The malware wars: How you can fight it

The malware wars: How you can fight it

A tip-filled conversation with Andrew Brandt, director of threat research at Solera Networks, reveals some of the ways hackers sneak malware into PCs.

Malware most often embeds itself with our unwitting help, but even when we have our defenses fully up, malware can still climb aboard. Nevertheless, there are practical and effective ways to defeat it — or clean it out after the fact.

Malware detection and decryption is my business

I met with Brandt at the annual February RSA security conference in San Francisco, Calif. We sat down to talk about the current state of malware and online security.

“Bring it on!” is Brandt’s mantra on malware. That’s because his job is letting malware run on his systems — on purpose. Using Windows XP, Vista, Windows 7, and Windows 8 test machines, he regularly browses sites known to harbor malicious content. But his unprotected systems (sometimes referred to as honey pots) often get malware infections all on their own.

The viruses, Trojans, etc. deposited daily on his computers are fodder for his primary work: reverse-engineering malware so he can understand how the latest exploits work — and how to prevent malware from intruding again. “Unfortunately,” says Brandt, “the goal posts are constantly changing with each malware sample. By design, more-sophisticated malware scripts change every time they run; they effectively create a custom version and, in doing so, change their identity every time they run. That constant change defeats much of the security software in use, which is looking for some previous design [or signature].”

Does that mean installing and using AV software is futile? “No,” says Brandt, “any amount of protection certainly helps. Some security software is better than others at finding and quarantining infections, but no single product can detect everything that’s out there, especially when it changes by the minute — not by the day, by the minute!“

As Brandt explains, AV programs need to cross-check each instance of a malware attack against a constantly updated database. But a database containing every version of malware is infeasible; it gets too large to be of practical use. Hacking codes often change their signature by as little as one byte — which might be enough to defeat signature-matching. Moreover, well-written (for want of a better term) malware uses obfuscation techniques to hide itself within a PC. “So an infection can be found only after the damage is done.” Brandt notes, “Of course, then it’s too late.”

To prevent infections, says Brandt, “You’ve got to embrace [anti-malware] deficiencies and take more personal responsibility. Most people tend to click before they think, and sites like Facebook have made matters worse. We click a link simply because it came from a social-network friend. At this point in the malware wars, you need to put a critical eye on any link — no matter how trusted the source. Your Facebook or email friend might have been fooled, and the link they sent you goes to a site that automatically loads its exploit.”

Social-engineering threats are rapidly growing, courtesy of the security vulnerabilities of sites that regularly use abbreviated URLs. Anyone who’s read Twitter or Facebook posts is familiar with cryptic URLs such as bitly, tinyurl, and snipurl. Because they’re shortened to seemingly random letters, numbers, and characters, you don’t know where they’re actually taking you. But all too often, we click them anyway.

• Tip: You can preview shortened URLs to see their true destination. For example, with bitly addresses, simply paste them into your browser, add a + after the URL (for example, //bitly.com/13LRaF4+ [Solera Networks page]), and press Enter. Adding the plus sign takes you to the bitly site first, where you’ll see a stats page for the destination site.

  For tinyurl addresses, add “preview” before the address. For example, enter //preview.tinyurl.com/{xxxxx}, and the uncloaked address will appear at the tinyurl site.

  For snipurl addresses, add “peek” before the shortened address. For example, //peek.snipurl.com/26kl5qy takes you to the Snipurl site and displays the full URL:

  https://windowssecrets.com/top-story/surviving-your-first-hour-with-office-2013/

For any link — short or long — in a webpage, hover your cursor over the link and the true, full address should appear at the bottom of the browser window. Say, for example, you get an email from PayPal with what looks superficially like a legitimate link. But if the true link is something like //X5932OwzBulgaria45634.cn or //paypal.gotcha.co.ru, it could well lead to getting hacked or phished.

Figure 1. Fake PayPal notification

The ingredients of a malicious hack recipe

From his years of observing malware, Brandt believes that “the number one delivery method of a hack is a ZIP file. It might be disguised as a link or email attachment, but when opened, it will automatically unzip and execute the exploit that lodges malicious code in your computer.” Zipping the malware also hides its signature executable file, thus preventing its detection by AV software.

Other popular methods for delivering malware include PDFs, EXE files, and links that take you to intermediate sites that then immediately forward you to compromised sites. So again, it’s important to preview the address of a link. Some poorly written ones will actually show an executable file at the end — //dangerousmalware.com/569dk.exe, for example.

According to Brandt, if you know where a malware file resides on your computer, you might be able to manually remove it. But then you have to know exactly what you’re looking for. “From my research, I’ve noticed that these files are usually deposited in temp-file locations. They show up as .exe or .dll files.” You don’t normally find executable files in a temp-file folder.

“If you are still using XP, I’d advise upgrading to Win7 or Win8 as soon as possible — XP is wide open to malware intrusions. Vista and Windows 7 [mostly] fixed this open door with the User Account Control; it pops up every time there is an attempt to make changes to your system, legitimate or not (such as when a new app tries to install). Most people just click Okay and continue, but this is one point when there’s a chance of stopping an infection from entering.”

Caught red-handed: A conversation with a hacker

The malware-monitoring systems in Brandt’s lab see constant activity from online. “One time, I was tending to one PC and, when I turned away from it momentarily, I noticed an open chat window on another machine. A message in the chat screen stated, ‘Yo, bro, you caught me.’ I responded back with an ‘LOL.'” Using malware installed on the XP system, a hacker was creating a text-based report of every open window’s titlebar and sending it to an address in Tunisia.

“I created a text file on my desktop that said, ‘Hey, come back.’ He did. In a series of chat sessions, he told me his story: He ran a network business in Tunisia but, because of the revolution there, business was slow. So to earn money to take care of his family, he was creating botnets to take over computers around the world. He used the botnets to harvest passwords, credit card numbers, and other personal data that he could then sell to other hackers.” (A lot of malware guys get cocky and start communicating with security analysts directly, in a sort of catch-me-if-you-can game.)

“There are open, online markets where malware exploit codes are available free or for sale. The Tunisian hacker would get them as soon as they were made available and use them. He also used free (and perfectly legitimate) remote-control software — TeamViewer (site ) — to take over computers. It would send back screen shots from infected PCs to him every 30 seconds.”

Today, says Brandt, most of the malicious code comes from Russia and other East European countries and from China. Much of it is implemented lazily, so it conforms to known patterns which many email clients recognize and immediately send to spam folders. But some of it does get through. Unfortunately, many of these guys are one step ahead of the analysts.”

Brandt’s Tunisian chat-pal hacker was apparently close to getting caught but shut down his operation in the nick of time. After that he was more particular about his exploits.

When asked the top three ways to deter malware on a PC, Brandt’s suggestions are ones we should all know — and follow — by now.

• Stop using Windows XP.
• Install and keep updated security software such as the free AVG (site) and Malwarebytes (site).
• Most important: Think before clicking any link and whenever Windows unexpectedly asks whether you want to proceed with a change to your PC settings.

Seal pup works hard at relaxing on surfboard

A young seal can see it’s possible to balance on a surfboard — after all, at various moments two or three seals are already up there. Which is part of his problem: one seal considers four a crowd. Still, the newcomer tries, works, slides, tries again — and it’s impossible not to wish him success. Play the video

What's better than an external hard drive?

Lounge member moon1130 needs a big external hard drive and came to the Lounge for recommendations.

Did you know that you can buy hard drives and enclosures separately? Or that hard drives in docking stations might be a good way to go? Friendly folks in the Hardware forum tell you why.

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	Printing contents of AutoCorrect library in Office 2013
Word Processing	You can Group text but not Ungroup it?
Spreadsheets	Cell reference keeps reverting to data result
Databases	Write conflict with MySQL
Presentation Apps	Updating multiple Excel links in PowerPoint
Visual Basic for Apps	Repurposing SendAsLink command
Microsoft Outlook	Combining accounts
Non-Outlook Email	Gmail font problems
Windows
General Windows	Users, AppData, permissions: Help!
Windows 8	Live Tiles no longer live
Windows 7	Why does this happen with System Restore?
	Unable to format external hard drive
	Windows 7 random lock-up
Windows Vista	Is RAM a secret with Vista?
Windows XP	Difference between ‘Run as administrator’ vs. being logged in as admin?
Internet/Connectivity
Internet Explorer	Best way to install IE 10 for Windows 7 Pro (SP1)?
Third-Party Browsers	Unwanted Yahoo search engine in Chrome
Networking	Setting a static IP address for my desktop
Social Media	Preventing Google from tracking my searches
Software Development
Windows Programming	VB 2010 advice requested
Web Design & Development	HTML5 video-converter software
Other Technologies
Security & Scams	Kaspersky avp.exe 100% CPU hogger
Maintenance	Need advice on backing up new computer
Hardware	Need recommendations for external backup hard drive
Other Applications	Adobe Air message keeps popping up

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

Up against the 2TB drive-size ceiling

The classic Master Boot Record (MBR) format maxes out at 2.2TB; you can’t use MBR formatting on partitions larger than that.

But a relatively new formatting standard — GPT — can handle drives of any size you’ll likely encounter in the foreseeable future.

Can access only half of a new 4TB drive

Reader Jeff Jones ran into a major snag when he tried to use his huge, new hard drive. That led in turn to several questions:

• “I bought a new 4TB Seagate drive but then couldn’t do a Windows image or backup on it. Seagate support told me to download their DiscWizard tool and use that. The tech said all computers are outdated and Intel needs to produce a new chip to address all [new] hard drives. What is your take on this? I have a Windows 7 Home Edition PC.

  “I’m a little scared to use DiscWizard or do anything that might change the system files, because I don’t have any backups and I’m currently using 213GB of my PC’s 500GB main drive. Searching Google was no help.

  “Also, once I can make backups, how much space will I need for them? I presume the image of my 500GB main drive would be around 500GB.

  “Finally, if I store my wife’s backups on the same external drive as my backups, is there a risk of a computer looking at the wrong files to restore?”

Those are all good questions, Jeff! Let me take them one by one:

Drive size: You’ve run into the key limitation of the Master Boot Record format currently used on almost all PCs. The MBR partition table has a 32-bit limit that caps partitions at 2.2TB. (The problem is analogous to the system-memory limitation in 32-bit systems.) If you want to format your 4TB drive using MBR, you need to split it into two 2TB partitions.

However, there are two alternatives that will allow use of all 4TB in one partition. The first (and best) method is GPT, which is designed to handle really large hard drives.

(The name GPT is actually a multilevel acronym: GPT means GUID Partition Table [Wikipedia entry]. But GUID is itself an acronym meaning Globally Unique IDentifier [Wikipedia entry]. So GPT in full is the Globally Unique Identifier Partition Table.)

GPT uses 64-bit addressing, which lets it handle drives up to nearly 10 zettabytes (ZB). (Zetta- indicates a one followed by 21 zeros! For comparison, a terabyte is designated by one followed by 12 zeros.) It’ll be a long, long time before we outgrow GPT.

The new format also lets you create more than four primary partitions on the same drive, bypassing another major MBR limitation. On PCs, full GPT support requires 64-bit Windows (Vista or later) and a UEFI (Universal Extensible Firmware Interface) BIOS. For more on UEFI, see Woody Leonhard’s Jan. 19, 2012, Top Story, “Say goodbye to BIOS — and hello to UEFI!”

The second method applies to systems with traditional BIOS and/or 32-bit Windows installed. These systems can work with partitions larger than 2TB, but to do so they need intermediary software (such as Seagate’s DiscWizard) to handle the necessary addressing conversions.

Here are additional resources and information on GPT and its issues:

• Windows and GPT FAQ: Microsoft Developer Network (MSDN) article
• Using GPT drives: MSDN article
• Beyond 2TB: Seagate support information
• Seagate DiscWizard tool: A site with a free download, user guides, and more

Backup size: Backups and images are almost always compressed to some degree, so they’re almost always smaller than the original (uncompressed) data size.

However, compression varies widely; document files, for example, typically compress by about half and .exe files by about 30 percent. Files formatted as .mp3, .jpg, .mpeg, and .zip are already compressed and won’t compress much more. On the other hand, empty space on a drive compresses almost 100 percent. So the final size of your image or backup will depend on the mix of file types you have.

If you’re currently using 213GB of a 500GB drive, I’d guesstimate an image file would be in the vicinity of 170–200 GB.

Accurate restores: The final issue you raise — the risk of restoring files from the wrong backup set — can be easily avoided by setting up separate backup folders for each PC. When you create a new image or backup set, double-check the save to location settings. That will ensure the files are written where you want them to go — and are not mixed in with another PC’s backups. If you have to do a restore, likewise verify that you’re restoring from the correct backup folder before you let the restore run.

Bottom line: Set up your 4TB drive using GPT, if you can. If you can’t, you’ll have to use a tool such as DiscWizard. Once Windows can see and access all of your enormous drive, you should be able to make your backups and images normally!

Disappointed with the new, free Ad-Aware

Long-time readers might remember Gary Nobel; he was featured in the April 12, 2012, Top Story, “House Call 2012: Fixing a sluggish PC.”

I hadn’t heard from him in a while — then this note arrived:

• “Fred, thanks again for the home visit last year. My computer is still running well.

  “I am writing to alert you to Ad-Aware. I’ve used this program occasionally through the years. As I recall, it mostly just found ‘bad’ tracking cookies.

  Recently, my Ad-Aware app requested I update it, which I did last week. Not a good idea! The new [free] version seems to be mostly an ad to buy the paid version. If fact, it was somewhat difficult just finding how to launch the free scanner. (The scanner found nothing — not a surprise, because I generally keep my PC very clean.) But the new version did hijack all my browsers and reset my homepages to the Lavasoft search engine. I never noticed it asking permission to change my homepage when I installed the update.

  “I used to like this program as a quick, decent, free scanner — but no more. I immediately removed it from my system. Fortunately, it seems to have removed itself completely.”

Thanks for the heads-up, Gary.

I gave up on Lavasoft a while ago. It was one of the first companies to use what many considered scare tactics to sell their product. Those tactics included calling all cookies tracking cookies, making even harmless cookies sound evil or ominous.

I prefer not to do business with companies whose products seem to needlessly play on people’s fears.

Infected by the ox-social.bidsystem virus

Stephen Reed’s PC has big trouble:

• “When opening/previewing some messages in Outlook, I see a message that the system is trying to contact ox-social.bidsystem; then Outlook must be restarted. Any thoughts on this?”

Your PC is infected with a virus, Stephen, one that intercepts and redirects your clicks to some malicious website(s). It’s nasty malware, I’m sorry to say. In some cases, it installs as a rootkit (Wikipedia definition), a kind of low-level infection that can be difficult to remove.

I suggest you start by downloading and running one or both of these free tools:

• Sophos’ Virus Removal Tool: It has an excellent reputation and is easy to use.
• Trend Micro’s Rootkit Buster: It targets a broad array of threats in “hidden files, registry entries, processes, drivers, services, ports, and the master boot record (MBR).”

Next, download and run Malwarebytes’ Anti-Malware, an excellent, free, anti-malware utility that can thoroughly scan and clean your system.

Now use one or more on-demand anti-malware scans to scour your system for any remaining traces of the virus. Some good, free ones include:

• Trend Micro’s HouseCall
• ESET’s Online Scanner
• Microsoft’s Safety Scanner

Next, run the free Microsoft Malware Prevention troubleshooter (site) to ensure your PC’s settings (Policy, User Account Control, Proxy, etc.) are configured for maximum safety.

Finally, once your system is clean, abandon whatever anti-malware/antivirus tool you were using — it doesn’t seem to be working. Replace it with one of the many other free or paid anti-malware/antivirus tools available online. I discussed six products in the Feb. 16, 2012, Top Story, “Is your free AV tool a ‘resource pig’?”

With the above steps, and a skosh of luck, your PC will be clean — and will stay that way! Keep in mind, however, that no AV product will give you total protection if you click on bogus links in emails.

Over 300 ready-made, free, portable apps

A slow-motion conversation on portable apps continues. It started in the Jan. 10 item, “Wants all-purpose software portability,” and continued in the Feb. 13 item, “Better information on portable software.”

Now, Apostolos Moussatos writes:

• “Why go to all the trouble of using a program to create portable software when you can get ready-made software at PortableApps.com? They have all the major software; I’m using their Thunderbird and Firefox. Check it out!”

Wow! I haven’t been on that site in years. I’m glad it’s still around.

It currently offers over 300 free, open-source apps that are self-contained and need no formal installation. Just download and run them — even from a flash drive, if you wish.

Thanks, Apostolos!

Free photo editors vs. Photoshop Elements

You can find plenty of free photo-editing programs. But when you really want to make significant, subtle, or skillful changes in a picture, is free good enough?

I tested four highly regarded free photo-editing programs and compared each program’s results with those of Photoshop Elements, consumer software for which you must pay. Here’s what I learned.

Simple tweaking is not always good enough

Photos often need minor adjustments, and there are plenty of free tools for that job. In fact, you can improve an image considerably with a free photo organizer such as Microsoft’s Photo Gallery or Google’s Picasa — programs in which a little set of editing tools is almost an afterthought.

But when you want to make more substantive changes to an image — substitute a color or add a different background, for example — you need an editor that has first-rate selection tools, detailed exposure controls, effective color search-and-replace options, and layers that let you work with foreground and background separately.

Among professionals, Adobe Photoshop CS has been the de facto standard for years. But with a price tag north of U.S. $500 ($300 for the Student and Teacher Edition), it’s a bit rich for the average consumer photographer. Photoshop Elements 11 (info), however, costs under $100 and has many of the advanced tools found in its professional sibling.

Elements has an excellent reputation and contains just about every image-manipulating tool a nonprofessional (and some pros, too) could conceivably want. It’s also — most of the time — reasonably easy to use. (Elements also includes a photo organizer, but there are excellent free options for that.)

To find out whether you really need to pay for good tools, I tried four photo-editing tasks using four highly regarded, free, photo-editing programs. I then compared each program’s results to what I created with Adobe Elements.

The free photo editors:

• GIMP: This open-source image editor has a well-deserved reputation for power, but it also has an equally deserved reputation for impenetrability. This really was the most difficult program to use. (More info)
• Paint.net: This free program offers a lot of features, but they’re not all well conceived. Inadequate selection tools make this app a poor choice for heavy editing. (Info)
• Photo Pos Pro: Formerly an $80 program, this editor is now available for free. Despite one annoying problem — an installation routine that made it particularly hard not to install unwanted software — this was easily the best of the four. Here’s how to deal with the junkware problem: Close the DealBrowsing dialog box from the taskbar as soon as it comes up. The Photo Pos Pro installation will continue normally from there. (Info)
• PhotoPlus Starter Edition: The free version of a program that costs almost as much as Elements, the Starter Edition lacks some features by design. And don’t accept the installation routine’s default settings, which will also install other, unwanted, programs. (Info)

Test 1: Fixing shadows and highlights

Do you have photos where the background looks great but the subjects’ faces are so deep in shadow you can barely see their expression? Increasing the overall brightness helps illuminate the dark parts but ruins the rest of the picture. Fiddling with the contrast just washes everything out.

You need a tool that lets you adjust the dark and bright parts of an image separately.

• Photoshop Elements: Elements makes this task really simple. Select Enhance, then Adjust Lighting, and then Shadows/Highlights, which pops up just the tool you need (see Figure 1). Three sliders allow you to lighten shadows, darken highlights, and manage midtone contrast.

  

  Figure 1. Photoshop Elements, with its open Shadows/Highlights tool

• GIMP: I had to search the Web for instructions on adjusting shadows and highlights in GIMP. I found such helpful advice as “Change the Mode of this duplicated layer to Value-mode.” I eventually found a GIMP tutorial — “Creating a contrast mask” — that worked pretty well. But it’s a nine-step process. Later, I discovered that a technique in Paint.net (see below) that also works in GIMP.

• Paint.net: You can adjust contrast using Curves in the Adjustments menu. With the Curves tool (Figure 2) open, click a point in the middle of the diagonal line (or a bit above the middle) as an anchor. Then click another point near the lower left, and drag up. You’ll need to do some experimenting to get it right.

  

  Figure 2. In Paint.net, use the Curves tool to change shadows and highlights.

• Photo Pos Pro: The tool for shadow/highlight adjustment is somewhat hidden in Photo Pos Pro. But once you find it, it works fairly well. Select Colors/Brightness/Contrast and then click the Advanced button. Using the Blend Mode, select Shadow — and there you are.
• PhotoPlus Starter Edition: Once again, you adjust contrast using the Curve tool. The Help pane explains it well.

The winner: The task of adjusting shadows and highlights was easiest in Photoshop Elements (see Figure 3), with Photo Pos Pro coming in a close second.

Figure 3. The before (top) and after (bottom) results of using Elements' Shadows/Highlights tool.

Test 2: Replace one color with another

Years ago, I took a nearly great photo of my wife. Unfortunately, she was wearing a borrowed jacket of a color that too obviously clashed with her hair. So I changed the jacket’s color in the photo (which was much safer than changing the color of my wife’s hair). It’s a useful skill.

You can easily change the color of a smooth, flatly lit, uniform object. But you need a sophisticated tool to recolor objects like that jacket — or a crumpled, pinkish towel on which two cats nap (see Figure 4).

Figure 4. Two cats napping on a towel — a sweet image marred by the towel's ugly, dark-pink color.

• Photoshop Elements: The Replace Color dialog box (which you’ll find in Enhance/Adjust Color) is a bit confusing at first. But once you get the hang of it, it’s powerful and does an excellent job.
• GIMP: GIMP gives you no clear method for replacing a color. I eventually succeeded, but only by fiddling with layers and selecting objects.
• Paint.net: First the good news: Paint.net has a Recolor tool. Now the bad news: It’s pretty much worthless. Its terminology is confusing — is the “primary color” the original color or the one you want? You then move a paint brush over the area in the image you want to recolor. And then you end up with less-than-satisfactory results.
• Photo Pos Pro: This program’s Color Replace is the easiest, most effective recoloring tool I’ve ever used. After I brought up the Color Replace dialog box, all I had to do was click a piece of the original color in the photo and then fiddle with the Hue, Sat, and Lum settings to get the replacement color I wanted. The blending was nearly perfect (see Figure 5).
  

  Figure 5. Photo Pos Pro, with its Color Replace tool open

• PhotoPlus Starter Edition: This program’s Replace Color tool behaves much like Photoshop Elements’ recoloring tool and also works extremely well.

The winner: Photo Pos Pro wins this one, with Photoshop Elements and PhotoPlus Starter tied for a close second.

Test 3: Annotate a photo (circles and arrows)

Sometimes you have to be obvious. Drawing a circle around an object, or pointing an arrow at it, makes the point impossible to miss. You can mark up a photo with Paint, the image editor that comes with Windows. But after you’ve saved that file, the circles and arrows are permanent.

On the other hand, if you can put each circle and arrow on its own layer, you can resize, move, and delete them at any time in the future.

A brief digression about layers — a feature all these programs support. When you save a layered image as a .jpg or .png, the layers flatten into a single, conventional bitmap. To keep the layers separate, you must save the file in the program’s own proprietary format. When you want to share with others, you save or export the original into a more common format.

• Photoshop Elements: The Shape tool offers a simple, clear way to add circles and arrows to photos, putting each automatically on its own layer. Unfortunately, it really works only for arrows. When you draw a circle using the Shape tool, you get a disc that hides the part of the image you want to highlight (see Figure .
  

  Figure 6. The wrong way to draw a circle in Photoshop Elements

  The proper way to make a circle in Elements isn’t difficult, but it isn’t intuitive, either. First, select Layer/New/Layer, then use the Elliptical Marquee Tool, intended for selecting a round area, to draw your circle. Finally, select Edit/Stroke (Outline Selection) and pick a color and a width.

  

  Figure 7. Creating arrows and circles in Elements requires finding and using separate arrow and circle processes.

• GIMP: In GIMP, the process of creating circles is much like in Elements. But on its own, GIMP offers no way to add an arrow. I tried a special arrow-creating script (download site), struggled to figure out how to get it working and launched inside GIMP, and eventually found myself looking at an absurdly obtuse dialog box.
• Paint.net: No problems here. After you create a new layer, you pick the Ellipse tool to make a circle, drag it to the appropriate place, and adjust its attributes. Next, to create an arrow, select the Line/Curve tool, pick an arrow from the Styles options, and draw it in your image.

• Photo Pos Pro: This program also makes the task easy, automatically putting the shape on its own new layer. To circle something, click the Shapes tool and drag over the desired area. This produces a solid rectangle. Double-click it, and the resulting dialog box (see Figure 8) lets you change the shape and turn it from a solid to an outline. Use the Line tool to create an arrow; you’ll get a plain line (in its own layer) at first, but double-click it, and you’ll get options to turn it into an arrow.

  

  Figure 8. Photo Pos Pro's easy-to-use, shapes-attributes dialog box

• PhotoPlus Starter Edition: When you click the appropriate tools, you’ll be told to buy the paid version.

The winner: I’d call this task a two-way tie between Paint.net and Photo Pos Pro, with Photoshop Elements coming in a relatively close second.

Test 4: Combine images from different photos

Now it’s time to pretend you’re a Hollywood special-effects genius, placing the foreground of one photo in front of another photo’s background. For example, you can move a photo’s apparent location from your messy office to your neat dining room. And if the photo happens to have a blank monitor in it, you can also place a pleasing image on the screen.

This task requires lots of selecting of objects that you want to delete — or want not to delete. In my test samples, the selections ranged from very easy — the blank screen — to the relatively difficult — a cat. I had to crop and align three different layers.

All five image editors can handle this task, but not without problems. By far, the biggest challenge for all the apps was taking the cat out of the original background.

• Photoshop Elements: In Elements, the Magic Extractor tool made selection extremely easy. You draw dots and lines (see Figure 9) to tell Elements what objects you want to keep and what you want to delete, and it discriminates remarkably well. The procedures for the rest of the chores, including resizing the layers to fit, were also simple and clear.

  

  Figure 9. Elements' unique Magic Extractor tool uses colored lines to mark foreground and background.

• GIMP: This program’s Scissors tool — similar to the Magnetic Lasso you find in other image editors — made cat selection reasonably easy, although it’s not equal to Elements’ Magic Extractor. GIMP uses separate tools for moving and resizing a layer, which gets annoying if you’re going back and forth from one to another.
• Paint.net: There’s nothing in this program to ease the task of selecting an object such as the cat. The only selection tool with any intelligence is the Magic Wand (found in most image editors), which is useless for something as visually complex as fur. I ended up selecting the cat freehand. Even should-be simple tasks such as inverting a selection (so that what’s selected becomes what’s not selected) and resizing a layer proved challenging.

• Photo Pos Pro: Selecting objects — even the cat — was relatively easy. The tools were similar to GIMP’s and worked well. Resizing was no problem, either. But then I hit a snag when trying to delete part of a resized layer to expose the layer behind it. Nothing happened. Somehow, the program had redefined the layer as a bitmap. I deleted the layer and tried again. Same problem. Third time around, it remained a layer (see Figure 10) and I was able to complete my work. I never figured out why it failed the first two times, or why the third time was the charm.

  

  Figure 10. Using Photo Pos Pro's Layers properties to define parts of an image proved unpredictable.

• PhotoPlus Starter Edition: Merging images in this app was much like doing so in GIMP. It had the same useful selection tools — and the same problem with separate tools for moving and resizing a layer. It’s not bad, but it’s also not exceptional.

The winner: Photoshop Elements is way ahead of the free image editors when it comes to making a composite image (see Figure 11). The other editors — except Paint.net — are reasonably usable.

Figure 11. The final composite image created in Elements.

Paying for one or using several for free

No one of these free programs provides all the capabilities and sophistication of Photoshop Elements. But that’s the wonderful thing about free software: you can use the best of each — at no cost.

If money were no object, most serious nonprofessional photographers would probably use Adobe Photoshop CS. It’s still the benchmark for image editing. For nonprofessional digital photographers, Photoshop Elements is the best compromise between cost and capabilities. But if you’re looking for a free tool, go with Photo Pos Pro.

Endnote: During editing, it came to our notice that GIMP users have developed hundres of batch files, scripts, and plugins for common — and not so common — photo-editing tasks. You just need to know where to find them and learn how they work. For example, the Shadow recovery plugin (download site) is a one-click operation.

Here are some online resources for additional GIMP tools:

• GIMP plugin registry
• Libre Graphics World “GIMP add-ons” article
• SourceForge “GIMP extensions” page
• Web UPD8 GIMP 2.8 Script-FUs pack download page

Best of both worlds: Add Win8 features to Win7

Windows 8 generated a lot of derision and angst — but it also brought some updated desktop capabilities that are begging for a place in Windows 7.

If Microsoft won’t update Windows 7, you can do much of it yourself — for free. Here’s how.

Windows 7 still beats Win8 in many ways

I make no bones — or apologies — about my opinion of Microsoft’s newest OS. Most Win8 users are just getting their feet wet. But I’ve been using the operating system (both beta and final) for more than a year. And I currently use it all day, every day.

Simply put, I don’t like Windows 8. It’s a royal pain on a nontouch desktop, even when you take steps to make it more palatable — a topic I discussed at length in the Dec. 20, 2012, Woody’s Windows column (and will continue discussing until we see what’s new in Windows Blue — more info).

Of the people I know who are using Windows 8, most got it when they purchased a new computer and didn’t have a real choice of OS. Most others had their arms twisted into using Win8: their company requires it; they need a program that works only with Win8; or whatever. I use it because it’s my job to hammer away at the latest versions of Windows and Office so I can provide useful advice to others. In other words, I have to use it! That’s my excuse, and I’m sticking to it.

But now I have a full, real (not virtual) Windows 7 machine sitting right next to my main, Windows 8–equipped system — and find myself flipping over to it, frequently.

Given a choice, it seems foolish to change a perfectly usable, nontouch–centric, Win7 PC over to Win8. But Win8 has a handful of new Win7-style, traditional-desktop features that really are useful. I’ve begged Microsoft to release an upgrade to Windows 7 (which I wrote about in an Oct. 25, 2012, InfoWorld story). It’s a futile quest, of course. So far, the silence from Microsoft has been deafening — if not unexpected.

In my opinion, the litany of Windows 8 sins includes no Start menu and no Aero Glass; managing wireless networks is more difficult than with Win7; and so on. But I also think many of the new Win8 features rock — and I’d be remiss if I didn’t admit it.

Never shy about changing my Windows configurations, I’ve now outfitted my Win7 machine with a few free utilities that bring some of Win8’s mojo to the Win7 desktop. Admittedly, they don’t work the same in Win7 as they do in Win8. But maybe that’s not such a bad thing!

Giving Windows 7 a better Windows Explorer

The thoroughly familiar Windows Explorer got a new name and a new look in Win8. It’s now called File Explorer (see the Nov. 1, 2012, Windows 8 story for more on File Explorer), and it’s nearly as ribbonified as Office 2010 (though not as over-the-top as Office 2013).

Like many Windows/Office users, I’m not fond of the ribbons in general. (It’s easy to hide File Explorer’s ribbon.) But File Explorer does have one really cool — but not-really-new — feature: the “Up” button, which lets you move up one folder in the directory with just a click. Veteran Windows users will remember that Microsoft canned the Up button in Vista and left it out of Win7. But it’s back on the Win8 File Explorer ribbon.

There are numerous ways to put an Up button back into classic Windows Explorer. Scott Dunn talked about several in his June 12, 2008, Top Story. But the problems with Windows Explorer run deeper than just the missing Up button. Much deeper. You’re better off simply replacing Windows Explorer with something better. Here are two recommendations:

Xplorer²: This utility has been around since the dawn of Windows time. I wrote about it years ago in the Sept. 20, 2007, Woody’s Windows column. The latest version has lots of improvements over Windows Explorer; foremost among them is dual panes, which lets you see both the from and to folders, side by side, when moving or copying files and folders.

The free-for-personal-use version — xplorer² Free Lite (site) — is available only as 32-bit (although it works fine on 64-bit Win7), and it doesn’t have the ability to save groups of tabs or run ultra-advanced searches. If you pay U.S. $30 for the Professional version (site), you get all of that plus an optional 64-bit version and priority tech support. Unfortunately, the Free Lite version’s installer might ask to install scumw… er, ancillary software — so watch out.

Better Explorer: Still in beta (it’s been stable on my Win7 machines; requires MS .NET Framework 4.0), Better Explorer (site) is an open-source alternative to Windows Explorer. If you look beyond the app’s easily dismissed ribbon (see Figure 1), it’s an amazing piece of software. In addition to tabbed folders (which, remarkably, Win8’s File Explorer doesn’t have), it also includes:

• Image Tools tab: It provides image resizing and flipping plus format conversion — none of which is in Win8.
• Archive Tools tab: It could eliminate your need for 7Zip — although Better Explorer doesn’t support looking inside ISO files.
• Pie charts: Use these to compare the relative size of subfolders and much more.

Figure 1. Although it's still in beta, Better Explorer brings a lot of new functionality to Windows 7 — and Windows 8.

If the thought of using beta software for Windows Explorer worries you, stick with xplorer². But if you want to try something new — and infinitely more usable than the old, tired Windows Explorer — give Better Explorer a shot.

Get around Windows 7’s crappy copy controls

Windows 8 has a great copy function that’s significantly better than Win7’s. Copy/Move doesn’t stop dead in its tracks over stupid little details. If you copy multiple files, Win8’s copy process queues them up and provides a visual record of how much you’re copying, how much remains, and how fast the copy’s going. In Win8, you can pause a copy without aborting it.

In Win7, Copy/Move conflict resolution is slow and error-prone. Win7 uses a relatively dumb copy strategy: each file gets copied piece by piece, and there’s no attempt to smooth out the process. Copying several big files to the same location can take hours in Win7 because the process interrupts disk access for one copy/move task with a disk access for another copy/move task — back and forth. Win7’s Copy is so bad — or, if you prefer, Win8’s Copy is so good — that former Windows 8 honcho Steve Sinofsky devoted an entire Building Windows 8 blog to the subject.

You have to ask yourself: If Win7’s copy/move process is so bad that Microsoft itself officially dissed it, why hasn’t somebody come up with something better?

Someone has. TeraCopy (site; free-for-personal-use version) gathers up all the files you’re trying to copy and then optimizes the copy task by using smart buffering and working asynchronously — i.e., not waiting for one copy to finish before another begins (see Figure 2). If the utility runs into a problem, it doesn’t freeze like a deer in the headlights: it intelligently copies what can be copied and then waits for user input on what to do with the problematic file(s).

Figure 2. TeraCopy isn't as visually appealing as Win8's File Explorer, but it copies quickly and doesn't bail out when it encounters a problem.

In fact, the only problem you’re likely to encounter with TeraCopy is deciding whether you want to run with the released version or try the Version 2.3 beta (site). I’ve been using the beta since early this year and haven’t hit any problems.

There are several ways to run TeraCopy. Click the More button, select Menu, and click Properties; you can then set TeraCopy as Windows’ default copy/move handler. It’ll also run as a standalone program, or you can right-click on a file and choose TeraCopy to bring up a list of recently used folders — very handy.

The $20 TeraCopy Pro lets you remove individual files from the copy queue, and it also lets you select files with the same extension.

Other features to add — and to avoid

The Windows 8 Task Manager is a thing of beauty, with all sorts of graphs and features that advanced users desire. Windows 7’s Task Manager isn’t quite as good — and is certainly not as beautiful. But there are two utilities that cover 90 percent of what I like about Win8’s Task Manager.

First and foremost, every experienced Win7 user needs a copy of Microsoft’s Autoruns (download site). One of the best desktop-Windows utilities Microsoft has ever distributed, Autoruns tells you exactly which programs run automatically every time you start Windows or Internet Explorer — and gives you the tools to throttle, manage, or delete them.

Next, AnVir Task Manager Free (site) is a third-party, Task Manager replacement. It includes everything in Win7’s Task Manager and adds a lot of the stuff you see in Win8. Don’t expect the fancy graphs (although there are a few), but look for detailed CPU usage reports, temperature reports, a disk activity monitor that’s better than DiskMon, memory usage reports, and more. The $30 version (site) adds several additional monitors for temperature and upload/download speed, as well as tech support.

Internet Explorer 10: Baked into Windows 8, IE 10 is now available for Windows 7. Susan Bradley has a detailed analysis of — and some specific warnings about — IE 10 on Win7 in her Feb. 21 Best Software article. For now, until we know more about it in the wild, I suggest you give it a miss for now.

Admittedly, Windows 7 can’t be made to look and act just like Windows 8. But then, why would you want it to?