting services; migration support

Mandriva is a full-featured Linux distribution that represents the convergence of the Mandrake (France) and Conectiva (Brazil) distributions. Mandriva Linux (formerly Mandrake Linux) was created in 1998 with the goal of making Linux easier to use.

The company said it also plans to release Corporate Desktop 4.0 on a secured USB key, to enable users to access their data and work environment from anywhere.

Mandriva offers a free trial program for Corporate Desktop 4.0, through which users can download the full version of the distribution and access official updates for one month. Further details are on the company's website.

OpenSUSE 10.3 alpha 5 available

Written by IT News on 8:58 PM

The openSUSE development team this week released alpha 5 of the upcoming OpenSUSE 10.3, featuring a cutting-edge 2.6.22.rc4 kernel and a choice between GNOME or KDE desktops. The final stable edition of v10.3 is expected to be available for general release in October, the team said.

"Lots of package renames and splits [are included] to create smaller systems and allow a one-CD installation," team spokesperson Andreas Jaeger said.

Some highlights of Alpha5 compared to Alpha4:

  • Linux kernel 2.6.22-rc4
  • reduced size and cleaned-up dependencies of some packages
  • glibc 2.6
  • Emacs 22.1
  • 2.2.1rc3
Standard features in OpenSUSE 10.3 include:
  • Evolution 2.10 email client
  • 2.1 office suite
  • SeaMonkey 1.0.99 web application suite
  • GIMP 2.2.13 graphics editor
  • Abiword 2.4.5 text editor
  • Pidgin (formerly GAIM) 1.5 instant messaging client
OpenSUSE is a community project sponsored by Novell. The openSUSE project's main goals are to make openSUSE the most widely used Linux distribution in the world; leverage open source collaboration to make openSUSE the world's most usable Linux distribution and desktop environment for new and experienced Linux users; and make its commercial big-brother SLED (SUSE Linux Enterprise Desktop) the Linux desktop of choice for businesses.

You can download the 698MB live CD ISO image from the main project site, here. Alternatively, you can obtain the live CD ISO images for i386 machines via BitTorrent, here.

Additionally, direct links to the live CD ISOs are available here: GNOME version (698MB); KDE version (700MB).

Be reminded that this is a test version, and Jaeger encourages users to report bugs at the project's bugzilla here. The final 10.3 version is expected by the end of September, Jaeger said.

Screen shots are available for viewing here, thanks to

The top 10 IT skills on the way to extinction

Written by IT News on 8:42 PM

Training, and retraining are a constant part of working in IT. You simply can’t rest on your skill set and stop learning or the technology world will pass you by with little remorse. With that in mind, Mary Brandel over at Computerworld has put together a list of the top 10 skill sets that are on their way out in IT:

  1. Cobol
  2. Nonrelational DBMS
  3. Non-IP networks
  4. cc:Mail
  5. ColdFusion
  6. C programming
  7. PowerBuilder
  8. Certified NetWare Engineers
  9. PC network administrators
  10. OS/2

If you want to hear Mary’s reasoning, you can read the original article.

She’s right, for the most part, although I don’t know that PowerBuilder was ever quite as hot as she believes it was, and I certainly don’t believe that OS/2 was ever a primary skill set for many IT pros.

I would replace those two with “PBX installation” (still out there but destined to be almost completely replaced with VoIP and managed through IT) and “Printer maintenance” (also still out there but printers have gotten easier to manage and most companies just don’t print nearly as much as they used to).

Safari 3.0 Beta For Windows: The Right Tool for the Job?

Written by IT News on 8:35 PM

Apple claims its new Safari 3.0 Windows Web browser loads pages faster than both IE 7 and Firefox 2.0. Here's a look at the new Windows Safari interface and an overview of its many new features.

The Safari Setup program, about 8MB, features a simple installer.

I have just added the Beta of Safari to a XP/SuSe 10.2 dual boot PC.
Already in XP I had IE-7, Opera, Firefox, SeaMonkey, Flock and Maxthon so I could compare them.

Safari is by far the worst followed by IE-7.
Other than to see how the other side (macs) works, I see no point in Safari for Windows.
Its large, bloated, slow, has no advantages over Firefox and Opera.

What is OneNote?

Written by IT News on 4:11 AM

Organize essential information in a digital notebook.

OneNote tabbed interface
Do you spend too much time searching through information you have stored in multiple places? With Microsoftآ® Office OneNoteآ® 2007 you and your work team can overcome the challenges of today's increasingly complex information environment.

An integrated part of the 2007 Microsoft Office system, OneNote 2007 is structured like a digital three-ring binder. You can gather, organize, find, and share typed and handwritten text, images and graphics, and audio and video recordings from a single location on your desktop, laptop, or tablet PC. And with support for multiple and shared notebooks, collaborating with others is efficient and straightforward.

Other new capabilities of OneNote 2007 include:
Instant search. Indexed and super fast, the search function quickly finds what you need.
Tables. Paste tables from Microsoft Office Word and Excelآ®, or the Web into OneNote 2007 pages without losing the original formatting.
Drag-and-drop functionality. Easily drag pages, sections, or folders to your other notebooks.
Try the 2007 Microsoft Office system beta now and find out how OneNote 2007 can help you save time, stay organized, and be more effective.

Check out OneNote 2007.
See how easy it is to manage and share information.

Things to Love About Office 2007

Written by IT News on 4:07 AM

Top Reasons to Upgrade to Microsoft Office 2007.

Ready for a new way to access the features you use the most? The new user interface in the 2007 Microsoftآ® Office release simplifies your work with tools such as the Ribbon and the Quick Access Toolbar. You can do away with guesswork, save time, and get more out of the programs you use every day.

The Ribbon
In place of menus and toolbars, use the new Ribbon tabs in the 2007 release programs Word, Excelآ®, PowerPointآ®, Access, and parts of Outlookآ®. Quickly and easily access the features you use regularly, and see more of the tools available without having to search for them.

To keep your workspace clear and organized, the Ribbon adds additional contextual tabs for many tasks, such as working with tables or graphics. For example, click in a table in a Word 2007 document and the Table Tools Design and Layout tabs appear.

And, if you're a keyboard user, try the new KeyTips feature with the Ribbon:
Press the Alt key to view pop-up tips showing the characters you can type to access any tab.
Once that tab is open, a new set of KeyTips appears automatically.
KeyTips indicates what key to press to access any feature on that tab.
Your Personal Quick Access Toolbars
Just above the Ribbon is a single toolbar designed just for the tools you need to use most often. You can add almost any command from any Ribbon tab to the Quick Access Toolbar. To add a command, just right-click the command and then click Add To Quick Access Toolbar. That's all there is to it!

You can even save custom Quick Access Toolbars for individual files in the 2007 release programs Word, Excel, PowerPoint, or Access. To customize your toolbar, just click the arrow at the end of the Quick Access Toolbar and then click More Commands.

It's that easy!

View a demo.
Side-by-side comparisons with previous versions show how much easier it is to get things done with the new Microsoft Office user interface.


Written by IT News on 3:54 AM

Some users have gotten an error message similar to the following when attempting either to shutdown or restart Win XP:

TechNet and the Microsoft Knowledge Base have numerous articles discussing this type of error condition; for example, these. As a review of these articles will show, these are commonly device driver problems, but may also be caused by troublesome software (such as the notorious CrashGuard), or a problem in a system service. MSKB article Q262575 discusses a shutdown problem of this type, known to exist in Windows 2000 due to a resource (IRQ) conflict, if you have PACE Interlok anti-piracy software installed. This problem may occur in Windows XP as well.

Microsoft advises the following as one approach to these problems: Restart the computer. Press F8 during the restart and select “Last Known Good Configuration.” If you catch the problem when it first occurs (meaning you likely have installed only one or two drivers or new service), this will return you to a previous working condition. (Would System Restore accomplish the same thing? I don’t know, and don’t have a broken system to test it on.)

Microsoft reported similarly that these STOP code error message occur when Windows XP is trying to shut down devices. He says that he has seen this twice: once with Logitech Quickcam installed (with an unsupported driver), and once with a USB DSL modem that would hang if it wasn’t disconnected before shutdown.

Prevent Outlook from adding the country field in Word

Written by IT News on 9:48 PM

Writing letters in Word should be a breeze; however, Outlook may throw a snag in the process. Mary Ann Richardson walks you through the steps of how to block Outlook from automatically adding the country field to your letters.

When you write letters in Word, Outlook automatically inserts the country that matches your PC's regional settings in the Country/Region field for that record (unless you include a country in the address). Consequently, when you click the Insert Address button in the Envelopes And Labels dialog box and choose Outlook as your Address Book, Word automatically inserts the full address, including whatever is in the Country/Region field. For example, if you are located in the United States, Word will insert United States of America. To prevent Word from automatically entering a country in your letters, follow these steps:

  1. Open Outlook.
  2. Open Outlook's Contacts folder.
  3. Go to View | Arrange By | Current View | By Location.
  4. Scroll down until you see the first record with United States of America in the Country/Region column.
  5. Delete United States of America from the Country/Region cell of that record.
  6. Select all remaining records with United States of America in the Country/Region column.
  7. Click the Country/Region cell of one of the selected records and drag it to the empty Country/Region cell created in step 5.

Now when you insert an address using Word's Insert Address button, no country name will appear for the records where the field is blank. When adding new records to your Outlook address book, be sure to delete the country name by clearing the contents of the Country/Region field in the Check Address dialog box for that record.

Enter text without changing the underlying cells in Excel 2007

Written by IT News on 9:34 PM

Excel cells are limited to 256 characters. However, the cell's size and ability to display its contents change with the size of its surrounding columns. Excel 2007's text boxes overcome these potential limitations.

For example, say you have allotted each department $5,000 per month for new computer equipment. The departments will need to start replacing notebook computers for the next release, and they will need to know how many they can replace on that budget. You decide to create a spreadsheet that calculates how much they can finance at the different interest rates they can obtain from local banks. Your spreadsheet lets each department enter a monthly payment within their equipment budget, and then click a button to get the result. To put these instructions into a text box at the top of the worksheet, follow these steps:

  1. Click the Insert tab and then click Text Box.
  2. Click and drag to draw a text box from D3:K6.
  3. Right-click the text box border.
  4. Click on Size And Properties.
  5. Under the Properties tab, click to select Move but don't size with the Cells button.
  6. Click Close.
  7. Right-click the text box border.
  8. Click Format Shape.
  9. Click Text Box.
  10. Click the Resize Shape To Fit Text check box and then click Close.
  11. Click within the text box to type your text. If the text extends below row 6, the box will expand vertically to accommodate the extra text. (Note: You can change the widths of the underlying columns, and the text box will retain its original size.)

Quickly summarize group data in Access 2007 reports

Written by IT News on 9:32 PM

Access 2007 makes it easy to compile a summary from your group data -- in fact, there's even a special dialog box for it. Here's how to create a thorough Access report using group data.

With Access 2007, you don't have to know how to add a control to your report to summarize group data. You simply click the field name in the report and make the appropriate selections in the Grouping dialog box.

For example, say you want to create a report that groups all customers by their city of residence. You want the report to total the number of customers that come from each city. Follow these steps:

  1. Click the Customers database table in the Navigation bar.
  2. Click the Create tab.
  3. Click the Report Wizard button.
  4. Double-click the City in the field list.
  5. Double-click Last Name in the field list.
  6. Double-click First Name in the field list.
  7. Click Next.
  8. Double-click City in the field list.
  9. Click Next.
  10. Click the drop-down arrow of the first text box and select Last Name.
  11. Click Next twice.
  12. Click Aspect.
  13. Click Next.
  14. Name the report Customer City Data and then click Finish.
  15. Right-click the displayed report and select Layout View.
  16. Click the City label in the report.
  17. Click the Group and Sort button under the Grouping and Tools Group section under Format.
  18. Click More.
  19. Click with No Totals arrow.
  20. Select City from Total On the drop-down list.
  21. Select Count Records from the Type drop-down list.
  22. Click the Show in group footer check box.
  23. Click the Show Grand Total check box.
  24. Click the Close Grouping Dialog button.

The report now includes the total number of records that are included in each city group, as well as the total number of records in the entire report.

10 things to look for in an anti-spyware application

Written by IT News on 8:48 PM

Spyware has quickly outpaced viruses as a scourge to businesses. A 2005 FBI study revealed 79 percent of enterprise PCs in the United States are infected with spyware. Worse, according to a 2006 report by Radicati Group, each infestation costs businesses approximately $265 when downtime and repair are factored in.

By deploying and maintaining effective anti-spyware tools, organizations can protect themselves from lost productivity and potential data loss resulting from spyware infestation. Here are 10 things to look for when selecting an anti-spyware platform.

#1: A potent anti-spyware engine

An anti-spyware application is only as good as its signatures database. The application’s underlying anti-spyware engine must be comprehensive. Offerings from leading vendors track as many as three-quarters of a million potential infections, so it’s critical that the application you select has a sizable and potent anti-spyware database.

#2: Automatic updates

You should also ensure that the anti-spyware application you select updates automatically. New spyware and other forms of malicious software are released into the wild almost daily. Quality anti-spyware manufacturers continually update their code. Without those updates, anti-spyware applications quickly become outdated and, subsequently, ineffective.

The best anti-spyware programs support downloading updates automatically.

Most every anti-spyware program includes access to updates. Some, however, require that users manually download and apply them. In busy organizations, users have other responsibilities. Unless the employee is an IT staff member, maintaining a PC’s anti-spyware database isn’t included in their job description. So anti-spyware programs aren’t likely to remain current unless the feature’s built into the software application itself. Insist on an anti-spyware application featuring automated updates.

#3: Active protection

Some anti-spyware applications remove spyware infestations found only while conducting manual scans. To best prevent spyware from infecting a system in the first place, seek an anti-spyware program that includes active protection. By actively monitoring system, process, and network activity, a capable anti-spyware application can block malicious software from installing in the first place.

There’s no sense in waiting for a manually triggered scan to identify performance-robbing spyware and then have to remove it. Preventing the infection via active monitoring processes is by far the preferred option.

#4: Customizable scans

Look for an anti-spyware program that lets you schedule customizable scans. Different workstations are used for different purposes. Based on their intended use, some systems will benefit from more thorough anti-spyware scans. However, the anti-spyware program must support creating the customizable scans.

For example, systems frequently used for Internet browsing may well benefit from daily scheduled anti-spyware scans that check active memory, the Windows registry, the Windows directory, cookie folders, and all hard drives for infestation. On the other hand, systems rarely used for Internet browsing may require only weekly scans of their hard drives.

Seek an anti-spyware program that includes such flexible scanning features.

#5: Unattended capabilities

Standardize on an anti-spyware utility that permits unattended maintenance and administration. The ability to schedule unattended updates and scans ensures that the program you deploy provides effective coverage and protection.

Users typically require access to their desktops throughout the entire business day. So there’s little time for technical support staff to interrupt users’ work for purposes of updating and scanning systems, especially when a thorough scan of a large hard drive can require more than an hour to complete. Neither do IT staffs have time to visit each workstation within the organization to manually configure updates or execute anti-spyware scans.

Good anti-spyware programs can schedule unattended anti-spyware scans (during off hours). Here you can see that AVG Anti-Spyware 7.5 offers scheduling tools as part of its feature set.

Scheduling unattended updates and thorough system scans during off hours, when no staff are present, helps optimize administrative time and productivity.

#6: Effective quarantining/containment

When unattended scans are configured, it’s critical that the anti-spyware application effectively quarantine infections that are found without requiring user interaction. Unless the anti-spyware program can contain active spyware and remove infections automatically, the application will essentially prove useless in business environments.

#7: Process monitoring

Spyware and adware programs exist in so many iterations and derivatives that it’s often difficult for even the best-built anti-spyware programs to catch every form of malicious software. However, anti-spyware tools can go a long way toward helping technology administrators track down and eliminate malicious software not yet identified or recognized as spyware.

AVG’s Anti-Spyware 7.5 includes a potent process monitoring menu from which administrators can terminate unwanted processes.

By including a process monitoring utility within the anti-spyware application, software manufacturers can simplify the task of identifying and eliminating unwanted software. Although many spyware programs hide themselves from Windows Task Manager, better anti-spyware programs include process monitoring features enabling support staff to track and eliminate malicious software Windows itself doesn’t see.

#8: Autostart monitoring

Along with providing support for monitoring active processes, anti-spyware applications should monitor programs that start automatically when Windows loads.

Spyware programs have become fairly sophisticated. Few appear within Control Panel’s Add/Remove Programs applet, and fewer still install within the Start | All Programs menu’s Startup folder. Thus, administrators require a potent anti-spyware program capable of monitoring programs that load automatically at Windows startup. Look for an anti-spyware program that includes autostart monitoring, thereby simplifying the process of removing unwanted software and blocking spyware from loading when Windows starts.

#9: Centralized administration

As mentioned in #5, technology administrators (particularly those in larger organizations) don’t have time to manually administer or support each individual workstation. It’s impractical for many technology staffs to attempt visiting each workstation in person to ensure anti-spyware engine updates are in place, scans are completing as scheduled, and infestations are being quarantined properly.

Webroot’s Spy Sweeper Enterprise has a wide range of centralized administration features. In addition to installing the anti-spyware software on systems throughout the organization, Spy Sweeper Enterprise enables remotely tracking errors, conducting sweeps (or scans), configuring updates and more.

In larger organizations, look for an anti-spyware application that includes a centralized administration console. Such products are often exponentially more expensive than their non-centralized administration-capable counterparts, but the time saved will more than make up the difference within busy IT departments.

#10: Quality reporting

Anti-spyware applications must include effective reporting capabilities. In addition to listing whether scans complete properly, good anti-spyware programs will track infestations that are found, the results of quarantine efforts, and confirmation that updates were downloaded and applied properly.

Beware of fake Microsoft security alerts

Written by IT News on 8:02 PM

Hot on the heels of my posting about the upcoming Patch Tuesday with its four critical patches is a report by SANS Internet Storm Center about a new scam. In this instance, the ill-doers send out fake security bulletins in an attempt to trick victims into installing malicious software on their computers.

According to Network World, the e-mail messages in question claim to be a “Cumulative Security Update for Internet Explorer.”

Of course, it comes with a nice little link helpfully titled “Download this update.” The rest, they say, is a case of a very unhappy IT support staff at your terminal.

It might be worth noting that while Microsoft does send out notification e-mails when it comes to security bulletins, these notifications invariably link to the bulletins themselves, never to executable downloads.

Will such a scam succeed in your workplace? Or is a plethora of security systems already in place to stop it even before the user sees it? Join the discussion.

Preventing malware with tools, patches and education

Written by IT News on 7:49 PM

Unlike malware removal, which often requires specific understanding of how a malware infection can impact a given system, various prevention techniques will effectively block malware regardless of its particular characteristics. Of course, some types of malware can sneak past any defenses, so it is best to apply as many prevention techniques as possible.

The most obvious way of preventing malware infection is to keep a Windows system patched. Most malware exploits flaws or vulnerabilities to infect Windows and its applications. An up-to-date and fully patched Windows computer will greatly reduce malware infection possibilities. Of course, there is always concern about the dreaded zero-day infection, a malware strain that exploits an unknown flaw or recently discovered vulnerability without a published patch.

Another way of preventing malware infections is to run applications that are not as susceptible to infection. The fact of the matter is that malware targets the most commonly used operating system (OS) and its native applications. Since the OS and applications are so closely linked, malware can often cause more damage than if the applications and OS were not so closely linked during development. For instance, using third-party Web browsers is a good way to cut down on the number of potential threats.

Prevention tools
Anti-malware prevention tools are another option for added protection. Nearly all antivirus and antispyware tools compile malware signatures -- detailed descriptions of malware characteristics and behaviors. These applications either block identified threats as they attack a system or quarantine or remove them if the threat has managed to slip by the first line of defense. The downside of these tools is that they require constant updating of their signature libraries -- libraries that might be missing a malware description here and there. To increase the effectiveness of signature-based applications, it is usually a good idea to run multiple types to cover as many malware signatures as possible.

The best anti-malware tools use an anomaly detection technique as well as signature-based defense methods. These tools can adapt to new types of malware. They take frequent snapshots of Windows system images and compare them to previous images to look for differences. These methods rely on the applications heuristic attributes -- the ability to learn to identify new threats. This is still a developing malware prevention technique and its effectiveness is less than 100%, but these applications do provide an added measure of defense.

User education
Technology-based prevention methods are rarely 100% effective by themselves. In addition, many threats still rely on social engineering tactics that can circumvent even the most advanced anti-malware technologies. For these malware threats, the best -- and sometimes only -- prevention method is user education. Better knowledge about what not to accept, where not to surf and who not to trust is ultimately the best malware prevention method.

SUSE Linux Enterprise 10 SP1 is now available

Written by IT News on 7:42 PM

SUSE® Linux Enterprise 10 SP1 brings you the latest advances in virtualization, high-performance computing, desktop usability, security, interoperability and system management. It provides significant enhancements in the areas that you said matter most to your organization, from the desktop to the data center.

Improve your data center reliability, gain flexibility, and save money with the latest advances:

  • Enhanced server virtualization and management
  • Updated high availability storage infrastructure
  • Support for quad-core processors
  • Support for Open Enterprise Server 2 and paravirtualized NetWare®, and more

On the desktop, SP1 delivers more of the innovation you crave—updates to the desktop effects engine, a re-designed main menu and the ability to play embedded video in presentation files. It also provides improved integration with enterprise technologies such as Microsoft Active Directory and Microsoft Office.

See for yourself what SUSE Linux Enterprise 10 SP1 can do

Click here to download your copy today

Who's connected to you?

Written by IT News on 10:30 AM

If you're running any TCP/IP services (such as WWW service, FTP service, POP3/SMTP services, or even just NetBIOS over TCP/IP) on your computer, you may want to find out who's connected to your computer and from where at a given time. This information is easy to obtain using NETSTAT command.

  • Go to the "DOS Prompt" or "Command Prompt"
  • Type NETSTAT
    For example, if you want to redisplay the TCP/IP connections every 10 seconds, type:
    NETSTAT 10
  • Press ENTER

Applicable Keywords : Windows NT, Windows NT 3.x, Windows NT 4.x, Windows, Windows 95

Vista firewall enhancements

Written by IT News on 3:32 AM

Windows Vista spent a very long time in development and puts a new face on just about every feature found in the OS. The Windows firewall in Vista has been a part of this transformation, and includes a number of new features not found in previous versions of the technology. In this article, I'll spend some time discussing the enhancements found in Windows Vista's Firewall -- hereafter called Windows Firewall -- and will explain how to manage this feature.

Vista firewall enhancements

In Windows XP Service Pack 2, Microsoft shipped a vastly improved -- at the time -- client-based firewall solution. The Windows XP firewall in SP2 was enabled by default, which meant that computers were instantly granted better protection from attack. However, the firewall in XP SP2 was missing some key features that have been included in Windows Firewall.

Although there are more, there are two major improvements to the firewall that make it a very viable solution for Vista users:

  • The Windows Firewall now includes application-aware outbound filtering, which provides directional control over all traffic to and from your computer and your user's computers.
  • Microsoft has included an advanced management interface in order to allow administrators to very granularly apply rules to workstations. Further, the Windows Firewall can be managed from Group Policy, meaning that corporate IT can more easily enforce organizational computing policies that may ban specific activities, such as instant messaging or peer-to-peer file sharing.

Managing Windows Firewall

In Vista, Microsoft has provided two distinct interfaces to configure the Windows Firewall:

  • Traditional or basic control panel method. This is a relatively simplistic firewall configuration tool for the Windows Firewall. It looks a lot like the Windows XP firewall management tool.
  • Windows Firewall with Advanced Security settings applet. Intended more for the technically-inclined, this advanced interface provides very granular firewall configuration options.

You’ll learn about both interfaces in this article.

Using the Basic Control Panel interface

The first method, which you could consider the "traditional" or basic management method, will be familiar to anyone that has managed Windows Firewall since its introduction into Windows XP. In Vista, this management interface can be found at Start | Control Panel | Security | Windows Firewall by pressing the Change Settings button, but don't do that quite yet. If you're using the Control Panel’s classic view in your Vista installation, go to Start | Control Panel | Windows Firewall and, in a minute, choose the Change settings option. Figure A gives you a look at the initial Windows Firewall informational window.

Figure A

The Windows Firewall information window.

This window provides you with some general information regarding Windows Firewall, such as whether the firewall is enabled, whether inbound connections are blocked, how firewall-related notifications are handled, and the location of your network. Windows Vista Firewall uses the network location parameter to determine appropriate firewall settings for your computer. I’ll talk more about the possible location settings later. To change your firewall settings, select the Change settings option. This option opens up the Windows Firewall Settings window. When you open this window, the General tab is selected, as shown in Figure B.

Figure B

The Windows Firewall Settings window with the General tab selected.

On this screen are three options. The primary options, On and Off, simply enable and disable Windows Firewall. The checkbox in the middle of the screen, Block All Incoming Connections, is useful when you’ve taken your computer to a place, such as a public Wi-Fi hotspot, and you don’t want to allow any incoming connections at all to your computer. When you select this checkbox, even services that you have exempted from Windows Firewall are blocked, providing a high level of security in low-security environments.

The Exceptions tab, shown in Figure C, provides a way for you to exclude specific services or TCP/UDP ports from being subject to blocking by Windows Firewall.

Figure C

The Windows Firewall Settings window with the Exceptions tab selected.

The main window on this tab displays a list of services that you can select to be exempted from the Windows Firewall. The machine in this screenshot is a brand-new Vista installation and shows you the services that are exempted as a part of the Vista installation. To allow a particular program or port access through the firewall, select the checkbox next to that service, and press OK.

If the program you want to add is not on the list, press the Add Program button at the bottom of the window. The Add A Program screen, shown in Figure D, pops up.

Figure D

Add a custom program to the list of exceptions.

Select the desired program or, if your program is not listed, press the Browse button and point the Windows Firewall at the appropriate executable.

The Change Scope button located at the bottom of this page provides you with a way to limit from what computers the port or program can be used. This screen (Figure E) has three options:

  • Any Computer (including those on the Internet): Allow traffic to this service to originate from anywhere.
  • My Network (subnet) Only: Allow traffic to this service to originate from local computers only.
  • Custom List: Provide an IP address and, optionally, a subnet range. Only computers included in the ranges specified will be allowed to access the service. IP addresses can be provided in either IPv4 or IPv6 format.

Figure E

The Change Scope window.

Take a look now back at Figure C. Next to the Add Program button is a button labeled Add Port. Pressing this button results in the display of the window shown in Figure F, which allows you to add a firewall exception based on a TCP or UDP port number. On the Add Port page, provide a descriptive name for the port/service, the actual port number and indicate whether the exception is for a TCP port or for a UDP port. The downside here is that you have to provide each port individually, which can get rather tedious if you have a lot of ports to open.

Figure F

Add a TCP or UDP port exception.

Again, you can use the Change Scope button to limit the origination point for traffic that uses this exception. The information is the same as that shown in Figure E.

Back on the Properties page for the Windows Firewall, take note of the Properties and Delete buttons. If you've added custom programs and ports to the list of services, use the Delete button to remove the entry if necessary. The Properties button provides you with a description of the selected service.

Finally, take note of the checkbox at the bottom of the Exceptions tab. The Notify Me When Windows Firewall Blocks A New Program checkbox makes Windows let you know when a new program or service tries to make its way through the firewall.

The last tab on the Windows Firewall Setting screen ostensibly provides some "advanced" configuration options. In reality, there's not much here. What is available is shown in Figure G.

Figure G

The Advanced Windows Firewall settings tab.

The options on this tab are very self-evident, so I won’t bore you with the details.

At this point, you might be asked yourself a couple of questions:

  • Where do I configure ICMP settings?
  • Why didn’t I see any outbound firewall configuration rules?

This is where the advanced configuration interface comes into the picture.

Windows Firewall with Advanced Security

New in Windows Vista is a second interface, named Windows Firewall with Advanced Security. This interface is not for the typical home user, but is much more flexible and provides more savvy users with the ability to perform extremely granular Windows Firewall configuration tasks.

This advanced interface is accessible via a couple of different methods:

  • Via the Control Panel: Start | Control Panel | Class View | Administrative Tools | Windows Firewall with Advanced Security.
  • Or, follow these steps:
  1. Go to Start | All Programs | Accessories and choose Run.
  2. In the Run box, type MMC and press [Enter].
  3. In the Microsoft Management Console window, navigate to File | Add/Remove Snap-in.
  4. From the Add/Remove Snap-in dialog box, shown in Figure H, in the Available Snap-in pane, scroll down to Windows Firewall with Advanced Security.

Figure H

The Add/Remove Snap-in window.
  1. Press the Add button.
  2. When asked to select the computer that should be managed by this snap-in, select the Local Computer option and press Finish.
  3. Press OK. This will bring you back to the MMC.
  4. Press the down arrow next to Windows Firewall with Advanced Security. This expands the firewall configuration options and displays current firewall status. This screen is shown in Figure I.

Figure I

The MMC showing the Windows Firewall status.

There are a ton of configuration options available from this main configuration window. I will go through the major points in this article. First, take note that the Overview section provides you with quite a bit of information related to the status of your Windows Firewall.

Windows Firewall with Advanced Security properties window

The first place to look is the properties window for the firewall accessible via the Properties link in the Actions pane. Note that, in Figure J, the Domain Profile tab is selected. Also note that the Public Profile and Private Profile tabs have the exact same options as the Domain Profile tab.

Figure J

The Properties page opens up with the Domain Profile tab selected.

Before I continue, this is a good time to explain the difference in the various profiles:

  • Domain Profile: The options included in this profile are enforced when the computer is connected to a corporate domain.
  • Private Profile: The options included in this profile are enforced when the computer is connected to a private network.
  • Public Profile: The options included in this profile are enforced when the computer is connected to a public network.

From any of the profile tabs, you can perform a number of tasks:

  • Enable or disable the firewall by clicking the Firewall state button.
  • Determine how inbound connections should be handled. Your choices are:
  1. Block (default): Block incoming traffic according to the firewall rules you have defined.
  2. Block all connections: Block all incoming traffic, regardless of firewall rules.
  3. Allow: Allow all incoming traffic to traverse the firewall.
  • Determine how to handle outbound connections; your choices are to either allow or block. There is no option for blocking all.
  • Customize the behavior of the Windows Firewall by pressing the Customize button next to Settings.
  • Determine how much logging should take place by pressing the Customize button next to Logging.

The screen shown below in Figure K is what you see when you press the Customize button in the Settings section of the Properties page. On this screen, decide how you want to handle firewall notifications and whether unicast responses to multicast/broadcast traffic are allowed.

Figure K

Customize Settings for the selected profile.

If you want to modify logging options, click the Customize button at the bottom of the window. You'll get a window like the one in Figure L.

Figure L

Customize logging settings for the selected profile.

From this window, use the Browse button to select the path and filename for the firewall log file. Also specify the maximum log file size and indicate whether or not you want to log dropped packets and/or successful connections. If you log too much information, your log file may get unwieldy.

Back on the Properties page, the only tab that is different from the others is the IPsec Settings tab, which is displayed in Figure M.

Figure M

The IPsec Settings tab.

There's not much on this screen. From here, you can call up the more substantial IPsec configuration window, shown below in Figure N. You can also choose to exclude ICMP packets from IPsec. Doing so can simplify your network troubleshooting efforts since it takes the IPsec layer out of the equation.

Figure N

Further customize your firewall’s IPsec settings.

The options shown in Figure N are the real meat behind your IPsec configuration. From here, you can configure your key exchange mode, data protection mode, and authentication method. Note that each option included a "Default" selection as well as other options from which to choose. Each option also includes an "Advanced" selection. When you choose one of the Advanced selections, the associated Customize button is enabled. The options found when you press one of the Customize buttons allow extremely granular IPsec configurations. Each of the Advanced option windows are shown below in Figures O, P and Q.

Figure O

Advanced IPsec key exchange options available in Windows Firewall.

Figure P

Advanced IPsec data protection options.

Figure Q

Advanced authentication methods window along with other authentication options.

Other Windows Firewall configuration settings

Now that you have seen the Windows Firewall properties pages, let's take a look at some of the other user interface elements. Take a look back at Figure I. I'll start with the options at the left-hand side of the main configuration window:

  • Inbound Rules: Allows you to set rules that affect how inbound traffic is to be handled by Windows Firewall.
  • Outbound Rules: Allows you to set rules that affect how outbound traffic is to be handled by Windows Firewall.
  • Connection Security Rules: Uses IPsec to secure traffic between the computer running Windows Firewall and another computer running Windows Firewall or using a compatible IPsec policy. I won’t be talking too much about these kinds of rules in this article.
  • Monitoring: The monitoring options provide you with a way to find out what your firewall is doing. I won’t be talking too much about monitoring in this article.

Inbound Rules

The Windows Firewall has always had the capability to block incoming traffic. However, with the advanced configuration view, Windows Firewall has become much more flexible for people that know how to configure the services. Figure R gives you a look at the Inbound Rules part of the firewall management interface.

Figure R

Windows Firewall inbound rules list.

Note that each rule listed in the middle of the window has either a gray or a green checkmark next to the rule. A green checkmark indicates that the rule is enabled, while a gray checkmark signifies that the rule is defined, but is not enabled. To enable or disable an existing rule, right-click the rule and choose either Enable Rule or Disable Rule.

There are a significant number of inbound rules available for you to use in Windows Firewall. Note that each individual rule shown in Figure J manages just a single aspect of the service. For example, there are a number of rules that start with the name "Core Networking." Each rule manages a very specific program or protocol; for example, one rule might only allow incoming SMTP connections over TCP port 25. All of the Core Networking rules are enabled since, without some of them, your computer would probably not function effectively. If you want to seriously harden your Vista workstation, you can disable some of the rules, though. Many of the rules are transport protocol version specific. That is, some rules are for IPv4 or IPv6 specifically, but not for both simultaneously. If you are not using IPv6 on your network, you can disable the IPv6-targeted rules.

Outbound Rules

The Outbound Rules option looks just like the Inbound Rules screen shows in Figure J, and works the same way. We’ll take a look at creating new rules soon.

Creating New Rules

The Windows Firewall gives you the ability to create inbound and outbound rules on a number of criteria, including managing access by a specific program or managing access based TCP or UDP port. To add a new rule, select either Inbound Rules or Outbound Rules (depending on what you need), and then select the New Rule option in the MMC. This starts a wizard that walks you through the rule creation process.

The first screen of the wizard, shown in Figure S, asks that you decide what kind of rule you want to create. For this example, I’ll create a custom rule in order to demonstrate the widest possibilities.

Figure S

Choose the type of rule you wish to create.

On the wizard’s second page, select the programs and services that should be restricted by the new rule. You can choose to have the new rule apply to all programs and services that are run (meaning that the rule just looks for general connections and not for connections for specific programs or services), or to only a specific program or service.

Figure T shows you how you can restrict the rule to a specific program. If you want to restrict the rule to a specific service, press the Customize button. The screen shown in Figure U shows that you can apply the rule to all programs and services, to just services, to a service that you choose from a list, or to a service whose short name you type into the dialog box at the bottom of the window.

Figure T

What programs and services should be restricted by this rule?

Figure U

Which services should be covered by the rule?

For my example, I'm applying the new rule to all programs and services.

Page three of the wizard, shown in Figure V, asks that you provide protocols and ports that should apply to this rule.

Figure V

Which protocols and ports should be handled by the rule?

This screen requests the information in the following sections.

Protocol type

The allowed protocol types are as follows:

  • HOPOPT (IPv6 Hop-by-Hop Option)
  • ICMPv4
  • ICMPv6
  • IGMP
  • TCP
  • UDP
  • IPv6
  • IPv6-Route
  • IPv6-Frag
  • IPv6-NoNxt
  • IPv6-Opts
  • GRE
  • VRRP
  • PGM
  • L2TP

Local port

The Local port option is available only if you select TCP or UDP for the protocol type. A local port is a port on the computer running the Windows Firewall.

The allowed options for Local port are:

  • All ports
  • Specific ports
  • Dynamic RPC
  • RPC Endpoint Mapper
  • Edge Traversal

Remote port

The Remote port option is available only if you select TCP or UDP for the protocol type. A remote port is a port on a computer that is trying to communicate with your local computer.

For remote port, you can use either All Ports or Specific Ports.

Internet Control Message Protocol (ICMP) settings

If you selected one of the ICMP options under Protocol type, the Customize button next to this option becomes available. Pressing this button opens the Customize ICMP Settings window shown in Figure W. On this screen, you can choose to apply the rule to all ICMP types, or to just specific ICMP types.

Figure W

The Customize ICMP Settings window.

The next page of the wizard, shown in Figure X, asks you for the local and remote IP addresses (scope) for the new rule. The scope can be applied to both inbound and outbound traffic rules, thus applying the rule to any traffic that meets the scope criteria as well as other rule details.

Figure X

What IP addresses will this rule match?

Once you've defined the parameters under which a rule will take effect, you need to decide what to do in the event of a match. As shown in Figure Y, you have three options:

  • Allow The Connection, regardless of whether or not IPsec is enabled for the connection.
  • Allow The Connection Only If It Is Secured By IPsec. You can also choose sub-options here for additional security. If you select this action, you must also indicate which users or computers can initiate trusted connections.
  • Block The Connection.

Figure Y

What action should be taken when there is a match?

I'm not going to show screens for the last two wizard pages. The second to last page, Profile, asks that you select to which profile -- domain, private or public -- the new rule will be applied. The last screen of the wizard asks that you name the new rule and, optionally, provide a detailed description.

When you’re done creating your new rule, it will appear in the list of rules on the main firewall configuration window.

The bad

There’s no doubt that Windows Firewall, from a capability perspective, can run with the big boys when it comes to client-level protection. However, there are two points worth mentioning that make Vista’s new firewall less than ideal:

  • Outbound monitoring is not enabled by default: This means that users may be under the false assumption that their computers are "better protected" than they were under XP.
  • A seriously complex advanced management interface: The average home user is simply not going to be able to manage this service. Sure, a home user will have less trouble with the basic interface, but the basic interface does not provide a way to enable outbound monitoring, nor does it provide any of the granular management features found in the advanced counterpart. Until Microsoft can significantly simplify the advanced firewall interface, home users will not be able to enjoy the new technical functionality included in the firewall.

A major upgrade

The firewall included in Windows Vista is a far cry from Microsoft’s earlier efforts to create a robust firewall. With its bidirectional protection capabilities, super-granular management options, and wide-reaching configuration parameters, it’s also not for the uninitiated.

Search This Blog

Ads and Sponsored by:

Want to subscribe?

Subscribe in a reader.