Configuring Dynamic Host Configuration Protocol (DHCP)

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows administrators to manage and automate the assignment of IP addresses in a centralized console. Without DHCP, the IP address must be “statically” configured on each computer. This isn’t such a big deal in a small (ten client-or-less) environment, but when you get into significantly larger environments, static IP address management can become a nightmare. Factor in the mobility of using laptops, and the need to be able to connect to other networks dynamically, and you’ll find it’s almost impossible in today’s world not to use DHCP.

The way DHCP works is fairly simple. Using a client/server model, a DHCP server maintains a pool of IP addresses. DHCP clients request and obtain leases for IP addresses during the boot process. DHCP was derived from the Bootstrap Protocol (BOOTP), which was a protocol typically used to allow clients to boot from the network rather than from a hard drive. Through this boot process, BOOTP assigned an IP address dynamically to the client computer. Some benefits of using a Windows Server 2008 DHCP server include:

DNS integration. Windows Server 2008 DHCP integrates directly with DDNS. When a computer obtains a lease for an IP address, the DHCP server can then register or update the computer’s Address (A) records and pointer (PTR) records in the DNS database via Dynamic DNS on behalf of the client computer. The result of the two—DHCP used with DDNS—is true dynamic IP address management. Any computer can start up on the network and receive an IP address that is further registered in the DNS name server.

Multicast address allocation. The Windows Server 2008 DHCP can assign IP addresses to multicast groups in addition to the standard individual hosts. Multicast addresses are used to communicate with groups such as server clusters using network load balancing.

Detection of unauthorized DHCP servers. By restricting DHCP servers to those that are authorized, you can prevent conflicts and problems on the network. An administrator must configure Active Directory to recognize the DHCP server before it begins functioning on the network. The Windows Server 2008 DHCP service contacts Active Directory to determine whether it is an authorized DHCP server. Active Directory also enables you to configure which clients a DHCP server can service.

Enhanced monitoring. With the Windows Server 2008 DHCP service, you have the ability to monitor the pool of IP addresses and receive notification when the address pool is utilized at a threshold level. For example, you might monitor for a threshold of 90 percent or above.

Vendor and user classes. Vendor and user classes enable you to distinguish the types of machines that are obtaining DHCP leases. For example, you can use a predefined class to determine which users are remote access clients.

Clustering. Windows Server 2008 DHCP services support clustering. Through a cluster, you can ensure a higher reliability and availability of DHCP services to clients.

The negotiation process consists of only four messages, two from the client and two from the server. The first message is the DHCP Discover message from the client to the server. This message looks to a DHCP server and asks for an IP address lease. The second message is the DHCP Offer message responding from the server to the client. A DHCP Offer tells the client that the server has an IP address available. The third message is a DHCP Request message from the client to the server. In this message, the client accepts the offer and requests the IP address for lease. The fourth and final message is the DHCP Acknowledge message from the server to the client. With the DHCP Acknowledge message, the server officially assigns the IP address lease to the client. Each DHCP server requires a statically applied IP address.

DHCP was originally introduced in RFC 2131 back in March of 1997 (http://www.rfceditor.org/rfc/rfc2131.txt). Since the inception of DHCP, a number of add-on DHCP options have made it possible to disburse even more IP-related information to clients, making IP management much more flexible for IT administrators.

Source of Information : Syngress The Best Damn Windows Server 2008 Book Period 2nd Edition

Windows Server 2008 DNS - Configuring Zone Resolution

There is a new name resolution available with the release of Windows Server 2008: GlobalNames Zones. The GlobalNames zone was introduced to help phase out the Windows Internet Naming Service (WINS), which we will discuss later. However, it is important to note that the GlobalNames zone is not intended to support the same type of name resolution provided in WINS, records which typically are not managed by IT administrators. After the configuration of the GlobalNames zone, you are responsible for management of all records in the zone, as there are no dynamic updates.

So, where this is really relevant is within organizations that have multiple domain names. Without single-label names (also known as NetBIOS names), Windows-based computers will append DNS suffixes based on the order provided, either via the individual TCP/IP settings of the client, DHCP settings, or Group Policy settings. Again, the key here is that if there are MULTIPLE domain names an organization must manage, they may find it easier to use the GlobalNames zone since the GlobalNames zone records can be configured globally for the single-label names. Records that are contained within the GlobalNames zone are known as global names.

Several prerequisites must be met before using the GlobalNames zone:

• No existing DNS zone can be named GlobalNames.

• All authoritative DNS servers must be running Windows Server 2008.

• All DNS servers running on Windows Server 2008 must store a local copy of the GlobalNames zone or must be able to remotely communicate with a server that does.

• The GlobalNames Zone Registry setting must be enabled on the server. This can be done by typing dnscmd /config /enableglobalnamessupport 1.

Let’s walk through the steps in configuring a GlobalNames zone:

1. Choose Start.

2. Right-click Command Prompt and select Run As Administrator.

3. At the command prompt, type dnscmd /config/enableglobalnamessupport 1.

4. Close the command-line prompt.

5. Select Start Administrative Tools DNS.

6. Right-click your DNS server, and then click New Zone to open the New Zone Wizard.

7. Create a new zone and give it the name GlobalNames.

8. Complete the remaining configuration options as we have done previously, and then click Finish to complete the process.


Next, we will create a CNAME record for use with the GlobalNames zone:
1. Right-click the GlobalNames zone now available under the Forward Lookup Zones.

2. Select New Alias (CNAME).

3. Enter the alias of the server. For example, we can name it widgetserver.

4. Enter the FQDN of the target host. In this case, it will be our DNS server for testing purposes: dc1.uccentral.ads. If you do not have a record for your server, you may need to stop the CNAME process, and create an A record in the primary zone for your domain.

5. Click OK.

To test the GlobalNames zone record, simply go to the command prompt of a client PC and type ping gnztest. This will return the IP address as expected.

Source of Information : Syngress The Best Damn Windows Server 2008 Book Period 2nd Edition

Windows Server 2008 DNS Reverse Lookup Zones

A reverse lookup zone is an authoritative DNS zone that is used primarily to resolve IP addresses to network resource names. This zone type can be primary, secondary, or Active Directory–integrated. Reverse lookups traverse the DNS hierarchy in exactly the same way as the more common forward lookups. To handle reverse lookups, a special root domain called in-addr.arpa was created. Subdomains within the in-addr.arpa domain are created using the reverse ordering of the octets that form an IP address. For example, the reverse lookup domain for the 192.168.100.0/24 network would be 100.168.192.in-addr.arpa. The reason the IP addresses are inverted is that IP addresses, when read from left to right, get more specific; the IP address starts with the more general information first. FQDNs, in contrast, get more general when read from left to right; the FQDN starts with a specific host name. In order for reverse lookup zones to work properly, they use a special RR called a PTR record that provides the mapping of the IP address in the zone to the FQDN. Reverse lookup zones are used by certain applications, such as NSLookup (an important diagnostic tool that should be part of every DNS administrator’s arsenal). If a reverse lookup zone is not configured on the server to which NSLookup is pointing, you will get an error message when you invoke the nslookup command.


Security Considerations for the Presence of a Reverse Lookup Zone
Being able to make NSLookup work against your DNS servers is not the only, or most important, reason why you should configure reverse lookup zones. Applications on your internal network, such as DNS clients that are trying to register PTR records in a reverse lookup zone, can “leak” information about your internal network out to the Internet if they cannot find a reverse lookup zone on the intranet. To prevent this information from leaking from your network, you should configure reverse lookup zones for the addresses in use on your network.

Configuring Reverse Lookup Zones
Now, we need to create a matching reverse lookup zone. This will handle reverse resolution for our subnet. In this case, it is 192.168.1.x.

1. Choose Start Administrative Tools DNS.

2. In the console tree, click Reverse Lookup Zones.

3. Right-click Reverse Lookup Zones, and then click New Zone.

4. When the New Zone Wizard appears, click Next.

5. On the Zone Type page, select Primary Zone, and then click Next.

6. On the Reverse Lookup Zone Name page, make sure IPv4 is selected, and then click Next.

7. On the Reverse Lookup Zone Name page, in the Network ID field, type the start of the subnet range of your network (in this case, 192.168.1.x), and then click Next.

8. On the Zone File page, click Next.

9. On the Dynamic Update page, click Next.

10. On the Completing The New Zone Wizard page, click Finish.

Now we need to enable IPv6 so we can offer domain name resolution for clients who may use IPv6 as opposed to IPv4. We’re also going to need it if we want to enable IPv6 DHCP addressing. First, we need to set an IPv6 address for our server. To do so, perform the following steps:

1. Choose Start and right-click Network.

2. Select Properties from the drop-down menu.

3. Click Manage Network Connections.

4. Right-click the Network connection and choose Properties.

5. Double-click Internet Protocol Version 6 (TCP/IPv6).

6. Click the radio button for Use The Following IPv6 Address. If you are not familiar with IP addressing, you can use 2001:0db8:29cd:1a0f:857b:455b:b4ec:7403.

7. Enter a Subnet prefix length of 64.

8. Your preferred DNS server would be the same as that mentioned earlier (your IPv6 address).
9. Close the Network Connections window and re-open the DNS administrator console.

10. In the console tree, click Reverse Lookup Zones.

11. Right-click Reverse Lookup Zones, and then click New Zone.

12. When the New Zone Wizard appears, click Next.

13. On the Zone Type page, select Primary Zone, and then click Next.

14. On the Reverse Lookup Zone Name page, make sure IPv6 is selected, and then click Next.

15. In the Reverse Lookup Zone Name field, type in the prefix 2001:0db8:29cd:1a0f::/64, and then click Next.

16. On the Dynamic Update page, choose Allow Both Nonsecure And Secure Dynamic Updates, and click Next.

17. Click Finish to create the New Zone.

18. To create an IPv6 record, right-click the Primary Lookup Zone for your domain (in our lab, it is uccentral.ads), and then click New Host.

19. In the Name field, enter the name of your server. Our server name is dc1.

20. In the IP address field, enter the IPv6 address we set for the server.

21. Verify that Create Associated Pointer (PTR) Record is checked, and click Add Host.

You should now see a new AAAA record for the server, as well as a new PTR record in the Reverse Lookup Zone we created.


Now you can double-click the Forward Lookup Zones and Reverse Lookup Zones and view the zones you have created. The zones will be displayed in the console pane under the appropriate zone type. From here, you can add records by right-clicking the zone and selecting the type of record you want to create. Likewise, you can right-click the zone and select Properties to modify the properties of the zone. Some of the properties you can modify include:

• Dynamic Updates: The ability for clients to automatically update DNS records.

• Zone Type: You can change a zone type from Primary, to Secondary, or to Stub Zone. If Active Directory is installed, you can also make the zone Active Directory–integrated.

• WINS integration: This is where you can involve WINS resolution with DNS resolution.

• Name Servers: You can add the names and IP addresses of servers that have the rights to create copies of the DNS zone.

• Zone Transfer: Here, you can specify whether the zone can be transferred to another DNS server. You can also specify whether it can be transferred to any server, only the servers in the Name Servers tab (discussed earlier), or to only specific DNS servers by IP address or FQDN.

Source of Information : Syngress The Best Damn Windows Server 2008 Book Period 2nd Edition

Windows Server 2008 DNS Active Directory Records

If you turned on dynamic updates in the previous sidebar, and you have Active Directory loaded on your server, reboot your system. After your system reboots, notice the following new records in your zone.

• _ldap._tcp. Enables a client to locate a domain controller in the domain named by . A client searching for a domain controller in the domain uccentral.ads would query the DNS server for _ldap._uccentral.ads.

• _ldap._tcp.._sites. Enables a client to find a domain controller in the domain and site specified (such as _ldap._tcp.lab._sites.uccentral.ads for a domain controller in the Lab site of uccentral.ads).

• _ldap._tcp.pdc._msdcs. Enables a client to find the PDC Emulator flexible single master operations (FSMO) role holder of a mixed- or native-mode domain. Only the PDC of the domain registers this record.

• _ldap._tcp.gc._msdcs. Found in the zone associated with the root domain of the forest, this enables a client to find a Global Catalog (GC) server. Only domain controllers serving as GC servers for the forest will register this name. If a server ceases to be a GC server, the server will deregister the record.

• _ldap._tcp. ._sites.gc._msdcs. Enables a client to find a GC server in the specified site (such as _ldap._tcp.lab._sites.gc._msdcs. uccentral.ads).

• _ldap._tcp..domains._msdcs. Enables a client to find a domain controller in a domain based on the domain controller’s globally unique ID (GUID). A GUID is a 128-bit (8 byte) number that is generated automatically for the purpose of referencing Active Directory objects. This mechanism and these records are used by domain controllers to locate other domain controllers when they need to replicate, for example.

Enables a client to find a domain controller via a normal Host (A) record.

Special records specifically associated with Active Directory allow servers and clients to interact with Active Directory services in a meaningful way.

Source of Information : Syngress The Best Damn Windows Server 2008 Book Period 2nd Edition

Windows Server 2008 DNS Zone Transfer

Zone transfer is the process of copying the contents of the zone file on a primary DNS server to a secondary DNS server. Using zone transfer provides fault tolerance by synchronizing the zone file in a primary DNS server with the zone file in a secondary DNS server. The secondary DNS server can continue performing name resolution if the primary DNS server fails. Furthermore, secondary DNS servers can transfer to other secondary DNS servers in the same hierarchical fashion, which makes the higher-level secondary DNS server a master to other secondary servers. Three transfer modes are used in a Windows Server 2008 DNS configuration:

• Full Transfer. When you bring a new DNS server online and configure it to be a secondary server for an existing zone in your environment, it will perform a full transfer of all the zone information in order to replicate all the existing resource records for that zone. Older implementations of the DNS service also used full transfers whenever updates to a DNS database needed to be propagated. Full zone transfers can be very time-consuming and resource-intensive, especially in situations where there isn’t sufficient bandwidth between primary and secondary DNS servers. For this reason, incremental DNS transfers were developed.

• Incremental Transfer. When using incremental zone transfers, the secondary server retrieves only resource records that have changed within a zone, so that it remains synchronized with the primary DNS server. When incremental transfers are used, the databases on the primary server and the secondary server are compared to see if any differences exist. If the zones are identified as the same (based on the serial number of the Start of Authority resource record), no zone transfer is performed. If, however, the serial number on the primary server database is higher than the serial number on the secondary server, a transfer of the delta resource records commences. Because of this configuration, incremental zone transfers require much less bandwidth and create less network traffic, allowing them to finish faster. Incremental zone transfers are often ideal for DNS servers that must communicate over low-bandwidth connections.

• DNS Notify. The third method for transferring DNS zone records isn’t actually a transfer method at all. To avoid the constant polling of primary DNS servers from secondary DNS servers, DNS Notify was developed as a networking standard (RFC 1996) and has since been implemented into the Windows operating system. DNS Notify allows a primary DNS server to utilize a “push” mechanism for notifying secondary servers that it has been updated with records that need to be replicated. Servers that are notified can then initiate a zone transfer (either full or incremental) to “pull” zone changes from their primary servers as they normally would. In a DNS Notify configuration, the IP addresses for all secondary DNS servers in a DNS configuration must be entered into the notify list of the primary DNS server to pull, or request, zone updates.

Each of the three methods has its own purpose and functionality. How you handle zone transfers between your DNS servers depends on your individual circumstances. The full and incremental transfers actually transfer the data between the DNS servers, and that DNS Notify is not a mechanism for transferring zone data. It is used in conjunction with AXFR (Full Transfer) and IXFR (Incremental Transfer) to notify a secondary server that new records are available for transfer.


How to create a new DNS zone:
1. Choose Start Administrative Tools DNS.

2. In the console tree, double-click your server, and then click Forward Lookup Zones.

3. Right-click Forward Lookup Zones, and then select New Zone.

4. The New Zone Wizard appears. Click Next.

5. On the Zone Type page, click Primary zone and then click Next.

6. On the Active Directory Zone Replication Scope page, click Next.

7. On the Zone Name page, in the Name field, type a name for a test zone, and then click Next.

8. On the Zone File page, click Next.

9. On the Dynamic Update page, choose Allow Both Nonsecure And Secure Dynamic Updates and click Next.
Normally, when configuring Dynamic Updates, you should choose the Secure Only option. For lab purposes in this book, however, you can choose Allow Both Nonsecure And Secure Dynamic Updates.

10. On the Completing The New Zone Wizard page, click Finish.

Source of Information : Syngress The Best Damn Windows Server 2008 Book Period 2nd Edition

Configuring Windows Server 2008 DNS Zones

Simply put, a zone is the namespace allocated for a particular server. Each “level” of the DNS hierarchy represents a particular zone within DNS. For the actual DNS database, a zone is a contiguous portion of the domain tree that is administered as a single separate entity by a DNS server. The zone contains resource records for all of the names within the zone. If Active Directory–integrated zones are not being used, some zone files will contain the DNS database resource records required to define the zone. If DNS data is Active Directory–integrated, the data is stored in Active Directory, not in zone files.

• Primary Zone. With a primary zone, the server hosting this zone is authoritative for the domain name. It stores the master copy of the domain information locally. When the zone is created, a file with the suffix .dns is created in the %windir%\System32\dns subdirectory of the DNS server.

• Secondary Zone. This is a secondary source—essentially a copy—of the primary DNS zone, with read-only capabilities.

• Stub Zone. Only stores information about the authoritative name servers for a particular zone.

Primary and secondary zones are standard (that is, non-Active Directory–integrated) forward lookup zones. The principal difference between the two is the ability to add records. A standard primary zone is hosted on the master servers in a zone replication scheme. Primary zones are the only zones that can be edited, whereas secondary zones are read-only and are updated only through zone transfer. DNS master servers replicate a copy of their zones to one or more servers that host secondary zones, thereby providing fault tolerance for your DNS servers. DNS standard zones are the types of zones you should use if you do not plan on integrating Active Directory with your DNS servers.

An Active Directory–integrated zone is basically an enhanced primary DNS zone stored in Active Directory and thus can, unlike all other zone types, use multimaster replication and Active Directory security features. It is an authoritative primary zone in which all of the zone data is stored in Active Directory. As mentioned previously, zone files are not used nor necessary. Integrating DNS with Active Directory produces the following additional benefits:

• Speed. Directory replication is much faster when DNS and Active Directory are integrated. This is because Active Directory replication is performed on a per-property basis, meaning that only changes that apply to particular zones are replicated. Because only the relevant information is to be replicated, the time required to transfer data between zones is greatly reduced. On top of this, a separate DNS replication topology is eliminated because Active Directory replication topology is used for both ADI zones and AD itself.

• Reduced Administrative Overhead. Any time you can reduce the number of management consoles you have to work with, you can reduce the amount of time needed to manage information. Without the advantage of consolidating the management of DNS and Active Directory in the same console, you would have to manage your Active Directory domains and DNS namespaces separately. Moreover, your DNS domain structure mirrors your Active Directory domains. Any deviation between Active Directory and DNS makes management more time-consuming and creates more opportunity for mistakes. As your network continues to grow and become more complex, managing two separate entities becomes more involved. Integrating Active Directory and DNS provides you with the ability to view and manage them as a single entity.

• Automatic Synchronization. When a new domain controller is brought online, networks that have integrated DNS and Active Directory have the advantage of automatic synchronization. Even if a domain controller will not be used to host the DNS service, the ADI zones will still be replicated, synchronized, and stored on the new domain controllers.

• Secure Dynamic. DNS Additional features have been added that enhance the security of secure dynamic updates.

A reverse lookup zone is an authoritative DNS zone that is used primarily to resolve IP addresses to network resource names. This zone type can be primary, secondary or Active Directory–integrated. Reverse lookups traverse the DNS hierarchy in exactly the same way as the more common forward lookups.

Stub zones are a new feature introduced in Windows Server 2008. They contain a partial copy of a zone that can be hosted by a DNS server and used to resolve recursive or iterative queries. A recursive query is a request from a host to a resolver to find data on other name servers. An s query is a request, usually made by a resolver, for any information a server already has in memory for a certain domain name. Stub zones contain the Start of Authority (SOA) resource records of the zone, the DNS resource records that list the zone’s authoritative servers, and the glue address (A) resource records that are required for contacting the zone’s authoritative servers. Stub zones are useful for reducing the number of DNS queries on a network, and consequently the resource consumption on the primary DNS servers for that particular namespace. Basically, stub zones are used to find other zones and can be created in the middle of a large DNS hierarchy to prevent a query for a distant zone within the same namespace from having to ascend, traverse, and return over a multitude of zones.

Windows Server 2008 also allows for a special type of Primary Zone—known as an AD integrated zone—which basically means that the data is stored within Active Directory Domain Services, and is replicated to other DNS servers during normal AD replication periods. AD-integrated zones offer a number of benefits, including:

• Secure Dynamic. Updates Systems that are authenticated by Active Directory can update their DNS records. This allows name resolution for clients and servers while eliminating DNS poisoning by rogue systems that create DNS records.

• Automatic Synchronization Zones are created and synchronized to new domain controllers (with DNS installed) automatically.

• Efficient Replication Less data is replicated since only relevant changes are propagated.

Source of Information : Syngress The Best Damn Windows Server 2008 Book Period 2nd Edition

Using Server Core and DNS for Windows Server 2008

One of the ways Server Core can be used is to provide a minimal installation for DNS. A number of advantages to running DNS within Server Core include:

• Smaller Footprint: Reduces the amount of CPU, memory, and hard disk needed.

• More Secure: Fewer components and services running unnecessarily.

• No GUI: No GUI means that users cannot make modifications to the DNS databases (or any other system functions) using common/user-friendly tools.

If you are planning to run DNS within a Server Core install, several steps must be performed prior to installation. The first step is to set the IP information of the server. To configure the IP addressing information of the server, do the following:

1. Identify the network adapter. To do this, in the console window, type netsh interface ipv4 show interfaces and record the number shown under the Idx column.

2. Set the IP address, Subnet Mask, and Default Gateway for the server. To do so, type netsh interface ipv4 set address name=”” source=static address= mask= gateway=. ID represents the interface number from step 1, represents the IP address we will assign, represents the subnet mask, and represents the IP address of the server’s default gateway.

3. Assign the IP address of the DNS server. If this server is part of an Active Directory domain and is replicating Active Directory–integrated zones, we would likely point this server to another AD-integrated DNS server. If it is not, we would point it to another external DNS server—usually the Internet provider of your company. From the console, type netsh interface ipv4 add dnsserver name=”” address= index=1. >. ID represents the number from step 1, while represents the IP address of the DNS server. Once the IP address settings are completed—you can verify this by typing ipconfig /all—we can install the DNS role onto the Core Server installation:

4. To do this, from the command line, type start /w ocsetup DNS-Server-Core-Role.

5. To verify that the DNS Server service is installed and started, type NET START. This will return a list of running services.

6. Use the dnscmd command-line utility to manipulate the DNS settings. For example, you can type dnscmd /enumzones to list the zones hosted on this DNS server.

7. We can also change all of the configuration options we modified in the GUI section earlier by using the dnscmd /config option. For example, we can enable BIND secondaries by typing dnscmd /config /bindsecondaries 1.

There are many, many more things you can do with the dnscmd utility. For more information on the dnscmd syntax, visit http://technet2.microsoft.com/WindowsServer/en/library/d652a163-279f-4047-b3e0-0c468a4d69f31033.mspx.

Source of Information : Syngress The Best Damn Windows Server 2008 Book Period 2nd Edition

Diskeeper Undelete 2009

If you accidently delete an important file, you could restore your files using your backup software—but doing so may have some unintended consequences, such as overwriting recently updated files. The Windows Recycle Bin keeps some of your files, but if the file has been overwritten or is exceptionally large, Recycle Bin won’t retain a copy of the file. Diskeeper’s Undelete 2009 ($29.95; www.undelete.com) replaces the Windows Recycle Bin with Diskeeper’s Recovery Bin to let you access and restore all of your deleted and overwritten files. To help you locate deleted files, Undelete 2009 includes a search tool to let you find and recover the files you need. The recovery program also lets you roll back a file, such as a document or spreadsheet, to an earlier saved version, so you can quickly load an older version. Because you may not know which file version is the one you want, Undelete 2009 features the ability to preview the content, so you’ll know that you’re restoring the correct version. For file security, Undelete 2009 provides SecureDelete 2.0, which is a feature that purges files using a technique developed for the National Security Agency and the Department of Defense.

Source of Information : Smart Computing / January 2009

Installing and Configuring DNS for Windows Server 2008

DNS can be installed and configured on any version of Windows Server 2008—Web Edition, Standard Edition, Enterprise Edition, or Datacenter Edition. It is a network service that can be integrated with Active Directory (for security and replication purposes), or as a stand-alone service. A Windows Server 2008 DNS can manage not only internal namespaces, but external (Internet-facing) namespaces as well. In the following examples, we will be installing DNS on a Windows Server 2008 Standard Server.

1. Choose Start Administrative Tools Server Manager.

2. Scroll down to Role Summary and click Add Roles.

3. When the Before You Begin page opens, click Next.

4. On the Select Server Roles page, select DNS Server, and then click Next.

5. At the DNS Server window, read the overview, and then click Next.

6. Confirm your selections, and then click Install.

7. When installation is complete, click Close.

Next, we will configure some basic server settings:
1. Choose Start Administrative Tools DNS.

2. Find your server name in the left pane and double-click it. This will open the DNS configuration for this server.

3. Look at the DNS properties of this server. Right-click the server name and select Properties from the drop-down menu.

4. The first tab that opens is the Interfaces tab. This tab can be adjusted if you have additional NICs in your server. This is particularly useful if you only want DNS queries to be answered by systems on a particular subnet. In general, you will likely leave it at the default of All IP Addresses.

5. Click the Root Hints tab. Notice there are multiple name servers with different IP addresses. With root hints, any queries that cannot be answered locally are forwarded to one of these root servers. Optionally, we can clear our root hints by selecting them and clicking Remove. Remove all of the servers, and click Forwarders.

6. On the Forwarders tab, we can specify where DNS queries that are not resolved locally will be resolved. As opposed to Root Hints, this gives us much more control over where our queries are sent. For example, we can click Edit… and enter 4.2.2.1—a well-known DNS server. After you enter the IP address, click OK.

7. Look through the other tabs in the Properties dialog box. In particular, take a look at the Advanced tab. Notice the check box for BIND Secondaries—this makes it possible for BIND servers to make local copies of DNS databases. Also, look at the Enable Automatic Scavenging Of Stale Records option. With this option, you can specify the period before which DNS will perform a cleanup of old records.

8. Click Apply to save the changes we made, and then click OK to close the window.

Source of Information : Syngress The Best Damn Windows Server 2008 Book Period 2nd Edition

Backup software – Automatically Archive Your Data

How often do you back up the data on your PC? If the answer is once a year or even every month, a system crash may still result in the loss of your most recently added photos, music, videos, documents, and email. The best way to avoid losing your data is the use of a backup application that, on a daily basis, creates a copy of your entire hard drive or recently updated files. Many backup applications also include a way for you to restore the files and your OS (operating system), should something go wrong. We’ll examine several popular data backup programs and cover the primary features of each application.


Drive Backup 9.0 Personal
Paragon Software I $39.95
www.paragon-software.com
Like many other backup tools, Paragon Software’s Drive Backup 9.0 Personal lets you create an image of your hard drive (with Windows OS files) onto disc, an external or network storage location, or secondary hard drive on your PC. You can use the hard drive image to restore your PC with all the applications, user preferences, settings, and files that were on your PC when the backup was created. But rather than requiring you to reinstall Windows and install Drive Backup 9.0 before restoring your PC, the application lets you use a bootable USB flash drive or CD and begin the restoration process by simply booting your PC via the backup media. In terms of usability, Drive Backup 9.0 Personal edition offers a task pane on the left-hand side that allows you to quickly select the task you want to perform. The application’s built-in scheduler allows you to configure Drive Backup 9.0 to automatically back up specific files and folders, clone the PC’s hard drive, or even restore the computer to a previous state. Version 9.0 includes a file-level protection feature that prevents the overwriting of old versions of emails, Outlook content, photos, music, videos, and Microsoft Office files. And, unlike some other backup programs, Drive Backup 9.0 Personal can copy currently open files and transfer incremental backups, so you’ll always archive the most current file version. Another handy feature of Drive Backup 9.0 is that it offers an image browser feature that lets you view individual, backed up files and folders and make selective choices about the files you want to restore.


True Image Home 2009
Acronis I $49.99
www.acronis.com
If you’ve ever avoided updating an application or device driver because you were afraid the new version may not work as well as your current software, you’ll appreciate the Try&Decide feature of Acronis True Image Home 2009. The backup application lets you put the PC into a test mode where installations and changes are not applied to the hard drive directly. Thus, you can try out any changes before implementation. Acronis True Image Home 2009 allows you to create disk images and specify files or folders to back up, and you can set up the software to automatically run at a preset time, at startup, or when you shut down your computer. It’s also possible to configure True Image Home 2009 to back up your PC as soon as you attach an external hard drive. To help you locate archived files, True Image Home 2009 lets you search for a file name using Windows Explorer or the Google Desktop search tool. PC users familiar with Vista will enjoy that True Image Home 2009 offers a similar interface with icons and links for each of the program features. Because regular backups to an external or network hard drive can quickly fill up your storage devices, True Image Home 2009 lets you consolidate an older, complete archive with your incremental backups and save storage space. As an added bonus, True Image Home 2009 also includes a migration tool, so you can clone your PC onto another hard drive or new PC.


PC Backup Pro 8.0
Migo Software I $59.99
www.migosoftware.com
Computer viruses and spyware have a nasty way of sticking to the files on your computer, and when you’re backing up your data, you’ll want to ensure that you don’t archive infected files. PC Backup Pro 8.0 from Migo Software includes a virus scanning tool that helps remove viruses from the files you choose to back up. Additionally, PC Backup Pro 8.0 includes a compression tool that lets you reduce the amount of storage space your backups will consume. You can also choose to encrypt the backed-up data, which is ideal if you need to archive sensitive financial and work files. PC Backup Pro 8.0 lets you schedule full, partial, or incremental backups, and you can use the application’s File Verification feature to ensure that your files weren’t corrupted during the backup process. PC Backup Pro can also archive incremental- and differentialbased files, and by keeping the older file versions, you can restore a document, spreadsheet, or photo to a previous state. PC Backup Pro includes wizardbased guides for each type of backup, and we’re glad that the application provides file selection filters to help you select the files you’d like to restore.


Genie Backup Manager Home 8.0
Genie-Soft I $49.95
www.genie-soft.com
Genie Backup Manager Home 8.0 is a complete backup and restore application that includes a number of advanced features not commonly found in other backup programs. For instance, Genie-Soft’s Web site offers free plugins that allow Backup Manager Home
8.0 to back up the files and settings associated with your applications. With your personal application settings backed up, you can uninstall and reinstall a program that’s experiencing problems without needing to manually reconfigure all your application settings. Additionally, Backup Manager Home 8.0 includes a Disaster Recovery feature that backs up your Windows OS, including the system files, programs, documents, and system settings. You can use the Disaster Recovery tool to fix Windows if the OS becomes unstable or inoperable. When it comes to choosing where to back up your data, Backup Manager Home 8.0 lets you use nearly every option available. You can use external or internal hard drives, a network storage location, USB flash drive, disc (CD/DVD/Blu-ray), remote locations via FTP (File Transfer Protocol), or use Genie-Soft’s online service. (Note that Genie-Soft’s Online Backup service is a separate, fee-based service.) When you first run Genie Backup Manager Home 8.0, it will back up all the files and folders you select, and after the initial backup, you can choose to copy the same set of files or only new or changed files. If you need to save space, you can opt to delete old backups and automatically purge data after a given number of days. Besides a full feature set, Genie Backup Manager Home 8.0 offers a simple interface and wizard-based guides and help tools, so you can create and restore your data backups with ease.


Backup Now 5 Advanced Edition
NTI I $69.99
www.ntius.com
Although most backup applications are fairly easy to use, NTI’s Backup Now 5 is one of the most intuitively designed backup applications we’ve seen. For instance, Backup Now 5 provides you a set of numbered steps on the left-hand side of the window, and if you need to make a change, you can jump back to any step in the process. We also like that Backup Now 5 includes brief, helpful hints about the choices available and the important aspects to consider before you reach the next step. NTI Backup Now 5 lets you archive complete images of your hard drive, as well as create file-based backups. You have complete control over the compression level, type of encryption used, and file verification settings. We like that you can tailor the process to suit your personal needs and time requirements. Another good example of the program’s flexible design is the application’s ability to shut down, enter hibernation, or initiate standby mode after the completion of a backup. The automatic power-down feature is ideal for those who prefer to run the backup process when they’re not using the PC to avoid any system slowdowns.
We like that NTI Backup Now 5 can be run on more than one PC, rather than some backup applications that limit the software’s use to one system. You can also use NTI Backup Now 5 to clone your personal files from one PC to another.


AutoBackup Premium
Memeo I $69.95
www.memeo.com
When performing file-based backups, most backup applications include a file selection tool to help you locate essential, personal files on your PC. However, if you don’t store critical files in common folder locations, such as the Documents folder in Vista or the My Documents folder in WinXP, the backup application may not automatically archive the file. Memeo AutoBackup Premium includes a SmartTags feature that runs as a Windows Explorer plug-in and lets you add files to the program’s backup set that you may not have initially included. Memeo AutoBackup Premium can also reference the backup tag title to let you select just a group of Smart-Tags files. Although AutoBackup can’t create an image of your PC’s hard drive, the application does an excellent, speedy job of archiving your data files. We also like that AutoBackup remembers the hard drive location of the files, so you can restore a deleted file to its original folder. Memeo AutoBackup
Premium is also one of the few backup tools that lets you back up data to multiple locations at the same time. For instance, you could simultaneously transfer files to an external hard drive and a network file server.


Choose A Backup Plan
All of the applications we examined in this article offer free trials, so it’s a good idea to test the different applications before you purchase. When you try the software, consider whether the program provides all the functions you need, such as the ability to make incremental archives or create an image of your hard drive that lets you restore your PC to a previous state.

Source of Information : Smart Computing / January 2009

NAP Enforcement Methods

So NAP can enforce compliance with network health policies you define for your network. But how does it enforce compliance? What are the enforcement mechanisms available? NAP actually has five different enforcement mechanisms you can use: DHCP, VPN, 802.1X, IPSec, and TS-Gateway. Let’s briefly look at each of these mechanisms and how NAP uses them to verify health and enforce compliance with health policies you’ve defined.


DHCP Enforcement
DHCP is the network administrator’s friend. It makes managing IP addresses across an enterprise easy. You don’t want to have to go back to managing addresses manually, do you? But DHCP is a notoriously unsecure protocol that basically just gives an address to any machine that wants one. You want an IP address? Here, you can have this one-don’t bother me for a while. Once your machine has an IP address (and subnet mask, default gateway, and DNS server addresses), you’re on the network and you can communicate with other machines. If you have the right permissions, you can access shared resources on the network. If you don’t have any permissions, you can’t access any resources, but you can still wreak havoc on the network if your machine is infected with Blaster, Slammer, or some other worm.

So how does NAP help prevent such infected machines from damaging your network? It’s easy if your DHCP server is running Windows Server 2008 and either has the Network Policy Server (NPS) role service installed as a RADIUS server (with policies) or has NPS installed as a RADIUS proxy that redirects RADIUS requests to a different NPS server running as a RADIUS server somewhere else on your network. Basically, what happens in this enforcement scenario is this (for simplicity we’ll assume the first option above is true, that is NPS and DHCP servers are installed on the same Windows Server 2008 machine):

1. Client configured to obtain IP address configuration using DHCP tries to connect to DHCP server on network to obtain address and access the network.

2. DHCP (NAP) server checks the health of the client. If the client is healthy, it leases a full, valid IP address configuration (address, mask, gateway, and DNS) to the client and the client enters the network. If the client is unhealthy (not in compliance with NAP health policy requirements), the DHCP server leases a limited IP address configuration to the client that includes only the following:
• IP address
• Subnet mask
• Set of host routes to remediation servers on the restricted network

3. Once configured, the client has no default gateway and can access only the specified servers on the local subnet. These servers (called remediation servers) can apply patches, provide updated AV sigs, and perform other actions to help bring the client into compliance.

4. Finally, once the client has been brought into compliance (made healthy), the DHCP server leases a full IP address configuration to it and it can now connect to the intranet.


VPN Enforcement
VPN is the most popular way today’s enterprises provide remote access to clients. Remember the old days when large businesses had to buy modem banks and lease dozens of phone lines to handle remote clients that needed to dial in and connect to corpnet? Those days are long gone now that secure VPN technologies have arrived that encrypt all communication between VPN clients and servers. Windows Vista has a built-in VPN client that enables a client computer to tunnel over the Internet and connect to a VPN server running Windows Server 2008. To use VPN as an enforcement mechanism for NAP, your VPN server needs to be running Windows Server 2008 and have the Routing And Remote Access Services role service installed on it.

Basically, VPN enforcement works like this:
1. The remote VPN client attempts to connect to the VPN server on your perimeter network.

2. The VPN server checks the health of the client by contacting the NAP server (which again is either a separate NPS or RADIUS server running Windows Server 2008 or a RADIUS proxy redirecting RADIUS requests to a different NPS on your network). If the client is healthy, it establishes the VPN connection and the remote client is on the network. If the client is unhealthy, the VPN server applies a set of packet filters that quarantines the client by letting it connect only to your restricted network where your remediation servers are located.

3. Once your client gets remediated (for example, by downloading the latest AV sig file) the VPN server removes the packet filters from the client and the client can then connect freely to corpnet.


802.1X Enforcement
802.1X is an IEEE standard that defines a mechanism for port-based network access control. It’s used to provide authenticated network access to Ethernet networks and was originally designed for wired networks but also works with 802.11 wireless networks. By port-based network access control I mean that 802.1X uses the physical characteristics of a switched LAN infrastructure to authenticate a device that is attached to a port on a switch. If the device is authenticated, the switch allows it to send and receive frames on the network. If authentication is denied, the switch doesn’t allow the device to do this. The authentication mechanism used by 802.1X is EAP (Extensible Authentication Protocol), which is based on PPP (Point-to-Point Protocol), and for Windows Vista and Windows Server 2008 the exact supported authentication protocols are EAP-TLS, PEAP-TLS, and PEAP-MS-CHAP v2. We’re talking acronym city here-we won’t go into that.

802.1X enforcement basically works like this:
1. An EAP-capable client device (for example, a computer running Windows Vista, which has an EAPHost NAP enforcement client) tries to connect an 802.1X-capable switch on your network. Most modern managed Ethernet switches support 802.1X, and in order to support NAP the switch must support 802.1x authentication and V-LAN switching based on the authentication results from the auth submitted to the RADIUS server (in this case the RADIUS server is NPS, which will also do NAP).

2. The switch forwards the health status of the client to the NPS, which determines whether it complies with policy. If the client is healthy, the NPS tells the switch to open the port and the client is let into the network. If the compliance test fails, either the switch can close the port and deny the client entry, or it can VLAN the client to place it on an isolated network where it can talk only to remediation servers. Then once the client is remediated, the switch lets it onto corpnet.


IPSec Enforcement
IPSec enforcement for NAP works a little differently than the other enforcement methods just described. Specifically, IPSec enforcement doesn’t quarantine a noncompliant client by isolating it on a restricted network or VLAN. Instead, a noncompliant client simply doesn’t receive a health certificate as these are only given to machines that connect to a Health Registration Authority (HRA), submit a Statement of Health (SoH), pass the health check and then receive that certificate back. Then, other machines that have IPSec policy that mandates that they only receive incoming connections from machines that have a health certificate will ignore incoming connections from noncompliant machines since they don’t have a health certificate. So in other words, in IPSec NAP enforcement, a noncompliant machine is allowed onto the network in a physical sense (in the sense that it can send and receive frames), but compliant computers on the network simply ignore traffic from the noncompliant machine.

To configure IPSec enforcement, you configure IPSec policy for your client machines to require a health certificate. This is easy to do in Windows Vista because this functionality is built into the new Windows Firewall With Advanced Security. Then you set up a HRA on your network, and the HRA works together with the Network Policy Server (NPS) to issue X.509 health certificates to clients that are determined to comply with NAP health policy for the network. These certificates are then used to authenticate the clients when they attempt to initiate IPSec-protected connections with other machines (called peers) on your network.

The HRA is a key component of using IPSec for NAP enforcements, and it has to be a machine running Windows Server 2008 and having the IIS7 component (Web Server role) installed. The HRA obtains health certificates for compliant NAP clients from a certification authority (CA), and the CA can be installed either on the Windows Server 2008 machine or on a different system. The HRA obtains health certificates.


TS Gateway Enforcement
TS Gateway is yet another NAP enforcement. TS Gateway NAP enforcement, however, supports only quarantine enforcement and does not support auto-remediation of the client when the client fails to meet health checks. To understand how TS Gateway NAP enforcement works, let’s examine a “clean machine” scenario where a TS Gateway client is used for the first time from a non-domain-joined client computer:

1. The user clicks on a Remote Desktop Connection icon, and the TS Gateway Client (TSGC) on his computer attempts to connect through TCP and HTTP transports simultaneously (the client tries TCP first and then HTTP). As soon as Terminal Services (TS) name resolution or TCP fails, the TSGC will attempt to connect to a TS Gateway server (TSGS) and authenticate the user at IIS and RPC layers.

2. During the user authentication process and after SSL handshake but before the GAP/RAP authorization sequence begins, the TSGS challenges the client for a “SoH request” blob and in its challenge/response it includes its certificate in PKCS#7 formats plus a random generated nonce value.

3. Since the request for a SoH was made on behalf of an untrusted TSGS name, the TSG-QEC will block the request. First the TS user must add to the TSG URL in the trusted gateway server list in the registry, and this requires admin privilege on the machine. Network administrators can also use SMS or logon scripts to populate this regkey setting.

4. The TSG_QEC will then talk to the QA to get the SoHs from SHAs. The TSG_QEC will then create a “SoH request blob” by combing SoHs from QAs, the nonce from the TSGS, a randomly generated symmetric key, and the client’s machine name. The TSG QEC will encrypt this “SoH request” blob using the TSGS’s public key and give it to the TSGC.

5. The TSGC then passes this encrypted blob to the TSG server, which decrypts the blob and extracts the SoH, the TSGS nonce, and the TSG_QEC symmetric key. The TSGS then verifies that the nonce it received from the TSG_QEC is the same as the one it sent out previously, and if it is the same, the TSGS sends the decrypted SoH blob to the NPS (RADIUS) server for validation.

6. The NPS server then calls SHVs and sends the “SoH request” blob for validation. The NPS server calls SHVs to validate the SoHs and replay with a response back to the NPS server, and based on SHVs’ pass/fail response the NPS server will create a “SoH response” and send it to the TSGS.

7. The TSGS passes this information to the TSGS RADIUS proxy for GAP (Gateway Authorization Policy) authorization, and if this succeeds, the TSGS RADIUS proxy returns success with its gateway level of access info. Based on this result, the TSGS then allows the TS client to connect to the TS server.

Source of Information : Introducing Windows Server 2008

Backup Media - Make Your Data Impervious To Crashes

The old adage, “always be prepared” is a philosophy that can be invaluable in computing.
In particular, you can apply the scout motto by backing up your data onto an easily accessible copy that won’t be affected by a hard drive or system crash, such as CD, DVD, USB flash drive, external hard drive, or NAS (network-attached storage) device. You have a lot of options for external storage media, and each type offers advantages and disadvantages. In this article, we’ll examine the different types of external storage available and help you determine what works best for you.


Discs
When you consider the affordability and ease of use that CDs and DVDs offer, it’s plain to see why discs are still an attractive option for data backup. CDs are commonly available in 650MB and 700MB storage capacities, while DVDs are offered in single-layer (4.7GB) and dual-layer (8.5GB) sizes. You’d need 13 CDs to match the storage capacity of one dual-layer DVD and seven CDs to equal the capacity of a single-layer DVD. In addition to having different storage capacities, CDs and DVDs are sold as write-once (labeled as +R or -R, such as DVD-R) or rewriteable discs (labeled as +RW or -RW, such as CD+RW). Rewriteable discs cost more than write once discs, and the rewriteable media typically has a life span of around 1,000 rewrites. In terms of blank CD pricing, you can expect to pay around 20 to 40 cents per write-once CD and 40 to 60 cents per rewriteable CD. Single-layer, DVD+ or -R media runs between 30 to 50 cents apiece, while dual-layer and rewriteable DVDs generally cost about $1 to $2 per disc.

Most current DVD and CD burners support both the +R/RW and -R/RW formats, but before you purchase discs, make certain your optical drive supports the media type you want to use. Your optical drive might list the compatible formats on the drive’s face plate, but you can also reference the drive’s users manual or the manufacturer’s Web site to locate the supported formats. When you want to give photos or music to a friend, discs are the ideal format. Another plus is that you can clearly label discs so that it’s easy to find the most recent copies when trying to restore data. For labeling, you can use a fine-point permanent marker or print out your own labels using ones specifically designed for discs. And if you have a LightScribecapable optical drive and compatible discs, you can turn the disc over and have your PC burn graphics and text directly onto the disc’s top surface.

On the downside, the limited storage capacity of discs—compared to the storage capacity offered by external hard drives—means that you’d probably need to use a large number of discs to back up all of your data. Although you could use rewriteable discs to keep costs low, you’d need to switch the discs during the backup process. With an external hard drive or NAS device, you’d only need to start the transfer process. Another knock on CDs and DVDs is that the media can be easily scratched or dented, so you’ll need to be careful with discs that contain essential archives. Ideally, you’ll want to store any discs with critical data inside jewel cases or other protective storage.


USB Flash Drives
When it comes to portability in storage, nothing beats a USB flash drive. Unlike most external hard drives, you can carry a USB flash drive in a pants or T-shirt pocket, and in contrast to a DVD or CD, you don’t need an optical drive and a disc-burning application to copy your files. Windows Vista and Windows XP provide native support for the USB interface, and, assuming the PC has a USB port, you can insert your USB flash drive, transfer the files you want, and be on your way. USB flash drives use technology that has no moving parts, so you can leave the drive on a key chain or store it in your gym bag and not worry about ruining your portable storage device. Although USB flash drives offer a limited storage capacity—from 256MB to 32GB—the media isn’t really meant for moving large files or long-term storage. However, a USB flash drive can be useful when you need to transport a small amount of files back and forth to another PC, such as a work computer, that serves to back up your data. A variety of USB flash drive storage capacities are available, but, generally, you can expect to pay $8 to $10 per gigabyte. If the security of your data is important, consider a flash drive with integrated file encryption, such as Kingston’s Data- Traveler Secure (price varies by capacity; www.kingston.com) with 256-bit AES (Advanced Encryption Standard) hardware-based encryption.


External Hard Drives
Whether your PC is primarily used for surfing the Web or storing a large music collection, it’s likely that your hard drive contains more data than you can fit onto a single DVD. The large capacity of external hard drives, ranging from 100GB up to 1TB (terabyte), means that it’s more likely you can back up all your data onto a single storage device. Depending on the power requirements for the external hard drive, it may require AC power to operate. Many portable drives with a capacity less than 500GB can be powered solely by your PC’s USB connection. For instance, Western Digital’s 500GB My Passport Essential ($199.99; www.wdc.com) is powered via USB, but because some computers may limit the power to USB ports, Western Digital also includes a second USB power port on the drive. Besides storage capacity, you’ll also want to consider the type of connection, such as USB, FireWire, and eSATA (external Serial Advanced Technology Attachment), that the external hard drive uses to transfer data. Nearly all PCs now feature multiple USB ports, but many computers don’t include a FireWire or eSATA port. If transfer speed is important and your computer offers an eSATA port, you can purchase an eSATA model and copy data at speeds near the rate of your internal hard drive. Currently, the eSATA interface is more common on larger desktop drives, such as Seagate’s FreeAgent XTreme series of external hard drives ($159.99 to $279.99; www.seagate.com). If speed isn’t a necessity, there are a variety of external hard drives that utilize USB and/or FireWire connections. Like USB flash drives, many external hard drives bundle features that enhance the drive’s functionality, such as data encryption and automatic file backup tools. For instance, the Prestige Portable Hard Drive line (pricing varies by storage capacity; store.iomega.com) from Iomega includes EMC’s Retrospect Express backup and recovery software and MozyHome online backup service, so you don’t need to purchase additional software to perform automatic backups. Another manufacturer that includes backup software with the hard drive is Clickfree (www.goclickfree.com). With a Clickfree drive, available in 120GB ($99.99) and
160GB ($119.99) capacities, you only need to connect the drive to your PC’s USB port to begin the backup process. After the initial backup, a Clickfree drive will only update the files that have changed to expedite your file backups. External hard drives work great for backing up the entire contents of your PC, because the drives are available in storage capacities similar to or greater than your PC’s internal hard drive. Most external hard drives also offer a portable design, so you can take the drive to a relative or friend’s house and copy all of your photos or movies onto their PC. If you don’t already have an application to automatically back up your PC, consider investing in a model that offers a backup tool to save yourself a shopping trip.


Network-Attached Storage
If you have a home network, you have the ability to share an Internet connection, files, and other peripherals, such as a printer. NAS is a small unit with a hard drive (or multiple hard drives) and a network adapter, so you can share the storage with all the computers on your home network. Besides acting as a central repository for the files you want to share, the various computers on your home network can automatically back up data to the NAS device. For instance, the LinkStation EZ LS-CL (prices vary by capacity; www.buffalotech.com) includes Buffalo’s Navigator software to instruct you how to set up the NAS on your home network, and it includes a free 30-day trial of Memeo Auto- Backup software. In terms of storage capacity, most NAS devices are offered in 500GB, 1TB, and 1.5TB sizes. Alternatively, if you have an extra hard drive or two lying around, you can purchase an NAS enclosure, such as the MobileNAS MN2L ($240; www.sans digital.com) from Sans Digital, and install your hard drives into the NAS. For example, the MobileNAS MN2L features two bays for SATA hard drives, and it offers a maximum capacity of 2TB. Many NAS enclosures, including the MobileNAS MN2L, allow you to set up the drives in a RAID (redundant array of independent disks) configuration. The MobileNAS MN2L supports RAID 0 (increases performance) or RAID 1 (creates a redundant copy of your data to protect your data if one drive fails). NAS is ideal for those who have multiple computers connected to a home network. Once you set up the NAS device, it requires little effort to maintain and operate. After connecting it to your network via Ethernet cable, you’ll only need to map the network drive on your PCs or use the software included with your NAS to set up the network share for each PC. In comparison to the other external storage methods we have covered, the primary downside to NAS devices is that you can’t easily transport and use the storage. However, we should note that some NAS devices offer an FTP (File Transfer Protocol) feature, so you can remotely upload and exchange files over the Web.


Time To Archive
Once you’ve chosen a storage medium that works best for you, don’t forget to regularly back up your data. With the addition of helpful software, you can easily ensure that your data archives are always up-to-date.

Source of Information : Smart Computing / January 2009

Backup – Prevent A Data Disaster

The consequences of not backing up data need no explanation. Just imagine this: You turn on your computer and nothing happens. The hard drive is gone, all the data on it is gone, and there’s nothing you can do to get that data back. If that thought doesn’t make you want to put down this magazine and back up everything on your computer immediately, then nothing will. Unfortunately, backing up data is a chore. In fact, according to a survey undertaken by PC Pitstop (www.pcpitstop.com), 26.5% of the 4,084 respondents never back up their data at all. Many backup programs are readily available, but they are packed with enough features to confuse anyone. Furthermore, selecting the wrong type of backup when using these types of programs can actually do more harm than good, depending on how you want to store your data. The articles in the following section will tell you everything you need to know about specific backup media, applications, and services and how best to use them; but before reading those, you need to understand the basics of backup.


Full Backups
When most people think of backups, they think of full backups, which copy everything on the hard drive. The most thorough method of performing a full backup is called drive cloning, which copies everything, including Windows files that are needed if you want to restore your computer to working order after a complete hard drive failure. Less thorough full backups simply copy all user files on the system and leave Windows system files alone. Full backups that are not modified (such as those stored on recordable DVDs) are called archives, because the files within the backup never change. Full backups are very inefficient in terms of the time it takes to create the backup and also in terms of storage space required because so much data is copied. In general, you make a full backup once and then use the following more efficient backup methods to keep it updated day-to-day.


Incremental & Differential Backups
A major feature to look for when buying backup software is its ability to perform incremental and/or differential backups. These maintain backups of the latest versions of your files in two different ways. Incremental backups copy only the data that has been changed since a file was last backed up, meaning incremental backup jobs complete very quickly and don’t require a lot of storage space. The downside is that restoring files from an incremental backup can be a lengthy process because the backup software has to stitch multiple backups together to create the whole file. Differential backups create a completely new copy of a file that has been changed. It takes longer to perform a differential backup because more data is copied relative to an incremental backup, but restoring data is much faster relative to an incremental backup because complete copies of backed up files are instantly available. Some software also lets you configure differential backups so that older copies of backed-up files are retained when the new copy is backed up. This is called versioning, as it lets you maintain an archive of different versions of the same file so you can easily revert to an earlier revision of a file whenever you wish.


Backup Extras
Backup software can do far more than just make copies of your precious files. Here are some additional features to look for when comparing products.

Synchronization. Sometimes referred to as “mirror” backups, synchronization lets you maintain identical copies of files in two places (such as the local hard drive and an external backup hard drive). This is nice for files such as pictures or work documents that you edit because the latest edited version is always backed up.

Scheduling. Backup software is useless if you don’t use it, so scheduling is an important feature to look for. The most basic scheduling creates automatic backups on a regular basis, such as a certain time each day, but use something more sophisticated if possible.

File filtering. It is easy yet inefficient to back up everything on your computer all of the time. File filtering allows you to select certain types of files to include or exclude in the backup. This is perfect when you are backing up files to removable storage media, such as recordable CDs that have a limited amount of storage space.

Compression and encryption. Compression is technology that compacts digital files so that they require less storage space than they would otherwise require, and it works best with files that contain text. Digital images and most digital music (such as MP3 files) are already compressed, so don’t expect to use your backup software to compact them much more than they already are. Encryption uses a key to scramble data before it is backed up, and only people who have access to the key can descramble and restore the data. It’s a good idea to always use encryption when you save financial documents and other files that contain personal information.


An Ounce Of Prevention
The main idea is to back up early and back up often. Even if you are forced to use backup software that doesn’t have a lot of features or have to resort to making manual copies of your files, it is imperative to do so on a regular basis and in a place other than the drive where the original files are stored. If this seems like too much of a chore, just think about the scenario laid out in the beginning of this article. You can’t survive without your data, and your data can’t survive without you.

Source of Information : Smart Computing / January 2009

Where To Get Device Drivers

The Manufacturer vs. Device Driver Download Web Sites

Strip away the tech jargon that’s often used to describe device drivers, and you’re left with pretty much nothing more than small programs that serve a specific and important function—helping an OS (operating system) speak to the hardware connected to a computer. As an example, think of Windows as the contractor of a construction project, the computer as the construction site, and a digital camera as a subcontractor hired to perform a service. The foreman making sure everyone is on the same page is the device driver; the only guy who can make sense of what Windows and the digicam are trying to say to each other.

Despite the importance of the purpose drivers serve, relatively little has been written about them through the years. In fact, many users remain unaware of their existence until encountering a driver-related hiccup, which can be serious. It’s not impossible, for example, for a corrupted or outdated driver to cause complete system failure. Fortunately, most problems are less severe, although an incompatible video card driver that leaves your monitor screen black or an outdated printer driver that botches an important print job are still formidable obstacles to have to face down. Thankfully, you can fix many driver-related problems by downloading an updated driver from a device manufacturer’s Web site (look in the site’s support section). Better, these updated drivers often contain functions and performance benefits that the device didn’t have when the manufacturer originally released it. Beyond manufacturer sites, device drivers are available through Windows and from driver download Web sites and third-party developers. Attach an external hard drive to a Windows Vista machine, for example, and Vista will likely have a signed, or certified, driver among the stash of thousands of drivers the OS preinstalls that will enable the device to work. Further, Microsoft constantly adds new drivers to Vista’s reservoir through Windows Update.

Drivers from third-party developers, meanwhile, are typically optimized to squeeze better performance from a device or resolve issues the manufacturer has yet to resolve. OmegaDrivers.net, for example, is a longtime supplier of optimized drivers for video cards. Another example is NGOHQ.com’s NGO Nvidia Optimized Driver, which is “a modified version of the Nvidia ForceWare driver” that’s “especially suited for enthusiasts and gamers who want to have the best gaming experience.” Although third-party drivers can be beneficial, know that most thirdparty developers have no affiliation with manufacturers. In 2008, for example, Daniel Kawakami received kudos from fellow users for independently releasing drivers that fixed instabilities between Creative Labs sound cards and Vista. Kawakami also caught the attention of Creative, which initially voiced its disapproval and asked Kawakami to cease distributing the drivers.

Wanted: A Good Driver
Although Windows and manufacturer Web sites are typically the best sources for updated drivers, driver download Web sites are arguably the most convenient route, due largely to the thousands of manufacturer-created drivers they offer and organize for dozens of devices all in one location. These traits come in handy if you’re moving from an older OS to a newer one and need to find multiple drivers at once or if you need a driver for an older device. For example, say you buy a printer at a garage sale, but the original software disc containing the device’s driver is long since gone, and the manufacturer went belly up years ago and no longer supports the printer. Chances are still good that you can find a driver for the printer at a driver download site and get the printer running. Driver download sites essentially come in two varieties: those that let you search and download drivers free and those that let you download drivers with a string attached. That string might include anything from having to register a free account to paying a daily, monthly, yearly, or one-time access fee. Other sites may scan your system to identify your devices and find bad and outdated drivers free, but ask you to pay a fee before installing the replacement drivers. Yet other driver sites tout themselves as a resource for drivers, but instead only attempt to sell you software. Another characteristic to keep in mind about device driver Web sites is that although most let you search for drivers among a vast array of devices, not every site archives drivers on its own site. Many instead just link you to the manufacturer’s site to get the driver. As such, it’s not uncommon to find broken or outdated links. Also, some sites that do archive drivers may not have the most current driver. The following driver download sites are ones we’ve found to possess enough positives to make them worth exploring.

DriverAgent.com
If you don’t mind paying someone to do your driver dirty work, Driver- Agent, owned by BIOS (Basic Input/Output System) maker Phoenix Technologies, is a well-known option. Finding a driver at the site means first downloading and running Driver-Agent’s driver scan utility, which installs as a plug-in for your browser. The utility performs a scan of your system to identify the operating system and connected devices and to seek out good and bad drivers on your computer. The utility then presents the findings in a list that includes a pie chart that visually depicts the percentage of good vs. bad drivers. DriverAgent offers replacement drivers for those it deems as bad, but you’ll need to fork over $29.95 first. That buys you unlimited driver downloads for a year for up to 10 computers.

DriverSearch.com
DriverSearch.com doesn’t appear to be more than a Google-like search engine for drivers, initially. Dig deeper and there’s plenty worth exploring. To search for a driver, just type a company or product name in the search engine field and click Driver Search. Each result that DriverSearch.com returns contains a link to available drivers for your chosen device. Conversely, clicking the Driver Sites link presents a list of nearly 20 searchable hardware categories, including BIOS Drivers, Camera Drivers, etc. Either method eventually leads you to downloading driver files from DriverGuide. Although DriverSearch.com’s design looks a little long in the tooth, it’s logically organized and easy to use.

DriverGuide.com
DriverGuide has been in the device driver business for years, and the site is dripping with information that reaches far beyond drivers. Unfortunately, the site is a bear to navigate, and trying to download even one driver can be a confusing, lengthy process. More positive is that DriverGuide’s driver database numbers in the hundreds of thousands. Downloading a driver entails first completing a free registration that somewhat annoyingly involves clicking through multiple pages of sponsored product offers. Once registered, you can download five drivers per week from a limited portion of DriverGuide’s 400,000-plus driver database. Downloading more drivers from an expanded pool requires a Plus ($6.95 for two days or $29.95 annual) or Pro ($49.95 a year) plan. DriverGuide does offer a free driver-scan utility bundled in a ToolKit package. The utility displays your system’s installed devices and drivers, but downloading drivers from within the utility and using certain ToolKit functions means paying for a plan.

WinDrivers.com
WinDrivers.com bills itself as, “the world resource for Windows tech support and drivers.” Spend a few minutes on the site, and it’s hard to dispute the claim. WinDrivers.com’s tech support offerings—BIOS, DLL Files, Identify Hardware, Networking, Hard Drives, etc.—alone make the site a valuable resource. A Driver Updates section, meanwhile, not only organizes drivers by the month released back to 2004, but it also includes recent releases for BIOS, firmware, virus, and threat alert categories. WinDrivers.com falls under the umbrella of Internet.com, which by default puts tons of tech-related information within reach, but driver downloads do require a free Internet.com account.

Behind The Driver’ s Seat
Other driver download Web sites that we’ve found worth exploring include
Softpedia.com (free; softpedia.com), Techspot.com (free; techspot.com), and Driversbay.com (free; driversbay.com). Whether you download drivers directly from a manufacturer or driver download site, however, it’s important to remember to regularly check that your drivers are up-to-date in order to get the maximum performance, functionality, and protection for your devices.

Source of Information : Smart Computing / January 2009

Google Chrome (Beta) Speedy Browsing

Google Chrome Key Features: Chrome displays thumbnails of frequently visited Web sites on newly opened tabs. Tabs act as independent browsers.

Chrome, Google’s entry in the browser race, already has a lot going for it, but there are a few surprising omissions, as well. If you choose to give Chrome a try, keep in mind that it’s currently in beta. Some users may want to wait for the final version.
It’s a speedy download, and Chrome keeps up that fast pace. The install is quick; Chrome immediately imports bookmarks, passwords, and other settings from Mozilla Firefox or Internet Explorer. (The default is whatever browser you’re in when you download it, but you can choose otherwise in Customize Settings.)

User Interface
Right off the bat, you’ll have some adjusting to do. The user interface is unlike the two browser giants. It’s spare and clean, with just a handful of buttons and no menus to be seen. Instead, you’re faced with a single bar that operates as both an Address bar and a search box. This “Omnibox” also provides suggestions as you type, based on your history and bookmarks, as well as offering completions based on the most popular sites starting with the same letters. The other big interface difference involves the tabs. Unlike Firefox and IE, which have the tabs beneath the menus and Address bar, Chrome keeps the tabs on top. Each one contains its own Omnibox, the Bookmarks bar, and a few Toolbar icons. Essentially, each tab acts as a separate browser. This leads to one of Chrome’s most nimble features: Tabs can be dragged out to create separate windows, dragged back in to merge, and generally swapped around as necessary. The immediate drawback is a lack of tab management—Chrome doesn’t have a built-in menu where you can see tabs outside the primary window.

Instead, the more tabs you open, the smaller they get to cram them all in. Once you’ve been using Chrome for a while, it starts to display thumbnails of your most-visited Web sites on each newly opened tab. Click a thumbnail to launch a site. Other responsive features on the new tabs include Recently Closed Tabs, Recent Bookmarks, and a box for searches. Besides being visually appealing, it’s also functional and adds to the speedy convenience of Chrome.

Adding bookmarks within Chrome is similar to other browsers. As in Firefox, clicking a star icon opens a bookmark dialog box. There you rename and file the link, but there’s no tagging feature. What’s really surprising is the lack of support for RSS. With Firefox, a subscription button appears in the Address bar for any page that has a feed. Chrome doesn’t have anything like this. Given the popularity of Google Reader, the lack of RSS integration is a real puzzler.

Performance Plus
As we mentioned, Google seemed to focus on speed with its new browser, but this isn’t the only performance plus. Chrome’s underlying design allows each tab to run as its own browser, so that if a bug stalls one tab, the others are unaffected. This is a huge leap forward in performance—how many times have you had multiple tabs open in your browser, only to have them all crash when one gets tied up? With Chrome, you won’t be typing CTRL-ALTDELETE just to release your system. Another little perk is the Incognito mode, which disables history tracking and doesn’t let sites leave any other footprints, such as cookies. The little stealthy spy icon that appears in the top-left corner lets you know you’re leaving no traces, which can be helpful when you’re doing online shopping on a shared computer. Google knows a little something about the Web, and it shows in Chrome. With a few improvements (particularly RSS integration) and the development of add-ons, Chrome has the makings of a distinctly viable browser.

Source of Information : Smart Computing / January 2009

Bluebeam PDF Revu

Bluebeam Key Features: Creation of PDF files in Office 2000 to 2007 plus PDF-manipulation features.

Positioned in price and functionality between Adobe Acrobat and basic PDF makers, Bluebeam PDF Revu is an excellent, if initially confusing, PDF creation and editing solution. Installation takes a few minutes but requires no program shutdown. During installation, Bluebeam will change your default PDF reader to PDF Revu. Allow
this change, as it is needed to trial the product effectively. (You can change it back in Bluebeam by clicking Help and Administrator.) After installation, Bluebeam adds a toolbar option in Word, Excel, and PowerPoint that lets you create or share PDFs or change document settings, such as security and digital signing, within the Office app. (If you don’t see the toolbar, use Bluebeam Administrator to enable the Office plug-in.) Make adjustments, such as compression format and printing resolution, from the document-creation interface. A minor stumbling block is that the first time you open PDF Revu, the setup dialog box can easily be hidden by other programs. On the plus side, PDF Revu’s advanced editing features are impressive, and it offers tutorials to help demystify the process.

Source of Information : Smart Computing / January 2009

Spyware Doctor

Spyware Doctor Key Features: Award winning spyware detection extends its net to catch viruses, Trojans, worms, and other threats with minimal resource impact.

For years, Spyware Doctor has been an industry-leading solution for removing spyware (which monitors PC or online behavior and reports it to others). Now, PC Tools has added antivirus protection plus an add-on module, Browser Defender (Internet Explorer and Firefox), that helps protect you from malicious Web sites. A second add-on for badly infected systems is Behavior Guard, a real-time maliciousactivity monitor that identifies and stops never-before-seen threats.

Spyware Doctor installs quickly,giving you the option to enable Intelli-Guard (the real-time threat-detection tool) and run a system scan. Scans are fast, and results are detailed. Spyware Doctor has also enhanced its ability to scan and remove threats in Safe Mode. We like the add-on module approach, as it affords control of intrusion management level and consequent resource impact. (Without the add-ons, resource impact was minor but noticeable. This varies with system and Internet speed.)

However, we wish the program would inform users during install that these are available. (For Browser Defender, go to www.browserdefender.com; log in to your PC Tools account at tinyurl.com/ytz26m to add Behavior Guard.) Remove previous installations of Spyware Doctor before adding this one.

Windows 7 Changing Search and Indexing Settings

Note while reading this section that we’re describing the built-in Windows 7 Search features. Your system might have a different search tool installed, such as Google Desktop Search, Yahoo Widgets, or some other brand—those tools will operate differently. You’ll have to refer to those tools’ help files or websites to learn how they work. However, you might want to know that you can choose which program will do your searching for you, and even switch back and forth between the programs you want to use as your default. Choose Start, Default Programs, Set Your Default Programs, and you’ll see a screen that allows you to change which search tool to use by default.

Windows 7 indexes most common files on your computer, including all the files in your personal folder, your email, your offline files, Internet Explorer History, and the Start menu. Program files and system files are not indexed because Microsoft says those files are rarely searched. That doesn’t mean that Windows 7 won’t search nonindexed files. Windows 7 searches filenames and contents in indexed locations and only searches filenames in nonindexed files by default. You can change this default in the Folder Options dialog box from Computer or Windows Explorer. Open the Folder Options dialog box by clicking the Organize button in the menu toolbar and then clicking Folder and Search Options.

You determine what to search in the What to Search area at the top of the tab. Your other option is to have Windows 7 search filenames and contents in all files. This type of search could be a lot slower than the default, depending on how many files you’re searching. When you search nonindexed locations, you can also tell Windows 7 whether you want to include system directories and compressed files at the bottom of the tab.

In the How to Search area in the middle of the tab, the default search parameters are to search in subfolders and to find partial matches. You can also decide how to search, including using natural language search (where you get to ask a question), and turn off the index. If you decide you don’t like your changes and want to revert to the defaults, click Restore Defaults. The Indexing Options applet in the Control Panel also lets you view the state of the index and make changes to the file types and folders you want to index. Open the Indexing Options applet by clicking Start, Control Panel, and then Indexing Options (in Icons view).

The Indexing Options window shows how many items are indexed and which folder locations have indexed files. You can modify the folder locations by clicking Modify. If you want to really drill down when configuring your index, click Advanced. The Advanced Options dialog box appears so that you can index encrypted files, delete and rebuild your index, and set the index location. If you click the File Types tab, you can scroll down the list and add and remove files to index categorized by file extension. You can also tell Windows 7 whether you want the file to be indexed by properties only or by properties and file contents. If you don’t see the extension in the list, type the file extension in the Add New Extension to List text box at the bottom of the tab and then click Add.

Source of Information : QUE Microsoft Windows in Depth (09-2009)

Internet Security Suites

Security software firms keep experts on staff, ready to code an update at the first sign of a new virus, worm, botnet, rootkit, or other digital threat. Hence, most of us are willing to pay yearly subscriptions to the companies that keep our PCs safe. As you may know, it’s no longer enough to run a mere antivirus utility, even if it watches out for spyware and adware, too. Everyone needs a thirdparty firewall, despite the moderate protection afforded by Windows’ freebie. And a spam filter does more than just divert junk messages to the trash; it also blocks harmful content from reaching your inbox. Thus, it’s a good idea to install a full security suite instead of a hodgepodge of standalone security programs. Not only can a suite save you money, but its anti-malware components are generally made to work well together without getting in each other’s way. Let’s take a look at some attractive options. All of the following have earned reputations as being fairly reliable and effective. Pricing includes a year’s worth of free updates and upgrades.


AVG Internet Security 8.0.196
AVG Free, the free version of AVG Anti-Virus Pro, is a familiar sight on Windows computers around the world. More robust versions start at $34.99. This $54.99 suite is the top of the heap, giving you a firewall and protection against rootkits, antivirus, and antispyware. AVG Internet Security actively guards against malware infestations from the Web, IM (instant messaging) programs, peer-to-peer file-sharing software, your local network, spam, and other avenues. You can schedule regular scans and tell AVG when to update itself with new virus definitions.

AVG Internet Security’s special tools give you detailed insight into the processes running on your computer. This includes an editable list of the applications that automatically start up with your PC, along with its network connections, browser add-ons, and more. AVG’s friendly main panel is easy to understand. You get an at-a-glance overview of the types of security features AVG provides, along with color-coded descriptions of their statuses, such as “Active.” Double-click any of the icons here, and you’ll get a description of what each security feature does, along with a few settings in plain English. You’ll find all of the important functions in dropdown menus, too.

One option, enabled by default, is the AVG Security Toolbar. This integrates with your browser (it worked on Firefox 3 and Internet Explorer 7 for us) to warn you about phishing attacks (imposter sites), drive-by downloads, and sites known to host malware. When you use a common search engine, such as Google or Yahoo! Search, the Security Toolbar will check the list of results for known threats. You’ll see green check mark icons next to sites that are probably safe and red Xs next to URLs that likely lead to pages carrying malware. Note that AVG is the only suite here that you can only use on one PC at a time (a 3-PC version is $74.99). Also, some longtime users of
AVG have found that version 8 seriously slows down older PCs that could run versions and earlier without a problem. Then again, version 8 does provide AVG’s most comprehensive protection yet.


Kaspersky Internet Security 2009 8.0.0.454
Price may be keeping Kaspersky from being as popular in this country as it might be. A three-user download costs $79.95 per year, and there’s no discount for the one-user version on CD. Certainly, Kaspersky’s effectiveness is seldom questioned. Independent testing labs routinely award the software high marks in the fight against malware.

Besides the usual viruses and spyware, Kaspersky fights against rootkits, keyloggers, and hacker tools. The company provides updates every hour, something not all antivirus vendors can say. There’s a firewall, antispam capability, IM protection, antiphishing, and parental controls to limit the types of online content particular users can access and the hours they can access the Web. KIS even offers a virtual keyboard you can use if you’re worried about a keylogger recording what you type on your physical keyboard. Also included is a privacy scanner tool, which lists areas of personally identifying data you can opt to select and secure with one click. With small RAM requirements and intelligent work scheduling, Kaspersky is optimized for performance on PCs used to play games. Its fast scanning automatically takes place in the background, and it lets other apps have priority when it comes to CPU cycles.

KIS is highly effective at protecting itself from threats that try to shut down antivirus utilities. It lets you password-protect its settings and operation, too, so attempts to shut it down won’t work without the magic word. It even checks the applications installed on your PC for known vulnerabilities. All this with a colorful, intuitive main panel that offers easy access to powerful settings.


McAfee Internet Security 2009
Like Trend Micro and Symantec below, McAfee’s stated goal with this latest suite is to speed up threat detection without slowing down your PC. Its $59.99 license covers three PCs. You’ll get a backup and restore function with this suite. Another feature is McAfee QuickClean, which eliminates junk files, caches, deleted email, and obsolescent Registry entries. There’s a file shredder and links to Windows’ System Restore and Disk Defragmenter. McAfee’s GUI (graphical user interface) may have fewer icons than other suites, but dig around and you’ll find some eye candy. Visual Tracer lets you enter the IP (Internet protocol) address of an unknown computer—perhaps one that tried to contact your own PC—and shows you on a map where it might be located, assuming the IP number hasn’t been faked. There are links to color-coded maps of hacker and virus activity, too.

A network manager gives you a simple, clear view of the computers on your LAN, plus their connections to your router, the Internet, and each other. Meanwhile, EasyNetwork helps you set up secure file- and printersharing on your network, something most mainstream users will welcome. Google, MSN, and Yahoo! search engines will benefit from SiteAdvisor, which works like AVG’s Security Toolbar to warn you of dangerous sites. Mc-Afee also offers parental controls over Web sites and keywords, as well as identity and password-protection features. Of course there are also anti-malware and firewall features plus email, Webmail, and IM protection. Virus updates don’t hog a PC’s full attention, either.


PC Tools Internet Security 2009
A relative newcomer, PC Tools (now part of Symantec) has quickly built a great reputation in the antivirus/antispyware field. PC Tools’ IntelliGuard components ward off threats old and new, such as rootkits and phishing attacks. Meanwhile, its Browser Defender toolbar rates sites’ threat levels and checks for malware, pop-ups, and so on. This suite includes antispam and firewall features, too. The former gives you very granular control, letting you choose the spam blacklisting services you want to use (if any) and even letting you block email from entire countries.

The firewall offers a stealth mode to make no response to unauthorized attempts to communicate with your PC, along with powerful stateful packet inspection for rigorous analysis of each bit of data moving in or out. An initial scan at installation found some items the competition missed. These were mainly tracking cookies, but one was a cookie linked to a site known to be compromised by malware. Note that to remove any found threats with PC Tools’ 15-day free trial, you’ll need to register and get an activation code.


Symantec Norton Internet Security 2009
Symantec is getting its act together. For years, Norton has been the only name in many users’ minds regarding antivirus software, offering effective protection and complete feature sets. Then again, Norton has long tended to bog down PCs. Updates seem to take forever and sometimes require more than one session. Installation is a hassle. Some Norton products cause frequent errors such as shutdown hangs. Symantec also has had to work to improve how quickly it issues virus definition updates when new threats appear. With version 2009, Norton’s new “60-second” installation is certainly speedier than before. Scanning was similarly fast, beating even the fleet-footed Kaspersky by 10 seconds or so. Norton appeared to take great advantage of all four cores in our test PC’s processor during its scan and appropriated less than 10MB of RAM when idle. Even LiveUpdate ran so quickly, we thought at first that it had malfunctioned. This three-PC suite features a goodlooking control panel with well-designed on/off icons. From a network map to ID theft prevention technology, there isn’t much the competition has that this version of Norton doesn’t— and this year, the list of Norton’s “haves” includes performance.


Trend Micro Internet Security Pro 17.0.1224
There’s a $49.95 version of Trend Micro’s Internet Security suite, but we’ll look at the $69.95 Pro edition. Pro has personal ID data protection, PC speed-up utilities, and enhanced security features for smartphones, email, and IM. The company has pledged to speed up threat identification and reduce its software’s impact on PC performance.
Remote File Lock is an encrypted storage area that lets you irreversibly block access to your data over the Web should anyone steal your notebook or PC. The Software History Cleaner can automatically purge your OS, as well as certain browsers, media players, IM clients, and other software, of data that could tell someone the kinds of files and Web sites you’ve been accessing.

There’s Wi-Fi defense for when you set up your laptop in a hotspot, and the Personal Firewall can automatically change its security profile when you move from your home connection to a coffee shop, for example. Unfortunately, the network map, unlike Norton’s and McAfee’s, didn’t notice the other PCs and the router on our LAN. Finally, Trend Micro’s First Visitor Protection scans a Web site you have never visited before to make sure that there are no nasty surprises waiting for you in the wings. Trend Micro found fewer concerns on our PC than some of the other suites here, and it automatically deleted three tracking cookies without asking permission. Still, the company offers month-long trial versions as well as a 30-day moneyback guarantee.


Scanning Speeds
Each suite defines a “full” scan differently, so take these results of our informal scanning speed test with a grain of salt. In order from fastest (15 minutes, 35 seconds) to slowest (44:30) were Norton, Kaspersky, PC Tools, Trend Micro, McAfee, and AVG, all at their default settings. Whatever the speed, you’ll enjoy effective protection of your data with just about any of the above suites.

Source of Information : Smart Computing / January 2009

Cloud storage is for blocks too, not just files

One of the misconceptions about cloud storage is that it is only useful for storing files. This assumption comes from the popularity of file...