Monday, April 6, 2009

Should Local Governments be Obligated to Secure their Public Wi-fi Networks?

WXPNews: Published by Sunbelt Software since 2001
RSS feed for WXPNewsManage your WXPNews ProfileWXPNews Privacy Policy
WXPNews: Your Source for all things XP
Vol. 8, #65 - Apr 7, 2009 - Issue #373

 Should Local Governments be Obligated to Secure their Public Wi-fi Networks?

  1. Editor's Corner
    • Should Local Governments be Obligated to Secure their Public Wi-fi Networks?
    • Follow-up: Online Privacy - Gone for Good?
    • Quotes of the Week
  2. Cool Tools
    • Tools We Think You Shouldn't Be Without
  3. News, Hints, Tips and Tricks
    • Microsoft agrees to Windows 7 downgrade to XP
    • Microsoft's latest hit back at Mac: "I'm a PC because I'm really picky"
    • Comcast terms of service agreement: outrageous or much ado about nothing?
    • Google book deal: good or bad?
  4. How To: Using XP Features
    • How to get Vista-style "breadcrumbs" in XP
  5. XP Security News
    • PowerPoint security vulnerability
  6. XP Question Corner
    • Windows indexing file (windows.edb) is large and fragmented
  7. XP Configuration and Troubleshooting
    • How to overcome the 4095 MB page file limit
  8. Fav Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  9. Product of the Week
    • Cucusoft iPhone-iTouch-iPod to Computer Transfer - Your iPhone and iTunes and Devices!

My Antivirus Is Killing My Netbook - Now What?

Traditional antivirus products can be terrible resource hogs, literally grabbing hundreds of megabytes in RAM, and maxing out the smaller Netbook CPU. But you cannot leave Netbooks unprotected either. VIPRE Antivirus + Antispyware is the AV you want to run, with it's now famous low resource consumption and practically invisible malware protection. VIPRE now is officially the fastest antimalware on the planet! Get your 30-day eval here and experience VIPRE on your Netbook for yourself:

 Editor's Corner

Should Local Governments be Obligated to Secure their Public Wi-fi Networks?

Does your city or county provide free wireless networking for its citizens (and perhaps for anyone else who is within range of the access point)? More and more local governments are doing this now. Some have implemented city-wide wi-fi coverage, turning the whole town into one big, happy Internet café. Others offer wireless hot spots at specific locations: city hall, the county courthouse, the library, the community center, parks.

Some cities treat wi-fi like other public utilities. They buy bandwidth and resell it to citizens much as they do with water or, in some places, electricity. Others offer it as a "free" service, with the cost coming out of the entity's budget. A couple of years ago, I wrote here about the trend and asked whether readers thought this was something that should be funded by taxpayer dollars. A lively discussion ensued. Today I want to go beyond that question; like it or not, these "free" networks exist. Now my question is whether the local governments that sponsor them have an obligation to make them more secure than they currently are in many cases.

Because of my prior background in law enforcement, I tend to approach network security from a public safety point of view. It may not seem like a safety issue at first glance, but anyone who has been the victim of network eavesdropping, data theft (which can lead to identity theft), malicious software and other network-related attacks knows that it is.

The big problem that I see has to do with the free, completely open networks that are becoming common in suburban cities that are trying to attract more upscale young families and cater to the ones who already reside there. You can take your laptop to city hall or the library, open up your network connections interface, pick the city's wi-fi network from the list of broadcasting wireless nets, click the Connect button, and you're on. You may not even have to enter the building; you can sit in the parking lot and surf the web on the city's dime, especially if you have a nice Yagi antenna. You don't have to identify yourself in any way when you connect. The city network to which you connect may or may not log connection information such as your computer's MAC address (the permanent physical address assigned to your wireless network adapter).

This is very convenient for citizens. You can check your email messages while sitting in the audience at a city council meeting or even blog about the meeting in real time. You can immediately look up a URL that's referenced in a book you're reading at the library. You can send email to your spouse from the community center to let him/her know that you're going out to lunch with a classmate after your tae kwon do class is over.

The problem is that it's also very convenient for the bad guys. Want to send spam (or child porn, or a message to your fellow terrorist) without having it tracked back to you? Log onto an open public network to do it. Want to have a little fun and cause a bunch of people some grief? Let loose a worm on the shared network. It's a good bet that many of those grandpas and teens and soccer moms and other folks who aren't really very technical don't have their systems properly firewalled or their access control settings configured for best security, so it's not hard to mosey on over to one of those computers on the network and read the documents on its hard drive. To add insult to injury, you don't even have to be a citizen of the city to do all this. The network is open to anybody and everybody. Not only might you, an unsuspecting citizen, have your computer infected or your privacy invaded, but you're paying - with your taxes - for the network connection that the attacker is using to do it.

There doesn't have to be any malicious intent, though, for bad things to happen on an open network. Suppose Citizen A's laptop is infected with a virus or worm without Citizen A's knowledge. When that laptop is connected to the wireless network, the malware can propagate to the other citizens' computers that are connected to that network. Depending on how the wireless access point is set up, the city's own data and the network its employees use to do their work may also be at risk. We might assume that the public wi-fi network is completely separate from the city's internal network, but that would require the city to pay for two separate Internet connections. We can hope that the network is at least divided into separate subnets with adequate firewalling in between, but that costs money, too. If the city tells you that it "really doesn't cost anything extra" to provide the wireless access, that's actually not a good sign. The easiest and cheapest way to do it is to just plug a wireless access point (WAP) directly into the existing city network - but that scenario is also the least secure, giving a knowledgeable hacker a pathway to access city records through the wireless connection.

What does that mean to you? Well, it's likely that there information about you in the city's databases if you own property there or pay for utilities (water/sewer services, trash pickup) or if the city's police have written you a ticket or if you have a library card, and so forth. As I reported last week, my electric company notified us that they'd had a data breach that may have involved our non-public personal information. They didn't mention the nature of the breach, but wireless hackers were suspected in the infamous T.J. Maxx data breach a few years back - and that wi-fi network was using encryption, albeit the older and less secure type (WEP). Open city networks, by definition, don't use any kind of encryption. That means if someone has "sniffer" software installed on his/her computer to capture the packets of data that travel across the network, they can be easily read.

If a city's taxpayer's believe that financing a "free" public wi-fi network is an appropriate use of tax dollars, that's fine. But as a security specialist, I prefer the "free but not open" model, whereby user authentication is required and citizens are issued credentials (usernames and passwords) upon request in much the same way they're issued library cards to access those free resources. Yes, it would be a little more work for the city's IT staff and yes, it would be slightly less convenient for the citizen users to have to type in their credentials when they connect. However, it would accomplish a couple of things:
  1. Provide a mechanism for tracking malicious use of the network, and
  2. Provide a way to limit the use of the network to the city's citizens, who are financing it through their tax dollars.
Going back to the library analogy, we wouldn't think of just opening up the doors and letting anyone come in and take what they want, without getting a library card and going through the check-out process. You would have no way to determine if certain patrons were doing damage to the books or outright stealing them. Bandwidth is a resource that costs the city money, just as those books are. And the open network poses much more of a real risk to other, innocent citizens than does an "open" library.

If individual user authentication is deemed to be too difficult or too costly (although the cost would be far less than the cost of a major data breach), an easier alternative would be to implement WPA encryption on the wireless networks. This would require users to enter a "preshared key" (password/passphrase) the first time they connect to the network but this is the same key for all users so it doesn't involve keeping up with individual accounts. It doesn't enable the same level of tracking but it does prevent those who don't have the key from connecting to the network.

If none of these security mechanisms are implemented, then I'd suggest that the city at least provide notification to users of the wireless network, advising them that the network is open to everyone and they use it at their own risk. This could be as simple as signs posted in the public areas where the open network is available. Many casual computer users are not aware of the risks they take when connecting to an open network; this would at least give them some fair warning.

Implementation of some of these suggestions would cost the city some money, but far less than most cities routinely allocate for other items that don't involve critical safety issues. Throughout my life and involvement in public service, I have observed that governments tend to be reactive rather than proactive. The dangerous intersection doesn't get fixed - until there is a fatal collision there. Police officers don't get the best body armor - until one is shot and killed for lack of it. For most entities, network security is still in the "before" stage; nothing bad has happened yet so we put off spending the time and effort and money unless/until something does.

Many city councils across the country believe that it's the city's job to protect citizens from the threat posed by smoke in privately-owned restaurants. Then isn't it also the city's job to protect citizens, insofar as is possible, from the threats posed by an open, unencrypted, city-owned network? Tell us what you think; send your opinions and comments to

Follow-up: Online Privacy - Gone for Good?

In last week's editorial, I discussed what seems to me to be the gradual erosion of individual privacy both online and off, and the apparent indifference of many people to its disappearance. Many readers wrote to give their opinions, proving that there are still some folks who care.

In fact, some find the trend ominous. Derrick C. wrote, "to me this is just another sign of many signs out there that the world as we know it is coming to an end. I think the world will continue but I feel there is about be a huge upheaval and this is only the beginning of it. I don't know what's going to happen but I feel there is going to be a big change coming. Is there anything we as peons can do about it... I doubt it at this point."

And Gary K. said, "You are so damn right in your assessment. I can't believe that someone else feels the same way as I do about this subject, I thought I was all alone. Our privacy has been ebbing away little by little, like grains of sand that pretty soon it will be gone. I wish more people would stand up and just say NO to this disappearing of our privacy."

Greg A. had this observation: "While I still try protect my info, the big reason privacy is nearly gone along with a lot of other things, is that the majority of the people in this country don't fight or try to prevent anything anymore ... When someone in business asks for my SS number I write zeroes in the box when they have real no reason to have it. If they complain I tear up the sheet and walk out and go somewhere else."

Art M. writes: "Years ago I visited the social security website and they had the history of social security there, including laws that were passed after SS got started. One of the laws stated that you had the right to refuse to give your SSN to any government agency (except the SS administration) and that you could not be denied any services for refusing to give it. I have since gone back to print out that law but they took the site down. I guess big brother doesn't want you to know about it."

J.T.S. reminds us: "You forgot to mention that for many years, up until the late 1990s anyway, SSN cards had a notice on the bottom of them that this number was NOT to be used for identification. Now, even colleges and universities, as well as 99.99% of employers out there, use it as your ID number."

And as Steve C. points out: "The government, (state, federal and local) who you would expect to safeguard your privacy, is the one who violates it with little or no recourse on your part ...We need some common sense laws and regulation to protect the right to privacy for all individuals that holds the right person or company responsible when there is a data breach."

Bruce B. offered this: "Privacy will only go extinct if we let it. It is up to everyone to work to take a stand and not to give up. We need an education process like what has worked for global warming. Which, by the way, I've been told is responsible for the erosion of privacy. I mean, it seems to be responsible for everything else."

Jane from England had this question: "As a Brit, I've always been amazed at how trusting Americans are with their mailboxes, leaving their personal mail unsecured and available to any dishonest person who happens to be walking along the street. I've often wondered why you don't use the system which is universal here - a slot in the front door of your house for the mail to be delivered? It wouldn't solve all the security problems you mention of course, but at least if you're away from home for a few days you can be sure that your mail is there waiting for you on the doormat when you get back." Well, we can thank our government/postal service for that. Door slots used to be common back when I was a kid, but now it's "too much trouble" for the mail delivery personnel to get out of their vehicles and come to your door, so most mailboxes are at the curb. To me, this is definitely not progress.

Thanks to all of you who wrote on this subject. It's good to know that there are still those who are fighting the (possibly losing) battle to maintain some level of privacy online and off.

'Til next week,
Deb Shinder, Editor

PS: Did you know this newsletter has a sister publication called VistaNews? You can subscribe here, and tell your friends:

And for IT pros, there's our "big sister," WServer News, at

Look up the WXPnews Fan Page and join us on Facebook!

Quotes of the Week

Today you can go to a gas station and find the cash register open and the toilets locked. They must think toilet paper is worth more than money. -- Joey Bishop (1918- )

Good manners will open doors that the best education cannot. -- Clarence Thomas (1948-)

There's no trick to being a humorist when you have the whole government working for you. -- Will Rogers (1879-1935)

Keep The Bad Guys Out With The Sunbelt Personal Firewall

Why do I need a firewall? Together with antivirus and antispyware, a firewall is a "must" to protect your computer. PC Magazine gave the Sunbelt Personal Firewall a "Very Good" rating with 4 Stars and a conclusion of "good protection". Check out the Reviews on the site and it will be clear why you need the Sunbelt Personal Firewall to protect your PC. One good example: Unlike the Windows XP and Vista Firewall, you can tell the Sunbelt Personal Firewall to look carefully at the data leaving your browser, so that sensitive information like your credit card numbers, email address, bank account, social security number and PIN code do not get stolen by hackers!

 Cool Tools

Tools We Think You Shouldn't Be Without


If you have any iPod/iPhone device, this software is a 'must have' utility to keep your iPod/iPhone safe. Download the free trial version here.

Registry First Aid 7.0 - New Release Is Faster, Safer and Even More Effective

Turn your webcam into a CCTV with alarm and email notification! Try it before you buy it:

Rip DVDs for your iPod/iPhone or Apple TV. Bundle includes video converter too! Try it free!

Vista gets bogged down very quickly! Advanced Vista Optimizer will tweak Vista for Max performance. Easy to use:

Backups? GoodSync is an easy and fast way to backup and synchronize your emails, photos, iTunes, MP3s, and other important files.

Spotmau PowerSuite Professional 2008: Fantastic! All the tools necessary to fix most common computer problems. Clone and backup too!

Print Screen Deluxe is the realistic upgrade of the Windows version. You can crop - before the capture! Very quick!

I need a real program for autofilling my passwords, shipping info not a toolbar widget. Roboform is the real deal!

 News, Hints, Tips and Tricks

Microsoft agrees to Windows 7 downgrade to XP

Once Windows 7 is released, most new computers will come with that operating system installed, as happened with the release of Windows Vista. However, some vendors often a "downgrade" option whereby you can get Windows XP bundled with a new computer if you don't want Vista. AppleInsider recently reported that Microsoft has extended that program, at least for HP computers, through April 30, 2010. This hasn't been publicly announced and we can't verify that it's accurate, but it wasn't dated April 1. You can read it here:

Microsoft's latest hit back at Mac: "I'm a PC because I'm really picky"

Gotta love the new Microsoft ad campaign. It started with a girl named Lauren, who went hunting for a laptop under $1000 and could find only one Mac model at that price ($999) as compared to dozens of PC choices. The newest features a techie young dude named Giampaolo, who pronounces the Mac books as "sexy, but more about aesthetics than computing power" and after buying an HP, ends up telling us that "I'm a PC because I'm really picky." View it here and tell us what you think:

Comcast terms of service agreement: outrageous or much ado about nothing?

Dan Kusnetzky, over on ZDNet, was in an April 1 uproar about a notice from Comcast that amends the customer agreement in a way that technically would seem to allow the company to configure, inspect and upgrade "customer equipment" attached to their network - including your computer. Comcast representatives say that of course the company is only talking about its own equipment. Read it and tell us what you think: is this a dangerous precedent or is Dan making a mountain out of a molehill?

Google book deal: good or bad?

A recent deal that gives Google near-exclusive rights to scan millions of books is being opposed by Microsoft and a host of others, many of them experts in the field of intellectual property law. Librarians have also expressed concerns. What do you think? Read more about it here:

 How To: Using XP Features

How to get Vista-style "breadcrumbs" in XP

One of the nicest new features in Vista is the "breadcrumb" view of the path in the Explorer address bar, which allows you to click on any level and go there. If you like this feature but don't want to move from XP to Vista, you can install a small application called QT address bar to give you that same functionality. Download it at

First you'll need to install the .NET Framework 2.0 or later. Then run the QTAddressBar.exe file, select Install and click Next. After this, either log off and log back on or open Task Manager and do the following:
  1. On the processes tab, find explorer.exe, right click and kill the process.
  2. Now go to the Applications tab, click the New Task button and type explorer.exe in the Open box.
  3. Right click the Toolbar and uncheck Address Bar, then check QT Breadcrumbs Address Bar.

 XP Security News

PowerPoint security vulnerability

If you're using an older version of PowerPoint (2000, 2002 or 2003), be aware that those versions are vulnerable to a zero day attack for which Microsoft has just released a security advisory. This applies to the old file format (PPT), not the new XML-based format (PPTX) that's used with PowerPoint 2007. Read more here:

 XP Question Corner

Windows indexing file (windows.edb) is large and fragmented

I have two computers running WinXP Pro and have recently found a file on both which will not defrag as it in use. I have another computer running Vista Home Premium but have not yet investigated this problem (if it exists) on that computer. The file is located in C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Search \ Data \ Applications \ Windows and is called Windows.edb. On one of the computers it around 200Mb and on the other is over 600Mb and on both it is severely fragmented. e.g. 1985 fragments on a 200Mb file. I have tried disabling the Indexing Service (which is what I believe updates this file) and then rebooting, but the file is still "In Use"... I'm sure that I'm not the only user who is perplexed by this and although disk space is cheaper than ever these days, the size of the file seems unnecessarily large and the extent to which it is fragmented must be having a hit on performance. - John H.

Windows.edb is indeed the file created by the indexing service, Windows Search (formerly Windows Desktop Search). In the Services console (Computer Management), try stopping the Windows Search service before you defrag. You might also try running the defrag utility while booted into Windows in safe mode, since this starts only the essential services.

 XP Configuration and Troubleshooting

How to overcome the 4095 MB page file limit

There is a limit of 4095 MB (4 GB) on page file size (per volume) in Windows XP. However, if you have only one volume and want to create a page file that's larger than this, you can create multiple page files on the same volume to overcome the limit. To find out how, see KB article 237740 at

 Fav Links

This Week's Links We Like. Tips, Hints And Fun Stuff

Disclaimer: WXPNews does not assume and cannot be responsible for any liability related to you clicking any of these linked Web sites.

 Product of the Week

Cucusoft iPhone-iTouch-iPod to Computer Transfer - Your iPhone and iTunes and Devices!

Cucusoft iPhone/iTouch/iPod to Computer Transfer is an easy to use iPod/iPhone utility designed to help you backup all your files from your iPod/iPhone/iTouch. Recover lost or missing music or backup and restore all of your iPod/iPhone/iTouch content; including your favorite songs, videos, photos, Play Lists and more. If you have any iPod/iPhone device, this software is a 'must have' utility to keep your iPod/iPhone safe. Download the free trial version here.

 About WXPnews

What Our Lawyers Make Us Say
These documents are provided for informational purposes only. The information contained in this document represents the current view of Sunbelt Software on the issues discussed as of the date of publication. Because Sunbelt must respond to changes in market conditions, it should not be interpreted to be a commitment on the part of Sunbelt and Sunbelt cannot guarantee the accuracy of any information presented after the date of publication.


This newsletter and website and may contain links to other websites with whom we have a business relationship. Sunbelt Software does not review or screen these sites, and we are not responsible or liable for their privacy or data security practices, or the content of these sites. Additionally, if you register with any of these sites, any information that you provide in the process of registration, such as your email address, credit card number or other personally identifiable information, will be transferred to these sites. For these reasons, you should be careful to review any privacy and data security policies posted on any of these sites before providing information to them.

The user assumes the entire risk as to the accuracy and the use of this document. This document may be copied and distributed subject to the following conditions: 1) All text must be copied without modification and all pages must be included; 2) All copies must contain Sunbelt's copyright notice and any other notices provided therein; and 3) This document may not be distributed for profit. All trademarks acknowledged. Copyright Sunbelt Software, Inc. 1996-2009.

WXPnews Archives
Looking for a past issue? Missing an issue? Accidently deleted an issue? Trying to find that article that pointed you to that cool site? All our newsletters are archived and are searchable:

About Your Subscription to WXPnews
This is a posting from WXPnews. You are subscribed as
To manage your profile, please visit our site by clicking on the following link:

If you have feedback or wish to write to the editor, write to us at

Sunbelt Software
33 North Garden Avenue
Clearwater, Florida USA 33755

No comments:

Post a Comment

Thanks for understanding that we need to prevent the nasties.

Terms of Use

Personal & Educational Use Only This blog consists mainly of FREE newsletters from computer web gurus that I receive. I thought you might like to see them all in one place than try to discover them on your own. A moderate amount of editing may be done to eliminate unrelated repetitious ads or unnecessary text which bloat the post. However I have given the authors full credit and will not remove their site links because you deserve to see where it comes from and they deserve to get credit for what they have written. Your use of this site is simply for educational purposes. For more computer-related help go to: CPEDLEY.COM for free software, advice and tips on low cost products which are very helpful. If you want to contact the editor, please go CPEDLEY.COM and check the Contact page for email address.