Thursday, April 07, 2011

LizaMoon - anatomy of a PC infection

The following article from Windows Secrets gives a good account of how your machine can become infected with a rogue security program via a piece of malware known as LizaMoon.

LizaMoon infection: a blow-by-blow account 
Fred LangaBy Fred Langa

A nasty piece of malware known as LizaMoon has hijacked links on millions of websites in the past weeks, including some normally safe iTunes and Google links.

Fortunately, LizaMoon is easy to avoid if you know what to look for.

Using rogue-AV scare tactics, LizaMoon tries to trick you into running bogus security-scan and virus-cleanup tools on your PC — but it's pure malware.

If allowed onto your PC, this particular ploy is especially troublesome because it can partially disable the Windows Security Center and change the Registry so that the full WSC can't be restarted. It also interferes with Microsoft Security Essentials, if MSE is running. (You'll find lots more LizaMoon news coverage via Google.)

My encounter with LizaMoon started unexpectedly one evening when a suspicious warning popped up on my screen. As discussed in a previous Top Story, I use Microsoft Security Essentials and the Windows 7 firewall to protect all of my PCs. In over a year of constant use, I'd never had any malware trouble. But that abruptly changed.

That evening, I was searching for something through Google — I don't recall what. When I clicked a link, a blank page overlaid with the dialog in Figure 1 popped up instead of the site I was expecting.

LizaMoon dialog
Figure 1. A real LizaMoon initial dialog, captured in the wild.

My mental alarm bells immediately started ringing — the dialog was identified as a Message from webpage. But why was a random, external webpage displaying what looked like a local security message?

Also, how could a random webpage know what was installed on my system (suspicious programs or not)? The warning made no sense.

There was plenty more to suggest that the dialog was bogus. For example, the third sentence is in fractured English — Microsoft dialogs aren't like that. And the kicker: I keep my system very clean, so the odds that it would suddenly contain "a variety of suspicious programs" are virtually nil.

Then it struck me. I'd encountered a for-real LizaMoon page hijack, in the wild!

Typically, when you encounter any suspicious webpage dialog, the correct procedure is to immediately dismiss it via the red-X close box in the upper-right corner of the dialog box or to simply close the browser. (If needed, you also can use Windows' Task Manager to kill offending software or its processes.)

Next, if you think you might have a security problem, you should manually launch known-good security tools directly from reliable sources. In no case should you ever launch unknown software triggered by visits to random websites.

In my case, however, this was exactly the kind of malware I'd been looking for to test. In the past few months, readers reported encountering new malware that masquerades as a security tool — malware that disables or bypasses Microsoft Security Essentials. I'd been trying to track it down for weeks. And suddenly, there it was.

Living dangerously: taking the malware's bait 
Given this unexpected opportunity, I took a deep breath and clicked OK, knowing full well that I was voluntarily giving the webpage permission to interact with my PC.

A new webpage opened, showed a flurry of fake "scanning" activity (most likely, just an animated .gif), and then reported a huge number of discovered viruses and security problems.

I knew my system was clean, so this report of widespread infection was clearly fake. But because the page layout and icons closely mimic those of familiar Windows tools, it could easily fool casual users into thinking that the alert was real.

After a minute of fake scanning activity, a new dialog opened — offering to "Remove all" the threats (see Figure 2).

Bogus Remove All message
Figure 2. Clicking "Remove all" on this fake security dialog starts the malware download. Find a way to close the dialog, as discussed in the text.

The new dialog set off more of my internal alarm bells. Windows normally identifies the software or subsystem involved in security alerts — such as the Action Center, the Security Center, Security Essentials, or whatnot. A dialog simply labeled "Windows Security Alert" is suspiciously generic.

And what's this about "Windows Defender"? That's Microsoft's standalone anti-malware tool that ships with Vista and Win7 and is available as a free download (page) for XP. The forerunner of the more complete Microsoft Security Essentials, it's deactivated when you install MSE. Since I have MSE active on my system, I shouldn't be hearing from Windows Defender.

At that point, you'd normally try to dismiss the warning by clicking on the red X. To see what would happen next, I clicked "Remove all," knowing I was inviting trouble.

(If you're keeping count — and I did — you'll know this was my second entirely voluntary action leading to infection.)

A real and quite legitimate Windows file-download security warning opened, as shown in Figure 3. But while the previous dialog discussed "Windows Defender," this dialog box asked permission to download an installer for "Internet Defender." What's more, the dialog clearly showed that the file was from a site — not Microsoft!

Clearly, the LizaMoon authors are confident that people do not pay attention to these details.

clues in the dialog
Figure 3. This dialog box has several naming inconsistencies: the previous dialog mentioned Windows Defender, but this one offers something called Internet Defender. It also isn't coming from a known address, such as

Ignoring yet another opportunity to bail out before being infected, I clicked the Save button and entering the location where the file should be saved (the third voluntary action on the path to infection).

My hard-drive light flickered briefly and I swallowed hard, knowing that a malicious payload had just been delivered to my personal PC. (Yes, my system was fully backed up and my sensitive data encrypted.)

Ready or not, the malicious payload arrives 
I intended to disconnect my PC from the network before the malware ran, assuming that going offline would keep any system damage local and no personal data could be exported.

But there must have been a script running somewhere, because the malware installer immediately attempted to self-start. Fortunately, Windows reported an NSIS error (see Figure 4). NSIS is SourceForge's Nullsoft Scriptable Install System, and the error means that an installation script failed an integrity check.

NSIS Error
Figure 4. The first sign of trouble after downloading the malware

Following the link given with the NSIS Error opens a page advising you to "Update your anti-virus software" and to "Scan for, and remove malware and viruses on your system."'s "NSIS Error" page states that, among other possible causes, "Your PC is infected with a virus." It adds, "Thoroughly scan your PC for possible virus or spyware infections." The page even provides a direct link to Microsoft's free online safety scanner (site) and to a discussion of how to remove viruses and malware.

I took none of that advice but did disconnect from the network. Taking yet another deep breath (and my fourth voluntary action), I clicked OK, which let the malware installer run to completion.

The malware goes active and disables my security 
Immediately after I clicked OK, my system went haywire.

First, the Windows Security Center was compromised (see Figure 5), and I could not manually relaunch it — proof that my system was infected.

compromised Security Center
Figure 5. The infection immediately disabled the Windows Security Center.

Next, the downloaded malware opened a new, fake, scanning window. Calling itself "System Defender," it claimed to have discovered numerous malware apps. Trying to learn what I could about the bogus software, I opened its Help/About menu, as shown in Figure 6.

legit-looking dialogs
Figure 6. Superficially, this dialog looks quite legit. But it fails closer inspection — it can't even keep its name straight!

In previous dialog boxes, the malware identified itself as "Windows Security" and "Windows Defender." Now it's simultaneously "System Defender" and "Internet Defender." No valid software product goes by four separate names in the same instance.

Of course, the point of all this smoke-and-mirrors chicanery is confusion — to extort you into paying to activate the software and "remove" the supposed infections. But the only real infection is LizaMoon itself.

I was certain that clicking the malware's Remove All button would bring me to a payment site. But because I didn't want to reconnect to the Net while the malware was still active on my machine, I left the above dialog alone and waited to see what would happen.

Every few minutes, the malware would pop up other warnings, such as the one in Figure 7. There were many others.

nonesensical dialogs
Figure 7. The fake virus warning got more urgent — and more illogical and ungrammatical. This nonsensical message states that a firewall has somehow detected keylogging in a social network.

Throughout this time, Microsoft Security Essentials was silent — a major disappointment. However, every few minutes the Windows Security Center would wave the flag (via a dialog box) and urge me to "Turn on Windows Security Center service (Important)."

LizaMoon blocked attempts to restart the Security Center service and hid itself from MSE.

Microsoft Security Essentials: first failure 
I have to say I'm disappointed that Microsoft Security Essentials didn't detect or prevent this infection. It should have, and I hope Microsoft patches MSE pronto.

On the other hand, deliberate choices and actions by a user can defeat any software. LizaMoon required my active, voluntary involvement four different times before the infection took hold.

LizaMoon wasn't even subtle: I had plenty of warnings and opportunities to abort the process, the malware itself provided abundant clues to its own bogus nature (such as an inability to keep its aliases straight).

The lesson? Using security tools is no substitute for common sense. Malware like this is actually very easy to avoid, if you pay attention to what's going up on your screen.

Thoroughly read all dialogs — especially unexpected ones and ones pertaining to installing new software. Ask yourself if the warning really make sense. If you have any suspicions at all, dismiss such dialogs via the red-X close box or, if that fails, by using the aforementioned built-in Task Manager (more info).

Immediately run your favorite suite of security tools, such as the ones mentioned above.

Remember: You won't get infected with LizaMoon (and similar malware) unless you allow it!

Thursday, March 24, 2011

Beware the Scammers

A good article courtesy of
As disasters spread, so do online scammers. The outpouring of generosity from people all over the world following the earthquake in Japan has been accompanied by a profusion of donation scams.

Friday, February 04, 2011

The Great HDMI Cable Rip-Off

A friend rang me from PC world last weekend asking me what kind of HDMI cable he needed to connect an X-Box to his HDTV. My answer was "The cheapest 1m cable you can find". I have four HDMI cables connected to my TV  (XBox, PS3, BD player and HDTV receiver and none of them cost more than €7 (two cost me €4.99) and they all work perfectly. When I met my friend later in the day he told me that the cheapest cable he could find was a Belkin 1m cable that was priced at €44 - but when he got it to the checkout at PC World the price was showing at €56! To my mind it is nothing short of a rip-off to sell a 1m HDMI cable for more than €10.  Some manufacturers make inflated claims or dress up their product descriptions with marketing voodoo such as triple-layered shielding, high-purity copper conductors, and nitrogen gas-injected dielectric. The bottom line is that as long as the cable is HDMI 1.3 compliant it will do the job. For more details read CNET's article.

Monday, December 20, 2010

Phone Problems

We've had a few problems with our phone recently since we moved over to UPC and customers will sometimes experience our office phone (2980762) ringing out without giving them the opportunity to leave a message on our voicemail. We have notified the problem to UPC but the best suggestion they can make is for us to reboot our modem once per week. If you experience difficulty contacting us on 2980762 then try 086-8178678 instead.

Monday, November 22, 2010

Rogue Security Software

We continue to see a high incidence of PCs infected with Rogue Security programs so we thought it might be useful to provide some detail about this form of malware for our readers (inforation courtesy of WikiPedia).

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware, or that installs other malware. Rogue security software, in recent years (2008-2010), has become a growing and serious security threat in desktop computing.
Rogue security software mainly relies on social engineering (fraud) in order to defeat the security built into modern operating system and browser software and install itself onto victims' computers.A website may for example display a fictitious warning dialog stating that someone's machine is infected, and encouraging them through social engineering to install or purchase scareware.


Most have a Trojan horse component, which users are misled into installing. The Trojan may be disguised as:
  • A browser plug-in or extension (typically toolbar)
  • An image, screensaver or archive file attached to an e-mail message
  • Multimedia codec required to play a certain video clip
  • Software shared on peer-to-peer networks
  • A free online malware scanning service
Some rogue security software, however, propagate onto users computers as drive-by downloads which exploit security vulnerabilities in web browsers, pdf viewers, or e-mail clients to install themselves without any manual interaction.[3][5]
More recently, malware distributors have been utilizing SEO poisoning techniques by pushing infected URLs to the top of search engine results about recent news events. People looking for articles on such events on a search engine may encounter results that, upon being clicked, are instead redirected through a series of sites before arriving at a landing page that says that their machine is infected and pushes a download to a "trial" of the rogue program. A 2010 study by Google found 11,000 domains hosting fake anti-virus software, accounting for 50% of all malware deliverd via internet advertising.


Alerting the user with the fake or simulated detection of malware or pornography.Once installed, the rogue security software may then attempt to entice the user into purchasing a service or additional software by:
  • Displaying an animation simulating a system crash and reboot.
  • Selectively disabling parts of the system to prevent the user from uninstalling them. Some may also prevent anti-malware programs from running, disable automatic system software updates and block access to websites of anti-malware vendors.
  • Installing actual malware onto the computer, then alerting the user after "detecting" them. This method is less common as the malware is likely to be detected by legitimate anti-malware programs.
  • Altering system registries and security settings, then "alerting" the user.
Developers of rogue security software may also entice people into purchasing their product by claiming to give a portion of their sales to a charitable cause. The rogue Green antivirus, for example, claims to donate $2 to an environmental care program for each sale made.
Some rogue security software overlaps in function with scareware by also:
  • Presenting offers to fix urgent performance problems or perform essential housekeeping on the computer.
  • Scaring the user by presenting authentic-looking pop-up warnings and security alerts, which may mimic actual system notices. These are intended to leverage the trust of the user in vendors of legitimate security software.
Sanction by the FTC and the increasing effectiveness of anti-malware tools since 2006 have made it difficult for spyware and adware distribution networks—already complex to begin with—to operate profitably. Malware vendors have turned instead to the simpler, more profitable business model of rogue security software, which is targeted directly at users of desktop computers.
Rogue security software is often distributed through highly-lucrative affiliate networks, in which affiliates supplied with Trojan kits for the software are paid a fee for every successful installation, and a commission from any resulting purchases. The affiliates then become responsible for setting up infection vectors and distribution infrastructure for the software. An investigation by security researchers into the Antivirus XP 2008 rogue security software found just such an affiliate network, in which members were grossing commissions upwards of $USD150,000 from tens of thousands of successful installations per month.

Friday, November 19, 2010

A problematic Dell

Once in a while we get a machine into the workshop for repair that turns out to be a real head scratcher. One such unit was collected from a customer last week and it has taken a while to get to the bottom of it. It was a Dell Inspiron 530 that failed to post when powered up. The fans would spin and the power light would remain steady amber indicating a problem with either the power supply unit or motherboard.

We first swapped out the PSU for a known good one, but the symptoms remained the same. Since the PC was 2 1/2 years old the customer and the customer did not want to spend much on the repair we figured that a replacement motherboard would be outside the customer's spend. Just to be on the safe side we checked the warranty status with Dell by entering the unit's service tag number in their support site and we were pleasantly surprised (as was the customer) to find that there were 155 days remaining of a three year warranty. So we called in Dell to do the repair.

A Dell contract technician arrived with a replacement motherboard, swapped the old one for the new one and, voila, the same symptoms persisted. The technician contacted Dell again and it was deemed that the problem was a faulty input/output panel switch which was duly ordered. The next day the technician reappeared with the part, fitted it and, again no change in the symptoms. At this stage he started to suspect the power supply but I told him that we had already checked with a known good PSU. He asked if I had a good PSU we could try so we hooked one up and, lo and behold, the unit posted. So the technician concluded that both the original PSU and motherboard had failed simultaneously - a reasonable conclusion under the circumstances.

To update service tag number associated with the new motherboard the technician needed to reboot the unit and enter the BIOS. Unfortunately, as soon as he rebooted the original symptoms returned. A this point he surmised that the PSUs were blowing due to a possible short in the motherboard/case. However, I brought the PSU that was connected and the original PSU still in the case and mounted them in a Dell Dimension on the work bench - in both cases the unit booted without problems, ruling out the PSU as a problem.

At this point there was, understandably, much head scratching going on and DELL HQ was again contacted by the technician. The conclusion was that another new motherboard and a new PSU would be dispatched in an attempt to resolve the problem. And they duly arrived this morning along with Tony the technician who replaced the parts and, much to his dismay, the same problem arose. The only thing that hasn't been changed at this point is the processor. So Tony (we're on first name terms now) called in again to Dell and the next step is they are taking it in to their repair facility next Monday for a 6-8 day stay. I'll take  the hard drive out before they collect it to make sure the customer's data stays intact. Will keep you posted on progress.

Thursday, November 18, 2010

Speaking of Harvey Norman...

We have a regular customer who recently needed a new all-in-one printer with fax and went to Harvey Norman in Nutgrove where they came away with a HP model that cost in the region of €250. They got PC Medic to install it which only took half an hour and all seemed fine. A few days later they called us to say that the printer was mysteriously going offline at random times. After much digging about we found that this was a documented problem with this model of printer and that while a few different solutions were proposed, none of them worked in our case.

So the printer was packed up and brought back to Harvey Norman and the manager there had no hesitation in replacing it for a slightly dearer Brother model at no extra cost. It was great to see a retailer taking their responsibilities to consumers seriously when a problem arises with goods. Needless to say we now point our customers to Harvey Norman's for printers and such like when the opportunity arises. Go Harvey Norman Go!

Wednesday, November 17, 2010

Great value printer

We came across Brother's DCP-195C all-in-one printer in Harvey Norman's in The Park, Carrickmines a few days back and bought one fo a customer who needed a new low cost printer. For €75.00 this was a real bargain. Easy to install, quiet and includes scan and copy functions, PictBridge to allow printing directly from a camera and memory card slots - this is a bargain. Not the fastest printer in the world but good quality output and a small footprint. We like it.

Tuesday, November 16, 2010

Dropbox - Simple Data Backup and Synchronisation

If there is one thing that customers tend to put on the long finger it's data backup. Time and again we've come across cases of lost data through crashed hard drives where the user has an external hard drive for six months that they just never got around to setting up. Now we've spoken before of how we like to use Cobian Backup with our external hard drives to automate our backup. But if your backup requirements are simple consider Dropbox.

Dropbox is an internet file back up/sharing system that gives you 2.0GB of backup storage for free - over that amount and you have to pay for it at a reasonable price. The mechanics of using it are simple.

1. Create a Dropbox account
2. Download and install the Dropbox installer
3. Copy the files you want to back up to the Dropbox folder created by the installer.

And that's it. Files copied to your Dropbox folder are uploaded automatically to Dropbox's servers for safe storage. But there's more. If you have a second desktop or laptop you can synchronise the files between your two PCs. Simply run the Dropbox installer on your second PC, login to your drop box account and the files in your first PC will appear in the Dropbox folder on your second PC. Thereafter, files added to either Dropbox folder will automatically replicate to the other, keeping your files synchronised between the two PCs.

Not recommended for backing up your 30GB music or photo collection, but if you want to keep those important Word and Excel files safe you'll be hard pressed to find a simpler solution.

Tuesday, August 03, 2010

Bogus Telephone Support

Three of our customers have recently reported to us that they have received phone calls purporting to be from a company called Online PC Care, which appear to have originated in an Indian call centre. The caller will try to persuade you that your computer is either suffering from a series of errors (they will ask you to open the Windows EventViewer to show you that such errors exist) or they will try to convince you that your PC is overloaded with junk files. They may try to persuade you to allow them to take remote control of your PC to address the issues they have highlighted. They will proceed to try to get you to sign up for a service contract. While there may be a legitimate company called Online PC Care, the callers our customers spoke to would appear to be operating a scam to collect money and/or credit card details from customers who fall for the scam. One customer reported that the caller became abusive when she refused to sign up for a subscription and the caller repeatedly called back every half hour for an afternoon. The caller reported the number to Eircom but was told that, although there were other reports of complaints against the number there was nothing Eircom could do as the calls originated outside Eircom's jurisdiction.

If you receive a call similar to the one described above we would recommend that you terminate the call at the earliest opportunity - the longer you engage them the harder they will try to persuade you. Under no circumstances should you allow them to take control of your PC remotely, nor should you give them credit card details.

Update: A customer has today notified us that a company calling itself Virtual PC Doctor contacted them and that their modus operandi was identical to that described above for Online PC Care. Be aware that they may operate under a number of different guises.

Thursday, May 13, 2010

O2 Mobile Broadband Solutions

PC Medic is currently in the process of trialling mobile telecoms provider O2's range of mobile broadband solutions and so far the results of our trials are very promising. So much so in fact that we are in the process of signing up as resellers for O2's range of mobile broadband devices and we hope to be in a position to offer these products to our customers in the next week or so.

To date we have been trialling three different 3G-based mobile broadband devices: the Huawei 1752; the Sierra Wireless 302; and the Qualcomm GlobeSurfer III. Both the Huawei and Sierra Wireless modems are USB dongle devices that are both easy to set up and use. Like all hardware devices that are to be used with a computer both a software driver and interface utility must be installed before the device will work. This is where installation of the dongles is an absolute breeze. When you plug the dongle into a USB port on your computer (either Windows or Apple) the installation procedure begins automatically. This makes it so easy for even the most reticent computer user to get up and running. Within 80 seconds of plugging the device into a USB port you're all set to access broadband.

So how do these 3G-based dongles compare to fixed copper (Eircom) or fibre-based (UPC/NTL) lines. Well, like most things in life, that depends. And what it depends upon is (mainly) your proximity to a mobile telephone mast. This is because this system of mobile broadband is based on the same technology used for mobile voice telephony. So what kind of broadband speeds can you expect? Well, where we are located is just "OK" for mobile phone reception. Nonetheless, we have been able to achieve download speeds of 3.72 MBit/S for the Sierra model and 3.28 MBit/S for the Huawei model. While the theoretical maximum download speed is 7.2 MBit/S it is highly unlikely that you will achieve this unless you have an O2 mast on your chimney and are in a low contention area. However, if you currently have a 3 MBit/S service from, for example, Eircom, you will probably be lucky to get 2.5 MBit/S on average. So in this regard the dongle can perform as well as fixed line broadband.

I say "can" because depending on you exact geographic location, and the prevailing weather conditions, your speed may drop off considerably. In fact the dongles allow a number of different data transmission protocols to be used for communication and will automatically select the best available at any point in time. These are, in order of best to worst, HSDPA, UMTS and EDGE. If your signal only allows use of the EDGE protocol you are down to maximum download speeds of 384 KBit/S. At these download speeds it feels more like dial-up than broadband, but you are still able to get on-line.

The product that we really like is the GlobeSurfer III. This is a 3G mobile wireless modem router that can be plugged in anywhere that there is a power socket and multiple PCs or laptops can simultaneously access the internet. In addition, the unit has two ethernet ports for wired connections to PCs or games consoles, a USB port for shared printers or external storage device, and has voice telephony and SMS options that we haven't yet got around to exploring. Potentially this device could replace your fixed-line (copper or fibre) service, providing you are in a good reception area. You can unplug the unit from the wall in your home, throw it in your weekend bag and bring it with you to your hotel/B&B/holiday home and have wireless internet access as soon as you plug it into the power at your destination (subject to signal reception).

Because you don't know whether you are in a good reception area or not you might be reluctant to sign up for a fixed term contract for one of these devices, and that's understandable. Because O2 has generously provided PC Medic with a number of trial devices of each unit described above, we are in a position where we can provide all our existing customers with these units to try at their leisure for a week or two before deciding if they provide a solution for them. All our customers will receive an e-mail in the coming weeks giving more details of this program.

Thursday, March 25, 2010

Disc Slow Down for XP Users

Tactics used to make new hard drives more efficient could cause problems for Windows XP users. It may mean any new drive bought after next year could be noticeably slower to use on the operating system.
The issue involves the way hard drives are broken down into individual sectors. Until now, it has always been standard for hard drive sectors to be 512 bytes in size. However, not all of each sector is used for storing data. Instead, there is a marker to denote the start of the sector: a space used for codes which are used to check if there is any error with the sector and its contents, and a space between each sector. (Source:
The larger the drive, the more sectors there are, and thus the more space unavailable for data storage. While this wasn't a problem in the past, with today's larger drives it has become a significant issue.

512 Byte Sector Limit Scrapped Next Year
The International Disk Drive Equipment and Materials Association (IDEMA), the global body for drive manufacturers, has now agreed that all drives produced after January next year will use sectors which are 4 kilobytes, which is 8 times larger in size than the standard 512 bytes.
The 4 kilobyte sectors have two beneficial effects: first, it cuts down the amount of disk space used simply for spaces between sectors by seven-eighths (87.5%). Second, it allows more space in each sector to be used for error correction codes. This should drastically increase the reliability of drives.

XP Users Could See 10% Dip in Performance
The problem comes from the fact that while Vista and Windows 7 were both designed with 4K sectors in mind, XP was created long before the industry had decided it would eventually be a standard successor to 512 bytes.
XP can work with a 4K sector based drive, but will simply treat it as if it used 512 byte sectors. This will be fine for reading information, but will introduce an adjustment step when writing to make sure the data fits the sectors correctly. Though this will only take an additional 5 milliseconds, that works out as a decrease in speed of up to 10%, which is likely to be a noticeable deterioration, especially with many files stored on the drive.

Later Systems Unaffected
In addition to Vista and Windows 7, all versions of Apple's OS X system from Tiger (released in 2005) onwards will work fine with the new drives. Most modern Linux based systems should be OK and, being open source, it's much easier to upgrade those which aren't. (Source:
For XP users, it may be a judgment call as to whether the problem is disruptive enough to justify updating to a later operating system at the same time as getting a new drive.

Tuesday, March 23, 2010

New Dell Vostro Laptops

We have been a big fan of the Dell Vostro 1520 since it's release a couple of years ago and any of our customers that we supplied with it have been happy campers. So we were sorry to hear that the 1520 (and the 17" screened 1720) are being discontinued in favor of the newly released Vostro 3000 series. The 3500 will be the replacement for the old 1520, with the 3300 and 3700 replacing the 1320 and 1720 variants.

The 3500, which interests us the most, comes with Intel Core i3 and Core i5 options. The
Intel Core i3-330M is a lower-middle class dual core CPU for laptops and clocks with 2.16 GHz. The difference to the Core i5-430M is the lacking Turbo Boost overclocking and the slower core speed. Each core is based on the Nehalem (Westemere) micro-architecture. Hyperthreading enables the Dual Core CPU to handle 4 threads at once (for a better usage of the pipeline).

Intel Core i5-430M is a fast middle class dual core CPU for laptops and clocks (due to the Turbo Mode) from 2.26 to 2.53 GHz. Each core is based on the Nehalem (Westemere) micro-architecture. Hyperthreading enables the Dual Core CPU to handle 4 threads at once (for a better usage of the pipeline). Compared to the faster Core i7-620M, the 430M only has 3 MB Level 3 Cache, missing VT-d, Trusted Execution, and AES features and a lower clock speed.

The new 3300 models seem to tick all the boxes, with built in webcam, 802.11n wireless, Windows 7 in 32 and 64 bit flavours, 3-4 GB Ram as standard, good sized hard discs and good looks (see the picture above). We have ordered our first 3500 with an Intel Core i5-430M processor, 3GB RAM and Windows 7 Home Premium 32-Bit and will post a review when we have it in the workshop.

Monday, March 22, 2010

Cobian Backup

Need a good backup solution? Then you should try out the open source Cobian Backup that we have been using for over a year now. One of the issues that we have had with most proprietary backup programs, such as Genie Pro, Acronis, and Norton 360 is that they save the backup files in a compressed proprietary format. While this may save you some time and space it means that if your file becomes corrupt during encoding you won’t be able to recover it. We have had this exact problem in the past and because of this we insist that all backups are now in the native un-encoded file format.

Cobian allows us to do either full, incremental or differential backups using the native file format and can be set up to run as a service, allowing fully automatic backups to be performed. It is flexible, simple to use and, in our experience, very reliable. Oh, and did I mention that it’s free? Check it out.

Wednesday, March 10, 2010


We had a problem sending e-mail from an Outlook account on one of our laptops last week and discovered that the problem was due to our IP address being blacklisted by one of the Blacklist services used by our ISP UPC. The problem was due to a customer's PC that was in the workshop which was infected by spamming software and which we connected to our network. Once you are blacklisted you have to make a delisting request directly to the Blacklist service provider, not to your ISP (UPC in our case). This can take up to 24 hours before it happens, leaving one without outgoing e-mail on SMTP-based mail clients e.g. Outlook for that period (Gmail and other web-based mail is not affected).

This is the second time that this has happened since we moved to UPC - it never happened us during the 12 years we were with Eircom - perhaps Eircom don't utilize Blacklist services.

Anyway, all is well again and to prevent a recurrence we have blocked port 25 on our router for all IP addresses except the one assigned to our PC using Outlook. Any customer's computer that is infected with spamming malware will now be blocked from sending via SMTP on the blocked port.

Here is the description of blacklists from where you can check your own blacklisting status.

Blacklists are created and managed by anti-spam organisations and are seen as an effective way of punishing known spammers.
Some of the most widely checked blacklists are Spamcop, MAPS blacklist, and SPAMHaus - checks against these and many more. These organisations publish blacklists of IP addresses that are known spammers. Blacklists are used by thousands of ISPs as part of their defense against spam. A legitimate email system can also end up being blacklisted, resulting in mail delivery problems and subsequent costs for business.
Internet Service Providers (ISPs) subscribe to blacklists in order to filter out spam sent across their network or to their subscribers. If you are listed and an ISP checks against the list, your message will not be delivered.

Monday, February 22, 2010

What a Bargain!

Clearance sale of second-hand PC from our workshop. This Dell 4700 has been freshly reinstalled with Windows XP SP3 and all updates. It comes with OpenOffice , Adobe Reader, Adobe Flash, Google Chrome and Avast Anti Virus. The unit has 512MB RAM, 2.8GHz Pentium IV CPU, 8 USB ports, Ethernet socket, 80GB Hard Disc, Integrated Video and CD/DVD RW. Comes with 6 months hardware warranty. A lovely quiet machine ideal for all home duties (not suitable for playing games - apart from games included with Windows XP). Price without monitor is €205. Price with 17" monitor is €295. Free delivery to Dublin's Southside. Call 086-8178678 and mention blog deal. Mouse mat not included in the price but available from here!

Wednesday, February 17, 2010

SlingBox Solo

The SlingBox is a gizmo that allows you to access TV media from your own TV hardware across the internet. And why might you want to do that I hear you ask. Well, consider someone who has a second house in Spain and wants to watch Fair City live and not miss an episode of the Late Late Show while they are away. Or, indeed, if you are going on holidays to Italy for two weeks but can't bear not cheering your team on in the Sunday Game live then a SlingBox might be for you.

I was aware of the SlingBox from reading reviews of it in the past but had never been up close and personal to one until a customer recently asked if we could set one up with his Sky system. Yesterday I dropped over to the customer and picked up his SlingBox and brought it home to familiarize myself with it's setup.

We have a UPC HD cable box at home that has a SCART socket with composite video-out. I connected the supplied SCART to RCA adapter to the UPC box and connected this to the SlingBox with the supplied Composite A/V cable. Next step was to connect the supplied remote control IR cable to the SlingBox and position the LED to shine on the UPC box IR receiver. Before powering up the box all that remained was to connect the SlingBox to my Netgear router via the supplied ethernet cable. So, everything we needed to make the physical connections is supplied in the box.

Once the hardware is installed it is a case of logging onto Slingmedia's dowload site to download the most up to date version of their SlingPlayer software - this is the application that allows you to watch your TV remotely - I downloaded it onto a Dell netbook running XP on an Atom processor.

When the software is installed it's time to create a SlingBox account and configure your SlingBox to talk to your cable box and your router. This is handled through a step-by-step wizard and I had no problem finding my cable box and router in the configuration options. The only slightly technical step is setting port forwarding on the appropriate port on the router, but the step-by-step wizard holds your hand for this.

Once completed I was able to receive all my TV channels on the laptop and had access to a virtual remote control that mimicked the real one, even down to volume, on/off and programme guide. I tested the picture quality when streaming within my local network and via the internet and there was a significant difference in picture quality between the two, with internet streaming being significantly poorer. This may in part be due to the fact that my upload bit rate is max 256 kbit/s - a higher upload bit rate may provide a better picture. If the picture was viewed in a small window, as opposed to full screen a sharper smoother picture resulted.

During setup I had a couple of issues that held me up. Firstly, positioning the remote control LED was problematic and I finished up using both supplied control LEDs instead of a single one in order to get the virtual remote working properly. Secondly, the UPC cable box we use is connected to our tv with a HDMI cable and, for reasons I don't fully understand, you cannot have HDMI and SCART output simultaneously. This necessitated disconnecting the TV from the cable box while I was using the SlingBox - not SlingBox's fault but less than ideal nonetheless.

The SlingBox is currently available from for £105 and does what it says on the box. However, I feel that this is version 1.0 of this type of media extender and that in a few years we will probably have the type of features offered by the Slingbox built into our TVs and or routers. Until then, Coronation Street on the Costas anyone?

Saturday, February 13, 2010

End of a Classic?

Word on the forums is that the Logitech Squeezebox Classic is being discontinued to be replaced by the Squeezebox Touch. As a Classic user I will be very sorry to see this very stable incarnation of the Squeezebox discontinued and might just pick up another while they are still available on

Tuesday, February 09, 2010

Do You Really Need Office?

A lot of our customers who purchase a new PC want to get Microsoft Office at the same time and normally pay in the region of €90 for MS Office 2007 Home and Student Edition. In many case MS Works 9.0 is already bundled with the PC but customers feel that they must have Word for their word processing and Excel for their spreadsheets (most home users don't use Powerpoint).

What you should be aware of is that MS Works 9.0 now allows you to open Word and Excel .doc and .xls files and also allows you to save documents and spreadsheets in those formats. So why do you need to spend an extra €90 when you have all the software you need bundled with your PC? The answer, in most cases, is you don't unless you need advanced features like macros and pivot tables.

So before you rush out to buy Office give Works a run around the block. It may be all that you need. And if you do need more horsepower in your office productivity software, there is always OpenOffice.