PC Setup Advice
This section is included entirely as a courtesy and reflects our experience in running secure PC systems (starting with CPM, then MS-DOS, Windows3.1 (awful), Win3.11 (good), W98 (terrible), Wme (awful), NT4 (dreadful BSOD specialist), XP (first OS that really worked well other than 3.11). It has no commercial value to us and is provided in the hope it will give you some pointers and ideas about how best to setup and run your PC systems. We don't say it is the only way, or even the best way. What we do say though is that it works efficiently for us and eliminates almost entirely, the absolute tedium of fiddling around with Windows and the PC.
PC Types and Operating Systems
OS - All our PCs run Windows XP professional (service pack 3).
Why not Vista or Windows 7,8,9? From long experience of Microsoft products, running the latest software is always a nightmare with some new bug or incompatibility just waiting to strike. This creates a huge amount of work trying to get on top of the situation and detracts from productivity.
PC Organisation
We found it best to split the main hard drive into smaller sections. A 10GB C: drive containing the OS ONLY, a much larger D: drive for programs and data, and a 767MB R: drive made out of computer RAM (2GB total). In addition we have a 500GB NAS (Network Attached Storage) drive N:. Sometime in the future, we will move C: onto a pair of SSD (Solid State Drive), 32GB or smaller will be fine, but with the fastest I/O speeds available, and configured in a RAID array. Also in the future will be an offsite copy of the entire system in case of fire or theft.
Why Split Drives? Purely because of backup issues. If you use Windows, it WILL crash - it is inevitable, built in. Worse, it always crashes at the most inoportune time. So a clean XP install to drive C:, patched to SP3 is the first step. This takes 4-5GB of space and will inflate to around 7GB in a fully working system. Therefore a 10GB drive size is plenty big enough and allows space for drive defragmentations. After installing Windows and patching, the first thing to do is make a backup. After that, you can always get back to this point within 10-15 minutes even if the whole OS crashes.
After installing the OS and making a backup, install all your software to drive D: We always use the D:\Program Files\xxxxx tree to do this.
We also use a RAM disk. It took around 4 years to find the right software (free) - Gavotte Ramdisk with GUI. This works with no wrinkles at all.
Why a RAMdisk?
Mainly security and to avoid file 'bloat'. Anything stored in RAM gets lost when the PC is switched off. So if all your temporary files including web history, cookies etc are stored here, they get destroyed whenever the PC is switched off. You don't need any sort of software file cleaner, you can't store infected files and you know all cookies go too. Additionally, RAM is very fast and your PC will work faster. The only downside is you must save to hard drive, anything in RAM you wish to keep.
Another excellent dodge is to put all your web browser config files in RAM. We use Firefox here and have a BATch file that runs everytime the PC is switched on. This copies all Firefox settings and menus into RAM. This is great as we always have the SAME favourites etc.
Backup Solutions
Having lost all our company data as a result of a system crash some years ago, reliable backup became a big issue for us. We tried all sorts of products but to cut a very long and expensive story short, we now use Acronis True Image Home (V9.0). This is simply wonderful and works really well. BUT, beware of V12.0 as it has issues with SCSI driver compatibility.
On top of that, we also run a BATch file whenever the PC is turned off. This uses Xcopy to make a copy of any newly modified or downloaded files and duplicate them to the network drive. Provided you maintain the same file structure on the backup drive to your main PC, then this works fine and you always save a copy of whatever you did while the PC was switched on. Take a look. If you want to try it, save it as text and rename as .bat.
Every month, we make a backup ie Jan11.tib which is a complete backup of C: - basically the OS including all startup and registry values. Before backing up, we always empty the wastebin and do a C: defrag to keep things tidy. Once every three months or so we might do a full D: backup but since we always have the source program files, this is no big deal if one gets an error as a reinstall is quick. C: backups take around 10 mins on our machines and are around 2GB in size. Restoring the whole C: drive is painless and takes 10-15mins - just long enough to make and enjoy a coffee. All backup images are copied to the NAS drive as well. So worst case is a PC stolen or totally scrap. Buy a new PC with no OS set to boot from CD. Insert Acronis recovery CD and provided you get access to the NAS drive, restore latest C: backup image. In 10-15 Mins, your PC is working again and just needs D: sorting.
If your PC suddenly becomes listless, acts funny or refuses to play ball - immediate full restore. Works a treat and you always get back to EXACTLY the same position as when you stored the image. You can also restore individual files, so an image of the data on D: can be useful too.
Data Data on drive D: is obviously critical and this is backed up to an attached network drive. We have a small BATch program that checks out the archive bit on every file on drive D: and stores any file that is new or that has changed. Xcopy is part of Windows and ideal for this. We run the backup BATch file after finishing any new work and at the end of the day. Thus drive N: (Network) a LaCie NAS drive, has a complete copy of D: and all C: backup images for each computer we have.
Everytime Firefox (our web browser) has a new link added (or advert blocked), we need to copy the relevent files from R: (the RAM drive), to d:\Myfiles\Firefox\, otherwise the changes are lost when the PC is switched off.
Security
System security is handled by a multi level approach. The main line of defense is a software package ZoneAlarm Security Suite. This replaces the Windows firewall by something much better and allows you to do really useful things like completly disabling Dr Watson (annoying and useless Windows crash program). It has a good email filtration system too.
Connection to the internet is a security nightmare and is compounded by government intentions of monitoring all internet searches and emails. Whilst having nothing to hide, this is way too intrusive for us so we use a system called Open VPN. This is effectively an encrypted tunnel from each PC to the Open VPN provider server. There are many of these servers and they are located in the UK, USA and Far East. Not only does our ISP (Internet Service Provider) have no means of seeing what we are downloading (other than quantity), our IP (Internet Protocol) address is also hidden from websites. This means that sites like Google cannot track your search history as they see your Open VPN IP address, rather than your true IP address. It also means you can avoid geographical redirection, or video content denial based on IP - a great research tool. This works for VOIP and email too as traffic goes over the same connection.
One extra measure can really help with securing your Internet connections and this is a file buried deep within Windows - See Web Access below.
When funds allow, we will also install a standalone UTM (Unified Threat Management) unit to further strengthen defences. Plus we need to think about equipment theft and fire - maybe store critical files offsite in a secure store.
Wireless connections are handled by a Netgear router with full security setup. WEP-PSPK and MAC address filtering ensures only our own PCs can connect and we always turn down the signal to the weakest possible whilst maintaining full bandwidth.
Email. Simply NEVER EVER run a file by clicking a link from a downloaded email, even from people you trust. Read the link address, make a note of it and if safe (check on Google first), enter it directly into your web client (Firefox or Explorer etc.). Attachments to emails are even more dangerous and need to be treated as if they had the plague (which they might)!
Web Access
We have a fast broadband connection (10GB), though with Open VPN, average probably half that which is fine. Our web browser is Firefox with a couple of essential add-ons: ADBlocker Plus + Element Hiding Helper + free subscription to the US block list + Firebug. This allows you to selectively block all bits of a website that you don't want to see. There are however, many other bits of a webpage that you don't see, bits that log your IP address, track your preferences, forcefeed adverts and generally slow down your access times; Virtually every website has a Google tracking link. Whilst ADBlock allows you to hide bits of websites you don't want to see, they still take time to load and here is where another trick can be used.
Windows has a special file where you can add websites you want to block (eg never download or see). The file in particular is called HOSTS (no extension) and can be found (XP) at: windows/system32/drivers/etc/HOSTS. Open it with Notepad or Wordpad, add an entry and save. If you want to unblock a website, either remove the entry or prefix it with #. Save the existing HOSTS file (if it exists) as HOSTS.old and then add your new one. You are welcome to use our copy if you wish. Download here (right click then Save as) and paste all of it to the location shown (true for windows XP). However, HOSTS is a bit crude and broad brush plus it can get quite big and slow down your PC. There is an even better solution, PACS (Proxy Auto Configuration).
You don't need to know any of the technicalities but this free bit of kit allows you to block any website, or any bit of any website from even loading to your PC. Brilliant. You can edit the file using Notepad to add or remove entries. Firebug allows you to see every file downloaded as part of a webpage and you can then block the bits you don't want, all the trackers and adverts and whatever else. The basic information about PACS is here and you can copy our own PACS file if you wish from here. Simply copy the file to some location such as C:/windows/system32/drivers/etc/ After that, you need to tell your PC how to use the PACS file. You do that by going to Control panel/Internet options/Connections/LAN Settings/ Then tick the use Automatic Configuration Script and paste the location of the PACS file such as: file:///c:/windows/system32/drivers/etc/no-ads.pac This technique works with Google Chrome and MS Explorer too though you may need to look around for where to paste the proxy file address.
Basically, a list of website addresses saved in simple text format that will be prevented from opening on your PC. So if you never want access to www.facebook for example, add it to the list and it will not load.
Essential Software
Some software is essential even before installing your 'working' software.
- Printkey pro - Has been around for ever. It always did work well and still does. Allows you to capture a screen print of ANYTHING on the screen including those Windows error messages just before everything goes t*** up! Really flexible, with the ability to output or save in various formats - essential
- Cute PDF Professional - Installs as a printer driver and allows you to save anything you can print as a PDF file (even Printkey screen captures). Cute is fantastic for organising information. We have a directory D:\Myfiles\pdf\xxxx tree Any website you visit or page you see can be printed and saved in this way. This means you should never lose or forget anything at all. Plus, pages from different applications can be saved as a single document. For example a web order where you print out the order page, then add the help page and finally (when it arrives), append the email confirmation page. Some websites only show you certain pages once and you can never get back to them. Cute allows you to save them all. Files can be encrypted and password protected.
- Firefox + ADBlock Plus + Element Hiding Helper + Free US block list subscription. Frequent version changes are irritating though as you never know whether your extensions will still work.
- ZoneAlarm Security System.
- Open VPN (we use Witopia). Secure internet connection with 128 / 256 bit encryption. Prevents ISP 'evesdropping' and IP address monitoring.
- Gavotte Ramdisk (it's free too) See here. Note 32 Bit OS.
- Acronis backup. See here. BUT, beware of V12.0 as it has issues with SCSI driver compatibility on XP machines.
Other Useful Software
- Tough to recommend other software. We have in the past listed stuff here but, over time, all of it has been found to cause issues or conflicts.
We hope you found the site interesting, well presented and above all, informative. Thanks for visiting and please feel free to link to us or recommend us to others. |
|