Notes from the RSA Conference on security

Using Win8's File History with multiple drives

How to ensure that Windows 8’s File History doesn’t get confused if you use more than one external drive.

Plus: Curing Photo Gallery file-access problems, restoring access to a password-locked router, and mitigating XP end-of-support security concerns.

How to make File History retain drive IDs

Like many users of Microsoft’s latest OS, Don Williams is getting his sea legs with Win8’s File History.

• “I understand about assigning an external drive to File History. But what happens if you connect a different external drive — not the drive originally used for File History backups?

  “How can I ensure that File History won’t write files to the wrong drive?

  “If I turn File History off and then back on again, will it start all over again from scratch, or will it pick up where it left off?”

Windows should — I repeat: should — be able to keep track of different external drives.

Windows typically assigns each drive a coded Device Unique Identifier (DUID). The identifier is generated the first time you attach a drive to a Windows PC, and it’s completely separate from whatever drive letter you might assign to the drive.

To create a DUID, Windows uses a combination of the drive’s internal hardware specs and information about whatever physical connection (port, system bus, etc.) the drive is being plugged into. (For more info, see the Microsoft article, “Device Unique Identifiers (DUIDs) for storage devices.”)

By keeping track of drive DUIDs, Windows should (there’s that word again!) be able to tell which external drive was assigned as a File History destination — and which was not.

But DUIDs aren’t foolproof. They’re semi-permanent; depending on your PC’s internal hardware, they can change if, say, you attach the drive to a different port.

So the more you juggle your external drives, the more likely DUID tracking might fail.

Also, based on my own experience, File History sometimes stumbles for other reasons. For example, see the Nov. 28, 2013, LangaList Plus item, “A warning regarding Win8’s File History.”

For those reasons, I don’t entirely trust File History’s automatic routines. So when I’m going to briefly disconnect my regular File History drive in order to use another external drive, I give Windows a not-so-gentle manual assist: I temporarily disable File History. Later, when I reconnect my normal File History destination drive, I re-enable File History.

That way, there’s no possibility of File History writing files to the wrong drive.

Turning File History on and off might sound like a hassle, but it can be done with just one click in the File History dialog box. Here’s how:

• Open the Win8 Charms bar and click Search.
• Enter “file history” as the search term.
• Click the File History icon in the search-results list.
• When the File History dialog box pops up, simply click the Turn off button in the lower right corner (see Figure 1).
  

  Figure 1. Just one click turns File History off or on.

Later, when you reconnect your normal File History drive, simply reverse the process to turn File History back on. It should then pick up from where it left off, backing up only the files that have been added or modified since the last time File History ran.

To be fair, I’ll note that those steps shouldn’t be necessary — the DUID system will usually let Windows correctly track which drive is which.

But I’d rather not relegate backups to “I hope it’s working” status. As mentioned earlier, I’ve experienced one case where File History was not working correctly! If, like me, you prefer a belt-and-suspenders approach to backups, you should not mind taking the few seconds needed to manually disable/enable File History — and help ensure that things are working as they should.

Photo Gallery lost access to his photos

Raymond Easley ran into a common file access problem.

• “When I use Windows Photo Gallery to view images on my system, I get the following message:

  ‘Photo Gallery cannot open this photo because you do not have permission to open this file location.’

  “Photo Gallery has always worked before. The trouble started a couple of weeks ago, and I’m not sure why. Can you help?”

Sure, Raymond! A search of various online tech forums shows that this is a fairly common problem.

The trouble is almost always due to unintentional changes to the files’ permissions and sharing settings. It can happen through software malfunction or human error. It can also occur when Windows tries to protect you from files added from what it considers potentially unsafe locations, such as when you import photos from the Web.

Resetting the file-access and -sharing permissions usually clears up the problem.

Although you can manually change the permissions, an automated, free, Microsoft Resource Kit tool — subinacl.exe — makes it much easier to process large numbers of files or folders.

I discussed subinacl.exe as one of several fixes for file-sharing problems in the Jan. 16 LangaList Plus item, “Correcting permissions to re-enable file sharing.”

A Microsoft Community thread contains a 10-step how-to on downloading and using subinacl.exe.

If that tool doesn’t correct your problem, I suggest you try the several alternative fixes discussed in the Microsoft Community thread, “Photo gallery can’t open this picture because you don’t have permission to access the file location.”

Regaining access to your own network router

Harry has lost control of his router and can’t get at the settings.

• “I need to reset all the settings on my ASUS router. I’d like to know if there’s some software that would scan my computer and give me the user name. I think I could then work on the password.”

Your best bet for regaining access to your router’s settings is a hard reset — also sometimes called a factory reset. This will reset the router back to the original user name and password. The hard reset is usually handled via a recessed button or switch on the back or bottom of the router (see Figure 2).

Figure 2. Most routers can be returned to the original default setting by pressing a recessed reset button (circled in yellow), usually found on the back or bottom.

The reset is quite simple, using these steps:

• With the router plugged in and turned on, insert a paper clip (or similarly slender, but firm, wire) into the reset-switch hole.
• Depress and hold the recessed reset switch for 15 seconds or so.
• Release the switch (removing the paper clip from the hole); the router will restart with all settings returned to their factory defaults.
• Set up your router as you wish — including establishing a new admin username and password.

You can typically get full instructions for setting up any router by visiting the manufacturer’s website or by searching the Web, using your router’s brand name and model number.

Security concerns about XP’s end of support

Richard Loring would like to keep a dual-boot XP setup safe and alive after XP’s scheduled end of life next month (April 8, 2014; more info).

• “Hi, Fred! After XP support ends, could the following concept help with XP protection?

  “On a system with dual boot — XP and Windows 7 — run Microsoft Security Essentials [MSE] in custom mode within Windows 7 and check the XP drive for virus problems.”

That might help — but it also might not be necessary.

The exact details of XP’s end-of-life status are still in flux. As Woody Leonhard reported in the Feb. 6 Top Story, Microsoft might continue to update MSE and the Malicious Software Removal Tool (MSRT) for XP for another year.

This will help, but it doesn’t change the basic problem with XP’s end of life: Microsoft still plans to stop releasing patches and updates for the operating system itself. Newly discovered vulnerabilities in the operating system will no longer be fixed. And given the millions of XP systems still in use, hackers will continue to look for ways to compromise this very old OS.

Your idea of dual-booting and using a second, up-to-date OS to scan the XP drive isn’t without merit — at least for defending against some classes of malware. But an anti-malware tool running on, say, Win7 or 8 might not be configured to look for XP-specific malware on the other drive. So I wouldn’t rely on a dual-boot technique as your complete means of defense.

To my mind, Susan Bradley’s Dec. 19, 2013, Top Story, “Securing XP PCs after Microsoft drops support,” is still the single best source of information for those who want — or need — to keep XP running after end of life. If Microsoft does decide to keep XP versions of MSE and MSRT updated for a while, so much the better.

But again, all these approaches are Band-Aids. Nothing anyone can do will magically make XP into a modern, up-to-date operating system that’s able to handle the threats and conditions of today’s Web. If at all possible, it’s time to let XP fade away.

Rethinking passwords and their keepers

When Lounge member DavidToronto aired his reservations about password managers in the Security & Scam forum, he launched a discussion about security that went well beyond how one uses a particular tool.

The ensuing conversation covered practical matters — and some philosophical ground, too.

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	Macro for search-and-replace
Word Processing	Opening corrupt document
Spreadsheets	Unable to determine download link
Databases	Adding error message or capturing default error message code
Visual Basic for Apps	Copying Excel data to Word
Microsoft Outlook	Tools for troubleshooting Outlook lockups?
Non-Outlook E-mail	Can’t install Windows Live Mail
Other MS Apps	Sign-ins, aliases, and OneDrive
Windows
General Windows	Suggest Computing 101 topics?
Windows 8	Clipboard stuck on Paste command
Windows 7	Windows Security Update KB 2840149 broke desktop
Windows Vista	Need Vista Home Premium x64 SP2 installation DVD or ISO
Windows XP	Win7 and Win8 Upgrade Advisor failure
Windows Servers	Two Exchange servers under AD? Need help urgently
Internet/Connectivity
Internet Explorer	IE 11 (for Win7) no longer “remembers” homepage sign-in
Third-Party Browsers	Java in Firefox
Networking	Mirror laptop to smart TV
Social Media	Skype permanently online?
Other Technologies
Security & Scams	Password managers can let you down
Maintenance	Storing system image of C: drive to other PC’s C: drive
Hardware	Laptop won’t boot with second drive
Graphics/Multimedia	LightScribe drive not recognized
Other Applications	µTorrent blocked on Win8.1

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

Notes from the RSA Conference on security

Long gone are the days when PC security mostly meant installing anti-virus software and keeping it updated.

Today, the digital assault on our money and privacy is expanding and changing at a truly mind-boggling pace.

Cyber crime and privacy theft now threaten our mobile phones and tablets, our email and phone calls, retailers’ credit-card terminals, and all online sales and services — potentially any digital device or network with some form of onboard computing capability. (How long will it be before we’re regularly updating the antihacking capabilities of our cars’ onboard computers?)

Defending us against the mounting cyber threat are thousands of security professionals, many of whom met at the recent RSA Conference in San Francisco. Although the main focus of the conference’s attendees was enterprise and government security, it was clear from my talks with show vendors that end users — all of us who connect with the World Wide Web — are the ultimate victims of cybercrime. And, in many cases, we’re also the weakest link in the anti-malware chain, according to security experts.

As I did nearly a year ago (see the March 21, 2013, Top Story, “The malware wars: How you can fight it”), I sat down with security expert Andrew Brandt at the conference and discussed the latest in the battle against malware. Andrew is Solera Networks’ director of threat research, Advanced Threat Protection Group.

The honey pot — luring malware to open servers

With malware code changing with chameleon-like rapidity, security companies are constantly looking at new malware to understand how hackers are operating, how they smuggle their malicious code onto our digital systems, and what actions the code performs when it activates. Security companies must then rapidly adjust their defenses accordingly.

Looking for new threats is what Brandt does all day. Working out of an underground bunker, he monitors an array of intentionally vulnerable PCs.

“It’s called a honey pot,” explains Brandt. “The purpose is to welcome attacks, so I can examine the attackers’ methods of gaining entry and deconstruct their code to see what tasks the code is set up to perform. Once that’s figured out, we can construct a defense to prevent the exploit from functioning.”

Many security companies use honey pots in a network (known as a honey net) for early-warning surveillance — but sometimes also as a decoy to direct malware attacks away from production servers.

“This is a game of cat-and-mouse or whack-a-mole, because attackers doggedly make changes to their code to infiltrate systems once again,” notes Brandt. Systems are most vulnerable after a new exploit is discovered and before security companies create and distribute a defense. During that time, any attempt to compromise systems with the new exploit is called a zero-day attack.“

“The second you connect to the Internet, you’re fair game to hackers. While most Web-based attacks employ JavaScript [not to be confused with Java, Oracle’s executable application], many use vulnerabilities in Java, Adobe Flash, or Microsoft’s Silverlight,” says Brandt. JavaScript is commonly used to automate tasks in a webpage.

Every webpage your browser loads is an opportunity for malware, explains Brandt. For example, one of the standard page-display operations is identifying which browser — Chrome, Firefox, IE, etc. — requested the page. Also, the browser loads all associated parts of the page, including third-party ads.

Brandt notes, “Hackers basically throw the kitchen sink at browsers on page loads. They will write conditional statements such as if IE, try this; if Firefox, try this; and if neither of those is receptive, go to the next step. This all happens instantly.

“Exploits can happen on any webpage. For example, the New York Times homepage once delivered malware to visitors because an exploit was loaded inside a banner ad placed by an affiliate advertising service.”

Malvertising: Web ads that trick your clicks

Web-based advertising can be fertile ground for malware-based attacks. Malvertising (also known as social engineering) is specifically designed to trick you into clicking a link, which then takes you somewhere you never intended to go.

For example, many PC users still fall for those big, bright scareware ads — “Your computer has 300 infections; click here to fix it!” (For more on this topic, see the March 18, 2010, article, “New names, new threats from fake security apps.”)

Some of the most pernicious ads are cleverly disguised as legitimate content — especially on freeware sites. No doubt you’re familiar with this ploy: a webpage for an app you want has a big download button (sometimes more than one); but clicking the button actually downloads an app you had no intention of installing.

Some of these potentially unwanted–program (PUP) downloads are relatively benign. They can be blocked from installing by unchecking a box during the installation process, or they are easily uninstalled.

Figure 1. On freeware download pages, it can be difficult to tell which link downloads the application you want and which downloads an unwanted program — or even malicious code.

But the most dangerous malvertising is malicious: clicking a disguised or fake link installs code that might, among other things, steal passwords, record your keystrokes, or even make your PC into a robot that delivers malware to others every time you connect to the Internet.

“Probably the most hazardous infection for PC victims is CryptoLocker ransomware [shown in Figure 2], and it usually enters your system after you’ve become infected with something else,” notes Brandt. CryptoLocker encrypts all documents on your hard drive; victims are then given about 72 hours to pay up — or they never get the decryption key. The ransom is usually around U.S. $300 to $500. For people who don’t have backups on another drive or in the cloud, all that data is lost if you don’t pay up. (For more on CryptoLocker, see the Oct. 24, 2013, Top Story, “CryptoLocker: A particularly pernicious virus.”)

Figure 2. Here's a warning you never want to see. CryptoLocker could be the most serious threat to PC users today.

As Brandt noted, some malware finds its way onto online ad-serving services. For that reason, services such as DoubleClick (now part of Google) and ValueClick scrupulously vet their affiliate advertising agencies. But malvertising coders still find ways around the vetting.

“Malvertising scams require significant advance planning,” explains Brandt. “One step the hackers take to evade ad-checking is to register a domain and then park it for 12 to 18 months before using it. They know that part of the vetting process checks whether a domain has been previously blacklisted in the past year.

“By parking it, the hacker’s domain stays clean and will probably pass muster. They can then place advertising-agency ads that have embedded, obfuscated JavaScript. Although initially unreadable, the script is sort of like a self-assembling jigsaw puzzle that can then do its nasty handiwork when reassembled.” Once these domains are caught and blacklisted, they go dark for another year or so — then come alive again and evade agency vetting.

Downloading ebooks: When cheap is expensive

Thanks to Amazon’s Kindle, Barnes and Noble’s Nook, and a host of smaller vendors, ebooks have exploded in popularity — and so has the availability of pirated “free” books, found mostly on peer-to-peer networks but also available on so-called file-hosting services. Cheapskates balking at paying $10 to $15 for legitimate downloads can acquire unlocked copies of copyrighted bestsellers from hosting sites such as DepositFiles, uploaded.net, Rapidgator.net, Novafile, and TurboBit.net. But the downloads might come at a heavy cost in the form of tag-along malicious apps.

As discussed in Brandt’s RSA Conference presentation, those sites also host many PUPs and other malvertisements. Download an ebook or other file, and various buttons attempt to foist fake updates for media players, codec packs, Flash updates, and browser add-ons on unsuspecting visitors.

The sites are also filled with recurring pop-under and pop-over ads (usually containing annoying video and sound) that can be difficult to eliminate. In some cases, quick downloads are offered for a fee, while completely free downloads require navigating multiple pages loaded with misdirecting download buttons and links.

As Brandt sighs, “All this trouble just to avoid paying for an ebook.”

The growing threat to our cellphone data

This past January, Harris Interactive conducted for WinMagic a survey of some 2,000 adults who own a laptop, desktop computer, or mobile device. The company wanted to find out what personal data users considered most at risk if their devices were lost, stolen, or otherwise compromised.

In the survey, 62 percent of respondents selected personal email; pictures and video followed at 54 percent, and social-media accounts came in at 37 percent. Surprisingly, only 38 percent of respondents deemed banking and financial information most at risk. That gives you some idea of the typical computer user’s priorities.

When asked about their security protocols for their digital devices, just 31 percent of the survey respondents regularly change their passwords — and a mere 14 percent encrypt their data. It’s small wonder that end users are considered the weakest link in the cyber-security chain.

In Blue Coat Systems 2014 Mobile Malware Report, the security company points out, “For desktop users, search-engine poisoning and email links are by far the most prevalent vectors that drive users to threats or malicious content. When we look at mobile users, however, we see a much different picture. Search engines barely crack the top 10 — sending unsuspecting users to malware only 3.13 percent of the time.”

Because Apple keeps its operating system for iPhones (iOS) tightly controlled, and its tightly vetted apps are downloaded in a virtual sandboxed environment, its devices have — so far — escaped malware intrusions. Google’s Android operating system, making up the majority of cellphones, has been more susceptible. As Blue Coat’s report notes, “Increasingly, mobile users are being subjected to more ads — even more so than PC users — as sites everywhere continue to refine their mobile advertising strategies. This is a particularly worrying trend, as it coincides with a significant increase in malvertising.”

In February 2014, Web ads became the single biggest threat for mobile users, according to Blue Coat Systems. One time in five, a user is directed to mobile malware via Web ads. That’s triple the number recorded in November 2012.

Malware/malvertisement risk on mobile devices

Blue Coat’s advice is simple: avoid clicking ads on your mobile device. Consider blocking Web ads altogether. Never download or purchase an app outside legitimate markets such as Apple’s App Store, Google Play, or Amazon. (Oh, yes: avoid pornography sites on your phone or tablet.)

One reason Android phones are more prone to malware is that they feature premium Short Message Service (SMS; more info) apps. Many of these apps/services are scams in disguise; they quietly charge a user’s mobile-phone account a per-use or per-month fee. They’re akin to the old 900 number scams that bilked customers of millions of dollars. Some premium SMS apps were established to let users donate money to a charity or for natural-disaster relief — a perfect foundation for malware. Instead of helping someone that needs it, that $5 donation goes to a cybercriminal’s favorite cause — himself. (In the U.S., most mobile users can report these scams to their carrier by forwarding spam SMS messages to the number 7726 — “spam” on the dial pad.)

At the RSA security conference, the security software company Webroot (site) reported that 42 percent of Android applications checked between 2011 and 2013 were classified as either malicious, unwanted, or at least suspicious. Webroot also found that in 2013, the majority of potentially dangerous apps were broken down as: SMS malware, 38.7 percent; ad-based PUPs, 39.8 percent; and malware using obfuscated coding, 8.9 percent.

On iOS devices, 92 percent of apps were deemed “benign.” The other 8 percent were possibly vulnerable, low- or no-cost ad-based apps.

If all this information leaves you feeling a tad nervous, you should be. Cyber criminals are getting ever more determined and creative. Security research firm HBGary (site) reported in February that it reverse-engineered an exploit that used Skype as a transport for malware. Once discovered, the vulnerability was plugged, but the incident demonstrates the lengths hackers will take to spread malware across the planet — and the challenges security companies face chasing new exploits down.

It’s a never-ending game of cat and mouse. In large part, it’s up to us to help ensure the cats don’t win.

Getting past obstacles but not over your nerves

Hikers, bikers, drivers, and train passengers can test their luck and courage on bridges all over the world. Would you willingly cross platforms that seem to float miraculously high over chasms, or tread on old rope-and-wood constructions swaying over rocks and rushing rivers? Take a look at the video and ponder whether you’d cross one of the 25 scariest bridges. Click below or go to the original YouTube video.

Simple ways to back up your most precious files

Backing up your PC on a regular basis is the only sure-fire way to protect both your system software and your data.

There are many backup options; here’s why separating system backup from data backup can make your computing life a bit easier.

Full-system backups verses file backups

What on your hard drive or SSD most needs to be backed up? Not Windows, nor your applications. Both can always be reinstalled, but it will take time and work. So keeping them backed up is always a good idea — but it’s not essential.

What absolutely must be backed up are your data files — the documents, spreadsheets, photos, songs, and other stuff stored in your various Windows libraries. Without a backup, you can’t simply reinstall that report you worked on all month, your children’s baby pictures, or your tax information. These files need to be backed up — and backed up again every time they change.

There are various ways to archive data files, but for this article I’ve focused on local backups to an external hard drive — the fastest and, in the long run, cheapest technique for protecting your precious information. I also talk about three free file-backup utilities.

Leave your system backups to Windows’ built-in tools (or to better system-backup programs). A file-backup program doesn’t care about the Windows Registry, the Master Boot Record, or other Windows components. But it’s the perfect tool for the daily chore of backing up your work.

For a more extensive look at general backup technologies and techniques, see Fred Langa’s two-part series, “Sorting out the revolution in PC backups,” Part 1 (Feb. 13) and Part 2 (Feb. 20).

Backup target locations: Cloud vs. local drive

Cloud-based data storage is growing rapidly in popularity — and for good reason. Putting hundreds of miles between your PC and a backup system hardened against failure adds considerable protection. Fire or flood might destroy your PC and local backup drive, but data backed up to the cloud will still be safe.

But cloud-based services are not a perfect solution. Unless you’ve got an end-to-end, fiber-optic connection between your home or office and Web-based, cloud-storage servers, moving large quantities of files up to and down from the cloud will be frustratingly slow. A backup that might take minutes with a USB connection to an external hard drive could take hours with cloud storage. And your initial backup to the cloud could stretch out into days — or even weeks.

Moreover, if you need to back up more than a few gigabytes, cloud backup can get expensive. You could easily spend more than $100 a year for sufficient online storage space. Compare that to the cost of a single external drive.

What to look for in a data-backup program

Truth be told, you can use almost any backup program for data files — including the tools that come with the various versions of Windows. But most of these apps make poor assumptions about what you need for preserving data. Often their primary solution is an image backup; some insist on a dedicated drive for storing backups, even if you’re never going to fill the entire drive; and some assume you’re going to keep the backup drive plugged in 24/7. (As I note below, there are good reasons not to leave a backup drive connected at all times.)

Here’s what to look for in a good, local, data-backup app:

• Easy, schedule-free launching: Someone once decided that backups should be on an automated schedule. That probably made sense in an IT environment where networked PCs can be awakened in the middle of the night and automatically backed up to a server. It’s not so convenient at home or in a small office.

  Scheduling an automated backup for the hours you’re not working on the PC typically means leaving the machines on 24 hours a day. Also, the backup drive must be connected to the PC at all times. That leaves the drive susceptible to many of the same disasters that might take down the system’s main drive. Generally, it’s safer to manually plug in the backup drive and launch the backup — on your schedule. And that task should be as easy as possible.

• Target versatility: The backup app should let you define not just the target drive but also a specific folder. That makes it easier to back up multiple computers to the same drive.
• Versioning: Sometimes you don’t need yesterday’s version of a report — you need last Tuesday’s. A good program keeps multiple versions of changed files.
• Purging: This is the flip side of versioning. If you keep all versions of all files, your backup drive will eventually fill up. Purging automatically removes older versions of files.
• A common file format: You shouldn’t need a backup program to restore files. Look for a program that archives files either unchanged or in the standard .zip format — or, better yet, offers both options.

Now that we know what we’re looking for, let’s look at some apps that fill our requirements.

Cobian Backup: Powerful backup made harder

Cobian Backup (site) meets all the criteria listed above. You can select a target folder or even FTP the backup to an Internet server (again, at a relatively slow transfer speed). It saves multiple versions of a file, and it will purge the older ones. You can also choose to simply copy the files or compress them into .zip archives.

Unfortunately, Cobian Backup is absurdly difficult to set up. The problems start with the installation process, which asks whether you want to install Cobian as an application or a service — without explaining the difference. I recommend choosing the application; it’s simpler.

When you launch the program, it loads an icon into the Windows notification area. Double-clicking the icon pops up a somewhat ugly main window. From there, you click a blue-cross icon (see Figure 1) to create a new backup routine (which Cobian calls a task). That pops up an eight-tabbed setup dialog box (see Figure 2), but there’s no wizard to step you through the process and the setup dialog box contains no help or explanations. If you don’t understand what an option means, you Google it. This program still calls folders directories.

Figure 1. Cobian Backup's cluttered main window

Figure 2. Setting up a new backup task opens up an extensive list of options.

Here are some suggestions and explanations about filling in that dialog box:

• General tab: Just leave it set to the defaults.
• Schedule: Don’t schedule; just select Manually. Cobian doesn’t handle schedules well if the drive isn’t already plugged in.
• Dynamics: This is where you control versioning and purging. The Full copies to keep option controls purging. If you set it to 2, Cobian keeps only the two most recent full backups. The Make one full every … option lets you control how frequently it creates a full backup. For example, if you enter 6 and back up daily, you’ll get a full backup every week and incremental backups every day in between. Combine that with the Full copies to keep option set to 2, and you’ll always have up to two weeks’ worth of backups.
  

  Figure 3. Versioning and purging are set in the Dynamics settings box.

• Archive: Use this tab to control the backups’ format. I recommend No compression, which copies the files unchanged. I prefer this to the option of making .zip files because it’s one less layer between you and your archived files. Also, ZIP files can cause problems with very large backups. Finally, with so many data formats using built-in compression, zipping doesn’t save much room anymore.
• Events: You can set up Cobian to do something else before or after the backup. For instance, you can have it hibernate your PC when it’s done.
  

  Figure 4. The Events pre-backup and post-backup settings

Don’t look for a restore option in Cobian Backup — it doesn’t really need one. If you need to restore a file, you simply search for it in Windows/File Explorer.

Should you lose all your data files, simply drag the most recent full backup to the appropriate location and then drag the subsequent incremental backups.

BackUp Maker: The best all-around choice

When I started experimenting with ASCOMP’s BackUp Maker (site), my first impression was “Great! I’ll never have to use that difficult Cobian again.” Here was an easier, friendlier program that did everything I wanted.

Well, as I soon discovered, almost everything I wanted. BackUp Maker can’t copy files — it creates only .zip backups. That proved to be a problem with large backups. Many external drives are formatted for FAT32, which can’t handle files larger than 4GB. And in the course of creating the ZIP backups, BackUp Maker puts a lot of temporary files onto your main hard drive — and if the app runs out of room, it stops dead.

All of that is extremely frustrating because, when it comes to ease of use, BackUp Maker can’t be beaten — at least among the applications I looked at. Click the big yellow BackUp button (see Figure 5) on the home screen, and a wizard walks you through setting up a backup routine.

Figure 5. BackUp Maker's main screen keeps it simple.

It’s a long wizard — 12 pages — but most of the options are pretty clear. A pull-down menu at the bottom of the window lets you jump ahead within the wizard, so you don’t have to step through it all every time you want to edit the routine.

Again, BackUp Maker offers many but not all of the features that make Cobian exceptional. You can set it up to do a full backup after a set number of incrementals and delete backups as they get old. You can also have Backup Maker hibernate or shut down the PC automatically at the end of the backup task.

BackUp Maker has some excellent touches that Cobian lacks. For instance, the USB detection option can start the backup automatically when you plug in the external backup drive (and yes, it recognizes the right drive).

Unlike Cobian, BackUp Maker has its own restore tool. However, it’s all but useless: you can’t even begin to recover a file unless you know the day it was backed up.

Fortunately, you don’t need the restore tool. You can use Windows/File Explorer to search for and recover files within the .zip archives. But you might need to change a Windows setting to allow the searches. In the Start menu’s “Search programs and files” field (or in Win8’s Search charm), type “folder options.” In the Folder Options dialog box, select the Search tab and check Include compressed files (ZIP, CAB …).

EaseUS Todo: File backup as an afterthought

I’ve recommended EaseUS Todo Backup Free (site) so often (most recently in the Jan. 30 Top Story, “Going small(er): Trading spinning disks for SSDs”) that I’d feel hypocritical not mentioning it here.

Although EaseUS offers file backups, that’s not what it’s really about. Its forte is full-image backups — and for that purpose, it’s a great tool. It’s what I still use for that occasional task. It can even clone a drive or back up your Android device.

Setting up a backup routine is quick and easy. Just tell EaseUS what you want to back up and where to put it.

But starting the actual backup — the task you’ll do every day — is far more of a hassle than it should be. After you’ve plugged in the backup drive, it takes five clicks to launch the program and start the backup — as compared to two in Cobian and one in BackUp Maker. It also archives files in its own format, which means you’d better keep a working copy of EaseUS installed if you want to recover files. The utility doesn’t support purging; when your drive is full, you need to delete older backups yourself and start the archiving process over.

In other words, Ease US Todo Backup Free is a great all-around backup program. But for the all-important job of daily file backups, it’s merely passable. As shown above, you can do much better.

No one to blame but ourselves: I often get email from frantic PC users who have lost important data files — sometimes all of them. When I ask them about a backup routine, more than a few sheepishly admit that they just never got around to setting one up (or, worse yet, they say “A what?). Please don’t be one of them. There are so many good backup options these days, it’s foolish to lose precious information by ignoring them.

Microsoft reinvents its online Office suite

Office.com is now the gateway to all Office Online apps: Word, Excel, PowerPoint, and more

On Feb. 20, Microsoft launched a new look and new tools for its free online suite of productivity apps. Here’s a quick tour.

Given the debacle of Windows 8, it seems that Microsoft is settling for small victories. Recently, it successfully relaunched SkyDrive as OneDrive (cue tepid applause), and its Web-based email system — Outlook.com — is celebrating its first birthday. And now, Microsoft’s Office Web Apps has matured into Office Online, offering users a new look and an easy-to-find central location for Word, Excel, PowerPoint, and related apps at office.com.

It all starts at Microsoft’s office.com site

Launch office.com and you’ll find a new page with Metro/Modern application tiles for popular Office Online apps: Word Online, Excel Online, PowerPoint Online, and OneNote Online. The page, shown in Figure 1, also includes tiles for Outlook.com, OneDrive, Calendar, and People.

To use Office Online, start by clicking the Sign in link in the upper-right corner of the Office Online window; then enter your Microsoft account credentials. From there, you can create new documents or work with files you’ve already stored in OneDrive.

Figure 1. The redesigned office.com gives easy access to free online versions of Office applications — once you sign in with a Microsoft account.

Working with individual Office Online apps

Click Word Online, Excel Online, or PowerPoint Online, and you’ll be presented with three options (shown in Figure 2): New blank document, Browse templates, and Recent documents on OneDrive. Microsoft claims that the three apps include dozens of new templates for quickly creating common documents — calendars, reports, fliers, and more — saving users the hassle of starting from scratch.

Figure 2. When you open Office Online's Word, Excel, or PowerPoint, you're given the choice to create a new file, start with a template, or open an existing file you've saved to OneDrive.

Office Online offers more than a simple name change. Microsoft had already been beefing up the tools in its previously named Office Web Apps, and those changes are now rolled into Office Online. Formatting controls and options for headers, footers, and tables have been added to Word; PowerPoint includes new image-editing controls; and Excel gets new functional features such as drag-and-drop plus some higher-end data-analysis abilities.

This past November, Microsoft announced it was introducing real-time co-authoring into Office Web Apps. Included in Office Online, collaboration now works the way it should — matching the collaboration tools on the desktop versions of Office. (If you want to switch from an Office Online app to your full desktop version, you can still do so by clicking Open in Word (or Excel or PowerPoint) in the app’s Office 2013–style ribbon — which includes the same annoying all-caps tabs.

In an Office Online application window, the look and feel of the menu and ribbon layout should be familiar to Office 2007 and 2013 users (see Figure 3). But there are differences. For example, the Home tab includes most of the tools you’re accustomed to, but the Insert, Page Layout, View, and Review tabs all have far fewer tools — just the essential ones.

Figure 3. Word Online has the same look and feel as Office 2013 but has fewer tools.

Clicking the File tab displays a menu that’s similar to Office 2007’s and almost identical to Office 2013’s, and that’s a change from the way the File tab looked in earlier Web Apps. One menu item curiously missing in Office Online is Save; it’s not needed because document changes are automatically saved (just as with Google Docs). Also missing in the File tab is the Options menu; Office Online doesn’t offer the customization tools found in the full versions of Office.

Office Online’s Share options are also more limited than the desktop versions’. You can invite others to view or change a document or to embed a document within a blog or website. However, there’s no option to email a file or create an online presentation, as in Office 2013.

Figure 4. Clicking Share in the upper-right corner of the Word window lets you quickly collaborate with others in real time.

Navigating Office Online with the app switcher

If you’ve used Outlook.com or OneDrive previously, you’re probably already familiar with the app switcher, the bar that appears when you click the down arrow to the right of the Office Online app’s name. App switcher, shown in Figure 5, displays the full range of Office Online apps available to you, making it easy to work with all types of documents with a single tap or click.

Figure 5. Simply click the down arrow to the right of the Office Online app's name to display the app switcher.

Working with the online apps within Office 365. In theory, you can access Office Online from within Office 365, Microsoft’s subscription-based version of Office. But it doesn’t seem fully baked. When I clicked Office Online on my Office 365 My Accounts page, I ran into a bewildering series of sign-in issues.

A rebranding that’s a bit more than a new name

Microsoft is notorious for rebranding campaigns that offer few substantive changes. Fortunately, that’s not the case with Office Online. It brings together all the Web-based Office apps in one central place that’s easy to find and remember (office.com). It has an updated look, though some users might argue whether that’s a good thing. Office Online also delivers new templates for the three main apps — Word, Excel, and PowerPoint — and it provides the app switcher to take us quickly to the tool we want to use next. All in all, that’s not bad for a set of free tools.

More important for Office users, Office Online provides another way to work productively with arguably the world’s most popular apps.

What do you think of Office Online? Weigh in with your opinions and experiences in the Lounge, using the link below.