billso.com

Steve Tobak is fretting about his new Sony laptop computer, because it’s having problems and he doesn’t have time to fix it.

Sounds like he needs a Mac.

There are plenty of great free software applications and services available on the Web.

In some cases, payment removes advertising and enables more features. Some require a subscription or a one-time payment.Sometimes the payment is merely a donation to a one-man operation that wrote the code.

Here’s a few quick lists of what I’m using, inspired by this discussion on Weblog Tools Collection:

Keep in mind that my recommendations are for the consumer or individual versions of each service. Some products are available in corporate or enterprise versions for a fee.

Free software and services that I would pay for, along with links to each service’s “about” or home page:

• Craigslist, if only to get the spam and junk postings off the classified portion of the service.
• del.icio.us, my second favorite social bookmarking service. I’m waiting to see what happens to Yahoo, the company that owns del.icio.us and also owns my next choice..
• Flickr, for the Pro account features.
• Google Earth, to get enhanced features on the Mac application.
• MacUpdate, for enhanced features on this Mac software update service.
• PayPal, so I could have a business account.
• Skype, for unlimited calling.
• StumbleUpon, my favorite social bookmarking service, to get some extra features as a sponsor.
• TextEdit, my favorite text editor for Windows.

Here’s a list of free software and services that I wouldn’t pay to use, because the ROI just isn’t that great:

• avast, my favorite virus scanner for Windows and Mac.
• Firefox, the best web browser for the Mac and Windows.
• Gmail, because the keep adding more storage space to my free accounts anyway.
• Twitter, a microblogging service that supports SMS and a variety of web and software clients
• Twitterific, a Mac twitter client. I can live with the occasional ad.
• WinZip and other file compression programs.
• WordPress, the software I use to run the billso.com web site. It’s fabulous, free, and there’s no real reason to pay for it. Many WordPress developers earn consulting income from clients who need

Yesterday was Patch Tuesday, and Microsoft has finally released Service Pack 3 (SP3) for Windows XP. See CIO, InfoWorld, Engadget and Paul Thurrott for some comments, and fire up Windows Update or Microsoft Update to start the install. This may be the last SP release for the 2001 edition of Windows. SP3 may be enough to keep companies from upgrading their desktops to Windows Vista for the next year or two.

From Lifehacker comes a link to a free virtual keyboard called Neo’s SafeKeys. The keyboard is displayed on the computer screen, and lets a Windows user type their password without accessing the computer’s keyboard.

It’s trivial to monitor keystrokes through software and hardware called keystroke loggers or keyloggers. This New York Times describes a new phishing attack against executives, involving an email with a link to a fake subpoena. Click the link and a Windows keystroke logger gets installed.

Executives are excellent targets for such attacks. CXOs often want to bypass corporate security systems for the sake of personal convenience. When executives insist on carrying confidential or valuable corporate data on their laptop’s hard drive, they may as well paint a target on their foreheads.

CXOs might also disable virus scanners and security software to make the computers run faster. This only makes their personal computers much more vulnerable. When executives are reluctant to admit their mistakes or ask for help, the damage is already done.

I’ve seen virtual keyboard systems deployed on banking web sites, so that users can use a mouse to enter their passphrase. Of course, this can be very tedious if the user has a long passphrase. These virtual keyboard systems may become more common as banks implement multifactor authentication schemes that address consumer, regulator and compliance issues.

Keyboards and keystrokes

It’s still possible to use a keyboard for multifactor authentication, however. This article from Windows in Financial Systems describes a system from BioPassword that requires the user to enter their password ten times in a single enrollment session. Software determines the rhythm of their keystrokes, and stores that data along with the user’s account on a Microsoft Active Directory server. Anyone who tries to access the account will have to simulate that user’s typing behavior for that specific password.

In this 15 May 2007 article, ha.ckers.org pointed out some potential problems with BitPassword’s system. The timing needs to be loose enough to accommodate different keyboard styles. A laptop computer’s keyboard often is laid out differently from a standard desktop keyboard. otherwise, the timing checker might flag users who include numerics, international characters (such as € £ ß Ω) and typographical symbols (like % @ © ^#~) in their passphrase.

Dots and dashes

The concept dates back to the 19th century. Experienced telegraph operators could identify each other by through their fist, or their distinctive patterns of keying Morse code. The same concept was also used during both World Wars to match radio operators with their message content.

Some banks might have each user to enroll several different passphrases, as many banks now require for their web-based customer portals.

BioPassword’s software is designed for business and enterprise users. PC Magazine has an excellent review here, and the London Times and Baseline have good recent articles. This Wired article from 2000 describes how the system was used by a Canadian company, Musicrypt.com, as part of a user management service for music web sites.

Related posts on billso.com

• 12 April 2008: Finding business contacts and passwords on the Internet
• 4 April 2008: Get LinkedIn with [billso.com]
• 14 March 2008: Social media in action
• 3 January 2008: Impression management and Facebook
• 10 August 2007: Forty-somethings flock to Facebook
• 2 July 2007: CXOs face malware email attacks
• 20 June 2007: Facebook vs MySpace
• 11 January 2007: How to create a secure password

From Reuters and the New York Times: Microsoft and Yahoo aren’t negotiating.

Who will blink first?

Yahoo should come to their senses soon and take Microsoft’s offer, if Microsoft doesn’t rescind the offer first. Too many Yahoo employees are fleeing already, but Yahoo’s share price has dipped quite a bit lately. Microsoft is sticking to its offer of US$31 a share, and Yahoo stock has ranged from US$19 to US$28 since the offer. Microsoft’s stock has taken a beating in the interim, too.

Meanwhile, Bill Gates says that the next version of Windows may be released within the next 12 months, according to this Reuters report. I doubt the software will be released that quickly.

Related posts

• 17 February 2008 : Shareholders may bring Microsoft and Yahoo together
• 7 February 2008: Microsoft’s rocket ship
• 4 February 2008: Microsoft acquisition of Yahoo faces roadblocks
• 1 February 2008: Microsoft makes offer for Yahoo