Thursday, July 12, 2007

Vista Sidebar Gadget Development, Windows Performance Tweaks and Outlook SPAM Management

Sidebar Gadget Security: Inspect Your Gadget


Review a Gadget for Security Bugs

As a first order analysis, the following should be carefully reviewed to make sure they are not introducing security bugs.

* Verify that all innerHtml constructs render only trusted or sanitized data.
You can use the innerText property to add untrusted data into the DOM safely.
* Verify that all document.write method calls render only trusted or sanitized data.
Again, use the innerText property to add untrusted data into the DOM safely.
* Verify that all calls into the Gadget object model or ActiveX controls instantiated in the Gadget pass validated data. As an example, be careful when calling System.Sidebar.Execute.
* Verify that all calls to eval() pass validated data.
* Verify that all ActiveX controls used by the Gadget are secure (no buffer overruns, integer overruns, and such).

Lawrence James

A further link: Guidance on how to develop secure Vista Sidebar Gadgets



Simple Tweaks to Improve the Performance of your Windows PC

Here are four simple tweaks for your PC that will help improve your overall computing and internet browsing experience.

Step 1: Change the IE Concurrent Download Limit - Internet Explorer's default settings only enable you to download up to two downloads at the same time. Optimizing the download settings enables you to download up to 16 files concurrently from the same server.

Method - Open registry editor and navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Right click the right pane and select New->DWORD Value. Type MaxConnectionsPer1_0Server and give it a value of 16. Add another DWORD using the same process - call it MaxConnectionsPerServer with the same value - 16.

Step 2: Disable Windows Indexing Service - The indexing feature consumes system resources, and may adversely affect your system's performance. By disabling the indexing feature, you free up disk space on your computer and may improve its performance.

Method - Goto Control Panel -> Administrative Tools -> Services. Find the Indexing Service, right click and select "Disable".

Step 3: Resize your Internet Explorer Cache - The default cache settings of IE are configured to hold a large number of cached temporary Internet files. However, storing many small files on your hard disk consumes valuable disk space and can cause disk fragmentation. Reduce the maximum size of IE cache to 128MB for optimal performance.

Method - Start Internet Explorer, Select Tools -> Internet Options ->General. Under Temporary Internet Files click the Settings button and type the amount of disk space to use.

Step 4: Windows Menu Display Speed - Menus are displayed on your computer according to Windows' default settings. By optimizing these settings, you speed up your computer's ability to display (and hide) these menus.

Method - Goto Start -> Control Panel -> System. Click the Advanced tab, and under Performance, click the Settings button. Clear the Fade or slide menus into view check box, and then click OK.

Amit Agarwal


Postmarking: helping the fight against SPAM

Postmarking is a new part of the Outlook 2007 junk e-mail feature; it complements the existing feature set to reduce the amount of spam in your inbox.

One of the great advantages of e-mail is that it is easy and cheap to send. Unfortunately, this is the very same reason that makes it so useful to spammers as it enables them to send huge amounts of email in bulk.

Think of Postmarking as computational “postage” imposed when sending email. This is a small burden for an individual user, but is a very large burden for spammers. Spammers rely on being able to send thousands of mails per hour, and in order to be able to send spam with postmarking turned on, they would have to invest a very large amount of money to expand their computational power.

Postmarking generation is only present in Outlook 2007 and postmark validation is present in Outlook 2007, Windows Live Mail , Exchange 2007, and Windows Mail in Vista.

Alessio Roic

Labels: , , , , , , ,