Microsoft TechNet for the rest of us

Conquer Word 2010 — from the inside out!

Windows Secrets readers want more than surface-level knowledge; they like to dig deep into the details. Microsoft Word 2010 Inside Out, by Katherine Murray, goes beyond the basics — it provides hundreds of expert insights, troubleshooting tips, workarounds, and more.

Exclusively for Windows Secrets subscribers, O’Reilly Media is providing — free — Chapter 1, Spotlight on Microsoft Word 2010. It explores what’s new in Word 2010, how to use the Ribbon, what you need to know about the status bar, plus many other handy tips.

If you want to download this free excerpt, simply visit your preferences page and save any changes; a download link will appear.

All subscribers: Set your preferences and download your bonus
Info on the printed book: O’Reilly’s online store

Microsoft TechNet for the rest of us

By Michael Lasky

Microsoft’s TechNet site, dubbed “Resources for IT Professionals,” is a rich repository of high-level geek talk plus tips for enterprise-class IT personnel.

But don’t let that reputation put you off — TechNet is also a gold mine of excellent tips and tricks for individual Windows users as well.

TechNet exists as a place where corporate IT pros can find detailed information and training — a resource that will make it easier for them to adopt and deploy Microsoft products within their companies. But in his July 1 column, “The ultimate software deal has strings attached” (paid content), Woody Leonhard wrote that anyone — not just IT professionals — could sign up and pay for a TechNet subscription (site). Starting at around U.S. $200, the subscription included the right to download full versions of almost any Microsoft software.

Fortunately, if you want to mine the oceans of info available on the TechNet site, you don’t need a subscription! Mine is the operative word, however. Finding the information you’re looking for often means digging through what seems to be ever-cascading layers of links, sublinks, and sub-sub-sublinks.

Using Bing, Microsoft’s search engine, may get you to your destination, but more often it will lead to other parts of Microsoft’s vast corporate site — even when the search bar says, “Search TechNet with Bing.” With no easy road map to follow, gleaning gold from TechNet means following many links.

Newcomers to the TechNet home page (see Figure 1) might assume that the top-line tabs are the best starting points. But I advise going to the TechCenters column (left side of the home page) instead. There, under Resources, TechNet Magazine and TechNet Blogs yielded the best tips — many of them otherwise difficult to find.

Figure 1. A labyrinth of information, TechNet is best explored via the TechCenters links.

TechNet Magazine yields a wealth of tips

On the TechNet Magazine page, click Tips in the tab bar near the top of the page. If you’re looking for desktop OS information, you can choose Windows 7 or Windows Vista — but you won’t find Windows XP. (I’ll focus on Windows 7 because it’s the newest OS.)

I found over six dozen tips for Win7 (some of which also work with Windows XP), some original to the site and many others taken from a cornucopia of Microsoft Press books. A quick read of the titles might give the impression that they’re for an IT audience, but many of the tips are just as useful to the rest of us. Here are a few examples of helpful tip articles:

• Manage icons that display in the Windows 7 notification area: You can often control the appearance of an application’s notification area icon from within the app. But Windows 7 gives you more universal control, as explained in this tip.
• Create and save custom views for Windows 7 Event Viewer: If you’re trying to track down a pesky program or device with repeated visits to the Event Viewer, creating a custom view can help pinpoint the problem. This tip shows you how, step by step.
• Customize the Command Prompt in Windows 7: The DOS Command Prompt doesn’t have to look the same each time you call it. You can customize the font, color, and size and even change it to match a particular task, as explained in this tip.
• Use some (relatively) unknown command-line switches for Disk Cleanup: This tip tells how to save preferences and automate future runs. For a better description of these options, see Fred Langa’s March 13, 2008, Windows Secrets article, “Using Windows’ hidden Disk Cleanup options.”
• Optimize how Windows 7 runs 16-bit and MS-DOS–based programs: There are some 16-bit and DOS programs that we can’t just leave behind. But running them together in Win7’s virtual PC can cause them to hang or crash. The tip describes how to run them in separate memory spaces.
• Understand and manage Windows Connect Now for easy Wi-Fi configurations: Originally created to connect Xboxes to wireless networks, Windows Connect Now (WCN) lets you store network configuration information on a USB flash drive — a quick and easy way to let guests access an encrypted wireless network. But there are potential pitfalls, so use this tip to stay out of trouble. (Microsoft included WCN in Windows versions XP SP2 and up.)
• Find hidden info in the Windows Media Player controls: At first glance, it seems tools for customizing Windows Media Player 11 are nonexistent. However, a few right-clicks in the right places will bring them to the surface, as described in this brief tip.
• Display administrative tools on the Windows 7 Start menu: Normally, you won’t find admin tools on the Start menu. But with help from this tip, you can put them both there and in the All Programs submenu. A few left- and right-clicks make it happen.
• Get the Full Path of a folder or file in Windows 7: The full path of a folder or file appeared in the XP address bar; in Win 7, it doesn’t — at least in the way we were used to seeing it. This tip describes how to remedy that shortcoming.
• Get seven free tools for managing disks and file systems: This tip gives a taste of the free utilities available at TechNet’s Sysinternals library. The tip includes links and examples for seven useful apps. (See more on Sysinternals below.)

Find hot new tips on the TechNet Blogs site

The blog subsite of TechNet is a labyrinth in every sense of the word. Topics are sorted by date, not by topic, so using it means plodding through a grab bag of non sequiturs. With new posts appearing daily and older posts dated back to July 2005, it’s fortunate that there’s a Tags window. Located on the right side of the blog pages, Tags lets you filter and sort topics of interest that are otherwise scattered throughout the site.

Clicking any of the tags (Windows 7, for example) produces a list of related posts sorted by date. A more complete (read: way longer) list of tags fills the page’s right column.

If you want daily TechNet tip alerts, you’ll find them posted on Facebook (facebook.com/technettips) and Twitter (twitter.com/technettips). The majority of these social-networking posts simply link back to TechNet sites, but it’s a good way to find out what’s new.

Sysinternal’s massive catalog of utilities

TechNet is also the portal to Microsoft’s Sysinternals Live site, a rich catalogue of tools, tech information, and utilities to diagnose and troubleshoot Windows OS and application issues. Sysinternals was created by Mark Russinovich and Bryce Cogswell to host their advanced system utilities. A decade after its creation, Microsoft bought the site and added it to TechNet.

Past Windows Secrets columns have discussed some Sysinternals tools, but many more are available on the site.

Sysinternals Live lets users launch Sysinternal tools directly from the Web without having to manually download them. Simply enter a tool’s Sysinternals Live path into Windows Explorer or a command prompt. For example:

http://live.sysinternals.com/{tool name}

or

live.sysinternals.comtools{tool name}

You can view the entire Sysinternals Live tools in an FTP-like directory within your browser and instantly download listed utilities. Links on the home page give you an expressway to six categories of tools: File and Disk Utilities, Networking Utilities, Process Utilities, Security Utilities, System Information Utilities, and Miscellaneous Utilities.

I’ve highlighted just a fraction of the tips and utilities found in TechNet. These examples hopefully show that Microsoft’s tech information site has a larger audience than just IT folks. Take some time to search a few topics, and you’re bound to find answers to some of your vexing Windows questions.

WS contributing editor Michael Lasky is a freelance writer based in Oakland, California, who has 20 years of computer-magazine experience, most recently as senior editor at PC World.

Thoughts on the nominal end of Windows XP

By Tracey Capen

As a rule, we don’t mention Windows Secrets articles here in Lounge Life.

But our recent story on the life and times of Windows XP — prompted by the announced end of XP sales — drew strong interest, both in the WS newsletter and in the Lounge.

We invite you to add your thoughts on the passing of XP — what you liked and disliked about this venerable OS and whether you plan to upgrade soon or hold on to XP for as long as possible. More»

The following links are this week’s most interesting Lounge threads, including several new questions that you may be able to provide responses to:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board. Tracey Capen is editor in chief of Windows Secrets.

Fast-talking boy gets everything he's after

By Revia Romberg It’s hard not to be amazed — and a bit jealous — when listening to people with a glib tongue. Those fast-talkers can connive their way out of a speeding ticket or wrangle their way into a hot new nightclub. But it’s downright scary to watch a fast-talker in the making. Consider this example: a boy — too young to shave — smoothly convinces store clerks to sell him booze and dirty magazines. After watching this, you might want to pick up the milk yourself. Play the video

An old PC speed-up hoax reappears

By Fred Langa Like bad pennies and Nigerian money scams, those bogus offers to speed up your online connection keep coming back. Most of these speedup come-ons give bad advice — disable Windows’ networking Quality of Service feature.

Speed up your Internet connection by 80%!

Jason Wallwork saw that claim on YouTube, but fortunately, his BS detectors were working five-by-five.

• “I don’t really believe this is true, but a video on YouTube claims you can speed up your Internet by 80% by changing one setting.

  “Would changing it get a boost at all in Internet speed? Is it even safe to touch? I’ve heard about [Quality of Service] QoS before, but I don’t know which applications are QoS-aware. Can you shed some light on this?”

Wow! That particular hoax just won’t die. It’s been making the rounds for almost 10 years now!

It all stems from a misunderstanding of the Quality of Service network setting. QoS first appeared in Windows 2000 a full decade ago. It’s been in every version of Windows since, including Windows 7. (See Figure 1.) It was originally designed as a technology to improve networking over slow and noisy telephone lines.

Figure 1. All versions of Windows support the Quality of Service networking parameter. QoS has been a source of confusion — and bad advice — ever since it first appeared in Windows 2000. (Win7 shown.)

Here’s the basic concept: If you’re connected to a site or service that uses QoS (and if you have QoS enabled on your PC), then Windows can reserve some of your total networking bandwidth for the QoS-based connection. That allows sites such as streaming-media services to work more smoothly. To prevent bandwidth-hogging, Windows caps QoS network use at 20%.

This is largely moot in everyday surfing, because the vast majority of sites and services don’t use — or need — QoS. (I’ll get to several important exceptions in a moment.) If you have QoS enabled on your system and connect to a non-QoS site, nothing unusual happens — QoS lies dormant and does not soak up any of your bandwidth.

The only time QoS does anything at all is when you connect to a site that supports it.

Seems simple enough, doesn’t it? But when the QoS setting first appeared in Windows 2000, some tech writers misinterpreted it, thinking — erroneously — that enabling QoS permanently set aside 20% of your bandwidth. That’s simply not true.

Things got worse when XP rolled out, because QoS came to the attention of some mass-market tech writers. They flipped the original misconception around and added a new layer of misinterpretation on top, claiming that “disabling QoS boosts your online speed by 20%.”

That, too, is utterly false.

The YouTube video that Jason saw went a step further and flipped the ratio to claim a speed boost of 80%.

That’s beyond merely false. Just as Jason suspected, it’s plain nuts!

When these QoS falsehoods first appeared, Microsoft tried to counter the bad information with MS Support article 316666, “Windows XP Quality of Service (QoS) enhancements and behavior.”

Unfortunately, it’s dry reading and was no match against articles promising a magical speed boost. Let’s set the record straight: when you’re on sites and services that don’t use it — and that’s most of them — QoS doesn’t get in your way. There’s no downside to leaving QoS enabled all the time.

When QoS is enabled and you’re using a service that supports it (voice over IP is another example), QoS will kick in and do what it’s supposed to do — improve your online experience. VoIP and streaming media are exactly the kinds of services where you want the smoothest connections possible!

Note: It does no good to try to figure out which sites and services are QoS-enabled; it’s just there when you need it. Also, diddling with the QoS settings won’t help anything and may actually make some online services and sites perform worse by preventing them from getting the bandwidth they legitimately need.

Bottom line: QoS requires no user intervention — period! Just ignore those sites that promise better Internet performance.

Setting up Remote Desktop over dial-up

Peter’s question gets right to the point:

• “Is it possible to use XP’s Remote Desktop Connection over a dial-up telephone line?”

Absolutely, Peter! For a remote desktop connection (RDC) to work, you have to set the modem on the host/target PC (the one you want to control remotely) to automatically answer an inbound data call and establish the data connection. You also need to have Remote Desktop Access enabled on that PC.

You set up the second PC to originate the phone call — to dial out to the other machine. Once the RDC is established, you can log in on the host machine and run it remotely.

Windows’ RDC settings let you tune its performance for the available bandwidth, mostly by suppressing nonessential graphical elements of the user interface when using low-speed connections. Figure 2 shows XP’s RDC dialog, but RDC works essentially the same in Vista and Win7.

Figure 2. You can suppress nonessential, bandwidth-hogging elements of the Windows user interface when you’re using a remote desktop connection over a slow line.

With the right settings, you can get quite acceptable performance for most office-type tasks (word processing, e-mail, etc.) — even with dial-up.

There’s plenty of information online to help with the details of setting up and using Remote Desktop Connection. Here’s a sampling:

• MS TechNet’s topic, “Configuring Remote Desktop”
• MS’s article, “Remote Desktop in Windows XP Professional”
• TomsHardware.com’s forum discussion on “Remote Desktop over dial-up”

Installing software for multiple user accounts

Will Doak ran into a snag on his PC:

• “I am puzzled. I have two user accounts on my PC. I installed Microsoft Office on one account. It’s not available in the program list in the other account.

  “I also installed IrfanView on one account: it also doesn’t show in the program list in the other account, but it’s available in Explorer under the ‘Open with’ option.”

You’ve found perfect examples of the two most common types of problems that can happen when installing software on PCs with multiple user accounts.

One is simple, but easy to miss. During installation and setup, many programs, including IrfanView, specifically ask how you want the software installed: just for the current account or for all users on the system. (See Figure 3.) I suggest you uninstall IrfanView and then reinstall it with the “For all users” option selected.

Figure 3. If you go too fast when setting up new software, you may overlook an option to install the program for just the current user or for all users.

The other common multi-user problem that sometimes affects applications such as MS Office (and similar tools) is permission conflicts between user accounts. MS Support article 898512 might get you pointed in the right direction.

Insomniac PC simply won’t stay asleep

Gerrit Vos’s PC won’t snooze as it should.

• “My Win7 PC refuses to go to sleep. When I use the Windows button to shut down, it gets to the lowest point but then starts up all over again.

  “Do you have an idea?”

Here are two likely causes to check, Gerrit.

Often, sleep/suspend/hibernate problems are caused by driver issues — something in the driver software fails to respond to the power down request sent by the operating system.

I suggest you visit the support pages on your PC vendor’s Web site and/or the sites of the subsystem (audio, video, networking, and such) providers. Make sure you have the correct, latest, drivers for your system.

Personally, I prefer to update drivers manually because you can control more variables. But if you want to try an automated driver-update site or service, see Scott Dunn’s July 31, 2008, Top Story, “Don’t get burned by driver-update scams.”

Also check whether your various devices are set properly so that Windows can power them down. Vista, for example, is notorious for not setting up its devices’ ability to power down properly. Win7 usually gets it right, but it’s worth checking anyway.

To check your power-down settings, open Windows’ Device Manager (see Microsoft’s Help & How-to article), and right-click on each device, one by one. Select Properties and then navigate to the Power Management tab (if one is offered, as shown in Figure 4). Make sure that the “Allow the computer to turn off this device … ” option is enabled for each device.

Figure 4. Use Device Manager to ensure that each system device can be controlled by Windows’ power management.

When all your PC’s devices have the correct current drivers and Windows Power Management is properly enabled for all the devices, your PC should be able to sleep soundly once more!

Fred Langa is a senior editor of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

Make your e-mail more professional and portable

By Susan Bradley Your e-mail address can leave business associates with a good — or not-so-good — impression of you as a businessperson. Creating a custom domain name for your e-mail can make your correspondence look more professional, and setting it up isn’t as hard as it might seem.

Good business reasons for unique domain names

In these days of digital communication, rapidly changing jobs, and intense competition, it’s important that your e-mail address — the domain name — reinforce your professional image. But many’s the time I’ve received e-mails from business collaborators that end with aol.com, hotmail.com, or some similarly generic mail service. It simply never looks as professional as it should.

Free e-mail addresses such as hotmail.com or gmail.com have their place — they’re good for personal e-mail and throwaway accounts. But an e-mail address with a unique domain name (sometimes known as a vanity address) will go a lot further in enhancing your image as a professional businessperson.

And if you’re not concerned about image, there’s another good reason to use a custom-domain address (one not tied to a specific Internet service provider) — you can take your e-mail account with you when changing Internet service providers (ISPs), moving to a new location, or changing jobs.

Keeping and managing old accounts can be a pain. Take me, for example. Long ago, I started using an e-mail account tied to the local telephone company. Because I have so many contacts tied to that account, I’m extremely reluctant to abandon it. So I have to keep it — and keep paying for it — along with my other accounts. (However, it’s a point of pride that I can still be contacted on my ancient Usenet address.)

There are ways to manage the migration from one e-mail service to another. Here’s how.

Untethering your e-mail address via Web hosting

The best place to acquire a personal domain name and set up a new e-mail system is with a Web- or e-mail-hosting service. For individuals, there’s no shortage of cloud-based mail-hosting companies. (I focus on cloud-based providers only because they are the least expensive and easiest services for individuals.) Providers such as godaddy.com, readyhosting.com, Google Apps, and numerous others will provide e-mail hosting and a personal domain name — often for a price lower than buying both separately. (Check the provider’s service agreement on domain-name portability.)

Before you sign up with any provider, take a careful look at the options offered. Some vendors think that small businesses and individuals need fewer options than do enterprise users. In fact, as a small-business owner, I find I need more options.

Some ISPs, such as Comcast, also offer more advanced mail-hosting services when you open a business-class Internet account. Hosted Exchange, for example, is an online version of Microsoft’s Exchange mail server. The ISP manages the server, and you manage your mail through your browser or within Outlook. (In a follow-up article, I’ll discuss how to move to or from premise-based e-mail systems typically used by small firms — and ensure there are no lost e-mails and no downtime.)

When starting your migration to a new e-mail system, the first — and perhaps hardest — step is picking your personal domain name. If the one you want has the standard .com extension and it’s already taken, you can pick .net, .info, or several other variations. Keep in mind, however, that .com is what most Internet users expect. Using an alternative might make your address harder to remember, or it might be confused with an address having the same domain name but with the .com extension.

Once you’ve selected a domain, you purchase the rights to it through your preferred Web-hosting provider. You’re essentially renting a domain name, but the fee can be less than U.S. $10 per year.

Next, set up your new e-mail account with your new domain name. You’ll access it via a downloaded e-mail client such as Outlook or a Web-based e-mail app such as Gmail. For the former, your hosting site should provide the information needed to connect to the mail server.

(If you’re using an e-mail client such as Outlook Express or Thunderbird, make sure you configure the app to send your username and password over a secure SSL connection. Otherwise, someone might steal that information by sniffing your Internet connection.)

Managing the transition to a new e-mail address

With your new personal, domain-based e-mail set up, the next step is weaning your contacts off your old address. Start by automatically forwarding all your old e-mail to your new account. Even with ISP-based e-mail, there’s usually a setting that will automatically forward your mail. Next, ensure that every response your contacts get comes from your new address. Hopefully, their e-mail client’s address book will automatically update your new contact information.

Don’t forget all those key business accounts you set up over the years that are tied to your old e-mail account. If you changed ISPs, you may need to keep a low-cost, low-capacity e-mail account with your old ISP for some period of time. That should catch any contacts you forgot to update. For many years, I paid for an e-mail redirect from ix.netcom.com to ensure I’d receive any stray mail. Typically, it takes several months to fully migrate all your key e-mail contacts over to your new addresses.

For an extra level of migration help, there are services such as emailchange.com that will list your old and new e-mail addresses.

Moving your e-mail client to a new ISP is generally easy. In whatever client you’ve selected, you create a new account and enter the needed mail-server information. For example, I might set up mail.sbslinks.com as a POP (post office protocol) account and mail.sbslinks.com as the outbound SMTP (simple mail transfer protocol) mail server. (See Figure 1.)

Figure 1. Before you can use a new e-mail account in your local mail app, you need to enter the inbound and outbound server names.

Some providers offer additional services that you might want to configure — e-mail on your mobile phone, for example. Many phones use Microsoft’s ActiveSync to synchronize mail between your phone and your mailbox account. If you read a message on your phone, ActiveSync marks it read in your PC’s inbox.

If a provider — or your phone — doesn’t support ActiveSync, you can probably use IMAP (Internet Message Access Protocol), though it has less-capable synching capabilities. For example, e-mail you’ve read on your phone could still be marked as unread on your PC.

You should check how your e-mail is handled. Just because I use a cloud provider doesn’t mean that I want my e-mail to always stay in the cloud. You can, for instance, have your online mailbox never delete e-mail, delete mail after a specified period of time, or delete only after it’s been deleted in your local e-mail app. Typically, you manage this through your e-mail client. I find it best to choose one computer as my central e-mail control mother ship — I try to use ActiveSync for all other devices that support it.

Many of the Web-hosting providers also offer online storage for files, shared calendars, and other features that you’re probably not getting from your ISP-based e-mail service.

If you move to a new ISP, you’ll be offered its e-mail service. There’s a good reason not to use it — you’ll avoid being tarred with its spam habits. I’ve seen cases where my ISP-based e-mail was bounced back because other mail providers deem my ISP’s domain a safe harbor for spammers. I haven’t found this problem with e-mail host sites I’ve chosen.

There’s one more benefit to setting up a new e-mail address. It might leave spammers behind — at least for a little while.

Your e-mail address says more about you than you might know. Set up your personal e-mail domain name and liberate your mail — now and for the future.

Susan Bradley has been named an MVP (Most Valuable Professional) by Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.

Hotmail finally gets secure — sorta

By Woody Leonhard I’m happy to report that Hotmail finally — finally — offers an optional secure Internet connection. There’s just one little problem: enabling secure Hotmail breaks other features and applications you might need.

The poster child for unsecured Web activities

In my Nov. 4 Top Story, I talked about how to secure your wireless connections so that prying eyes could not see everything you do on the Internet. I singled out Hotmail as an example of a site that does everything in the clear, allowing your mail to be read by any knowledgeable eavesdropper.

This appalling lack of secure transmissions hit home for many PC users about a month ago when Eric Butler released a Firefox add-in (info page) called Firesheep — an app that makes it a coupla-clicks easy to snoop on anybody connected to an open Wi-Fi system.

Since Eric’s add-in hit the stands, possibly thousands of Firesheep users have — while sitting in coffee shops, at work, and even at home — watched other peoples’ e-mail go by over open Wi-Fi connections or looked at other folks’ Facebook, Flickr, or Twitter entries. The threat goes beyond just watching; an eavesdropper can start acting like you, sending e-mail in your name, posting on Facebook walls, uploading pictures to your account.

There are three ways to prevent this personal-information theft called sidejacking: keep others out of the Wi-Fi router you’re using (hard to do in a public place), encrypt everything you do with something like a Virtual Private Network (the subject of my Nov. 4 Top Story), or confine your Web surfing to secure sites — ones that use the HTTPS protocol.

I took Microsoft to task in that article because its Hotmail service sends Web cookies and your e-mail over an unsecured connection. (Gmail, on the other hand, has been encrypting e-mail through HTTPS by default since January 2010.)

Then, last week Microsoft announced that it would make HTTPS access available — as an option — for Hotmail. Great news, except that turning on HTTPS breaks many parts of Hotmail. It’s a half-baked solution, seemingly rushed out by MS so it can say, “Hey, we do it, too!” Bah.

How signing into Hotmail leads to sidejacking

From a security point of view, here’s how the typical Hotmail interaction goes:

• The secure sign-on: When you type hotmail.com into your browser, you get redirected to https://login.live.com — a secure site (note the “s” in “https”) where you enter your user ID and password.
• After sign-in: Hotmail (actually, Windows Live) digests the user name and password you entered, and if they’re valid — here’s the crucial point — Hotmail then flips over to an unsecure connection. It sends your PC a cookie in the clear and moves you to a quasi-randomly assigned address such as http://sn142w.snt142.mail.live.com. Note that there’s no “s” on the “http” — this isn’t a secure connection.

  Anyone with a notebook and an app like Firesheep, watching your traffic flow across an open network, can intercept your Hotmail cookie and use it as his own. That’s the sidejacking.

• Click to your inbox: If you are a heavy-duty Hotmail user, the link to your inbox may be a bit hard to find; the page is cluttered by your social updates and offers to hook up with Facebook, MySpace, or LinkedIn, plus lots of advertising — but I digress. All of the interaction takes place over an unencrypted HTTP connection.
• In an unsecured mailbox: Click on the link to go to your inbox, and you’re still on an unsecured HTTP site. And if you’re using an open (no password required) wireless connection, everything you do is easily sniffable with Firesheep. Even if your wireless access point requires a password, you can be sniffed if someone else has that password. Any reasonably determined snooper can sidejack your session without Firesheep.

Hotmail’s new security capability can keep your e-mail interactions on HTTPS sites. There’s no immediate flip into HTTP, so no chance your cookie gets nabbed — or that a Firesheep user sees what you’re doing on the Net. In other words, Hotmail can finally work much like Gmail.

Oddly, Microsoft did not make switching on HTTPS all that easy. You go to your Hotmail account overview page and find the link labeled “Connect with HTTPS.” (It’s near the bottom of the page.) Click the link, and you’ll find the radio-button option for activating HTTPS.

But wait! Before you take that step, let me warn you about the not-so-minor gotchas.

What you lose with HTTPS turned on in Hotmail

Three things break when you enable secure Hotmail. Dick Craddock described them briefly in his Windows Live Team blog, but there are more problems lurking beneath the surface.

First, if you turn on HTTPS, you can’t use Outlook to gather your Hotmail! Outlook Hotmail Connector can’t interact with HTTPS pages.

I know several people who routinely use Outlook to manage their Hotmail accounts. Connector lets you combine Hotmail with other mail accounts, in one place — Outlook. The rules you create in Outlook work on Hotmail, and the Safe Sender and Blocked Sender lists in Outlook are automatically synched with Hotmail.

That all goes away if you turn on HTTPS.

Second, Windows Live Mail also won’t work with a secure Hotmail account. All access to the account is blocked; you can’t receive or send HTTPS Hotmail from Windows Live Mail. The fundamental problem is the same as with Outlook — Live Mail can’t talk over an HTTPS connection. That’s so bizarre.

Third, if you turn on HTTPS, you can’t pull your Hotmail into a Windows Mobile 6.5 (or earlier) phone. The Windows Live application for Symbian does not work, either.

As far as I can tell, Microsoft hasn’t released any details about fixing these apps.

Here’s the part that really hurts. If you opt not to switch to Hotmail HTTPS permanently — if you don’t want to break Outlook or Windows Live Mail — you can use a secure connection temporarily by simply starting your Hotmail with https://hotmail.com.

But take note: If you do that and you then decide to go to your calendar, edit a contact, or go to some other site, returning to Hotmail will drop you out of the HTTPS connection. And once again, you’re exposing your Web sessions to data-sniffers.

The best techniques for using secure Hotmail

So what’s a Hotmail user to do?

If you are a hard-core Hotmail user, you are surely tempted to curse Microsoft. These limitations are completely bogus. They are basic security functions within and between Microsoft products that the company should’ve fixed years ago. Microsoft spent millions putting social networking into Windows Live Wave 4. So why didn’t they spare a few shekels to fully enable HTTPS connections in Mail? Harrumph.

Anyone who doesn’t use Outlook, Windows Live Mail, or Windows Mobile 6.5 (or Symbian) to connect to a Hotmail account clearly should turn on HTTPS in the Hotmail account settings. You should do that even if you run a Virtual Private Network or access Hotmail only over wired connections. It just makes sense to keep your mail encrypted. Firesheep isn’t the only means to acquire your personal sign-in information or watch your Hotmail messages pass across the Net.

If you use Outlook, Windows Live Mail, or Windows Mobile 6.5 to get at your Hotmail and you aren’t willing to give up the convenience of those apps, you’re caught between a rock and a hard place. Start your Hotmail session by entering https://hotmail.com into your browser. Then take care not to venture outside the main e-mail editing pages.

As already noted, do something as simple as jumping to your calendar and you’ll no longer have a secure session when you go back to Hotmail. At that point, your only choice is to sign on to the secure Hotmail site again.

Maybe Microsoft will get this newfangled cloud stuff some day, eh?

Woody Leonhard‘s latest books — Windows 7 All-In-One For Dummies and Green Home Computing For Dummies deliver the straight story in a way that won’t put you to sleep.