Need to share your computer? Make sure you only have access to your own account. For everyone else, let them use the Guest user account.

What’s a guest account if you may ask. Its an existing (dormant) account on Windows XP that only has very limited user privileges. Anyone using the Guest account can do everything else except install/uninstall programs, delete files (not unless it was created from the Guest account) and change system settings.

Basically anything that administrators can do are disabled in the Guest user account. This however is disabled by default. To enable the Guest user account.

1. Go to the Windows XP Control Panel.

2. Look for the User Accounts icon and open it.

3. You should see the User Accounts window. Click on the Guest icon.

4. You’ll be asked if you want to turn on the guest user account. Click on the Turn On the Guest Account button and you are done.

5. Once it has been enabled, you can click the same icon again to either change the picture (icon) of the guest account or disable it.

Take note though that you can’t set a password for the guest account so practically anyone can use the account once its enabled. Oh, I almost forgot even though guest users can’t do anything to your system, they may still be able to view some of your personal documents if you haven’t set it to private. ^_^

Here’s a guide to show how you can enable or disable the Windows XP firewall. This will come in handy if you need to troubleshoot your network or if there are applications that needs to have the firewall disabled.

To access your Windows XP firewall GUI:

1. Click on Start and click on Control Panel:

2. Look for an icon named Network Connections and open that application.

3. When you have the Network Connections window open you should see a couple of connection icons. Depending on which connection you are using, right click on that icon and choose Properties. In most cases its usually Local Area Connection. Others use Wireless Network Connection specially for laptops.

4. Once you’ve opened the Properties window, click on the Advanced tab and then click on the Settings button.

5. You should see the Windows Firewall window. From here you can enable/disable your Windows firewall. To enable firewall click on the On radio button and press OK. To disable firewall click on the off  radio button and press OK.

Its always a good idea to have your firewall on as it adds a level of protection to your system. However, there may be some cases where you need to disable it. I for one had to disable mine when we played a popular network game (StarCraft) over local area network. ^_^

I’ve shown you earlier the potential danger of hidden file extensions in Windows XP. This time I’ll show you how to disable this behavior to make your system a tad secure.

1. Open Windows Explorer and click on the Tools menu.

2. Select Folder Options. When a window appears click on the View tab.

3. Under Advanced settings look for a folder named Hidden files and folders. You should see a check box for Hide extensions for known file types. Uncheck the box.

4. Make sure you click on Apply to All Folders button on the window before pressing OK.

5. Click Apply and the views on Windows Explorer should now show all extensions for all files.

Easy as pie. Now this doesn’t mean that you can be careless since you can now see file extensions correctly. Your system’s security still calls for responsibility on your end. Whenever somebody sends you a file or you see any file with a .exe .com .bat .pif or .scr extension and you are not sure what it is, be wary and DO NOT open the file.

For additional information, here’s a link on about.com that shows you file extensions that can be potentially dangerous for your system. I suggest you just go through the list and be familiar with them. Like the old adage says, better safe than sorry. ^_^

Question. Why is it potentially dangerous to have your file extensions hidden? For the sake of answering this question, I’ll provide an example. For this demonstration, I’ve purposely enabled hiding of file extensions on Windows Explorer, which is the default behavior after you install Windows XP.

I went to a folder full of executable programs. These are legitimate programs that are part of the MS Office suite. This is currently in icon view.

As you can see everything looks pretty normal, take note that all the files shown are executables, meaning they are programs that can be run and not just plain documents. Now i’ll rename one of the programs, MSTORE to MyFile.doc.

What you see now is a file with a different extension, BUT in reality we haven’t actually changed its REAL extension, you may see it as a file with a .doc extension but it can still be run as an executable. Let me disable the hide file extension option on Windows Explorer and see what we have.

As you can see MyFile.doc is in fact MyFile.doc.EXE which can execute if we open it. Now why is this potentially dangerous you may ask? Picture this scenario. A  friend of yours brings a USB drive with malicious files in it and plugs it on your computer. You see a file named Paris Hilton Scandal.mpg and out of curiousity you open the file.

Since file extensions are hidden by default, you didn’t notice that Paris Hilton Scandal.mpg was actually Paris Hilton Scandal.mpg.exe, malicious program executed, deadly payload dropped on your computer. You just got screwed.

I’ve come across countless USB drives, shared network folders, portable hard disks, even compact disks containing files that are potentially harmful (.doc.exe, .mpg.exe). Some even mimic the icon of a folder so that you’ll be tricked to open it.

Bottom line, its dangerous and you don’t get any benefit from hiding file extensions other than for your desktop to look neat. Now that you understand its potential danger, I’ll show you how to disable this feature/behavior on my next post. ^_^

This is a password management software review for SurfSecret Keypad. Often times we have a lot of login credentials for the different web services that we subscribe to. Believe it or not, its not easy to remember all your passwords specially if there’s one credential that you don’t use often.

Enter SurfSecret Keypad. Before you decide if this software is right for your needs, let’s skim through a couple of features of SurfSecret KeyPad:

1. Password manager and automatic form filler
2. Access all passwords and user names from one master pass phrase.
3. Visit password protected sites by simply clicking on the site name.
4. Automatically enter credit card information.
5. Automatically enter billing and shipping address.
6. A USB portable option allows use of KeyPad on any PC.
7. All data are secure and encrypted.
8. Has keylogging and phishing protection.
9. User friendly interface.
10. Has a backup feature.
11. Can be setup to allow multiple users.

Now a couple of things that can be defined as bad:

1. Can only be used with IE currently. For the best protection make sure you are using the latest IE update.
2. Once you forget your master password, say goodbye to all your encrypted information. So make sure you NEVER forget your master password.

Initially after you install the program, you’ll be required to enter your information which it will use for its auto-fill form feature. You only have to do it once and after that SurfSecret KeyPad does the mundane task of filling up forms for you.

Bottom line, if you want to use a password management software that’s secure, user friendly and easy to use, this is definitely for you. To get your trial copy of SurfSecret KeyPad please click here. Hope this helps. ^_^

Phishing not to be confused with fishing, is an illegal means of obtaining somebody else’s sensitive information such as credit card details, user names or passwords. The way phishing works is that a legitimate looking e-mail is sent to an unwary victim. The phishing e-mail contains a link that directs the victim to a legitimate looking site that requires action (usually asking for the victim’s details, user name and password).

When the user is fooled into submitting the required details (example: PayPal e-mail and password), then that user has just been a victim of phishing and chances are any PayPal balance he has would be gone in the next 24 hours, not unless he does something quick to protect his account.

To help you identify phishing e-mails. Here’s an example of an e-mail designed to phish ebay information from users:

If you notice, the subject and the content of the e-mail looks very real (almost legitimate to the untrained eye). However, hovering the cursor on the link where the user should click reveals this URL:

The link actually leads to kisarow.com and not ebay.com. For those not very familiar about domains and its naming convention, just take note of the following. If you look at the part of the link closely right after the http:// and just before the first slash / which is cgi.ebay.com.kisarow.com, the last part to the right which contains the domain extension (.com, .net, .org or .whatever) is the real domain. In this case kisarow.com (which I highlighted in the screenshot for emphasis).

Your best bet to protect yourself against phishing though is never to click on links from e-mails that ask for sensitive information. Legitimate sites like PayPal, eBay and banks with online services will NEVER ask for your user name or password and when your Firefox browser shows a screen like this:

Don’t even bother about looking at the site, close your browser and mark the e-mail where you clicked the link from as SPAM. Then be thankful to the person who was fast enough (and kind enough) to identify and report the phishing site. ^_^

For the benefit of those who don’t know, the Windows autoplay feature is actually a security risk. The default behavior of Windows when you insert a CD into a drive or insert a portable drive (USB drive or USB hard disks) is to look for autorun.inf in the root directory and execute embedded commands.

While this has been long a common feature, it has been exploited too commonly by viruses and malware. An infected USB drive will usually have a hidden autorun.inf in the root folder that contains malicious commands to execute a hidden executable file that will in turn, infect your operating system. So the way to go is to make your computer a tad secure by disabling autoplay for all drives. Here’s how to do it:

1. Click Start and run gpedit.msc.
2. This will open up the Windows Group Policy. Under the Computer Configuration branch look for the Administrative Template folder and expand the tree.
3. Now click on the System folder.
4. Look for the Turn off Autoplay setting on the right window pane.
5. Open the Turn off Autoplay setting and set it as enabled. Make sure autoplay is enabled on all drives (there’s a drop down in the window).
6. Click OK and you are all set.

The policy is effective right away soon as you click the OK button. When you are done, at least you’ve added a level of security on your system, knowing that dormant malware executables won’t be automatically run whenever an infected drive is plugged in to your computer.

Just one note, this disables the autoplay feature whenever you insert a CD or DVD to your computer (you can still run it manually though). A small price to pay I’d say to the security it adds to your system. ^_^