PC Setup - Practical advice on security, organisation and backing systems up - Eliminate Spam
This section is included entirely as a courtesy and reflects our experience in running secure PC systems within a business environment starting with CPM, then MS-DOS, Windows3.1 (awful), Win3.11 (good), W98 (terrible), Wme (awful), NT4 (dreadful BSOD specialist), XP (first OS that really worked well other than 3.11), Win8, 8.1, and now Win10. It has no commercial value to us and is provided in the hope it will give you some pointers and ideas about how best to setup and run your PC systems. We don't say it is the only way, or even the best way. What we do say though is that it works efficiently for us and eliminates almost entirely, the absolute tedium (and cost) of fiddling around with Windows and the PC.
PC Types and Operating Systems
OS - Our main PC now runs Linux Fedora 23 with the XFCE front end. The laptop runs Windows XP professional (service pack 3).
Why not Vista or Windows 7,8,9,10? From long experience of Microsoft products, running the latest software is always a nightmare with some new bug or incompatibility just waiting to strike. This creates a huge amount of work trying to get on top of the situation and detracts from productivity.
New - 2015
Much of the information below relates to running Windows XP, the first Operating System (OS) that really worked, but is now largely superceded. Given the demise of XP, the choice was to stick with microsoft (easiest) or migrate to Linux. Our shiny new PC came preloaded with Win 8.1 and after a small amount of work to get it ready for business, it crashed. Many hours later and after a great deal of frustration it was sort of working but hard to use or find anything. Support was poor and it was obvious we were in for a lot of head banging (not unusual with MS products).
We took a monumental decision to abandon Microsoft and move to Linux. After much research, we chose Fedora with the XFCE desktop because it was clean, efficient and simple. Installation was realatively straightforwards (very impressive actually) and completed after an hour or so. The worst thing about Linux is the program names and learning what they all mean. A simple thing like 'Update' for example is actually called Yum Extender!! A simple word editor is either Nano or Leaf - totally non-intuitive. Of course the biggest difference is having to go back to a command line editor (like in the early days of MS). Downloading an A4 cheat sheet saved hours of time. Once installed and working, the next thing was to install Oracle VirtualBox.
This free and amazing program allows you to run any OS in a standalone container. You can totally isolate it from the web if you wish to stop viral contamination. So, after a few false starts, we ended up with containers for XP, Linux Kali, Win 8.1 and Win 10. You basically install your OS as normal but to a container rather than the PC. Given that most of our business software ran on XP, an isolated container is ideal to continue doing this without any fear of crashes or viruses. You can of course save a container and use it as an instant backup - perfect. So you fire up the PC, click VirtualBox and then select which OS you want to use today. Quick, simple and it works exactly like having the OS installed on your PC.
Fedora In Use
Time has shown that Fedora is rock stable (never crashed) and suits our business perfectly. Shared drives are another bonus and are accessible from all OS and the host Linux. This means that files that Windows won't allow you to change (er why?) can be simply deleted under Linux. Control (and sanity) is restored! The update process is very different to MS too. You can see exactly what is happening at all times and is far far better than the Win 10 experience of frozen PC, black screen, weird non-linear % update screens and multiple reboots. Yes sir, way batter! You also get four 'Workspaces' which is a brilliant idea. Each one can have a different program running in it. So you could have for example Linux on screen 1, Win 10 screen 2, a network traffic monitor screen 3 and say your emails on screen 4. All accessible with a single click. On top of that, all the services that matter are accessible and displayed at all times. This really increases productivity and removes the Windows frustrations of hunting down services buried deep under multiple layers of clicks. Backup programs are built in and work seamlessly.
Is possibly the most dangerous OS ever released by MS (no wonder it was a 'free' upgrade). It has multiple trackers and collects information for advertising purposes including geographic location. Some but not all of this can be disabled but who really knows?
PC Organisation This referes to machines running MS software
We found it best to split the main hard drive into smaller sections. A 10GB C: drive containing the OS ONLY, a much larger D: drive for programs and data, and a 767MB R: drive made out of computer RAM (2GB total). In addition we have a 500GB NAS (Network Attached Storage) drive N:. Sometime in the future, we will move C: onto a pair of SSD (Solid State Drive), 32GB or smaller will be fine, but with the fastest I/O speeds available, and configured in a RAID array. Also in the future will be an offsite copy of the entire system in case of fire or theft.
Why Split Drives? Purely because of backup issues. If you use Windows, it WILL crash - it is inevitable, built in. Worse, it always crashes at the most inopportune time. So a clean XP install to drive C:, patched to SP3 is the first step. This takes 4-5GB of space and will inflate to around 7GB in a fully working system. Therefore a 10GB drive size is plenty big enough and allows space for drive defragmentations. After installing Windows and patching, the first thing to do is make a backup. After that, you can always get back to this point within 10-15 minutes even if the whole OS crashes.
After installing the OS and making a backup, install all your software to drive D: We always use the D:\Program Files\xxxxx tree to do this.
We also use a RAM disk. It took around 4 years to find the right software (free) - Gavotte Ramdisk with GUI. This works with no wrinkles at all provided you exclude this drive from System Restore (requires simple registry tweak), otherwise your SR stops working.
Why a RAMdisk? Specific to MS software
Mainly security and to avoid file 'bloat'. Anything stored in RAM gets lost when the PC is switched off. So if all your temporary files including web history, cookies etc are stored here, they get destroyed whenever the PC is switched off. You don't need any sort of software file cleaner, you can't store infected files and you know all cookies go too. Additionally, RAM is very fast and your PC will work faster. The only downside is you must save to hard drive, anything in RAM you wish to keep.
Another excellent dodge is to put all your web browser config files in RAM. We use Firefox here and have a BATch file that runs everytime the PC is switched on. This copies all Firefox settings and menus into RAM. This is great as we always have the SAME favourites etc.
Having lost all our company data as a result of a system crash some years ago, reliable backup became a big issue for us. We tried all sorts of products but to cut a very long and expensive story short, we settled on Acronis True Image Home (V9.0). This was simply wonderful, easy to use and worked really well, for a while. Then out of the blue, it started going flaky. Images were reported as being OK but restored to around 30% and then stopped, crashed. NO GOOD for a backup solution! We upgraded but V12.0 had issues with SCSI driver compatibility. Lots of research highlighted NOVA as a good brand. After purchasing this, a word of advice - it's awful! Horrible interface and tricky to use. Fortunately we had a backup, backup plan and this was product called EaseUS ToDo. Having just bought Workstation V6.0, ($23) this works fine and is easy to use.
On top of that, we also run a BATch file whenever the PC is turned off. This uses Xcopy to make a copy of any newly modified or downloaded files and duplicate them to the network drive. Provided you maintain the same file structure on the backup drive to your main PC, then this works fine and you always save a copy of whatever you did while the PC was switched on. Take a look. If you want to try it, save it as text and rename as .bat.
Every month, we make a backup ie Jan11.tib which is a complete backup of C: - basically the OS including all startup and registry values. Before backing up, we always empty the wastebin and do a C: defrag to keep things tidy. Once every three months or so we might do a full D: backup but since we always have the source program files, this is no big deal if one gets an error as a reinstall is quick. C: backups take around 10 mins on our machines and are around 2GB in size. Restoring the whole C: drive is painless and takes 10-15mins - just long enough to make and enjoy a coffee. All backup images are copied to the NAS drive as well. So worst case is a PC stolen or totally scrap. Buy a new PC with no OS set to boot from CD. Insert Acronis recovery CD and provided you get access to the NAS drive, restore latest C: backup image. In 10-15 Mins, your PC is working again and just needs D: sorting.
If your PC suddenly becomes listless, acts funny or refuses to play ball - immediate full restore. Works a treat and you always get back to EXACTLY the same position as when you stored the image. You can also restore individual files, so an image of the data on D: can be useful too.
Data Data on drive D: is obviously critical and this is backed up to an attached network drive. We have a small BATch program that checks out the archive bit on every file on drive D: and stores any file that is new or that has changed. Xcopy is part of Windows and ideal for this. We run the backup BATch file after finishing any new work and at the end of the day. Thus drive N: (Network) a LaCie NAS drive, has a complete copy of D: and all C: backup images for each computer we have.
Everytime Firefox (our web browser) has a new link added (or advert blocked), we need to copy the relevent files from R: (the RAM drive), to d:\Myfiles\Firefox\, otherwise the changes are lost when the PC is switched off.
System security is handled by a multi level approach. The main line of defense used to be a software package ZoneAlarm (ZA) Security Suite which replaces the Windows firewall by something much better and allows you to do really useful things like completly disabling Dr Watson (annoying and useless Windows crash program). Unfortunately, ZA went unstable on XP (2012) and started crashing explorer.exe, prevented our PCs turning off and consumed huge processor resources. Microsoft Security essentials is now used instead.
Connection to the internet is a security nightmare and is compounded by government intentions of monitoring all internet searches and emails. Whilst having nothing to hide, this is way too intrusive for us so we use a system called Open VPN. This is effectively an encrypted tunnel from each PC to the Open VPN provider server. There are many of these servers and they are located in the UK, USA and Far East. Not only does our ISP (Internet Service Provider) have no means of seeing what we are downloading (other than quantity), our IP (Internet Protocol) address is also hidden from websites. This means that sites like Google cannot track your search history as they see your Open VPN IP address, rather than your true IP address. It also means you can avoid geographical redirection, or video content denial based on IP - a great research tool. This works for VOIP and email too as traffic goes over the same connection. Having said all that, government agencies now routinely tap virtually ALL your data. For an in depth analysis, see privacy guide.
Wherever possible, try to connect to websites by using a secured web connection (eg https://) to minimise the risk of your web connection being compromised (man in the middle attack). Be aware though that your web browser may not be set to the highest security setting by default. This is certainly true of Firefox. Currently the highest level of security is provided by 256 bit AES encryption. Test your browser by visiting here.
We want to make sure that our version of Firefox only uses AES 256 bit, AES 128 bit or 3DES 168 bit ciphers. Open up a window and type "about:config". Then in the "Filter" bar at the top search for the following: (Double clicking on each line will change the value)
Now your browser will only accept the TLSv1 protocol in AES256 bit cipher encryption no matter what previous weaker ciphers a web server prefers. This configuration also makes your browser FIPS 120-2 compliant (year 2030 specs). Currently, IE8 running on XPsp3 will only connect at RC4 128 bit security (though needs more investigation). Chrome out of the box is also set for RC4 128 bit.
- tls and set the lines to true.
- ssl2 and set every line entry to false. (You may not need this)
- ssl3 and set every line to false except lines containing the strings "aes_256" and "aes_128".
- security.ssl3.rsa_des_ede3_sha and set it to true. This is the weakest cipher and may be needed for some older SSL sites.
One extra measure can really help with securing your Internet connections and this is a file buried deep within Windows - See Web Access below.
When funds allow, we will also install a standalone UTM (Unified Threat Management) unit to further strengthen defences. Plus we need to think about equipment theft and fire - maybe store critical files offsite in a secure store, BUT, be very wary of uploading your data files to some offsite cloud computer network. You have NO control over the data once it leaves your network, especially if unencrypted and there is no guarantee you can ever delete any of it ever again!
Wireless connections are handled by a Netgear router with full security setup. WEP-PSPK and MAC address filtering ensures only our own PCs can connect and we always turn down the signal to the weakest possible whilst maintaining full bandwidth.
Email. Simply NEVER EVER run a file by clicking a link from a downloaded email, even from people you trust. Read the link address, make a note of it and if safe (check on Google first), enter it directly into your web client (Firefox or Explorer etc.). Attachments to emails are even more dangerous and need to be treated as if they had the plague (which they might)! If your ISP offers an email filter program (such as Postini) then this might be worth considering. It pre filters email for viruses and spam and prevents most attacks from being downloaded to your PC.
Spam - Such an important issue it has its own page: here
2015 - Firefox is back in front and worth using again! However, we have replaced ADBlock with uBlock which is much better and has no paid advertising at all.
Firefox is falling apart. This is a shame but....true. We stuck with Firefox because of ADBlock Plus but have now moved on. Google Chrome is OK but the tracking and updating features are really unwanted, even sinister. So we tried SRWare Iron. It has all of the benefits of Chrome with none of the downside and supports ADBlock too. It's very fast, reliable, light-weight yet fully functional and certainly worth a try. The differences between SRWare Iron and Google Chrome can be found here.
We have a fast broadband connection (30GB), though with Open VPN, probably less than half that which is fine. Our web browser is (used to be) Firefox with some essential add-ons: ADBlocker Plus + Element Hiding Helper + free subscription to the US block list + Firebug. This allows you to selectively block all bits of a website that you don't want to see. There are however, many other bits of a webpage that you don't see, bits that log your IP address, track your preferences, forcefeed adverts and generally slow down your access times; Virtually every website has a Google tracking link. Whilst ADBlock allows you to hide bits of websites you don't want to see, they still take time to load and here is where another trick can be used.
Windows has a special file where you can add websites you want to block (eg never see). The file in particular is called HOSTS (no extension) and can be found (XP) at: windows/system32/drivers/etc/HOSTS. Open it with Notepad or Wordpad, add an entry and save. If you want to unblock a website, either remove the entry or prefix it with #. Save the existing HOSTS file (if it exists) as HOSTS.old and then add your new one. You are welcome to use our copy if you wish. Download here (right click then Save as) and paste all of it to the location shown (true for windows XP). However, HOSTS is a bit crude and broad brush plus it can get quite big and slow down your PC. There is an even better solution, PACS (Proxy Auto Configuration).
You don't need to know any of the technicalities but this free bit of kit allows you to block any website, or any bit of any website from even loading to your PC. Brilliant. You can edit the file using Notepad to add or remove entries. Firebug allows you to see every file downloaded as part of a webpage and you can then block the bits you don't want, all the trackers and adverts and whatever else. The basic information about PACS is here and you can copy our own PACS file if you wish from here. Simply copy the file to some location such as C:/windows/system32/drivers/etc/ After that, you need to tell your PC how to use the PACS file. You do that by going to Control panel/Internet options/Connections/LAN Settings/ Then tick the use Automatic Configuration Script and paste the location of the PACS file such as: file://c:/windows/system32/drivers/etc/no-ads.pac This technique works with Google Chrome and MS Explorer too though you may need to look around for where to paste the proxy file address. For Firefox, navigate to Tools/Options/Advanced/Network/Connection/Settings and add the PACS location as decscribed above.
Basically, a list of website addresses saved in simple text format that will be prevented from opening on your PC. So if you never want access to www.facebook for example, add it to the list and it will not load.
If you do a lot of searches on the internet, over time Google and the others (Hi NSA and GCHQ) build up a picture of you and your interests. If you like Google but want to avoid ALL tracking, try startpage.com. It is a https site too so is fully encrypted between your browser and their server.
As you might imagine, this document represents a lot of research and work. It has the potential to save you a great deal of time, money and enhance your security when online. Please make a donation to show your appreciation if you can. A link to this page might be of value to others struggling with similar issues.
Some software is essential even before installing your 'working' software.
Other Useful Software
- Printkey pro - Has been around for ever. It always did work well and still does. Allows you to capture a screen print of ANYTHING on the screen including those Windows error messages just before everything goes t*** up! Really flexible, with the ability to output or save in various formats - essential. What it does not do though is to convert a screen capture into editable text. So far we have not found ANY software to do this reliably. Works on all Windows OS up to Win10.
- Cute PDF Professional - Installs as a printer driver and allows you to save anything you can print as a PDF file (even Printkey screen captures). Cute is fantastic for organising information. We have a directory D:\Myfiles\pdf\xxxx tree Any website you visit or page you see can be printed and saved in this way. This means you should never lose or forget anything at all. Plus, pages from different applications can be saved as a single document. For example a web order where you print out the order page, then add the help page and finally (when it arrives), append the email confirmation page. Some websites only show you certain pages once and you can never get back to them. Cute allows you to save them all. Files can be encrypted and password protected. Then, on top of all that, a neat typewriter function allows you to add text anywhere on the document before saving it. Just excellent. Works on all Windows OS up to Win10.
- Firefox + uBlock + Firebug + Cleanprint. A full toolbox to analyse, exclude, download and print exactly what you want from the web. Frequent version changes to Firefox are irritating though as you never know whether your extensions will still work. uBlock works much better than Adblock which has been partially bought off and serves 'good' adverts.
- ZoneAlarm Security System. As of July 2012 we have been forced to abandon this (including the free firewall). Shame as it is really usefull. Resource intensive and crashes Explorer.exe after running countless scans and loops. We are sorry to see this go (had two years left on the license too). After removing ZA, the PC (2GHz) runs nowhere near as warm as it did before, nor does it crash on exit, nor does the hard drive thrash around all the time. Come on ZA, get this fixed!
- Open VPN (we use AirVPN). Secure internet connection with 128 / 256 bit encryption. Prevents ISP 'evesdropping' and IP address monitoring. Use with the TOR network to further increase security and access the rest of the internet.
- Gavotte Ramdisk (it's free too) See here. Note 32 Bit OS.
- EaseUS todo Backup is excellent (on XP) and has no known issues. Acronis backup is also OK. See here. BUT, beware of V12.0 as it has issues with SCSI driver compatibility on XP machines.
- CorelDraw - Powerful graphics suite with good PDF creation tools. Big and complex suite but works well for us. Reliable and bug free too (patched X3 version).
- Xtreeme Search Engine Studio - One of the best ways to put a fast efficient search engine on your website. It is what we use on here and is a binary cgi script. More info here.
- FileZilla - free FTP client. Simple, effective and free!
- Registry Mechanic - Cleans up broken registry entries and is a solid performer.
- PerfectDisk - V7 is what we use and this keeps hard drives defragmented and optimally organised.
- Tough to recommend other software. We have in the past listed stuff here but, over time, all of it has been found to cause issues or conflicts.
We hope you found the site interesting, well presented and above all, informative. Thanks for visiting and please feel free to link to us or recommend us to others.