- Why do you prefer Macrium Reflect over Windows 7’s backup program?
- How do I get recipients email address and name to show in the To: line?
- Is it safe to stay logged in to my password vault?
- How do I copy email from Outlook to Gmail?
- Can’t we just spam the spammers to death?
- When does support end for other versions of Windows?
Links above are to Ask Leo! articles based on the transcript below.
Download the mp3 [13M]
Welcome to AskLeo! Answercast #151. I’m Leo Notenboom and I’ll be answering questions that people are asking out at askleo.com.
Today’s Answercast is brought to you by (perhaps for the last time) Maintaining Windows XP: A Practical Guide. Windows XP isn’t dead – although they sure are trying to nail the coffin shut. Microsoft ends support for it in the next couple of weeks but it’s still just not going away overnight.
If you’re running Windows XP and you want to keep it running well for as long as possible, then you owe it to yourself to check out Maintaining Windows XP: A Practical Guide – my nearly 300 page e-book that will show you step by step how to clean it up, tune it up, speed it up and keep Windows XP working for you! There’s no risk. It comes with a 30-day, no questions asked, money back guarantee.
Visit maintainingxp.com to order your copy now. Be sure to use the coupon code NEWS20 when you check out for 20% off the cover price of the pdf version. That’s NEWS20, all capitals, 20. That code’s only for my newsletter subscribers, and my Answercast listeners.
Maintaining Windows XP: A Practical Guide is also available in paper from Amazon. You’ll find a direct link to that on maintainingxp.com.
Why do you prefer Macrium Reflect over Windows 7’s backup program?
Is Macrium Reflect superior to the disk imaging utility included with a 32-bit version of Windows 7? And if so, in what regard?
Well, to begin with, I don’t think I would call Windows 7’s backup program a disk imaging program. Yea, it can create what we would call an image backup. But the term “disk imaging utility” really implies to me (and I think to others) a lot more functionality than the Windows 7 backup program actually has. While the Windows 7 backup program is perhaps the first to meet what I would consider to be the bare minimum necessary for a backup program, I definitely prefer solutions like Reflect.
One of the biggest issues I have with Windows 7’s program is that I have a very hard time telling exactly what it’s doing. Backups are so incredibly important, I want things to be clear and complete. The interface for backing up data only, is confusingly melded with the interface for creating full image backups. You actually have little control over just where things go and not a lot of control over exactly how the backups are created.
That being said it is, as I said, the first backup program to come with Windows that I feel comfortable saying, yes, if you do nothing else, go ahead and use this. It’s one of the reasons I wrote my book, Saved: Backing Up With Windows 7 Backup. Because while it’s capable of doing all the things that I feel are necessary, it’s not at all obvious.
So, what’s necessary?
Well. Full image backups that you can schedule to happen without the need to think about it. Some way of managing your disk space in a controlled and obvious way so that you know what you’re getting. The ability to restore not only a full image, but to extract individual files from that image. And some sense that the backups are reliable and will be there when you need them.
The big risk I see with using Windows 7’s own backup program is actually kind of an odd one. Microsoft has a very poor track record with maintaining backup compatibility across Windows versions. Windows XP backup images, as I understand it, are readable only by Windows XP backup. That just doesn’t help you if you’ve moved to, say, Windows 7 and need to recover a file from an old backup. Windows 7 backup images are apparently in .vhd format (Virtual Hard Disk) that could and should be readable not only by Windows 7 backup but by other programs as well.
And lastly, you know, Windows 7’s backup just feels like an afterthought in many ways. It’s kind of like it’s there because they needed to have something; they needed to check a checkbox; not because they wanted to create a really good robust backup system.
Macrium Reflect, on the other hand, is a program that is specifically architected to back up your computer. It has all of the features we might want and then some. And yeah, the interface can be a little confusing but you know, I have yet to find a backup program that meets all those minimum requirements that isn’t’ somewhat confusing. It is very clear about what it’s doing both with when you set up your backup, while the backup is happening, and when you need to restore.
And, yes, I’ve written, Saved: Backing Up with Macrium Reflect to help you get the basics set up and to recover when the time comes.
Reflect works on XP and Vista and 7 and 8. And, Reflect installed on any of those can read backups created on any of the others. I just believe it’s a more robust solution created by people who are actually trying to create the best backup program. Ultimately, I guess, robustness, power and features aside, I’d have to say that I simply trust it more – and when it comes to backups, trust is incredibly important.
How do I get recipients email address and name to show in the To: line?
I’ve noticed sometimes when I get an email from someone who used a distribution list, that everyone’s actual name along with their email address is displayed in the “To” field. I’ve noticed this from friends who use MSN and AT&T thought I’m not sure about Yahoo and Gmail and so forth.
Seeing all the recipients’ actual names along with their email addresses tells me who they actually are when I might not be able to tell from some of their cryptic email addresses. Now I know I can set up my mail so that my name appears as the “sender” instead of my email address, but how can I have all my note recipient’s actual names, along with their email addresses, always be displayed in the “To” field? All my contacts have their first and last names in the appropriate fields in my Contacts list. But is there another field in AOL that will allow me to do that?
You know, I’m not exactly sure whether you’re asking about the “To” line in an email you receive or email that you send? The answer is actually quite different depending on which it is – and I’ll touch on that, and email addressing in general. Though I will throw out the caveat that I’m not very strong on AOL. So if things don’t work the way I describe with your AOL email client, you may need to actually ask AOL for some help.
The low level email protocol that all mail servers use to send email back and forth supports two different pieces of information for each recipient:
- A descriptive name or display name, which is actually optional and is in fact, actually ignored by the protocol.
- And of course, the second piece is the actual email address of the recipient, the email address to which to send that email.
If you’ve ever seen a name followed by an email address in angle brackets, that’s what you’re seeing. An email address alone? It’s just an email address. An email address in angle brackets is what the mailer actually pays attention to if there’s a descriptive name in front of it. Like I said, the descriptive name is otherwise ignored. You set your own when you configure an email account.
Most email programs or services will actually ask you for two pieces of information: your name and your email address. Then, when it sends email, it sends email as being “from” your name as the display name followed by your email address in angle brackets. Now, this isn’t something you can type in on “send”; it’s actually something that the email service or program constructs for you from your name and email address.
As I said, the name’s completely ignored so you can set pretty much whatever you want. That’s why so often you’ll get spam where the name is one thing in the email address is something that is very clearly completely unrelated to the name.
If there’s both a display name and an email address, email programs can choose what they want to display on the email you receive. They can display only the display name (hence the term); they can display the display name followed by the email address in angle brackets, which is what it sounds like you’re seeing on the email you receive; or they can ignore the display name and show only the email address. Typically, they only do the latter if there is no display name to display.
When you compose email, the “To” line gets kind of interesting. In most programs, if the email address you type in is in your address book, the program will automatically fetch the display name if there is one. In most programs, if you start typing someone’s name that matches a display name, the program will show you the potential email addresses until you select one, or have just one. But in most cases, regardless of how you type it in. If you have both a display name and the email address, the email program should use both on the “To” line. Unfortunately, like I said, if that’s not what you’re seeing with AOL mail, I can’t quite explain it.
Receive is a lot easier to answer. You can’t. What’s in the email you receive (what’s shown when you display the email you receive) is actually completely determined by the sender. Your email program isn’t really supposed to play around with that at all.
So if what you’re asking… if you’re expecting your email program to check the email addresses on incoming mail and then somehow augment it with the names that you have in your address book, that’s not something I’d expect to work and certainly not something I’d expect to be able to control.
And of course, I have to point out that it’s bad form to send email to a distribution list in such a way that everyone’s email address is exposed at all. You, or the sender, should probably be using the BCC line for that. Among other things, that cuts down on spam.
Is it safe to stay logged in to my password vault?
I have and use KeePass with Windows 7. I open KeePass in the morning and I leave it open all day. Does this make it unnecessary for malware to determine my KeePass password in order to see my password file? Is keeping KeePass open a security risk?
You know, this is a really interesting scenario and the answer really boils down to “it depends”. I can tell you that I do both with LastPass, a KeePass equivalent. I keep it logged in all day and again, I don’t.
To directly address your question, the only malware that would be helped by keeping a password vault open, in my opinion at least, would be malware that is specifically targeted at reading the contents of that specific password vault. By that I mean, malware that is looking specifically for KeePass, or specifically for LastPass, or whatever, and if it finds it it then starts sucking up the contents somehow. I am not aware of any such malware at this time.
You know, to be clear, I really don’t think malware writers need to bother with that. If you’ve gone so far as to allow malware on your machine in the first place, it’s much easier, and much more productive, for that malware to simply record what you’re doing.
Now, I know that I hear a lot of people saying that using a password vault doesn’t use keystrokes. True enough but it still uses something to get the password into the forms and whatnot that it’s filling out – and what we tend to call key logging software is actually capable of logging much more than just keystrokes. It’s very possible to log any of the ways that a password vault might transfer the password information on your behalf. So, in my opinion, keeping a password manager open doesn’t really make you any more vulnerable to malware.
It could, however, make you vulnerable to something else.
The scenario I’m thinking of is when you walk away from your computer, or worse, when your computer is stolen, when you’ve left it in this state. Anyone can walk up to your computer and just start using your password vault. If your laptop is stolen while on, say, maybe you just closed the lid and it somehow disappears at that point, it’s possible, common even, that when the thief opens the lid everything is still there, running and ready, including your password vault.
So, if that’s a concern, then yes, absolutely, leaving a password vault open does add to the risk.
My scenario? Remember I said I do both… is actually very simple: at home, where the risk of someone untrusted using my machine is low, I’m signed into LastPass, pretty much all day. On my laptop, I’m not. In fact, I have LastPass configured to automatically log me out after some period of inactivity. In fact, I consider that security so important that I also have two-factor authentication turned on in LastPass. On that laptop, I need both my password and a security code from my mobile phone in order to be able to login to LastPass at all.
How do I copy email from Outlook to Gmail?
I would like to copy all folders in Outlook 2003 to my Gmail account as I’m going to change from XP to Windows 7 soon. I’ve not been able to do this so far although I’ve successfully copied Contacts. In view of the expiration date of XP being soon, this could be a very useful article for a lot of people. Could you please give step-by-step-instructions for how to do this?
So there are a couple of possible confusions in this question: copying existing email to Gmail can be a very useful thing. I’ve done it myself – but I want to make sure you know exactly what it means.
Outlook is an email program. Now to be clear, we’re talking about the Outlook that comes with Microsoft Office. That is completely unrelated to the Outlook.com website web service. Outlook, the program, is not your email account; it’s not your email address. You can use Outlook to download email from any email service to your PC. You can use Outlook to download your ISP provided email; you know, where your address is something like firstname.lastname@example.org. You can use Outlook to download your Yahoo mail, your Gmail your well, just about any email address you might have.
That’s what configuring an account in Outlook is all about. You’re telling it what email service you’re using and how to go about fetching email from that service.
Gmail, on the other hand, is first and foremost, an email service. That means, for example, you’d have a gmail.com email address.
Perhaps you already have Outlook configured to access email using your Gmail account. Fantastic.
Now if you have another email address, you can actually use Gmail to act, kind of, like an email program. In Gmail settings, under accounts, is an option to check mail from other accounts using POP3. You would configure this to fetch the email from your existing email account. Much like an email program on your desktop might. That way, you would read newly received email in Gmail’s interface instead of Outlook.
The problem of course is what to do with all that old email that you currently have stored in your PC, in your Outlook folders. Here’s what you do. It’s really just a two-step process.
One, configure Outlook to access your Gmail account using IMAP. Yep, this is just as if you were planning to use Outlook to read your Gmail for everything. In reality, it’s a short-term thing because – Step 2: copy by dragging and dropping email from your previously existing folders into the Gmail folder that Outlook will have created. You can even create or move sub-folders in there if you’d like. This will actually cause all of the email to be uploaded to Gmail. You’ll eventually find it available to you in the Gmail web interface – or in fact, any device that you connect up to your Gmail account using IMAP.
Once that’s done, you can then access your email on the web using the Gmail interface, or you can leave Outlook running with it configured to access your Gmail account via IMAP. Two different ways to access the same single email account from multiple places.
Can’t we just spam the spammers to death?
I received a rather lengthy question that mentioned a specific service that claims to turn the tables on spammers either by spamming them back or by somehow using the content of their spam messages to attempt to harm them in some way… or at least annoy the heck out of them.
Now as much as spam angers us, besides ultimately being ineffective, vigilante justice just isn’t the answer.
One idea is to take incoming spam email and reply to it with thousands of messages in return.
Now there are so many problems with this idea that it’s hard to know where to begin. The biggest one is simply that the spammers don’t pay attention to the email that gets returned. Either the “From” address is forged and you’re actually spamming an innocent bystander, or the “From” address is fake, in which case you might just find yourself the recipient of thousands upon thousands of bounce messages.
In either case, what’s happened here is that you have become a spammer or perhaps this third party service has!
The fact is spam is spam – whether or it comes from a spammer, or whether it comes from you, or a service. You are causing thousands of unsolicited email messages to be sent, which makes you a spammer. Depending on how things are set up, you actually run the risk of losing your email account or your email provider being placed on blacklists and your email, your legitimate email, not being able to make it out. You even run the risk of running afoul of the law since what you are doing is, as I understand it, quite illegal. It’s ineffective and the only person potentially impacted by your actions is you. Don’t do it.
The other approach, of course is to take the link that’s present in email and somehow spam it.
Well, first of all, you can’t send email to a link. A link goes to a page on a website – and an email address, well, it’s an email address. The two actually can be completely unrelated. Even though you might know the domain that the link goes to, you can’t know the email address at that domain at which to target your attack.
But, it gets worse, much worse, in fact. Once again, the link in the spam is rarely the actual website of the spammer. These links actually fall into two buckets: hidden pages on websites that have been hacked or temporary websites, temporary domains, that spring up for awhile and disappear after they get blocked by other more legitimate spam fighting techniques.
The first one is little understood and actually so very common that it’s worth explaining.
The link in the email is actually considered okay by spam filters since it’s a link going to a legitimate site. When someone clicks on that link, the malicious code that has been placed there by a hacker does something to redirect to some other site that then has the real content, or perhaps even some other intermediary site, to further obscure the final destination.
Now, while you can’t send email to those kind of links, you could, I suppose, try to mount a denial of service attack on them. Basically, instead of sending thousands of emails, you would attempt to make thousands and thousands of requests of that URL with the intent of crippling the spammer’s server or like I said earlier at least just annoying the heck out of them. The problem is that as we’ve seen, it’s not the spammer’s server at all! If you succeed, you’ve only succeeded in taking down some innocent third party whose site happened to get hacked.
Oh, and once again, I’m pretty sure you’ve broken the law.
Fighting spam just isn’t that simple. Yes, authorities do follow the complex trail of obfuscated and hacked email addresses and links, and they often do manage to stop spammers and their networks. Or at they at least slow them down. But it’s not nearly as simple as some kind of individual “fighting back” scenario or a service would make it out to be.
The best things you can do to avoid spam remains to use the “this is spam” button in your email program appropriately. Only flag true spam, that’s unsolicited commercial email, as spam. Use the “not spam” button on the email you find that was mistakenly placed into your spam folder.
And never, ever, buy anything that comes to you as spam. It’s the fact that just enough people do this that makes spam the industry that it is.
When does support end for other versions of Windows?
Leo, we know that support ends for Windows XP in a couple of weeks. What do we know about other versions of Windows?
We know quite a bit actually. In fact, Microsoft has pretty much always maintained a very public list of their end-of-support dates. Let’s go over them and what they mean – because sometimes, end of support actually has different meanings.
First you can find Microsoft’s public list at go.askleo.com/winlifecycle. That link will also be in the notes and the article that are associated with this podcast.
For each operating system, there are three important bits of information. The latest service pack, which must usually be installed to receive any kind of support for as long as possible; the end of mainstream support; and the end of extended support.
So, of course, what’s the difference between mainstream and extended?
Well, you can click through a link on that page and there’s another page that has a fairly lengthy and somewhat technical definition. But what it really boils down to, for the average user, is simply this:
- Mainstream support means that things, like bug fixes (that aren’t related to security) as well as possible responses to requested design and feature changes, could all happen.
- Extended support means that they will only fix things that are a security risk – or I would assume could result in some serious data loss.
After extended support ends, all that really remains are previously published Knowledgebase articles and possibly some limited Q&A in the product forums – although at that point I’d expect them to be almost 100% non-Microsoft support with answers and discussions coming from other product users. It’s important to realize that all that “end of support” really means is that Microsoft won’t be making any further changes to the product. The product will keep working as long as there is hardware out there that supports it.
To put it all into perspective, Windows XP has been actually out of mainstream support for just about five years. It ended in April of 2009. And of course, extended support ends on April 8 of this year.
They have some rules associated with mainstream and extended support ending. Both types of support would end no less than five years after a product’s release and/or no less than two years after the next version is released. And it boils down to whichever of those two is longer, is how long they will support.
So, they could have pulled Windows XP’s mainstream support much, much earlier. Five years after it’s release date or two years after Vista was released. Obviously, those are the minimums and XP was actually supported much longer than anyone ever planned or promised.
So, what about the other operating systems?
- Well, Windows Vista with service pack 2 installed, has already passed the end of mainstream support two years ago on April 10, 2012. It’s end of extended support, in other words security fixes only, will be for another three years ending on April 11, 2017.
- Windows 7 with SP 1 installed, comes to its mainstream end of support next year, January 13, 2015. The end of extended support is January 14, 2020.
- And Windows 8, actually Windows 8.1 will have mainstream support until January 9, 2018 and extended support all the way into 2023.
Now, of course, these dates are all subject to change, and as we saw with Windows XP, its support was actually extended a couple of times to well beyond its original planned end of life. The bottom line is that in this industry, things change; they just do. They keep progressing forward. The amount of time that Windows XP has been supported is unprecedented. Most operating systems, including not just those from Microsoft but Mac and Linux as well, have a usable supported life of about five years. Rather than planning on them lasting significantly longer than that, it would instead be wise to plan for that turnover, to stay both current and safe.
As you know, I do the Ask Leo! Answercast every week, so if you have a question about your computer the internet, and whatever, head on out to askleo.com to search for an answer or to ask your question. You might hear it answered here in a future Answercast.
I also put out a newsletter every week and I hope you’re a subscriber. The Ask Leo! newsletter includes answers and fixes, and safety tips, opinions, and even the occasional answer as to just why things are the way they are.
Please back up! You know, I plug this every single week because it’s so incredibly important. Nothing, can save you from almost any disaster, like a proper and recent backup.
All of my answers are based on my own personal experience and should be used entirely at your own risk. I feel bad saying this every week but it’s unfortunately true, that I just don’t know you, your abilities, or the specifics of your machine and all those little details can make a huge, huge difference.
The Ask Leo! Answercast is a production of Ask Leo! and is copyright 2014. Thanks for listening. I’m Leo Notenboom and I’ll be back soon with yet another Ask Leo! Answercast.