Archive for December, 2010

The future of OpenOffice.org

Monday, December 20th, 2010

Yesterday I mentioned an alternative to Microsoft Office called OpenOffice.org.  This is an open sourced project which was originally spawned when Sun purchased StarOffice.  In January of this year, Sun was purchased by Oracle and it looks like OpenOffice.org may not be the wave of the future that I would have liked it to be.

While opening and saving Microsoft Office documents in OpenOffice.org was reasonably successful, the reverse may have not been true.  Sun had created an ODF plugin that worked with Microsoft Office 2003 and 2007 SP1.  Microsoft had added direct support for ODF documents in its Office 2007 SP2 and 2010.  However, the old Sun plugin was initially free.  It is not no longer available and Oracle makes a plugin for $90 with a minimum order of 100.  Kind of a heavy price increase from something that used to be free.

So, what’s a person to do who wants a capable office suite, but wants to get it without paying any money?  Now there is an alternative to OpenOffice.org in the form of LibreOffice from The Document Foundation.  Some of the leading developers for OpenOffice.org went on to create this separate product so as not to be encumbered by anything that Oracle would place on OpenOffice.org.  It’s starting with a core of OpenOffice.org so those familiar with it need not be too freaked out by the prospect of something radically different.

Myself, I’m waiting a bit to see how this plays out.  I like the idea of a free alternative to Microsoft Office.  The online offerings such as Google Docs aren’t necessarily as convenient as something installed on your computer so it’s good to have these local alternatives.

Let’s keep our fingers crossed that either LibreOffice becomes very successful or Oracle doesn’t choke OpenOffice.org.

Dirt cheap Microsoft Office

Sunday, December 19th, 2010

One of the most requested software my clients will request is something from the Microsoft Office suite (usually Word or Excel).  They’re often shocked that it’s not included with a new computer and are really shocked when they’re told how much it’s going to cost (list price runs from $149.95 to $499.95 depending upon which suite).

One option that I’ll suggest is OpenOffice.org since it’s free, very capable, and compatible with Microsoft Office documents.  For the majority of people, this works just fine.  However, some people are either so used to the Microsoft products or actually need some feature present in Microsoft’s software that only Microsoft Office will do the job.

It was brought to my attention recently that Microsoft Office may be available to home users for as little as $9.95.  That’s right, just a nickel under $10.  And it’s legitimate.  I say again so that you understand it’s not a typo:  A legitimate copy of Microsoft Office Professional Plus 2010 for $9.95.

How can this be?  How can it be purchased at this price?  Well, it’s not for everyone, unfortunately.  You have to work for a company that purchases Microsoft Office under a volume license agreement and also purchases Software Assurance as part of that agreement (Software Assurance allows the company to continue to get upgrades for the software as part of the licensing agreement).  Details of the program can be found at the Microsoft Home Use Program site.

What’s the catch?  If your company decides to discontinue Software Assurance when it renews its licensing contract or your employment with the company is terminated, you will no longer have a valid license to use the software.  Beyond that, Microsoft takes care of the details and you only need a little information from your company to be able to place the order.  Details are at the site and on the site where you make your purchase.

So, go check with your company to see if you can get it.  There aren’t that many great deals like this that you can find so take advantage of them when you can.  Microsoft Office for the Mac is also available under this program.  The software will be available for download but you can order a disc as well.

Advertising can be dangerous

Saturday, December 18th, 2010

Advertising on the internet has become something which we all must manage.  It’s the primary way that most commercial (non-merchant) web sites get revenue.  Depending upon the site and ad structure, the revenue is generated when you see the ad, when you click on it, or when you purchase something after clicking on the ad.

Because of this, it’s hard to recommend blocking ads.  Think of this, if everyone blocked every ad on every site, there would be no revenue for these sites and eventually they would go away.  Quite a disapp0inting prospect if you enjoy a particular site for its content.

There is a downside in that we cannot necessarily trust all the ads coming through.  While most ads are for legitimate vendors, the occasional fraud does appear.  Recently DoubleClick (a part of Google) was used to distribute an ad that installed software on a visitors computer without that person clicking on anything to install the software.  I read an article about it here with more details here.  DoubleClick is quiet possibly the largest advertising network.  If a malware producer can get on there, it could mean a lot of it is spread in short order.

The exploit initially used a vulnerability in Microsoft Internet Explorer.  As I’ve mentioned previously, I strongly recommend that you use a browser other than Internet Explorer for most of your browsing.  This isn’t complete safety as the exploit next used vulnerabilities in Java and Adobe Reader to get the installation to occur.  Just another reason why I recommend Firefox with the NoScript add-on.  You can read about that in my previous post here.

I’ll go into more detail later, but one of the big reasons any of these so called drive-by downloads occur is our common tendency to run our computers as an “administrator.”  In so doing, we (and the programs we run) have full access to everything on the computer.

These malware programs can be largely prevented from installing by using a browser other than Internet Explorer, keeping all your software up to date, and running the computer as something other than an administrator.  While staying out of the “deepest darkest” recesses of the internet can help as well, this malware was distributed on a commonly used advertising network so care needs to take place even on “good” sites.

Sneaking startups sucking your sanity.

Friday, December 17th, 2010

Something could be sneakily slowing down your computer.  I wish it was as insidious as spyware or a virus, but it could actually be part of a legitimate program you installed.  I’ve noticed a tendency of software and hardware vendors to add parts of their stuff to the startup routine of your computer.  I’m not sure the overall purpose of this.  My assumption is that they believe it’s to help with their product so that it starts up more quickly.  The side effect is that if you get something added to startup for every software title or hardware item you install, it will actually slow things down and NO ONE gains in performance.

It all starts when you run the installation.  If you’re installing a piece of software, the installation routine may add something to the startup so that when you run the program, half of it is already loaded so it’ll launch faster.  While this sounds like a nice idea, by the time you’ve added the fifth or sixth new thing, your computer will start to bog down as it tries to manage them.  Each one of these startups uses some amount of memory.  Each one uses some percentage of your processor speed.

Are any of these really necessary?  I can say with certainty that the overwhelmingly vast majority are not.  I’d actually be willing to make the bet that NONE of them are necessary outside of drivers required for hardware to function.

Besides pre-loading an application, some programs will run in the background to check for updates.  I’ve seen the likes of Microsoft Works Update Detection and the Sun Java Update Scheduler.  I really don’t understand why these are running in the background constantly.  Apple takes a different approach by setting a Scheduled Task (in Windows) to run occasionally.  This seems like a more intelligent way of accomplishing the same goal as you only run the checking program when you want to check and not keep it in the background all the time.  Why can’t others do the same?

Other background tasks loaded by vendors include Hewlett Packard’s Customer Participation Program (which they imply during their installation routine that it’s something you want) and the Logitech Desktop Messenger (again implied to be something you want).  Both of these appear to only function as a way to provide “news” and “offers” to you.  This is almost akin to the behavior of some spyware.  Both of these are also selected to install by default.  If you aren’t aware of what they’re doing, you won’t think to de-select them during the installation.  They probably also count on many users just clicking “next” on each installation page without reading what options are available.

I read an article that also talked about potential security risks for this software.  This is especially true for large companies, but the same holds for the average user.  In the case of the “news” types I just described, what information is being sent back to the vendor so as to target you with specific messages?  In a large company, system stability is a big issue as anything which harms the ability of the business to function is a bad thing.  These programs have to be considered in the event they conflict with business critical applications.

Are there any benefits to these startups?  Sure.  One example would be if you have a printer/scanner device with buttons on it.  You press a button and your computer does something in response.  You have to be running some kind of software for that to happen.  However, if you never use those buttons, you can safely remove the startup without affecting any other functionality.

Another thing is that the problem isn’t limited to new things you install on your computer.  The computer manufacturer may have put things in for whatever reason it had.  I’ve seen startup applications intended to make your computer easier to use (which, in my opinion, just make things more complicated).  Then there are those related to software the manufacturer agreed with the software developer to add to the computer.  I can’t tell you how much junk I’ve had to remove from a brand new computer that wasn’t even going to be used and just made a mess of things.

Enough of my tirade.  What you should be taking from this is to take care when you install something and be mindful of what it might be adding to your system that could affect its overall performance.

Change your password!

Thursday, December 16th, 2010

Recently the Gawker Media Network was hacked and much of their information (e-mails, chat logs, employee information, source code, but more importantly, usernames, e-mail addresses, and encrypted passwords of users on the sites) was taken and posted publicly.  The information of roughly 1.3 million users has been compromised.  Security experts have already been able to decrypt more than half of the passwords that people have used.  You can read an article about it here.

Maybe you’ve never posted anything to one of these sites (Gawker.com, Lifehacker, Gizmodo, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot.com) so you might not have any concern that your information is out in the wild.  Still, what does it mean to you?  The big implication is that if you did use this site and you have the typical habit of using the same username and password on every other site you use, it’s only a matter of time before your bank account is compromised.

In previous posts I’ve pounded the idea that you should be backing up your system.  Here’s another idea to pound: you need to be very careful about your password choice and decide if convenience is more important or security.  I know it can be trouble to have a different set of login credentials for each site you use, but it’s the best way to keep your information secure. Think about it this way, do you have one key that opens every lock you use?  Chances are, you have a key for your front door, a key for each of your cars, and a few other keys mixed in with none of them being able to work in place of another.  The same idea holds true here.  At the very least you should have a unique login and password for each financial institution that you use.

To really hammer this in, just because you didn’t use a Gawker Media site doesn’t mean that the same principle doesn’t hold.  Any site you’ve used where you had to have some form of login could be hacked and your information used to access other places you go.

How do you manage this?  Very few people have the skill to remember hundreds of different credentials so that each place is unique.  Thankfully, there are many software titles to help you keep track of your login information.  You could even use a low-tech option of writing everything down (just be sure to keep that physically secure as well).  The many software
titles designed to help you manage passwords can help with creating unique passwords to each site and some can even input that information directly into the site’s login form to bring back some of the convenience.  The software also encrypts the information and you only have to remember the password that your software uses to get access.  I recommend using separate software to manage your passwords as it’ll work with all the browsers you use and the encryption is likely better than what your browser has (e.g. Microsoft Internet Explorer has effectively no security on the passwords it has stored).

Popular software titles include RoboForm for Windows and 1Password for Mac and Windows.  They both have versions for some mobile platforms as well.

In conclusion, not only should you be backing up regularly, but you should also do more to ensure that a lack of security on one site you use doesn’t carry over to others.