Just a quick FYI: My latest column for Microsoft’s Expert Zone, CD Burning Secrets, is now available. If you’ve ever been baffled by your burner, you might find some interesting info here.

I spent two hours Monday on the phone with an out-of-state client, cleaning up the mess left by the latest Windows virus, Swen. He had received an infected e-mail that appeared to be from Microsoft and appeared to contain an important security update. So he dutifully ran the attached file. At which point, of course, all hell broke loose.

I was able to walk him through the process of removing the virus, restoring his antivirus software to proper working order, and deleting the 15,000-plus infected messages that had accumulated in his Inbox. Along the way, he asked, several times, “How could I have been so stupid?” Actually, he was taken in by a relatively clever trickster. Here’s the moral of the story:

Don’t trust anything you receive in e-mail. It’s easy to “spoof” the sender field of an e-mail message so that it appears to be from anyone – from Microsoft, or from your best friend, or even from me. Just because you read it in an e-mail, that doesn’t mean it’s true.

Bookmark the security pages for the companies that make the software you use regularly. I’ve got the Microsoft Security and Privacy page in my Favorites folder, along with Symantec’s Security Response page. If you get an e-mail pretending to offer information from either one, don’t ignore it, but don’t assume it’s for real, either. Check it out for yourself before you make any decisions that you might later regret.

If you still can’t figure it out, send me an e-mail. My address isn’t published here (for security reasons), but the Send Me a Note link on this page will let you fill in a Web form that is guaranteed to get to me.

Back in August, 2002, Carl Siechert and I put the finishing touches on Microsoft Windows Security Inside Out for Windows XP and Windows 2000. It’s a big, fat book, encompassing more than 800 pages of fairly technical material aimed at helping ordinary users of Microsoft operating systems break through the haze of misinformation, myth, and technobabble that defines most of the currently available information about Windows security. As it turns out, we may have been a bit ahead of the curve. One year ahead, to be precise.

In the wake of Blaster and Sobig.F, I decided to adapt some of the material from that big security book and publish it as a short, easy-to-follow preventive program. The results are posted at my Web site: Protect Your PC – A Four-Step Program

I hope you find it useful.

This morning’s Washington Post has a well-written article that includes a couple of chilling predictions: Fight Against Viruses May Move to Servers (TechNews.com).

The article quotes Brian King, an Internet security analyst with the government-funded CERT Coordination Center at Carnegie Mellon University, as saying: “Users may not realize that just having anti-virus software and a firewall isn’t enough to protect them anymore.”

Virus writers are getting more clever, and the gap is narrowing between the time vulnerabilities are discovered and exploits are launched. It is no longer realistic to expect ordinary users to be completely responsible for every aspect of security. ISPs and those companies that manage the Internet backbone need to take a much stronger role in blocking dangerous or hostile traffic before it has a chance to reach critical mass.

If your ISP is allowing dozens or hundreds of virus-infected messages to land in your mailbox, maybe you should be asking them why they don’t eliminate those dangerous messages at the server?

I found this collection of satellite pictures from the National Oceanic and Atmospheric Administration (NOAA) remarkable. The photo at the top left shows the blackout zone; the photo below it and to the right shows the same view from the night before, with all lights blazing brightly. Remarkable!

[PLEASE NOTE THE DATE ON THIS POST. The deal referred to has expired… There are often equally good deals on the same software, however. Just keep your eyes open. – Ed]

Amazon.com is selling Norton AntiVirus 2003
for $40, with $40 worth of rebates if you can rustle up an old copy of any Norton or McAfee antivirus product. If you can’t find one, you can still get a $20 rebate, for a net cost of $20. Great deal!

A reader named George writes:

Hey Ed,

I guess you were pretty tied up writing your new book about Office 2003. Please let us know when it hits the shelves (I heard something about August 15)…

I got a copy of your Office XP book and earned every possible Microsoft Office Specialist Certification. So kudos to you guys for your excellent work.

PS: I noticed that the new book is quite bigger than the previous one. Are you covering the new Office 2003 members like Infopath and OneNote???

Thanks for the success story, George! Yes, I’ve been pretty thoroughly tied up working on Special Edition Using Microsoft Office 2003. But it’s in the hands of the publishers now, who are feverishly putting in the final touches to get it ready for availability in mid-September. The book covers all the applications in the retail version of Office 2003 Professional. That doesn’t include InfoPath (which is intended for enterprise installations). We do have a small section on OneNote (which is only sold separately and is not bundled with any Office version).

Coincidentally or not, Microsoft announced today that Office 2003 has released to manufacturing, which means it will be available on new computers in late September and in retail packages on October 21. I think they’ve done a good job and will have a lot more to say about it in the next few months.

One common problem that affects just about everyone who uses Windows is the tendency to have too much stuff running at startup. Sometimes it seems like every program you install wants to make sure it runs every time you turn on your PC. The result, especially if you use Windows 98 or Windows Me, is a general slowdown and the risk of an unstable system.

To solve the problem, I recommend Mike Lin’s Startup Control Panel, a free utility that allows you to see exactly what’s running at startup. You can disable or delete any item on the list with just a couple of clicks.

Excellent stuff.

Arie Slob of Windows-Help.NET passes along the news that a New TweakUI 2.10 for Windows XP is available. He’s got a nice list of the new features you’ll find there, plus links to the download site.

Be sure to read the documentation first. This update requires Windows XP Service Pack 1 or Windows 2003 Server. If you’re running XP and you don’t have SP1 yet, go to Windows Update and get it.

If you use Windows 2000, it’s time to download and install Service Pack 4. You’ll find an impressive array of fixes. No new features, though – that’s not what SPs are for…