I blogged some time back about Microsoft installing stealth updates on people's computers, even if the computer user has disabled Windows' automatic updates feature.

I was reading with interest an article on Coding Horror about how people freely pass around usernames and passwords on the internet. The author, Jeff, used the example of Facebook which offers to search your email address book to see if any of your contacts are also on Facebook. The only snag is that you have to give Facebook your email address password.

I have to admit that I have done this once in the past when I was setting up my Facebook account - but I immediately changed the email password afterwards. I'm afraid I don't trust other websites with my passwords, no matter how trustworthy they claim to be. Maybe I'm just paranoid but I always have this "Big Brother" mentality (from 1984, not the stupid TV programme!) that my usernames and passwords are being collected in some huge central database for nefarious purposes.

So although I have used Facebook's service and others like it, I have always changed the passwords afterwards. You should too. It pays to be suspicious.

I'm not sure though about the merits of a centralised log-in system to do away with all the various log-ins that we currently have. Microsoft tried it with their now-defunct Passport system (now resurrected as Windows Live ID) but probably flunked because no-one wanted to trust Microsoft with that much sensitive information. The whole concept would collapse due to an issue of trust - who would run such a centralised system and can we trust them not to abuse it? I for one would be extremely hesitant to participate. I'd rather keep my encrypted password folder.

A lot of my upgrading and patching is set to be done automatically (such as Mozilla Firefox and Microsoft Windows) but it seems that even if you have switched off automatic updates from Windows, the Redmond Goliath will act as a hacker and still covertly download them on your computer regardless of your wishes. Most people are not aware of this as Windows does not ask your permission by displaying any kind of dialogue box but I was alerted to the situation by a blogger friend who checked his system logs. I subsequently found out that a computer newsletter also reported on the situation as well.

Why is this bad? Well because some people, such as myself, like to check on each patch to make sure that it is not causing anyone any problems BEFORE we download it. Some patches are just rushed out half-cocked and it's only when the thing is installed that problems start happening. So I have begun to investigate each patch by its reference number and I have started to search online on the Microsoft website and also other people's blogs to see if anyone has been reporting any strange occurrences with that particular patch. So for Microsoft to take that freedom out of our hands and covertly install the patch against our wishes is a blatant invasion of our computers and a demonstration of supreme arrogance on the part of Microsoft.

The patch version number is "Windows Update Software 7.0.6000.381" and the only place where this patch is explained is on a Microsoft Communities forum. According to that forum, the patch is "an update to Windows Update itself. Unless the update is installed, Windows Update won't work". Which is all well and good but why did Microsoft not build in a dialogue box into the Windows OS to tell people this update was being downloaded? Or announce it publicly on their website? Why the sneaky underhanded method by pushing it at us unannounced and under the radar?

Apparently in Vista, the following files are updated :

1. wuapi.dll
2. wuapp.exe
3. wuauclt.exe
4. wuaueng.dll
5. wucltux.dll
6. wudriver.dll
7. wups.dll
8. wups2.dll
9. wuwebv.dll

In XP, the following files are updated:

1. cdm.dll
2. wuapi.dll
3. wuauclt.exe
4. wuaucpl.cpl
5. wuaueng.dll
6. wucltui.dll
7. wups.dll
8. wups2.dll
9. wuweb.dll

To check to see if you have the stealth patch (and there's no reason why you shouldn't have it if you're running Windows), just open the Windows Event Log by going to the start menu and then "run". Enter eventvwr.msc and press Enter. Choose "System" in the left window and go to the Windows Update Agent entries for August 24th 2007. If you have entries like these, you have the covert patches.

But do NOT uninstall them. They are perfectly fine functioning patches. The issue here is the lack of transparency on the part of Microsoft in not announcing what they were downloading onto our machines. I would call that kind of behaviour unethical and I'm sure you would too.

After commenting the other day how slow Microsoft Word is, I started to wonder if there were any updates available for MS Office. Up until now, I assumed that MS Office was automatically included in Windows Update but it seems apparently not.

There's Windows Update - http://www.update.windows.com - which gives you the latest security patches and upgrades for the Windows operating system. But there is also Microsoft Upgrade - http://www.update.microsoft.com - which covers all the Microsoft products including Office. When I ran Microsoft Update, it ran for 9 minutes and then gave me a list of 17 urgent security upgrades for Word, Excel, Powerpoint, Publisher and Outlook.

So if you were not aware that Microsoft Update even existed then go to the site now and check for urgent security upgrades! You'll probably find you have quite a few waiting for you.

This morning I set up a second Skype account and I added my main ID (camelot2302) to the new Skype account. So I was basically sending an authorisation request to myself to add myself to my account. This is the window my new account received.

Notice the yellow message underneath! That just cracked me up. I haven't seen it before either (I approved or declined a few authorisation requests yesterday and that yellow warning message wasn't there).

Would I want someone like me to contact me? I don't know. That is one weird unnerving eye looking at me!

The benefits of setting up a second account can be many. For a start, you can use a second account as a security precaution to check up on your home while you're away. This has been blogged about before but of course Murphy's Law dictates that I can't find those blog posts now that I need them. I vaguely remember someone at eBay blogging about it but I'll be damned if I can find it now.

Anyway, what you do is this - set up your second account (in the options panel) to answer calls automatically and make sure your webcam is switched on and obviously it goes without saying that your computer needs to be on (!). Then when you're away and you want to check up on things at home, use your main account to call your second account. When the call goes through, the second account answers automatically, the webcam kicks in and bingo, you have a security camera with which to see if a burglar is rifling through your drawers (ooh-er missus!).

The guy at eBay who originally blogged about this also had his PC speakers switched on so he was able to call to his dog who was in the room. So you can also use this second account method to harass poor animals too!

Oh and you can also use a second account to initially talk to people whom you don't quite trust yet with your main Skype account. Then when you're convinced they're not a lunatic stalker who will hound your life forever, you can move them over to your main Skype account for further contact.

Sometimes it pays to be paranoid - sometimes they really are out to get you!

I've just had to spend the last hour changing all my passwords and encrypting them into my TrueCrypt vault, after multiple attempts were made by persons unknown to gain access to my email account, my bank account and my web hosting account. I've also had to stop using my public email address for all the various online services that I use, since using my public email address for signing in gives a potential hacker one foot in the door. If they know the email address then all they need is the password. But if I keep the sign-in email address secret then they have to find that out too which makes things a lot harder for them. Not impossible of course but one extra hoop for them to jump through.

I found out about the hacking attempts this evening when I logged onto my email and discovered emails from the various services saying there had been unsuccessful log-on attempts. Paypal in particular is very good about sending out these kinds of notifications. Knowing that I didn't have any password problems (plus I had been out of the house for the previous couple of hours), I knew that I had been the target of a hacker, or as I call them, "password sniffers". I also have other names for them but I'm trying to keep this blog suitable for all ages.

So the first thing I did was review my passwords and looking at them, I realised that they weren't really that secure. OK, I'm not stupid enough to use "PASSWORD" or "MARK" but at the same time, a determined dictionary brute-force attack would have got the passwords in the end. That's when I realised that I needed to secure the various online services with long unbreakable password strings. This includes :

• Letters - both upper-case and lower-case
• Numbers
• Special characters such as @ ! " # + ?
• A minimum 20 characters long but if you must make it shorter than that, no less than 15 characters long.
• No connection whatsoever to any personal detail of your life - so no birthdays, pet names, street names, names of your first sweetheart, anything like that. Keep the password totally impersonal.
• Changing the passwords every 30 days.
  

So a good password would be something like !$!@yStP5x@u1P!QD2!5

If you have to type the passwords in a text file or word document then make sure you have some kind of encryption scheme in place so the password file can't be cracked. Truecrypt is excellent but a more simple solution would be Locknote.

If anybody hacks a password like !$!@yStP5x@u1P!QD2!5 then they deserve a job at the National Security Agency.

Another tool which I have been playing around with over the weekend is WinPatrol. This is a nifty little robust program which basically monitors your Windows operating system and you'll soon realise that it is totally invaluable.

When you install a software program on your computer, more often than not, it gets added to your start-up menu. This means that when you boot up your computer in the future, that new program is going to load as well and so the more programs you've got in your start-up menu, the longer it's going to take for your computer to boot up properly. So it pays to keep your start-up programs to a minimum. So one of WinPatrol's biggest assets is that it gives you a complete list of what programs start up when you boot up your computer and it gives you the option to easily disable that program by clicking on them. This right away made my day because Apple Quicktime was constantly starting up even though I had constantly disabled it through "msconfig". But it only took one click on WinPatrol to disable that Quicktime icon from constantly popping up. I also disabled about half a dozen other useless system processes which were totally unnecessary and which were slowing the computer down. End result? When I booted up the computer this morning, it started up so fast I thought it was on steroids.

WinPatrol also acts as a kind of firewall, letting you know in a pop-up window when websites and software are trying to covertly install software on your PC, when a program is covertly trying to get into your start-up menu and it gives you the option of either granting or denying access to that program.

WinPatrol has so many features that I haven't even scratched the surface of yet. One of them is the ability to view and delete individual cookies on your computer. Another shows you the list of currently running programs and processes on your PC so you can disable or delete if you so wish. Anothet tells you what program is associated with a particular file type (so "doc" will be opened by Microsoft Word, "mp3" will be opened by Winamp, that sort of thing). You can even see files which are supposed to remain hidden on your system (mostly Microsoft files which help to run Windows).

In a nutshell, WinPatrol is ideal for cleaning all the crap which naturally accumulates in a computer over time and as a result, your computer will work faster and more efficiently.

The program even has a little Scotty dog icon which "woofs" at you when you open it. What more could you ask for?!

For the past few days, I have been playing around with a piece of encryption software. I have been looking for a reliable encryption tool for quite some time (as I am completely paranoid about hackers and other shady characters!) but I was always concerned that if I chose the wrong tool, then it would irretrievably ruin my hard-drive with an unbreakable, unmovable encrypted file. I mean, once you start messing around with encrypted partitions attached to one of your drives then you could be letting yourself in for a whole host of problems if you set it up the wrong way or if the software malfunctions or even something as basic as forgetting the password. Not to mention the mess of losing the files which are being held inside - some of which may be irreplaceable. So I have been procrastinating about this for a while.

The computer program I found a couple of days ago was TrueCrypt and so far, it seems to be working well. It was recommended by PC Magazine and I have always trusted their recommendations. I was particularly struck with how simple it was to set up. You get a PDF user manual in the software download and if you follow the manual's instructions to the letter then setting up your encrypted folders is mere childs play.

How it works basically boils down to this - you create a folder on your "C" drive, just a normal regular folder. You give it a name - let's just say for the purposes of this discussion that it's called FORT KNOX. This folder is where the encrypted files will be stored. You then assign a drive number to your folder and it in this drive that the TrueCrypt software will be installed and ultimately live in your computer. You then move the FORT KNOX to the TrueCrypt drive which is protected by a master password. Using the password, you can then "decrypt" your files and access them. When you don't need the files, just remove the FORT KNOX folder from TrueCrypt. The folder is then instantly encrypted again and totally unbreakable (or so the company claims). I would be interested to see how TrueCrypt's algorithims hold up against a determined brute-force attack.

But if you're just looking for basic no-frills security and a way to deter people from casually snooping on your files then TrueCrypt seems to be able to do the job properly. I can't begin to list all the possible uses for such a program. At the very least, you should have an encrypted drive on your PC for personal information such as bank statements, receipts, invoices, passwords, tax paperwork, address books, calendars.....sometimes it pays to be paranoid. Sometimes they really are out to get you.

I've spent a lot of time getting my Firefox browser just the way I want it. The last time my browser crashed and I had to re-install it, it took me months to find all my extensions again on the web. So for quite some time, I have been looking for some kind of a back-up tool to make a security copy of my Firefox profile. Today I found it.

The Firefox Extension Backup Extension (FEBE) will make a copy of your entire Firefox profile and will store it locally on your hard-drive. You can set the extension to update itself either daily, weekly or monthly at a certain day and time.

Then if the worst should ever happen, and you have to re-install Firefox (or even if you just buy a new computer) then you can load the FEBE and your Firefox profile will be re-loaded in a snap.

Perfect.