Replies

Yeah…spending 2 years learning how to reverse engineer a driver for a $100 printer isn’t a good use of time. Even if Robert took the time to do that, there’s nothing to guarantee that his printer wouldn’t have a hardware failure a week after he got the driver working–Murphy’s law suggests that this is exactly what would happen.

I don’t think that the HTTPs question was handled very well. If the initial handshake is interrupted–the classic Man-in-the-middle (MITM) attack–the attacker can indeed initiate an SSL connection with you on one side and then a separate SSL connection with the server you are connecting to. But the SSL certificate won’t match and your browser will give you several error messages. There have been cases of certificates being improperly issued but that isn’t common enough to be a major concern, and the larger sites (Google’s sites, for example) use a technique called “certificate pinning”, in which the certificate information is pre-loaded to your browser and your browser won’t let you proceed if the information isn’t valid.

Of course, no security is foolproof.

Certificates: Certificates need to be at least 2048 bits in order to be strong enough, and they need to be signed with SHA-256 starting in 2017; certificates signed with MD5 are already too weak to be secure, and SHA-1 is rapidly getting too weak and Chrome is starting to warn users about SHA-1 certificates that expire after 1/1/2017.

Protocols: The SSL 2.0 and SSL 3.0 protocols are too weak to be secure, and TLS 1.0 has many of the weaknesses of SSL 3.0 as well. And how various servers implement TLS (See Heartbleed, Poodle-TLS, etc) can also leave those insecure as well.

Encryption: many ciphers are too weak. Anything less than 128 bits is too weak. 3DES is rapidly getting too weak but sites that want to support XP must keep it enabled. RC2 and RC4 are too weak. This leaves only AES (and it has several variants) as a secure encryption option; if someone finds a weakness in it, we are in serious trouble.

Ideally, you will make a connection using TLS 1.2 to a server that supports AES-256 and has a pinned certificate signed by SHA-256/384/512.

Feel free to test the sites you connect to here: https://www.ssllabs.com/ssltest/
And feel free to test your browser here: https://www.ssllabs.com/ssltest/viewMyClient.html

I do not recommend doing anything with any credit card information the caller might give you, though. That’s illegal.

Actually, I recommend providing that information to the FBI: http://www.fbi.gov/contact-us/field

Here’s what you/your son need to do: tests. I like PCMark/3DMark, availablehere.

1st test: no pagefile, fresh reboot. Wait 15 minutes for all startup processes to complete, then Run PCMark, record score.
2nd test: 4GB fixed (identical min/max) page file, fresh reboot. Wait 15 minutes for all startup processes to complete, then Run PCMark, record score.
3rd test: 4GB RAM disk page file, fresh reboot. Wait 15 minutes for all startup processes to complete, then Run PCMark, record score.

You will most likely find no difference in scores, or if there is a difference it will likely be less than 20 points. Multiple tests may lead to minor score variations as well, if you want to do each test 3 times and then average the scores.

All the advice in the world doesn’t matter; you need to see what actually works best on your particular computer.

Windows 7 is nearing end-of-support.

Windows 7 will be receiving security updates until 2020. Windows 7 will stop receiving new features in 2015.

The easiest way to shut down? Press Ctrl+Alt+Delete. I can’t believe they missed this one. It’s works with every version of Windows too.

Regarding the windows-admin lockout:
The user likely locked out their “John Smith” user account. If they restart in safe mode, they should have access to the normally-hidden “Administrator” account. I do not think that Windows will let you demote this account.

Or, this utility has served me well in the past:
http://pogostick.net/~pnh/ntpasswd/

gpedit.msc, not mcs.

http://thedailywtf.com/Comments/Incompatible_with_Web_2_0x2e_0.aspx

You may need to click the “Expand Full Text”

What is your password policy? Computers follow the same password policy as users.

what I do is use the modify column to determine which computers haven’t been modified in the password expiration timeframe. For example, if your passwords expire after 60 days, you could look at the modified column and delete all computers that have a modified date before 1/1/2011. Adjust based on your password policy.

(to add the modified column in ADUC, click view, add/remove columns, and double-click modified.)

Like the user says, the company is using eVault, presumably Enterprise Vault. I’ve installed and used that product myself. It’s a great product. It will take those PST files and archive them and index them for faster searches. There are compliance reasons (lost laptop, or responding to a subpoena) for not using PST files.

I don’t think your admin people should be putting limits on the email archived by Enterprise Vault. That defeats the purpose of the archiving system.

As an email administrator for a company with ~1000 mailboxes, and users who sometimes have 15GB mailboxes, I think the question to ask is–

WHY DO YOU NEED TO KEEP EVERY LAST EMAIL?

Are they worth printing, and keeping in filing cabinets around your desk? No? Then you probably don’t need to keep them electronically either, unless Sarbanes-Oxley or other regulations require that you do.

Just delete the old emails you don’t need–it’s very freeing, really.

Not to mention that it improves the performance of your email.

Read some Henry Thoreau, sit back, and hold down the delete button.

One of my favorite fixes is built right into Windows XP SP2.

1. open a command prompt
2. type netsh winsock reset.
3. when the command completes, restart your computer.

“My Office 2007 and Adobe applications and files now only show the same generic icon with little arrows for internal functions. Everything still works, but the icons are all the same. It’s just these applications. The Recycle and other system icons remain unaffected.”

My response to this is that the icon cache may be corrupted. Here’s a fix

Here are two more:

Karenware’s Replicator

Microsoft Live Mesh Beta

Dropbox is probably the easiest to use–I’d start there. However, I’m not sure how it will handle the drive being removed/reattached. You may want to use Dropbox or Live Mesh for the 3 computer sync, and then use either Syncback or Replicator to sync the drive when it’s attached.