Set-top boxes match up: Apple TV vs. Google TV

Set-top boxes match up: Apple TV vs. Google TV

By Becky Waring

The secret to choosing the right set-top box for your TV is managing your expectations.

Although these devices give TVs access to more of your audio, video, and Web media, none of them provides the one thing we really want — lower cable bills.

The odd couple among set-top boxes is Apple’s second-generation Apple TV and Logitech’s Revue Google TV. Both let you stream audio, video, and digital images to your flat-panel screen; but beyond that, they could not be more dissimilar. Of the two, I prefer Apple TV — and here’s why.

Apple TV: Positive proof that less is more

Most notable about the U.S. $99 second-generation Apple TV is what’s missing. It has no Web browser, games, or storage. It can’t play any video formats other than those supported by iTunes (H.264 and MP4). And most surprisingly — from the company that invented the App Store — it has no apps.

Instead, Apple TV focuses on a few key capabilities and does them extremely well. It streams rental movies and TV shows from the iTunes Store plus music, photos, and videos from your PC or Mac — all through Apple’s iTunes app. The box also streams selected Internet content such as Netflix, YouTube, Flickr, and MobileMe Galleries.

And it has AirPlay, which lets you stream video and audio directly from iPads, iPod Touches, or iPhones (running iOS 4.2.1) to your TV. I’ll get to this amazingly fun feature in a bit.

Connecting the Apple TV is a breeze: you plug one cable into your TV and the power cable into the wall outlet. You will have to buy an HDMI cable — it’s not included, and the box won’t connect to a TV any other way. I tried attaching an older TV with an HDMI-to-DVI cable, and while the image came through, it had a shimmery waterfall effect. (Apple states that DVI is not supported, though it may work on some TVs.) The Apple TV’s separate audio output is strictly digital.

Like the first-generation model, there’s no power switch on the box. It’s always on — and that’s probably a good thing, because it takes a minute or two to boot from a cold start.

Once you have the Apple TV connected, you run through a few quick installation screens, making selections with the tiny, three-button remote. You set up the Internet connection (which can be wired or wireless — I opted for wireless) and enter your iTunes ID and password. You also enter your Netflix account information, if you have that service.

Figure 1. The Apple TV box is absurdly small — about the volume of a couple of decks of cards. There’s not even a wall wart.

The end of the setup process drops you off at a home screen that looks nearly identical to the previous model’s. From there, you link to the computers on your network; any system running iTunes — PC or Mac — can stream music, photos, and video to the Apple TV.

Streaming media from a computer to Apple TV requires turning on iTunes’ Home Sharing feature on each system. (Make sure you are signed in to the same iTunes account used for Apple TV.) All connected systems are listed under the Computers heading on Apple TV’s home screen. If your Windows PC doesn’t show up, you may need to tweak your firewall, following these instructions on Apple’s support site. Also, make sure you have Apple’s Bonjour networking software installed.

If you want to stream photos to your TV, there’s one final step: click iTunes’ Advanced menu, select Choose Photos to Share, and then pick all photos or a specific folder.

All the content you want — in iTunes

It should be obvious by now that Apple TV is tightly tied to iTunes. If you don’t keep most of your content in iTunes, don’t want to rent movies and TV shows from the iTunes store, or don’t have an i-device (iPad, iPhone, or iPod Touch), Apple TV is not your box. And even if you’re ready to rent TV shows for 99 cents a pop, iTunes is currently missing some of the major networks. ABC, Fox, Disney, and the BBC are on board; CBS and NBC are holdouts.

With that said, Apple TV really is the perfect complement to iTunes and the ideal path for streaming Netflix on your big-screen TV, if you don’t already have a Netflix box.

The interface is simple and logical. Each of the five headings on the Home screen (shown in Figure 2) has just a few submenus, easily navigated with the minimalist remote control. Visual previews, such as DVD covers and movie trailers, let you scan your content quickly; album covers and titles display when you’re playing music.

Figure 2. Apple TV’s Home screen is a model of simplicity.

Most importantly, the interface is snappy, especially compared to Logitech Revue’s Google TV, which can crawl at times. And robust caching means you will rarely experience streaming glitches, even with a Wireless-N connection. (I don’t recommend streaming with Wireless-G.)

Although Apple TV tops out at 720p, its video quality is excellent. With streaming video, image quality is determined more by bit rate than by resolution. Currently, Netflix, iTunes, Amazon, and Vimeo all offer a maximum of 720p streaming, but at varying bit rates. With all the sources I tried, I could see no difference between Apple TV’s 720p and Logitech Revue’s 1080p on my 50-inch plasma.

Netflix streamed flawlessly through Apple TV, and the box’s Netflix interface is the best I’ve seen on any set-top box — including Roku’s.

Viewing YouTube is another matter, however. Searching is cumbersome, using Apple TV’s laborious on-screen text entry. Fortunately, there is a solution — Apple’s new AirPlay, which was added to iOS 4.2 for iPhones and iPads. I simply fired up the YouTube app on my iPhone and sent videos straight to Apple TV. With an iPad, the experience would be even better.

To use AirPlay, you touch the AirPlay button at the end of the playback bar on your i-device and choose Apple TV from the pop-up menu. Streaming starts almost instantly. AirPlay streams music too, though you’ll not see album art nor titles on your TV. But that information is already on your iPhone or iPad, of course.

Sadly, most video from non-Apple apps is blocked from AirPlay — including the popular Hulu Plus, Major League Baseball, and Vimeo apps. Netflix worked via AirPlay in the beta of iTunes 4.2, and jailbroken devices have had AirPlay enabled in all apps, including Safari, so this seems to be a conscious choice by Apple.

AirPlay also streams non-iTunes content such as photos taken with your iPhone or iPod Touch. Web-based music sites such as Pandora and Rhapsody also work — very nice!

Sending a game from your iPhone to your TV, or even sending FaceTime video, would be cool — but delays in the streaming content make this idea a nonstarter. A logical update to Apple TV would include streaming specially designed apps and games directly from your i-device.

Bottom line: iTunes users will be right at home, happily streaming all their content just a few minutes after plugging in. And unlike most of the competition, Apple TV is simple enough for the entire family — no geek credentials required.

Logitech Revue & Google TV: Where’s the content?

Logitech Revue is Apple TV’s antithesis — in design, features, and even its $299 price. Though both stream the obligatory Netflix and YouTube media, their similarities end there.

Rather than providing a walled garden of content as Apple TV does, the Google TV platform — through its built-in Chrome browser — promises everything on the Web, streamed to your TV. It also delivers a few Android-style apps and integrates with your cable or satellite box.

Unfortunately, the whole-Web promise is unfulfilled; too many of the most popular broadcast-TV sites, such as Hulu, ABC, CBS, NBC, Fox, MTV, VH1, Comedy Central, Nickelodeon, and BET, are off-limits. If you surf to one of these blocked sites and try to play something, you’ll get an error message. And changing Chrome’s settings to mimic a Windows/Explorer machine won’t fool Hulu, which has experience waging a similar war against Boxee.

Even Comcast’s Fancast site is blocked for the provider’s own subscribers, an inexplicable decision. HBO is a Google TV partner, but the HBO app seems to work only if you’re on Verizon FiOS or AT&T U-verse. When I tried to run the app, I was referred to the Fancast site — and then blocked when I tried to play the latest episode of “Boardwalk Empire.” I guess Comcast didn’t get the memo.

The shiny black Revue is about 10 by 7 inches (see Figure 3) — huge compared to Apple TV. It has an array of ports on the back: HDMI in and out for the TV pass-through, two USB ports for external storage and Logitech’s optional VID webcam, plus Ethernet and digital-audio out. There’s even a pair of IR blaster ports for controlling other devices such as your cable box and TV. (See Figure 4.)

Figure 3. The sleek-looking Logitech Revue with Google TV and keyboard.

Figure 4. Logitech Revue’s input/output ports include an HDMI pass-through and USB for external devices such as a webcam.

After you’ve attached the various cables (an HDMI cable is included), there’s a fairly long setup process, with mini-tutorials along the way to help you with tasks such as using the included keyboard.

Until I learned my way around, this keyboard was a source of some frustration. Although it has a mini-trackpad and a five-way button controller for navigation, some input methods work with Revue’s general interface but not its browser, and others vice-versa. Two OK buttons that don’t always work the same way is not OK.

But to give credit where due, for this class of product, Revue’s user interface is second only to Apple TV’s. It beats the impenetrable Boxee Box, hands down.

Once past setup, there’s a short menu of apps to choose from: the Chrome browser, Netflix, Amazon Video on Demand, YouTube, Pandora, and Twitter. (See Figure 5.) Google states that regular Android apps will also be available beginning next year.

Figure 5. Logitech Revue with Google TV’s application menu.

The apps I tried worked just as you’d expect, and Revue’s video quality was impressive. Text was especially good — even small type was readable on the big screen.

That said, I found none of these apps especially compelling — most are already on my TiVo at no extra charge. (TiVo hardware is less expensive than Revue, although there is a monthly fee.)

Dubious integration with complex AV systems

To use its enhanced programming search and media-streaming capabilities, you have to place Revue between your cable box and TV. Once in line, you can search for “Glee,” and Google TV will find episodes online and on cable. (If you own a Dish Network DVR, it can even schedule recordings for you.)

It works fairly well if all you have is a TV and a cable box. But if you have a more complicated setup, as I do, you’ll likely be resenting or discarding many of Revue’s features.

For example, I have two TiVos and don’t want a box that subjugates them. And even if I did, only one could receive the benefit of the Google TV interface. (There’s also the added complication of wires linking TV, AV receiver, TiVos, Blu-ray player, VCR, and Wii.)

Revue’s keyboard can also act as a universal remote for your TV and cable box. But using a nearly full-sized keyboard with no built-in display as an everyday remote is a nonstarter — and certainly no substitute for my elegant and trusty Logitech Harmony One remote. Since the Harmony One keeps track of what devices you’re using and will get confused if you use another remote, I didn’t use the Revue keyboard for anything but Google TV functions.

In fact, I eventually removed Revue from in between my cable box and TV and simply connected it directly to the TV — ditching its broadcast-search capabilities. I didn’t miss them.

Coming soon — the death of the streaming box

Logitech’s Revue might have bigger problems than lack of content. The better way to try Google TV is to skip the add-on box altogether and get a TV with Google’s streaming service built in. It’s currently available in a couple of Sony models; Samsung, Toshiba, and Vizio are expected to announce Google TV–equipped sets at next January’s Consumer Electronics Show. With that level of support — and Google’s usual determination — Google TV will likely succeed, though in a different form from today.

Unfortunately, as with Android phones, each manufacturer’s Google TV implementation will likely be slightly different. For example, Sony — eschewing a standard keyboard — uses a gamepad-like device (as shown in an Engadget story).

For now at least, there seems little point in buying a $299 box that can’t stream most of the really interesting Web-video content. Having an integrated Web- and broadcast-video search feature seems pointless when you can’t actually play the Web-based results of your search. You’re basically left with the apps and the ability to surf the rest of the Web.

Although Revue’s marketing materials barely mention it, the box can also stream music, photos, and videos from your networked PC, DLNA server (info site), or a drive attached to one of the USB ports. The Logitech Media Player app provides this capability.

For just a little more money, you can hook up a PC to your TV and play anything you want. The built-in Media Center software in Windows 7 is excellent, and it can serve as a DVR with the addition of a $50 over-the-air TV tuner. If you’re interested in cutting out your cable bill, this is the way to go, since you’ll get both online and over-the-air TV. (I’ll talk about creating the perfect Windows DVR in a future article.)

Further on down the road, you’ll probably be buying a new HDTV with a more mature Google TV built in — a service more about innovative apps than a limited Web browser.

Becky Waring is the former editor of NewMedia Magazine and has written for PC World, Macworld, Wired, Upside Magazine, Technology Review, CNET, and many other outlets.

Many approaches to password protection

By Tracey Capen

Of the many debates about personal-computing security, password protection is a perennial favorite.

Password schemes range from the what-me-worry, “I’ll just use my dog’s name,” to computer-generated ciphers that defy memorization and end up on sticky notes next to the PC.

In a post that’s had over 6000 views and more than its share of opinions, James Viner’s seemingly simple question about Firefox and stored passwords has generated a wealth of interesting perspectives. First posted this past August, it’s still getting new comments. More»

The following links are this week’s most interesting Lounge threads, including several new questions that you may be able to provide responses to:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board. Tracey Capen is editor in chief of Windows Secrets.

Drunk as a skunk? No, drunk as a squirrel!

By Revia Romberg While taking a stroll through your neighborhood park, you hear a rustling in the leaves. It’s that always-cute and fuzzy squirrel. Odd, he seems to be having difficulty climbing his tree! What could be more embarrassing to a squirrel than being so drunk he’s falling out of his arboreal home. It’s like a person who can’t figure out which key opens the front door. It may sound implausible, but watch as this furry critter, besotted on fermented pumpkin, attempts his usually simple climb. Play the video

Forcefully rooting out a bad hardware driver

By Fred Langa Sometimes you have to rip out a bad driver by its roots in order to install a new and better driver. A skillful reader tracks down and solves a driver problem before Fred can even reply!

Remove a troublesome driver completely

Windows Secrets readers are an amazing bunch! Your collective knowledge — and problem-solving skills — are astonishing.

So it’s not entirely surprising when a reader solves a problem before I come up with the answer. That’s the case with Bill Anton, who asked about a perplexing CD/DVD issue but then tracked down the answer and fixed the problem himself.

• “Hi, Fred. I’ve been in this IT racket for 50 years — from mainframes to Macs — and thought I’d seen it all. But this problem has really stumped me.

  “I’m on an HP Pavilion (2007 model) running Vista, all patched and current, with zero problems since install. Last week, the internal CD/DVD drive stopped working. Device Manager showed that little “uh-oh” yellow exclamation point, and the properties told me, ‘Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39).’ I tried Update Driver, but Windows said that the current driver was the latest. Hmmm.

  “On a deadline and up against it, I truck on down to the store, buy the latest USB CD/DVD external drive, and plug it in. Same problem. Device Manager lists both drives and shows the same error for both.

  “After a lot of Googlin’ and reading and experimentation, I’m out of ideas. I shudder at the idea, but do you think a full reinstall would help? Or maybe you have a better idea?”

My first thought was, perhaps the driver on Bill’s hard disk was working — just enough to present itself to the system as the correct driver but not well enough to actually run the drives. He’d have to get rid of the old driver before Update Driver would install a new one.

But before I could write and suggest that, a second note arrived from Bill:

• “Fred, I ran the Vista Automated Fix it in MS Support article 929461. It found the same problem but couldn’t fix it. However, it offered to let me start a $49 chat session with MS for help with the problem. I figured, hey, I’ve put at least 50 bucks into this already, let them have a shot and maybe it’ll save me a trip to the local PC guru (who’ll charge me at least that much and keep my PC for a week).

  “Anyway, long story short, the MS rep had me uninstall the CD/DVD drive (in Device Manager) and then do the Scan for hardware changes command — no reboot. The scan picked up the driver and reinstalled it, and now all works just fine. Magic. I had been doing pretty much the same thing, except that after the uninstall step I was rebooting to let the PC reload the driver — and skipping the scan step.

  “Thanks anyway. Add this to your long list of fixes — I sure have.”

Yes, the Scan for changes option (under Action in the Device Manager toolbar) can help. Also, when you uninstall a device via Device Manager, you’ll often be given the option of saving or deleting the current driver. Deleting the current driver helps make sure you get a clean start when you install a new driver downloaded from the manufacturer’s site.

But clearly, you didn’t need me to tell you that. Nice, nice work, Bill!

Value of a RAID configuration on a desktop?

Karl Barton’s desktop RAID (Redundant Array of Inexpensive Disks) system is broken. There’s a fix, but it raises the question: Why use RAID on a desktop system at all?

• “I have two hard drives (RAID 0, striped configuration) and am getting an error on one of them when my computer starts up. I was wondering what it could be. The computer seems to be running okay. It properly shows the total size of both drives — as do other places I check (hardware manager, properties, etc.)

  “I have run Windows CHKDSK but found no errors.”

A RAID 0 setup interleafs your data across two drives. As a result, both drives must operate in close sync. (Need help with RAID basics? See About.com’s story, “What is RAID?” or PCGuide’s RAID reference guide.)

My guess is that one of your drives isn’t spinning up fast enough and is being left behind by the other drive at startup. With every other piece of data missing or delayed, the system can’t start normally. However, once the drive has warmed up and is operating at normal speed, it works fine and passes your CHKDSK tests.

Uneven drive performance can happen when the drives’ specs are significantly different or if one of the drives has sustained damage or heavy wear, causing it to behave differently from its twin.

Your note isn’t clear about the age of the drive that’s failing. With wear and time, a drive’s lubricants slowly degrade and may become thickened, either through chemical changes or with tiny particles worn off the bearing surfaces.

Eventually, it shows up as reduced performance, especially at startup when the drives are cold — which is when you say your problem occurs.

Replacing the problematic drive(s) with exactly matching new drives will probably solve the startup problem.

But before you go that route, I suggest that you rethink your use of RAID. Most of the original impetus for RAID is now passé on desktop systems.

Invented in 1987, RAID is now considered ancient computer tech. The basic idea was simply to gang together several small, somewhat less-expensive drives as a way to overcome the high cost and low performance and reliability of the larger drives, then available.

For example, in 1987 a 10MB drive cost about $900, or a whopping $90 per megabyte.

But today, hard-drive storage cost has dropped by a factor of 10,000 (!) to around $0.09 per megabyte. (For example, you can buy a 1TB drive for about $90.) So saving money fails as a rational argument in favor of RAID.

RAID 0 striping was specifically invented to work around the throughput bottlenecks of the slow-spinning, slow-acting drives of the day. But today’s top-notch, 10,000 RPM SATA drives are screamingly fast. With enormous throughput already available from a single drive, a RAID 0 setup really adds nothing to a desktop system except needless complexity.

There are a few special cases — especially in mission-critical server setups — where some varieties of RAID can provide highly effective fault tolerance and data redundancy. But, again, I think RAID is needless overkill on most desktop systems.

It’s something to think about, Karl. A simpler setup may serve you better.

Are two image/backup tools better than one?

Don Cauble wants to be completely sure he can back up his system.

• “Is it not a good idea to have two drive-image programs, such as Acronis True Image and Macrium Reflect Free, to back up your system?”

I’m not sure what you’d gain by using two different backup methods, Don. If you have a good backup method and know it works (you’ve tested it to ensure you can restore the backed-up images and files), there’s no reason to think that the software in question will suddenly stop working.

One problem you may encounter with backup tools occurs when a vendor goes out of business. With new versions of Windows, the old, abandoned backup software may eventually stop working. But this isn’t something that happens suddenly or without warning.

I suggest you find a tool that you like, that’s easy to use, and that you know works well with your current setup. Use it religiously and you’ll be all set.

Download and share MSE definition files

Terry Rothwell is using Microsoft Security Essentials and wants to manually download antivirus definitions, then install the saved file on many different PCs.

• “I have installed Microsoft Security essentials on many machines and inquire whether it is possible to import or copy the definitions from one machine to another without having to do individual updates, which takes quite a long time on each machine. If so, from where do I copy the data and what data do I copy?”

You’ll be glad to hear that you can download a single .exe file that contains the latest MSE definitions, and you can move that file to as many different PCs as needed.

Go to Microsoft’s Malware Protection Center site. (You may be asked for a Windows Live login; it’s free, if you don’t already have one.) Click Get the latest definitions in the menu bar and select Microsoft Security Essentials from the drop-down menu. (See Figure 1.)

Figure 1. Microsoft’s Malware Protection Center portal is the place to download MSE virus definitions as standalone, sharable, executable files.

When you get to the MSE definition-installation page, scroll down to the paragraph labeled Step One and click on the download the latest definition updates link. When the download dialog opens, choose Save (as shown in Figure 2).

Figure 2. You can save the definition file to any convenient location and later share it by any means you wish.

Once saved, you can then move the definitions file from PC to PC via network, thumb drive, or whatever. Double-click on the file to run it; it will update the MSE definitions on whatever machine it’s on.

Piece o’ cake, Terry, and another example of how good MSE really is — and for free!

Fred Langa is a senior editor of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

Making do without Windows Home Server

By Woody Leonhard Microsoft has effectively driven a nail into Windows Home Server’s coffin and alienated WHS fans (including me!) with word that the next version of WHS will lose important functionality. Be of good cheer. What Microsoft has torn asunder, you can join again with a minimum of fuss and surprisingly little capital.

MS delivers a nearly fatal blow to the next WHS

Two weeks ago, I almost swallowed my tongue when I read Microsoft’s announcement on a Windows Home Server (WHS) blog that it would dump Drive Extender technology in the next version of WHS, code-named “Vail.”

Drive Extender is the feature in Windows Home Server that automatically backs up all server data: you choose the folders, and your data on the server gets duplicated automatically — with astonishingly reliable recovery. (To wit, if a hard drive on your server dies, you stick in a new one, wait an hour or two, and shazaam! — all of your data’s back again.)

Drive Extender also lets you slap a new internal or external hard drive into your server and forget about it. WHS formats the drive and gives access to it; with no drive letters, no partitions, no arcane settings, no defrags, no backup scheduling, no fancy RAID hardware, no nit-picking — no problems at all. In effect, DE gives you a nearly infinite pool of highly reliable data, using the cheapest hard drives you can find, and takes care of all the details.

Drive Extender is the single most important feature in Windows Home Server. Far as I’m concerned, it’s the way Microsoft should treat all storage on all Windows machines. I can say that with some authority because I’ve been using WHS intensely since before the first beta. (I’m also the author of Windows Home Server for Dummies, and am a Microsoft MVP for Windows Home Server — but I digress.)

I wasn’t the only one left wondering what possessed Microsoft to make such an outrageous decision. At this moment, almost 5,000 people have signed an online petition asking for DE’s reinstatement. Alas, we’re all expectorating into the wind. Microsoft tried to get DE technology to work with the next version of Small Business Server (code-named “Aurora”) and with Windows Storage Server 2008 R2 Essentials (“Breckenridge”). But it ended up with an improved version of DE plagued by new bugs. (See details in an Ars Technica article.)

Microsoft’s baby-and-bathwater solution? Get rid of DE entirely. DE won’t appear in the next version of WHS, and no amount of wailing from the peanut gallery will bring it back.

I figure it’s the death knell for Windows Home Server — never a wildly popular platform to begin with. HP, believed to be the number-one manufacturer of WHS boxes, took Microsoft’s news badly. According to a MediaSmartServer.net article, HP discontinued its WHS product and announced that it won’t be releasing any new WHS boxes.

Deconstructing MS Windows Home Server

If you already have WHS, don’t sweat — support for it isn’t going away soon. But if you’re contemplating a server-like addition to your home or small office, know that you can pick up most of WHS’s features without buying a box that’s soon to be orphaned.

But first, let me list exactly what Windows Home Server does for you:

• Duplicates data and restores on the fly. Drive Extender keeps redundant copies of all the data stored on the server. If a drive dies, all your data can be restored to where it was a fraction of a second before the drive went bad.
• Manages gobs of hard drives as one giant blob of data. Drive Extender handles that, too. No drive letters or partitions — just folders.
• Backs up every nook and cranny of every PC on the network. Once a day, WHS takes a snapshot of every file on every Windows PC in your network. You can use the backups to restore files to their day-earlier state. You can also use the backups to regenerate dead drives — even C: drives — on the networked computers.
• Serves up media files to network-connected devices. Streaming from WHS is relatively easy.
• Makes it easy to connect to your home network while you’re on the road. Remote Access (Microsoft’s overview download page) lets you sign on to the server from Timbuktu — if Timbuktu has an Internet connection — then go into any computer on the network.
• Monitors and reports on the health of every PC on the network. WHS flashes messages on every PC in the network when, for example, one PC’s antivirus package isn’t up to date.

Reconstructing MS Windows Home Server

Astute Windows 7 users will point out that Win7 does many of the things WHS tackles. But don’t forget that WHS shipped almost four years ago — long before Windows 7 hit the streets. Some of the neat features in WHS found their way into Win7.

If you’re running Windows 7 on a PC that’s always on, you could use that machine as your designated server. This is to say, it can be the agreed-upon central location where everyone on the network puts their shared files — especially if all your important data fits onto a single external drive. In Win7, it’s easy to set up nightly backups to an external drive. (You can back up to a network drive only if you’re running Windows 7 Professional or Ultimate.)

Storing all your important files on a single Windows 7 PC that’s reliably backed up to external storage every night gives you the following:

• Controlled access to shared files from any PC on the network (Win7 has reasonably robust security settings)
• 24-hour snapshot backups
• Previous versions capability — although you may have to run over to the server PC to retrieve a previous version
• Media streaming
• Reasonably easy upgradeability

You don’t get up-to-the-second backups, and you don’t have a centralized repository of all the files needed to reconstruct a dead drive. But then again, you probably won’t have to spend much to put this kind of network together.

Remote connection is a non-issue, far as I’m concerned. If you want to sign on to your network while traveling, LogMeIn (home page) works just fine and is free for personal use. As for reporting on the health of every PC on the network, I find that feature more irritating than useful, anyway.

Using Network Attached Storage in lieu of WHS

If you need up-to-the-second backups of shared data or full-image backups of all the PCs on your network, you’re going to have to pay for the privilege. Fortunately, in the four years since WHS first shipped, RAID (Redundant Array of Inexpensive Drives) and Network Attached Storage (NAS) technology has improved enormously.

Higher-end products such as Drobo (online review) offer everything Drive Extender has and more, albeit in a form that’s less familiar to Windows users. For a mere $400 or so, you get up-to-the-second backups; if one of the drives dies, you can keep on working without interruption. You’ll also get the ability to manage bunches of drives as a single blob (no partitions/no drive letters). Drobo is missing just one thing: it doesn’t automatically back up every PC in your network.

For comparison, your garden-variety NAS device can be purchased for $100 to $200 — plus the cost of the drives — from various vendors. You’ll get easy access to centralized storage and thorough data backup of every network-attached PC. (But it won’t be as fancy as WHS’s every-file-on-every-PC backup, with full restore.) Some of these boxes include full RAID capability, which should provide up-to-the-second backups and easy expandability.

A contrarian approach to Windows Home Server

You could easily assume that running out and buying a Windows Home Server machine right now is a bad idea. After all, the technology’s four years old, Microsoft’s probably going to kill WHS by withdrawing Drive Extender from the next version, and the number-one hardware manufacturer just dropped it like a hot CPU.

But think again. I bet you’ll be able to find WHS servers at fire-sale prices this holiday season. Personally, I’m thinking about buying one or two for my friends, if the price goes down far enough.

Microsoft’s decision to virtually kill one of the best home/small-office products it’s ever made is extremely disappointing. And simply because MS can’t scale Drive Extender technology up into the Small Business Server/Storage Server class. Bah. If I wanted SBS, I’d install SBS. I like WHS just the way it is. Call me stubborn, but I plan on running the classic, original version of Windows Home Server until my final platter takes its last spin.

Woody Leonhard‘s latest books — Windows 7 All-In-One For Dummies and Green Home Computing For Dummies deliver the straight story in a way that won’t put you to sleep.

Adobe Reader gets sandboxing security — sort of

By Robert Vamosi Adobe’s Reader X is now available and should be downloaded as soon as possible. However, don’t expect those pesky PDF exploits to stop anytime soon. The added security that sandboxing provides Reader is far from complete.

Incorporating sandbox security into Adobe Reader

Adobe released Adobe Reader X — that’s version 10 to you and me — a few weeks ago. As any PC user should know, Reader is that ubiquitous, free, desktop app that lets you read (but not create) PDF documents. Version 10 adds feature updates such as enhanced sticky notes and a simplified interface (see Figure 1), but the important change is the introduction of Protected Mode — enhanced malware protection based on sandboxing technology.

Figure 1. Adobe Reader X’s new start window. Improvements include enhanced sticky notes.

Protected Mode is based on Microsoft’s Practical Windows Sandboxing techniques, which define how applications can effectively construct sandboxes within the Windows environment. (For more detailed information on Reader X and how Protected Mode is implemented, see the Adobe Secure Software Engineering Team blog, “Adobe Reader X is here!”)

There are numerous variations of sandboxing technology, but Microsoft’s has had few takers. And the reason may be that Microsoft’s recommendations for re-engineering existing applications to make them secure (by Microsoft’s definition) is just too complicated.

According to developers’ blogs, Adobe opted to take a more practical path — offering a limited version of Microsoft’s sandboxing techniques within Reader’s existing architecture. This still leaves Reader open for vulnerabilities in the future. Nevertheless, some added malware security is better than none, as long as we understand that it’s neither finished nor entirely perfect.

Sandboxing attempts to keep malware isolated

Ideally, sandboxing applications keep any malware infections from spreading to other applications and the operating system. Put another way, a sandboxed app has limited privileges within the Windows environment. (Most of today’s applications have unlimited access to the system registry and other sensitive areas of the OS.)

Sandboxing gives users the freedom to use applications as they wish while limiting (but not eliminating) the chances that inadvertently downloaded malware will damage Windows or infect other types of documents.

In their blogs, Reader developers explain the conflicting tasks of isolating software processes while maintaining (and adding to) Reader’s capabilities.

Adobe Reader X’s new Protected Mode is compatible with Windows 7, Vista, Win XP, and Windows Servers 2003 and 2008. It isolates write calls within its sandbox — so malicious code can’t be written to your hard drive. A future release for Reader X will include read-only activities. In an Adobe blog introducing Protected Mode, the company states, “In future releases of Adobe Reader, we plan to extend the sandbox to include read-only activities to protect against attackers seeking to read sensitive information on the user’s computer.”

Balancing security with functionality

For the most part, Reader X developers followed the sandboxing techniques outlined by Microsoft. But that’s only half the solution, according to iSEC Partners’ Scott Stender.

Writing in a November 18 Adobe blog, Stender states, “A sandbox is distinguished by the restrictions it places on a piece of running code. Software, on the other hand, is evaluated based on its usefulness. Balancing these competing goods — preventing bad software from doing bad things while allowing good software to be useful — is the impossible challenge the sandbox engineer faces.”

Adobe opted to sandbox Reader’s renderer and its JavaScript engine — not the entire application. The new Protected Mode addresses not only rendering engine attacks but also malicious code that either monitors keystrokes or installs malware on your PC; these practices make up the bulk of Reader-based threats.

Unfortunately, malware has a tendency to follow the point of least resistance; it might simply shift to reading data on compromised machines.

Reader still faces threats outside the sandbox

Invincea security researcher Chris Greamo is not convinced by Adobe’s arguments for partial sandboxing in Reader. In a November 22 blog, he concluded that “Sandboxing is a step in the right direction — but the devil is in the design and implementation.”

Greamo says that malicious code, resident in memory, could still perform damaging activities such as:

• Reading and extracting data from the Windows registry and/or user’s file system
• Attacking other machines and devices on the network
• Using Reader as a stepping stone to execute other exploits against the host system, including exploits against kernel services

No automatic update for Adobe Reader X

Despite these concerns, Reader X’s half-implemented sandboxing makes it more secure than the current Adobe Reader 9. However, hitting Check for Updates on your Reader toolbar will simply give you the latest release of version 9. You need to download and install Reader X separately.

You’ll also need to manually remove the previous versions of Reader, using the Windows Add or Remove Program tool in Windows XP or Programs and Features in Vista and Win7.

To download Reader X, go to the product’s information site.

There’s another path to reading PDFs safely. Free alternative readers such as Foxit (info site) are often less enticing targets for cyber criminals, due to their smaller market share.

Extending sandboxing to Flash in Chrome

Another threat-prone Adobe app — Flash — is getting some sandboxing help. Among browser developers, Google has been ahead of the pack with sandboxing in Chrome. What happens in the Chrome browser should stay in Chrome — at least for HTML and JavaScript content. So it should come as no surprise that Google is working with Adobe to provide Flash sandboxing within Chrome.

“This initial Flash Player sandbox is an important milestone in making Chrome even safer,” wrote software engineers Justin Schuh and Carlos Pizano in a December 1 Chromium blog. “In particular, users of Windows XP will see a major security benefit, as Chrome is currently the only browser on the XP platform that runs Flash Player in a sandbox.”

Chrome’s Flash sandbox allows applications access to less sensitive information on your PC. There are still some bugs with this approach, according to a Chromium post. So expect some fine-tuning in Chrome in the coming weeks.

Invincea’s Greamo noted that Chrome remains vulnerable to attack. He estimates that this year alone, the browser has had approximately 180 vulnerabilities. They include CVE-2010-3120 (info site), CVE-2010-3119 (site), and CVE-2010-3118 (site) — all of which can still exploit the host operating system outside the sandbox.

WS contributing editor Robert Vamosi was senior editor of CNET.com from 1999 to 2008 and winner of the 2005 MAGGIE Award for best regularly featured Web column for consumers. He is the author of the forthcoming book When Gadgets Betray Us (Basic Books, March 2011).