PC Survival and Maintenance Part 4
T.O.M.S.
There's been much encouraging and wide-ranging feedback from the first three sessions. Many thanks to everyone who took the trouble to respond and, in this final part, we'll first concentrate on dealing with your various points.
RISC OS Vs Windows
Two respondents forcefully promoted RISC OS as being far superior to the Windows operating system and insisted the latter ought to be avoided like the plague. So no change there then...
The problem of course is that this entirely misses the point of these articles. It may help to reiterate that our intended target readers are those many punters who are running RISC OS on increasingly aged hardware which they seek to replace but - for whatever reason(s) - have decided that a current ARM-powered machine such as Iyonix or A9Home unfortunately does not fit their particular bill.
We were challenged to expand on and justify that but, as a quite separate and important topic in itself, we don't have the space to deal with it in detail. Suffice to say that, in correspondence with many fans of RISC OS over the last four years who are in this position, the issues they raise - often in combination - include capabilities, cost, features, hardware/software compatibility, operating system standard, performance and the available range of ARM-powered computers (especially the lack of a laptop/notebook).
Will the situation improve? In the foreseeable future? Only the developers can tell us the answers but, sadly, recent snippets from various sources seem to hold out very limited promise.
The emulation option
The alternative option - RISC OS emulation via VirtualRPC - is now well-established and, demonstrably, many if not all of the limiting factors just listed do not apply in any significant measure.
But the fundamental question asked was whether VirtualRPC can be run specifically on a host PC, without necessarily becoming embroiled in the underlying Windows operation system and "all the problems that brings".
We determined in Part 1 that, in theory, it would be possible to install VirtualRPC on a PC and, at start-up, go (almost) directly to the RISC OS environment, running full-screen, effectively bypassing the need to become involved in Windows. However, we then discussed that in the longer term, this was not a wise proposition, primarily for 'safety' reasons.
Returning to the metaphor of operating a motor vehicle which we used before, we can of course jump aboard, start up and drive away. And apart from refilling the tank, repeat that long-term on a near-routine basis. But is that sensible? Running out of windscreen wash, or running on low tyre pressures, is neither safe nor responsible motoring, but simple maintenance checks performed at sensible intervals will minimise the risks.
Back to PC survival & maintenance
In Windows terms, arguably this may not make for sensible computing either, thanks to the perceived myriad nasties that (reputedly) abound in the PC world, but we discussed at some length the simple, routine and non-intrusive anti-malware steps we can take to ensure safe operation. While it's clearly impossible for us to guarantee that the chance of catching a dose of Windows malware does not exist, common sense precautions will effectively counter the hazards. And to reiterate what we said in Part 1, we at T.O.M.S. have never knowingly suffered any such problems in 60+ man-years of PC use.
Anti-malware applications revisited
Much of your feedback was in direct relation to our suggestions for anti-malware applications and how they should be used, so let's revisit this topic and, in doing so, clear up a couple of areas of confusion.
Except where stated otherwise, all the titles mentioned below are available free of charge (for non-commercial use), either from the authors' own websites or, more conveniently, 'one-stop-shops' such as www.filehippo.com mentioned before.
Anti-virus
We didn't make it clear in Part 1 that only ONE anti-virus program should be active at a time as, otherwise, there can potentially be a clash between the 'signatures' used to intercept the nasties. Some of you mentioned and recommended various anti-virus titles, including Avast!, AVG Free and BitDefender. It's a case of take your pick as reportedly they all do well in comparative tests; we've used AVG Free for some years and are entirely happy with it.
Anti-spyware
Here, it is permissible and, indeed, often recommended that you install and run more than one anti-spyware application and, apart from Microsoft's own Windows Defender, other suggested titles were Ad-Aware, Spybot Search & Destroy, SpywareBlaster and AVG's own Anti-Spyware program.
Firewall
This sub-topic seems to be unnecessarily troublesome, with particular titles being recommended by one person and criticised by another. Also, whether it's acceptable to use more than one firewall isn't made clear and there doesn't seem to be any definitive advice. All we can suggest is to use, say, the firewall built into Windows and, if also available, any firewall which comes with your modem. This is what we've done for some years, again without any problems.
- Rootkit detector. We previously used the rootkit detector embedded within Ashampoo's anti-spyware program but, since recently moving over to AVG's Anti-Spyware, we now use RootkitRevealer which seems to work well.
Signature updates
To reiterate what we and many other people say, we cannot overstress that whichever anti-malware applications you choose to install, it's crucially important to keep their signature files bang up to date, and that this really ought to be checked at least at daily intervals.
This may sound onerous but, in practice, it takes typically only 15-45 seconds in total (depending whether new files are available or not) to check your anti-nasty programs and download/install signature updates whenever available, so it's really not a problem to do that immediately after starting up Windows, say before loading VirtualRPC and thereafter using only RISC OS in the current session.
To illustrate the importance of that, there was a recent thread on a PC forum where someone castigated Microsoft's Windows Defender, saying that updates were never available and it never intercepted any nasties, so what was the point of it? It transpired he hadn't set up Defender either to download and install updates automatically, or even to have it notify him that regular updates were available, so the signature files were over a year out of date. Hmm.
Using CCleaner
We suggested in Part 1 the use of CCleaner which greatly assists in maintaining privacy, especially if you use a Windows browser (more on that anon).
A number of people supported this choice, two noting that, when run, CCleaner automatically deletes the contents of all the browser's temporary files that can build up during a surfing session and which, to do manually, would be an inconvenient and time- consuming process, to be done partly in 'Safe' mode.
However, there are two minor downsides to this extra-safe and rigorous approach. Firstly, in dumping all the temporary file contents, that would include the many 'cookies' which would normally speed up access next time you visit the relevant sites.
CCleaner allows for this by letting you retain the cookies or, better still, draw up a safe list, selectively, which it will not then delete. To do this, click on Options and then Cookies and, in the 'Cookies to delete' column (i.e. those recorded during the current surfing session), select the ones you wish to retain and move them to the 'Cookies to keep' column.
This is best done at intervals, just prior to using CCleaner to dump the remainder (Part 1 Fig 1). The cookie names are usually a good indicator of which sites they're linked to, so picking-and-choosing is usually very straightforward. Secondly, if you use CCleaner to auto-empty a Windows browser's temporary files, unfortunately it will also delete all the email address, password, account details, etc, which you may ideally prefer to be saved for future use. There's no way to avoid this selectively in CCleaner - but, after all, it's not a good practice to store such data in the relatively insecure area of your PC.
Instead, we use PhraseExpress (freeware from www.phraseexpress.com) which, among other useful things, lets you prepare a list of repetitive text strings, e.g. email address and passwords, and which can be stored in a secure area. Clicking on any one then enters the string into a writable icon at the caret.
Further protection
There was an interesting article in a recent PC mag suggesting other ways of further protecting yourself from Windows malware, particularly in respect of the applications you choose to use. A good example mentioned was that, to surf the net, most PC people will opt to fire up Microsoft's Internet Explorer (IE) so, quite naturally, those nasty malware authors concentrate their reprehensible efforts into defeating IE's security net.
Of course, we can neatly avoid the problem by using a RISC OS browser! But without going into details, sadly that can often be a frustrating experience. So why not instead use another browser running under Windows?
The point is that we don't have to use IE as there are many, highly-competent, freeware alternatives available, e.g. Firefox, Netscape, Opera and Safari. This also satisfies those people who wish to avoid using Microsoft's own applications! That isn't to say that the malware authors leave the alternatives entirely alone, but received wisdom is these titles are relatively safer than IE, so do take your pick.
Setting up a PC
To pull together everything we've discussed, this section offers a checklist of suggested actions for setting up a Windows-based PC for use as a reliable and - above all - safe foundation for running RISC OS under VirtualRPC. If you've maybe bought the computer through a RISC OS retailer, as a package with VirtualRPC pre-installed, arguably it will be a good idea to try to curb your natural instincts to dive straight into using RISC OS and, instead, first install and configure a 'suite' of Windows anti-malware programs along the lines which we've already discussed. Secondly, the computer may already have a commercial, 'loss-leader' anti-virus program installed, quite likely McAfee or Symantec's Norton, which will probably come with free updates - for a limited period - and is of questionable value. So although that can be left in place for the moment, we'll assume that, at some point, you will wish to replace it with a better, freeware alternative such as AVG Free (anti-virus). But the other program (anti-spyware etc) still need to be considered.
So whatever the machine configuration, here's the sort of setting-up procedure you might like to follow:
Assuming a version of Windows Vista or XP (post-SP2) is installed, configure the integral firewall to suit your needs. To do this, click on Startˆ-Control Panel-Security Centre and make sure the firewall is switched on. You can leave most of the default settings as they are but, in the Automatic Updates section, you may wish to select the "Notify me but don't automatically download or install them" option, as we discussed in Part 2 (inc. Fig 1).
Whilst in the same area, note that once VirtualRPC has been installed, it should now be listed under the Windows Firewall-Exceptions tab as "Acorn RiscPC Emulator with RISC OS x", with the adjacent box ticked. This allows incoming network connections to RISC OS, through the firewall.
Now's the time to make your choice of the freeware range of anti-malware programs which we've been discussing in this and previous parts, covering anti-virus (also if you intend to replace any pre-installed title), anti-spyware and a rootkit detector.
Download current versions of the chosen programs from a convenient source; for added protection, and if possible, obtain them via another 'safe' machine such as a RiscPC. CCleaner can be included in the download if desired.
If Symantec's Norton anti-virus program is pre-installed and you intend to replace it, you will also require a special 'tool' to enable uninstallation. This depends on the version of Norton you have installed and is available on Symantec's website at http://service1.symantec.com/SUPPORT/norton2008.nsf/docid/2007082908475279?Open&docid=2003022510471206&nsf=nav.nsf&view=docid\par.
Before uninstalling any pre-installed, commercial anti-virus program, switch off or otherwise disable your modem to prevent potential virus ingress while the machine is unprotected.
Install your choice of anti-virus program and, before doing anything else, re-enable your modem and check for updates (Part 2 Fig 2). Don't be concerned if, the first time you do this, multiple 'signature' files are downloaded; keep checking until the program finally reports it's fully updated.
Now's a good time to configure the anti-virus program to perform updates and scans as and when you want (primarily to avoid auto-updates clashing with any RISC OS applications running under VirtualRPC, e.g. Ancestor+).
Now's maybe also a good time to manually run an initial, full system anti-virus scan, just in case something has already sneaked in before you installed and updated the chosen program.
Repeat the previous three actions for your choice of anti-spyware application(s). Once again, the first time you do a check, expect multiple signature updates (Part 2 Fig 3).
Install CCleaner if desired, initially leaving all the default settings as they are. Before running it at convenient intervals (say every 1-3 days), check the session cookie contents and move any you wish to retain into the 'Cookies to keep' column.
Install a rootkit detector such as Rootkit Revealer. Run CCleaner to empty the browser temporary files immediately before doing occasional scans for rootkits as this will remove anything temporarily resident in the browser files.
MOST IMPORTANT - On at least a daily basis, check for anti-virus and anti-spyware 'signature' updates.
Thereafter, complete full scans at convenient intervals (say monthly). Don't be in the least bit concerned if "Nothing found" is routinely reported! After all, these are simply belt-and-braces checks to make sure nothing has sneaked through the net since the last full scans.
Occasionally check the Microsoft Update site at http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us, clicking on 'Custom' to see if anything new is available for download and installation, and which wasn't considered to be high-enough priority to be included in the 'Express' check at start-up (Part 2, Fig 1). This may sometimes include security-related files.
Don't be overly concerned by unexpected hard disc activity; as we discussed in Part 3, this is most likely Windows doing a bit of routine housekeeping such as recording a System Restore point. However, if it goes on for more than a few minutes, and/or at regular (e.g. daily) intervals, it may be that an anti-malware program scan has been triggered, so double-check that they're configured to fire up when you want, and not automatically. (A possible cause is that a recent program update may have reset its auto-test configuration.) There are other detailed elements we could include in the checklist but that's probably sufficient to get your shiny new PC up and running in a SAFE manner while you get used to the pleasure of running RISC OS under VirtualRPC.
The best of both worlds?
So there we have it. If you're still not convinced about safely running VirtualRPC on a PC, either consider the Mac-based version or stick to ARM-power. But based on our own experiences and reports from other PC users running VirtualRPC - and there are now many thousands - we're very confident you won't be adversely affected by Windows nasties, provided you take the trouble to install anti-malware protection and, without fail, regularly check for signature updates.
Admittedly, this is something you don't need to do under ARM-power, although it's by no means onerous or significantly time-consuming. But as soon as you start running RISC OS under VirtualRPC, and compared with (say) a Kineticised RiscPC, you'll very quickly appreciate that this is an extremely powerful solution, with much-improved operability and productivity, but with relatively few restrictions. And this has been achieved with minimal need to become embroiled in Windows as such.
So to answer the original question, we've concluded that there's little need to involve Windows just to run RISC OS. But of course this is not all; the inherent potential of having some extremely powerful Windows-based features 'under the same roof' can be tremendously valuable. Some will be invisible to the user; for example, the Windows printing system is accessed via VirtualRPC, using either a specific RISC OS PDF for each printer (where available) and/or the excellent, universal UniPrint system.
And we've also discussed when you might find using a Windows browser will make things much easier for you, especially to access 'difficult' sites, and there's a good choice of freeware alternatives to using IE. Similarly, Windows applications will often handle jobs where there is no equivalent RISC OS capability, e.g. editing video and subsequent video-DVD burning.
These are only two examples of cases where you often have a pleasing choice between using RISC OS or Windows applications, or even using the best features of the two, to get a particular job done in the most productive way. This is often helped by the increasing ease with which RISC OS and Windows applications can talk to each other; it really is the best of both worlds.
So don't hesitate to try out Windows applications. We're confident that you'll be pleasantly surprised and, despite what the doomsters say, their horror stories about Windows are simply urban myths, exaggerations or - quite simply - misrepresentations. Honest..
T.O.M.S.