Search This Blog

Thursday 30 June 2011

How CAPTCHA Works? And a Simple Script in PHP

How CAPTCHA Works? And a Simple Script in PHP

[Note : For this post I'm presuming that you are familiar with CAPTCHA, if not please read this Introduction to CAPTCHA]
CAPTCHA
Today we are going to see how CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) works and how it minimizes automatic sign-up of forms. We will also be creating a simple CAPTCHA script in PHP to illustrate this.
CAPTCHA Example

CAPTCHA Example

Basically CAPTCHA works in the following manner:

1) Create Random Value : Some random string is generated, random values are often hard to guess and predict.

2) Generate an Image : Images are used as these are generally a lot harder to read for computers while being nice and readable to humans. This is also the most important step as simple text in images can be read (and CAPTCHA cracked) quite easily. To make it difficult for them, developers employ different techniques so that the text in the image becomes hard to read for computers. Some create zig-zag lines for background while others twist-and-turn individual characters in the image. Possibilities are many and new techniques are being developed all the time as crackers are always into finding ways to break them.

3) Store it : The random string generated (which is also in the image) is stored for matching the user input. The easiest way to do so is to use the Session variables.

4) Matching : After the above step, the CAPTCHA image is generated and shown on some form which we want to protect from being abused. The users fills in the form along with the CAPTCHA text and submits it. Now we have the following:

  1. All submitted form data.
  2. CAPTCHA string (from form), input by user.
  3. CAPTCHA string (real one, generated by us), from session variable. Session variable is generally used as it can keep stored values across page requests. Here, we needed to preserve stored values from one page (form page) to another (action page-that receives form data).


5) If both match, it's okay otherwise not, in that case we can give the user a message that the CAPTCHA they had entered was wrong and their form could not be submitted. You could also ask them to verify it again.

The following image might illustrates this better:
How CAPTCHA works?
From the above image it's quite clear that when someone requests the form page, the CAPTCHA text is generated and sent back to requesting user, but only in the form of an image. If the requester is a human he'd not have much difficulty reading the image and inputting the text when asked but if it's a bot it might face difficulties guessing whats in the image. In the next step when we match the string generated and the one the user had input, we can restrict automated form submissions.


The following is the code that does this, it'll just output the CAPTCHA image to the browser when the script is requested:

<?php


// The number of characters you
// want your CAPTCHA text to have
define('CAPTCHA_STRENGTH', 5);


/****************************
 *        INITIALISE        *
 ****************************/
// Tell PHP we're going to use
// Session vars
session_start();


// Md5 to generate the random string
$random_str = md5(microtime());


// Trim required number of characters
$captcha_str = substr($random_str, 0, CAPTCHA_STRENGTH);


// Allocate new image
$width = (CAPTCHA_STRENGTH * 10)+10;
$height = 20;


$captcha_img =ImageCreate($width, $height);


// ALLOCATE COLORS
// Background color-black
$back_color = ImageColorAllocate($captcha_img, 0, 0, 0);


// Text color-white
$text_color = ImageColorAllocate($captcha_img, 255, 255, 255);


// Line color-red
$line_color = ImageColorAllocate($captcha_img, 255, 0, 0);


/****************************
 *     DRAW BACKGROUND &    *
 *           LINES          *
 ****************************/
// Fill background color
ImageFill($captcha_img, 0, 0, $back_color);


// Draw lines accross the x-axis
for($i = 0; $i < $width; $i += 5)
    ImageLine($captcha_img, $i, 0, $i, 20, $line_color);


// Draw lines accross the y-axis
for($i = 0; $i < 20; $i += 5)
    ImageLine($captcha_img, 0, $i, $width, $i , $line_color);


/****************************
 *      DRAW AND OUTPUT     *
 *          IMAGE           *
 ****************************/
// Draw the random string
ImageString($captcha_img, 5, 5, 2, $captcha_str, $text_color);


// Carry the data (KEY) through session
$_SESSION['key'] = $captcha_str;


// Send data type
header("Content-type: image/jpeg");


// Output image to browser
ImageJPEG($captcha_img);


// Free-Up resources
ImageDestroy($captcha_img);


?>


*********************

Wednesday 29 June 2011

Five tips for faster remote network troubleshooting


Five tips for faster remote network troubleshooting
Network Troubleshooting :P
Network troubleshooting can be a nightmare, since so many things can go wrong. Do you start at the client end or the server end? Is the problem a cable, connection, switch, router, or bad password? The possibilities seem limitless. Every network administrator knows a few tricks, but having a short list of tips to start from can make the tasks of network troubleshooting far easier.

Here are some ways network troubleshooting can be made faster and more standardized. I’ll focus on smaller clients, which make up the bulk of support customers. Since every network is different, not every trick will work every time. But taking a systematic approach should help you zero in on the problem.


1) Start with the client machine :-

When someone reports a network issue, the logical place to start is with his or her machine. I know this sounds like common sense, but I’m always surprised at how many administrators I know who immediately jump to the server when a problem is reported. The process can be made much easier if the first point of contact is the client machine. The first thing I always ask clients is whether they can access the outside world and/or the internal network. If they are unsure what I mean, I tell them to open up a Web browser and try to view Google.com. If they can see that, I ask them if the mapped drives they have on their machine can be accessed. The answers to these questions tell me exactly where I need to go first.


2) Narrow down the client problem :-

If the client’s machine can’t see the network, I try another client machine. If that second client machine can see the network, the problem is the first client machine. The next step is to make sure that machine is physically plugged into the network. If it is, I will try the wireless network (to rule out hardware issues) and/or reboot into Safe Mode (With Networking) to rule out infection. If nothing seems to be amiss on the client machine, I will bring in a laptop and plug it into their network drop to make sure it isn’t a jack or cabling issue. If the problem is isolated to a single client, and the problem is wireless, I’ll make sure the client’s machine has wireless turned on. Most laptops can turn off wireless to conserve battery power. I can’t tell you how many times this alone has been the issue.


3) Reboot switches and modems :-

The next step in chasing down the issue — while still avoiding the server — is to assume the problem could be a switch. If the client machine is in working condition, and a new machine can’t access the network from the client’s network drop, the issue is somewhere beyond the jack. So I check the switches, routers, and modems. This tends to work well for smaller clients on cable or DSL. This step is also handy when troubleshooting network issues over the phone. Instruct your client to reboot (or power cycle) the modem, router, and switch. Then, check connectivity again. If it still doesn’t work, have the client do it again but include a reboot of the computer (in case the issue is with DHCP). If that doesn’t work (after all else has failed), the problem is most likely with their provider. Either call the provider yourself or have the client call. If the provider reports all is fine, it’s time to dig a bit deeper.


4) Turn to the server :-

If no one in the company can access the LAN (as well as the WAN), the server will have to take focus. This is especially true if the server handles DHCP and/or DNS. Now the big issue is that you’re not on site, and your clients most likely don’t know their way around a server - so your task (as insurmountable as it might seem) is to have them be your eyes and fingers. First, have them log into the server, open up a browser, and try to hit Google.com. If they can’t, it’s time to dig into the server. If your clients are adept enough at following instructions, you can walk them through disabling and enabling a network interface (which will probably have to be done twice — once for the internal and once for the external network interfaces). After the network interfaces have been re-enabled, have them try to see the network from a desktop machine. If that doesn’t work, it’s time to get serious.


5) Reboot the server :-

This is the last ditch effort to get the network up and running before you have to arrange to be on site. Start by asking the client to make sure nobody is connected to the server. I would even go so far as to have all clients shut down their machines (if the company is small). Once you are sure everything is okay, remind the client the server will take anywhere from 15 to 30 minutes to reboot (unless the server is an Apple or Linux server). After the server has finally rebooted, have the client restart a single desktop machine and try again. At this point, if the client still can’t see the network, it’s time for you to fuel up the car and head over there.

**********************

Thursday 23 June 2011

Linux / Unix Command : ar

Linux / Unix Command : ar

ar - create, modify, and extract from archives


Command Format :-
ar [-X32_64] [-]p[mod [relpos] [count]] archive [member...] 


Description :-
The GNU ar program creates, modifies, and extracts from archives. An archive is a single file holding a collection of other files in a structure that makes it possible to retrieve the original individual files (called members of the archive).

The original files' contents, mode (permissions), timestamp, owner, and group are preserved in the archive, and can be restored on extraction.

GNU ar can maintain archives whose members have names of any length; however, depending on how ar is configured on your system, a limit on member-name length may be imposed for compatibility with archive formats maintained with other tools. If it exists, the limit is often 15 characters (typical of formats related to a.out) or 16 characters (typical of formats related to coff).

ar is considered a binary utility because archives of this sort are most often used as libraries holding commonly needed subroutines.

ar creates an index to the symbols defined in relocatable object modules in the archive when you specify the modifier s. Once created, this index is updated in the archive whenever ar makes a change to its contents (save for the q update operation). An archive with such an index speeds up linking to the library, and allows routines in the library to call each other without regard to their placement in the archive.

You may use nm -s or nm --print-armap to list this index table. If an archive lacks the table, another form of ar called ranlib can be used to add just the table.

GNU ar is designed to be compatible with two different facilities. You can control its activity using command-line options, like the different varieties of ar on Unix systems; or, if you specify the single command-line option -M, you can control it with a script supplied via standard input, like the MRI ``librarian'' program.


Options :-
GNU ar allows you to mix the operation code p and modifier flags mod in any order, within the first command-line argument.
If you wish, you may begin the first command-line argument with a dash.

The p keyletter specifies what operation to execute; it may be any of the following, but you must specify only one of them:

d
Delete modules from the archive. Specify the names of modules to be deleted as member...; the archive is untouched if you specify no files to delete. If you specify the v modifier, ar lists each module as it is deleted.

m
Use this operation to move members in an archive. The ordering of members in an archive can make a difference in how programs are linked using the library, if a symbol is defined in more than one member. If no modifiers are used with "m", any members you name in the member arguments are moved to the end of the archive; you can use the a, b, or i modifiers to move them to a specified place instead.

p
Print the specified members of the archive, to the standard output file. If the v modifier is specified, show the member name before copying its contents to standard output. If you specify no member arguments, all the files in the archive are printed.

q
Quick append; Historically, add the files member... to the end of archive, without checking for replacement.
The modifiers a, b, and i do not affect this operation; new members are always placed at the end of the archive.

The modifier v makes ar list each file as it is appended.

Since the point of this operation is speed, the archive's symbol table index is not updated, even if it already existed; you can use ar s or ranlib explicitly to update the symbol table index.

However, too many different systems assume quick append rebuilds the index, so GNU ar implements "q" as a synonym for "r".

r
Insert the files member... into archive (with replacement). This operation differs from q in that any previously existing members are deleted if their names match those being added.
If one of the files named in member... does not exist, ar displays an error message, and leaves undisturbed any existing members of the archive matching that name.

By default, new members are added at the end of the file; but you may use one of the modifiers a, b, or i to request placement relative to some existing member.

The modifier v used with this operation elicits a line of output for each file inserted, along with one of the letters a or r to indicate whether the file was appended (no old member deleted) or replaced.

t
Display a table listing the contents of archive, or those of the files listed in member... that are present in the archive. Normally only the member name is shown; if you also want to see the modes (permissions), timestamp, owner, group, and size, you can request that by also specifying the v modifier.
If you do not specify a member, all files in the archive are listed.

If there is more than one file with the same name (say, fie) in an archive (say b.a), ar t b.a fie lists only the first instance; to see them all, you must ask for a complete listing---in our example, ar t b.a.

x
Extract members (named member) from the archive. You can use the v modifier with this operation, to request that ar list each name as it extracts it.
If you do not specify a member, all files in the archive are extracted.

A number of modifiers (mod) may immediately follow the p keyletter, to specify variations on an operation's behavior:

a
Add new files after an existing member of the archive. If you use the modifier a, the name of an existing archive member must be present as the relpos argument, before the archive specification.

b
Add new files before an existing member of the archive. If you use the modifier b, the name of an existing archive member must be present as the relpos argument, before the archive specification. (same as i).

c
Create the archive. The specified archive is always created if it did not exist, when you request an update. But a warning is issued unless you specify in advance that you expect to create it, by using this modifier.

f
Truncate names in the archive. GNU ar will normally permit file names of any length. This will cause it to create archives which are not compatible with the native ar program on some systems. If this is a concern, the f modifier may be used to truncate file names when putting them in the archive.

i
Insert new files before an existing member of the archive. If you use the modifier i, the name of an existing archive member must be present as the relpos argument, before the archive specification. (same as b).

l
This modifier is accepted but not used.

N
Uses the count parameter. This is used if there are multiple entries in the archive with the same name. Extract or delete instance count of the given name from the archive.

o
Preserve the original dates of members when extracting them. If you do not specify this modifier, files extracted from the archive are stamped with the time of extraction.

P
Use the full path name when matching names in the archive. GNU ar can not create an archive with a full path name (such archives are not POSIX complaint), but other archive creators can. This option will cause GNU ar to match file names using a complete path name, which can be convenient when extracting a single file from an archive created by another tool.

s
Write an object-file index into the archive, or update an existing one, even if no other change is made to the archive. You may use this modifier flag either with any operation, or alone. Running ar s on an archive is equivalent to running ranlib on it.

S
Do not generate an archive symbol table. This can speed up building a large library in several steps. The resulting archive can not be used with the linker. In order to build a symbol table, you must omit the S modifier on the last execution of ar, or you must run ranlib on the archive.

u
Normally, ar r... inserts all files listed into the archive. If you would like to insert only those of the files you list that are newer than existing members of the same names, use this modifier. The u modifier is allowed only for the operation r (replace). In particular, the combination qu is not allowed, since checking the timestamps would lose any speed advantage from the operation q.

v
This modifier requests the verbose version of an operation. Many operations display additional information, such as filenames processed, when the modifier v is appended.

V
This modifier shows the version number of ar.

(ar ignores an initial option spelt -X32_64, for compatibility with AIX. The behaviour produced by this option is the default for GNU ar. ar does not support any of the other -X options; in particular, it does not support -X32 which is the default for AIX ar.)


******************************

Sunday 19 June 2011

What is an Applet ??


What is an Applet ??


Applets are small applications that are accessed on an Internet server, transported over the Internet, automatically installed, and run as part of a web document. After an applet arrives on the client, it has limited access to resources so that it can produce a graphical user interface and run complex computations without introducing the risk of viruses or breaching data integrity.



Two Types of Applets :-
It is important to state at the outset that there are two varieties of applets. The first are those based directly on the Applet class described in this chapter. These applets use the Abstract Window Toolkit (AWT) to provide the graphic user interface (or use no GUI at all). This style of applet has been available since Java was first created.

The second type of applets are those based on the Swing class JApplet. Swing applets use the Swing classes to provide the GUI. Swing offers a richer and often easier-to-use user interface than does the AWT. Thus, Swing-based applets are now the most popular.

However, traditional AWT-based applets are still used, especially when only a very simple user interface is required.Thus, both AWT- and Swing-based applets are valid. Because JApplet inherits Applet, all the features of Applet are also available in JApplet


(Note : I will only discuss AWT-Based applets here.)

The HTML APPLET Tag :-

To use an applet, it is specified in an HTMLfile. One way to do this is by using the APPLET tag. (The OBJECT tag can also be used, but Sun currently recommends the APPLET tag). The applet will be executed by a Java-enabled web browser when it encounters the APPLET tag within the HTMLfile.
For example:

<html>
<body>
<applet code="MyApplet.class" width=200 height=60>
</applet>
</body>
</html>

This comment contains an APPLET tag that will run an applet called MyApplet in a window that is 200 pixels wide and 60 pixels high.

Full Syntax of APPLET Tag :-

The syntax for a fuller form of the APPLET tag is shown here. Bracketed items are
optional.

< APPLET
[CODEBASE = codebaseURL]
CODE = appletFile
[ALT = alternateText]
[NAME = appletInstanceName]
WIDTH = pixels HEIGHT = pixels
[ALIGN = alignment]
[VSPACE = pixels] [HSPACE = pixels]
>
[< PARAM NAME = AttributeName VALUE = AttributeValue>]
[< PARAM NAME = AttributeName2 VALUE = AttributeValue>]
</APPLET>

Let’s take a look at each part now.

CODEBASE : CODEBASE is an optional attribute that specifies the base URL of the applet code, which is the directory that will be searched for the applet’s executable class file (specified by the CODE tag). The HTML document’s URL directory is used as the CODEBASE if this attribute is not specified. The CODEBASE does not have to be on the host from which the HTML document was read.

CODE : CODE is a required attribute that gives the name of the file containing your applet’s compiled .class file. This file is relative to the code base URL of the applet, which is the directory that the HTML file was in or the directory indicated by CODEBASE if set.

ALT : The ALT tag is an optional attribute used to specify a short text message that should be displayed if the browser recognizes the APPLET tag but can’t currently run Java applets. This is distinct from the alternate HTML you provide for browsers that don’t support applets.

NAME : NAME is an optional attribute used to specify a name for the applet instance. Applets must be named in order for other applets on the same page to find them by name and communicate with them. To obtain an applet by name, use getApplet( ), which is defined by the AppletContext interface.

WIDTH and HEIGHT : WIDTH and HEIGHT are required attributes that give the size (in pixels) of the applet display area.

ALIGN : ALIGN is an optional attribute that specifies the alignment of the applet. This attribute is treated the same as the HTML IMG tag with these possible values: LEFT, RIGHT, TOP, BOTTOM, MIDDLE, BASELINE, TEXTTOP, ABSMIDDLE, and ABSBOTTOM.

VSPACE and HSPACE : These attributes are optional. VSPACE specifies the space, in pixels, above and below the applet. HSPACE specifies the space, in pixels, on each side of the applet. They’re treated the same as the IMG tag’s VSPACE and HSPACE attributes.

PARAM NAME and VALUE : The PARAM tag allows you to specify applet-specific arguments in an HTML page. Applets access their attributes with the getParameter( ) method.



Applet Architecture :-
An applet is a window-based program. As such, its architecture is different from the console-based
programs. If you are familiar withWindows programming, you will be right at home writing applets. If not, then there are a few key concepts you must understand.

First, applets are event driven. An applet resembles a set of interrupt serviceroutines. Here is how the process works. An applet waits until an event occurs. The run-time system notifies the applet about an event by calling an event handler that has been provided by the applet. Once this happens, the applet must take appropriate action and then quickly return. This is a crucial point. For the most part, your applet should not enter a “mode” of operation in which it maintains control for an extended period. Instead, it must perform specific actions in response to events and then return control to the run-time system. In those situations in which your applet needs to perform a repetitive task on its own (for example,
displaying a scrolling message across its window), you must start an additional thread of execution.

Second, the user initiates interaction with an applet—not the other way around. As you know, in a nonwindowed program, when the program needs input, it will prompt the user and then call some input method, such as readLine( ). This is not the way it works in an applet. Instead, the user interacts with the applet as he or she wants, when he or she wants. These interactions are sent to the applet as events to which the applet must respond. For example, when the user clicks the mouse inside the applet’s window, a mouse-clicked event is generated. If the user presses a key while the applet’s window has input focus, a keypress event is generated. When the user interacts with one of the controls(buttons,checkboxes,radiobuttons,etc.), an event is generated. While the architecture of an applet is not as easy to understand as that of a console-based program, Java makes it as simple as possible.



An Applet Skeleton (of AWT-based applets) :-
All but the most trivial applets override a set of methods that provides the basic mechanism by which the browser or applet viewer interfaces to the applet and controls its execution. Four of these methods, init( ), start( ), stop( ), and destroy( ), apply to all applets and are defined by Applet. Default implementations for all of these methods are provided. Applets do not need to override those methods they do not use. However, only very simple applets will not need to define all of them.

AWT-based applets will also override the paint( ) method, which is defined by the AWT Component class. This method is called when the applet’s output must be redisplayed.

(Note : Swing-based applets use a different mechanism to accomplish this task.).

The five methods can be assembled into the skeleton shown here:

// An Applet skeleton of AWT-based applets
import java.awt.*;
import java.applet.*;
/*
<html>
<body>
<applet code="AppletSkel.class" width=300 height=100>
</applet>
</body>
</html>
*/
public class AppletSkel extends Applet {
// Called first.
public void init() {
// initialization
}


/* Called second, after init(). Also called whenever
the applet is restarted. */
public void start() {
// start or resume execution
}


// Called when the applet is stopped.
public void stop() {
// suspends execution
}


/* Called when applet is terminated. This is the last
method executed. */
public void destroy() {
// perform shutdown activities
}


// Called when an applet's window must be restored.
public void paint(Graphics g) {
// redisplay contents of window
}
}



Applet Initialization and Termination :-
It is important to understand the order in which the various methods shown in the skeleton are called. When an applet begins, the following methods are called, in this sequence:

1. init( )
2. start( )
3. paint( )

When an applet is terminated, the following sequence of method calls takes place:

1. stop( )
2. destroy( )

Let’s look more closely at these methods.

init( )
The init( ) method is the first method to be called. This is where you should initialize variables. This method is called only once during the run time of your applet.

start( )
The start( ) method is called after init( ). It is also called to restart an applet after it has been stopped. Whereas init( ) is called once—the first time an applet is loaded—start( ) is called each time an applet’s HTML document is displayed onscreen. So, if a user leaves a web page and comes back, the applet resumes execution at start( ).

paint( )
The paint( ) method is called each time your applet’s output must be redrawn. This situation can occur for several reasons. For example, the window in which the applet is running may be overwritten by another window and then uncovered. Or the applet window may be minimized and then restored. paint( ) is also called when the applet begins execution. Whatever the cause, whenever the applet must redraw its output, paint( ) is called. The paint( ) method has one parameter of type Graphics. This parameter will contain the graphics context, which describes the graphics environment in which the applet is running. This context is used whenever output to the applet is required.

stop( )
The stop( ) method is called when a web browser leaves the HTML document containing the applet—when it goes to another page, for example. When stop( ) is called, the applet is probably running. You should use stop( ) to suspend threads that don’t need to run when the applet is not visible. You can restart them when start( ) is called if the user returns to the page.

destroy( )
The destroy( ) method is called when the environment determines that your applet needs to be removed completely from memory. At this point, you should free up any resources the applet may be using. The stop( ) method is always called before destroy( ).

Overriding update( )
In some situations, your applet may need to override another method defined by the AWT, called update( ). This method is called when your applet has requested that a portion of its window be redrawn. The default version of update( ) simply calls paint( ). However, you can override the update( ) method so that it performs more subtle repainting. In general, overriding update( ) is a specialized technique that is not applicable to all applets.


How to Compile and Execute an Applet ?
1) To compile and execute an applet JDK (Java Development Kit) is required. If you dont have it then Download it from here and install it.

2) Let's take the following example. Java code file where we write the applet code which executes when an applet is started or initiated.

import java.applet.Applet;
import java.awt.*;


// Applet code for the "Hello, world!" example.
// This should be saved in a file named as "HelloWorld.java".


public class HelloWorld extends Applet {

// This method is mandatory, but can be empty (i.e., have no actual code).
   public void init() { }


  // This method is mandatory, but can be empty.(i.e.,have no actual code).
  public void stop() { }


  // Print a message on the screen (x=20, y=10).
  public void paint(Graphics g) {
    g.drawString("Hello, world!", 20,10);


  // Draws a circle on the screen (x=40, y=30).
    g.drawArc(40,30,20,20,0,360);
  }
}

3) Save this file with same name of the class. Here the class is HelloWorld. Change the file extension to .java . So,we save this file as HelloWorld.java . Copy paste this file to the directory " C:\Program Files\Java\jdk1.6.0_21\bin "

4) Now open cmd.exe and type " cd C:\Program Files\Java\jdk1.6.0_21\bin " .

5) Now type " javac HelloWorld.java " and press ENTER.

6) After compiling you java code for an applet you will see a file HelloWorld.class which will be used in the 'code' attribute of the APPLET tag.

7) Now open new notepad and copy paste the following code:

<HTML>
<HEAD>
<TITLE>HelloWorld_example.html</TITLE>
</HEAD>
<BODY>
<H1>A Java applet example</H1>
<P>Here it is: <APPLET code="HelloWorld.class" WIDTH="200" HEIGHT="40">
This is where HelloWorld.class runs.</APPLET></P>
</BODY>
</HTML>

Save this file as HelloWorld.html and also move this file to the same directory " C:\Program Files\Java\jdk1.6.0_21\bin ".

8) Now run this HelloWorld.html file and you will see your applet running.

9) You can also use appletviewer to view your applet running. To do this just open cmd.exe go to the same directory where your HelloWorld is saved ,i.e., " C:\Program Files\Java\jdk1.6.0_21\bin " and then type "appletviewer HelloWorld.html". It will run your applet in an appletviewer.

Advantages :-

  • It is simple to make it work on Linux, Microsoft Windows and Mac OS X i.e. to make it cross platform. Applets are supported by most web browsers.
  • The same applet can work on "all" installed versions of Java at the same time, rather than just the latest plug-in version only. However, if an applet requires a later version of the Java Runtime Environment (JRE) the client will be forced to wait during the large download.
  • Most web browsers cache applets, so will be quick to load when returning to a web page. Applets also improve with use: after a first applet is run, the JVM is already running and starts quickly (the JVM will need to restart each time the browser starts afresh).
  • It can move the work from the server to the client, making a web solution more scalable with the number of users/clients.
  • If a standalone program (like Google Earth) talks to a web server, that server normally needs to support all prior versions for users which have not kept their client software updated. In contrast, a properly configured browser loads (and caches) the latest applet version, so there is no need to support legacy versions.
  • The applet naturally supports the changing user state, such as figure positions on the chessboard.
  • Developers can develop and debug an applet direct simply by creating a main routine (either in the applet's class or in a separate class) and calling init() and start() on the applet, thus allowing for development in their favorite Java SE development environment. All one has to do after that is re-test the applet in the AppletViewer program or a web browser to ensure it conforms to security restrictions.
  • An untrusted applet has no access to the local machine and can only access the server it came from. This makes such an applet much safer to run than a standalone executable that it could replace. However, a signed applet can have full access to the machine it is running on if the user agrees.
  • Java applets are fast - and can even have similar performance to native installed software.

Disadvantages :-

  • It requires the Java plug-in.
  • Some organizations only allow software installed by the administrators. As a result, some users can only view applets that are important enough to justify contacting the administrator to request installation of the Java plug-in.
  • As with any client-side scripting, security restrictions may make it difficult or even impossible for an untrusted applet to achieve the desired goals.
  • Some applets require a specific JRE. This is discouraged.
  • If an applet requires a newer JRE than available on the system, or a specific JRE, the user running it the first time will need to wait for the large JRE download to complete.
  • Java automatic installation or update may fail if a proxy server is used to access the web. This makes applets with specific requirements impossible to run unless Java is manually updated. The Java automatic updater that is part of a Java installation also may be complex to configure if it must work through a proxy.
  • Unlike the older applet tag, the object tag needs workarounds to write a cross-browser HTML document.

Security :-

There are two applet types with very different security models: unsigned applets and signed applets

Unsigned Applets :-
Limits on unsigned applets are understood as "draconian",they have no access to the local filesystem and web access limited to the applet download site; there are also many other important restrictions. For instance, they cannot access all system properties, use their own class loader, call native code, execute external commands on a local system or redefine classes belonging to core packages included as part of a Java release. While they can run in a standalone frame, such frame contains a header, indicating that this is an untrusted applet. Successful initial call of the forbidden method does not automatically create a security hole as an access controller checks the entire stack of the calling code to be sure the call is not coming from an improper location.
As with any complex system, multiple security problems have been discovered and fixed since Java was first released. Some of these (like the Calendar serialization security bug) persisted for many years with nobody being aware. However it seems that most (if not all) security holes are closed before they can be exploited on a larger scale.
Some studies mention applets crashing the browser or overusing CPU resources but these are classified as nuisances and not as true security flaws. However, unsigned applets may be involved in combined attacks that exploit a combination of multiple severe configuration errors in other parts of the system. An unsigned applet can also be more dangerous to run directly on the server where it is hosted because while code base allows it to talk with the server, running inside it can bypass the firewall. An applet may also try DoS attacks on the server where it is hosted but usually people who manage the web site also manage the applet, making this unreasonable. Communities may solve this problem via source code review or running applets on a dedicated domain.
The unsigned applet can also try to download malware hosted on originating server. However it could only store such file into temporary folder (as its transient data) and has no means to complete the attack by executing it. There were attempts to use applets for spreading Phoenix and Siberia exploits this way, while these exploits do not use Java internally and were also distributed in several other ways.
As of 1999, no real security breaches involving unsigned applets have ever been publicly reported. Using an up-to-date Web browser is usually enough to be safe against the known direct attacks from unsigned applets.

Signed Applets :-
A signed applet contains a signature that the browser should verify through a remotely running, independent certificate authority server. Producing this signature involves specialized tools and interaction with the authority server maintainers. Once the signature is verified, and the user of the current machine also approves, a signed applet can get more rights, becoming equivalent to an ordinary standalone program. The rationale is that the author of the applet is now known and will be responsible for any deliberate damage. This approach allows applets to be used for many tasks that are otherwise not possible by client-side scripting. However, this approach requires more responsibility from the user, deciding whom he or she trusts. The related concerns include a non-responsive authority server, wrong evaluation of the signer identity when issuing certificates, and known applet publishers still doing something that the user would not approve of. Hence signed applets that appeared from Java 1.1 may actually have more security concerns.

Self signed :-
Self-signed applets, which are applets signed by the developer themselves, may potentially pose a security risk; java plugins provide a warning when requesting authorization for a self-signed applet, as the function and safety of the applet is guaranteed only by the developer itself, and has not been independently confirmed. Such self-signed certificates are usually only used during development prior to release where third-party confirmation of security is unimportant, but most applet developers will seek third-party signing to ensure that users trust the applet's safety.

***********************

Wednesday 15 June 2011

Tweaking Windows 7 Registry using the Local Group Policy Editor

Tweaking Windows 7 Registry using the Local Group Policy Editor

In Windows 7, you can perform some pretty amazing things by using a tool that’s about as hidden as any Windows power tool can be: the Local Group Policy Editor. That Microsoft has buried thisprogram in a mostly untraveled section of the Windows landscape isn’t the least bit surprising, because in the wrong hands, the Local Group Policy Editor can wreak all kinds of havoc on a system. It’s a kind of electronic Pandora’s box that, if opened by careless or inexperienced hands, can loose all kinds of evil upon the Windows world.

Of course, none of this doom-and-gloom applies to you, dear reader, because you’re a cautious and prudent wielder of all the Windows power tools. This means that you’ll use the Local Group Policy Editor in a safe, prudent manner, and that you’ll create a system restore point if you plan to make any major changes. I knew I could count on you.

Put simply, group policies are settings that control how Windows works. You can use them to customize the Windows 7 interface, restrict access to certain areas, specify security settings, and much more. You make changes to group policies using the Local Group Policy Editor, a Microsoft Management Console snap-in. (I’ll note here that the Local Group Policy Editor isn’t available with Windows 7 Home and Windows 7 Home Premium. I’ll show you how to perform the same tweak using the Registry if you’re using those versions.) To start the Local Group Policy Editor, follow these steps:

  1. Click Start.
  2. Type gpedit.msc.
  3. Press Enter.

Figure A shows the Local Group Policy Editor window that appears. (The word Local refers to the fact that you’re editing group policies on your own computer, not on some remote computer.)

Figure A
Figure A






--------------------------------------------------
1) Locking in delete confirmations :-
--------------------------------------------------

When you delete a file or folder in Windows 7, the system asks you to confirm the deletion. If this extra step bugs you, you can turn it off by right-clicking the desktop’s Recycle Bin icon, clickingProperties, and then deactivating the Display Delete Confirmation Dialog check box.

Now let’s consider this from the opposite point of view. The reason Windows displays the delete confirmation dialog box by default is to prevent you from accidentally deleting a file. You and I are savvy, knowledgeable users, so we know when we want to delete something, but not everyone falls into this boat. If you have young kids or old parents who use Windows, you know that the delete confirmation dialog box is an excellent safeguard for these and other inexperienced users.

In that case, you might be wondering if there’s a way to ensure that a novice user can’t turn off the delete confirmation dialog box. Yes, there is. In fact, are two ways to prevent a user from turning off delete confirmations:

  • Disable the Display Delete Confirmation Dialog check box that appears in the Recycle Bin’s property sheet.
  • Disable the Recycle Bin’s Properties command so that the user can’t display the Recycle Bin’s property sheet.


Follow these steps to implement one of these policies:

  1. In the Local Group Policy Editor, open the User Configuration branch.
  2. Open the Administrative Templates branch.
  3. Display the property sheet of the policy you want to use, as follows:

* If you want to disable the Display Delete Confirmation Dialog check box, open the Windows Components branch and then click Windows Explorer. Double-click the policy named Display Confirmation Dialog When Deleting Files. If you don’t have access to the Group Policy Editor, open the Registry Editor and create a DWORD setting named ConfirmFileDelete with the value 1 in the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

* If you want to disable the Recycle Bin’s Properties command, click Desktop and then double-click the Remove Properties From The Recycle Bin Context Menu policy. If you don’t have access to the Group Policy Editor, open the Registry Editor and create a DWORD setting named NoPropertiesRecycleBin with the value 1 in the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

  1. Click the Enabled option.
  2. Click OK to put the policy into effect.


-----------------------------------------------
2) Disabling the notification area :-
-----------------------------------------------

If you have zero use for the taskbar’s notification area, you can disable it entirely by following these steps:

  1. In the Local Group Policy Editor, open the User Configuration branch.
  2. Open the Administrative Templates branch.
  3. Click the Start Menu And Taskbar branch.
  4. Double-click the Hide The Notification Area policy, click Enabled, and then click OK.
  5. Double-click the Remove Clock From The System Notification Area policy, click Enabled, and then click OK.
  6. Log off and then log back on to put the policy into effect.

If you prefer (or need) to implement this policy via the Registry, first open the Registry Editor (click Start, type regedit, press Enter, and enter your UAC credentials). Then, navigate to the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

(If you don’t see the Explorer key, click the Policies key, select Edit | New | Key, type Explorer, and press Enter.)

Now follow these steps:

  1. Select Edit | New | DWORD (32-bit) Value.
  2. Type NoTrayItemsDisplay and press Enter.
  3. Press Enter to open the NoTrayItemsDisplay setting, type 1, and then click OK.
  4. Select Edit | New | DWORD (32-bit) Value.
  5. Type HideClock and press Enter.
  6. Press Enter to open the HideClock setting, type 1, and then click OK.
  7. Log off and then log back on to put the policies into effect.



----------------------------------------------------------
3) Removing an icon from Control Panel :-
----------------------------------------------------------

You can gain a bit more control over the Control Panel by configuring it not to display icons that you don’t ever use or that aren’t applicable to your system.

  1. In the Local Group Policy Editor, select the User Configuration | Administrative Templates | Control Panel branch.
  2. Double-click the Hide Specified Control Panel Items policy.
  3. Click the Enabled option.
  4. Click the Show button to open the Show Contents dialog box.
  5. For each Control Panel icon you want to hide, type the icon name and press Enter.
  6. Click OK to return to the Hide Specified Control Panel Items dialog box.
  7. Click OK. Windows 7 puts the policy into effect.

To perform the same tweak in the Registry, open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Add a DWORD value named DisallowCpl and set it equal to 1. Also create a new key named DisallowCpl, and within that key create a new String value for each Control Panel icon you want to disable.

Give the settings the names 1, 2, 3, and so on, and for each one set the value to the name of the Control Panel icon you want to disable.


-------------------------------------------------------------------
4) Showing only specified Control Panel icons :-
-------------------------------------------------------------------

Disabling a few Control Panel icons is useful because it reduces a bit of the clutter in the All Control Panel Items window. However, what if you want to set up a computer for a novice user and you’d like that person to have access to just a few relatively harmless icons, such as Personalization and Getting Started? In that case, it’s way too much work to disable most of the icons one at a time. A much easier approach is to specify just those few Control Panel icons you want the user to see. Here’s how:

  1. In the Local Group Policy Editor, select the User Configuration | Administrative Templates | Control Panel branch.
  2. Double-click the Show Only Specified Control Panel Items policy.
  3. Click the Enabled Option.
  4. Click the Show button to open the Show Contents dialog box.
  5. For each Control Panel icon you want to show, type the icon name and press Enter.
  6. Click OK to return to the Show Only Specified Control Panel Items dialog box.
  7. Click OK. Windows 7 puts the policy into effect.

To perform the same tweak in the Registry, open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Add a DWORD value named RestrictCpl and set it equal to 1. Also create a new key named RestrictCpl, and within that key create a new String value for each Control Panel icon you want to show.

Give the settings the names 1, 2, 3, and so on, and for each one set the value to the name of the Control Panel icon you want to show.


-----------------------------------------------------------------------------------
5) Preventing other folks from messing with the Registry :-
-----------------------------------------------------------------------------------

Do you share your computer with other people? How brave! In that case, there’s a pretty good chance that you don’t want them to have access to the Registry Editor. In Windows 7, User Account Control automatically blocks Standard users unless they know an administrator’s password. For other administrators, you can prevent any user from using the Registry Editor by setting a group policy:

  1. In the Local Group Policy Editor, open the User Configuration | Administrative Templates | System branch.
  2. Double-click the Prevent Access To Registry Editing Tools policy.
  3. Click Enabled.
  4. In the Disable Regedit From Running Silently? list, click Yes.
  5. Click OK.

Once you set this policy, you won’t be able to use the Registry Editor, either. However, you can overcome that by temporarily disabling the policy prior to running the Registry Editor.

Yes, you could perform this tweak in Windows 7 Home and Home Premium using the Registry Editor, but then you wouldn’t be able to reverse it because the Registry Editor would be disabled!


-----------------------------------------------------------------------------------
6) Disabling Internet Explorer’s Security and Privacy tabs :-
-----------------------------------------------------------------------------------

If you want to prevent a novice user from mucking around in Security and Privacy tabs in the Internet Options dialog box, you can hide them:

  1. In the Local Group Policy Editor, select the User Configuration | Administrative Templates | Windows Components | Internet Explorer | Internet Control Panel branch.
  2. Double-click the Disable The Privacy Page policy.
  3. Click Enabled and then click OK.
  4. Double-click the Disable The Security Page policy.
  5. Click Enabled and then click OK.


Note that the Security Page sub-branch also enables you to set policies for the settings in each zone.

To configure these policies via the Registry Editor, first display the following branch:

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

Add a DWORD setting named PrivacyTab and set it to 1; add another DWORD setting named SecurityTab and set it to 1.


-------------------------------------------------------------------
7) Customizing the Windows Security window :-
-------------------------------------------------------------------

When you press Ctrl+Alt+Delete while logged on to Windows 7, you see the Windows Security window, which contains the following buttons: Lock This Computer, Switch User, Log Off, Change A Password, and Start Task Manager. Of these five commands, all but Switch User are customizable using group policies. So if you find that you never use one or more of those commands, or (more likely) if you want to prevent a user from accessing one or more of the commands, you can use group policies to remove them from the Windows Security window. Here are the steps to follow:

  1. In the Local Group Policy Editor, open the User Configuration | Administrative Templates | System | Ctrl+Alt+Del Options branch.
  2. Double-click one of the following policies:

  • Remove Change Password — You can use this policy to disable the Change A Password button in the Windows Security window.
  • Remove Lock This Computer — You can use this policy to disable the Lock Computer button in the Windows Security window.
  • Remove Task Manager — You can use this policy to disable the Start Task Manager button in the Windows Security window.
  • Remove Logoff — You can use this policy to disable the Log Off button in the Windows Security window.


  1. In the policy dialog box that appears, click Enabled and then click OK.
  2. Repeat steps 2 and 3 to disable all the buttons you don’t need.

Figure B shows the Windows Security window with only the Switch User button displayed.

Figure B
Figure B

To perform the same tweak using the Registry , open the Registry Editor and open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

Change the value of one or more of the following settings to 1:

DisableChangePassword
DisableLockWorkstation
DisableTaskMgr

To remove the Log Off button via the Registry, open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Change the value of the NoLogoff setting to 1.


-------------------------------------------
8) Customizing the Places bar :-
-------------------------------------------
The left side of the old-style Save As and Open dialog boxes in Windows 7 include icons for several common locations: Recent Places, Desktop, Libraries, Computer, and Network.

The area that contains these icons is called the Places bar. If you have two or more folders that you use regularly (for example, you might have several folders for various projects that you have on the go), switching between them can be a hassle. To make this chore easier, you can customize the Places bar to include icons for each of these folders. That way, no matter which location you have displayed in the Save As or Open dialog box, you can switch to one of these regular folders with a single click of the mouse.

The easiest way to do this is via the Local Group Policy Editor, as shown in the following steps:

  1. In the Local Group Policy Editor, open the following branch: User Configuration | Administrative Templates | Windows Components | Windows Explorer | Common Open File Dialog.
  2. Double-click the Items Displayed In Places Bar policy.
  3. Click Enabled.
  4. Use the Item 1 through Item 5 text boxes to type the paths for the folders you want to display. These can be local folders or network folders.
  5. Click OK to put the policy into effect.

If you don’t have access to the Local Group Policy Editor, you can use the Registry Editor to perform the same tweak. Open the Registry Editor and navigate to the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\

Now follow these steps:

  1. Select Edit | New | Key, type comdlg32, and press Enter.
  2. Select Edit | New | Key, type Placesbar, and press Enter.
  3. Select Edit | New | String Value, type Place0, and press Enter.
  4. Press Enter to open the new setting, type the folder path, and then click OK.
  5. Repeat steps 3 and 4 to add other places (named Place1 through Place4).



--------------------------------------------------------------------------
9) Increasing the size of the Recent Documents list :-
--------------------------------------------------------------------------

To customize the size of the Start menu’s Recent Items list, follow these steps:

  1. In the Local Group Policy Editor, navigate to the User Configuration | Administrative Templates | Windows Components | Windows Explorer branch.
  2. Double-click the Maximum Number Of Recent Documents policy.
  3. Click Enabled.
  4. Use the Maximum Number Of Recent Documents spin box to specify the number of documents you want Windows 7 to display.
  5. Click OK.

For the Registry equivalent, open the Registry Editor and display the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Create a DWORD setting named MaxRecentDocs and set its value to the number of recent documents you want to display.


------------------------------------------------------------
10) Enabling the Shutdown Event Tracker :-
------------------------------------------------------------

When you select Start | Shut Down, Windows 7 proceeds to shut down without any more input from you (unless any running programs have documents with unsaved changes). That’s usually a good thing, but you might want to keep track of why you shut down or restart Windows 7, or why the system itself initiates a shutdown or restart. To do that, you can enable a feature called Shutdown Event Tracker. With this feature, you can document the shutdown event by specifying whether it is planned or unplanned, selecting a reason for the shutdown, and adding a comment that describes the shutdown.

To use a group policy to enable the Shutdown Event Tracker feature, follow these steps:

  1. In the Local Group Policy Editor, navigate to the Computer Configuration | Administrative Templates | System branch.
  2. Double-click the Display Shutdown Event Tracker policy.
  3. Click Enabled.
  4. In the Shutdown Event Tracker Should Be Displayed list, select Always.
  5. Click OK.


Now when you select Start | Shut Down, you see the Shut Down Windows dialog box shown in Figure C.

Figure C
Figure C
To enable the Shutdown Event Tracker on systems without the Local Group Policy Editor, open the Registry Editor and dig down to the following key:

HKLM\Software\Policies\Microsoft\Windows NT\Reliability

Change the value of the following two settings to 1:

ShutdownReasonOn
ShutdownReasonUI


***********************

Monday 13 June 2011

Comparison : MS Office 2010 (MSO) vs. Open Office.org (OOO)


Comparison : MS Office 2010 vs. Open Office.org
MS Office vs Open Office.org
1) User Interface :-

Office 2010 offers users a richly designed UI, with custom ribbon and smooth, efficient workspaces. Everything remains within reach and doesn’t dally too far from the familiar Microsoft layout. If you’ve already gone through the process of retraining staff to use Office 2007 there should be nothing to intimidate them with the newest edition. That said, new online functions such as broadcast slideshow and so on – which could prove to be invaluable to productivity - will need to be learned.

Open Office too remains on a similar tack, with the pleasant addition of nicely designed new icons and a simple, no-nonsense interface relying on the tried and tested workspace design we became familiar with in earlier incarnations of Microsoft Office.

The simple design doesn’t detract from the power and functionality of the software but does give Open Office the advantage of being more usable on low-end workstations or mobile systems.


2) Usability :-

As we touched on previously, the length of time that Office has been in use afforded it huge advantage in its pre-2007 guises. Since then, post the re-design there have been complaints from some that they can’t find what they want and are having to learn to use the suite almost from scratch again. Office 2010 is no different. It still uses the re-designed ribbon system (which is tweaked further in this release) and relies on the tabbed workspace rather than the older, more familiar context menus.

While this is one of Microsoft Office’s biggest problems it has become one of Open Office’s biggest boons. That tried and tested, ‘not mended because it wasn’t broken’ interface that affords long-time users the productivity that they crave.

In Microsoft Office, one can now edit media within Power Point and Word, and users are also able to export to PDF format, a feature previously unavailable.Other new features include the ‘Paste preview’ function and a much more polished version of its Web Apps service, offering users an extensive set of editing features on the road, via their web browser. So if your laptop breaks and you’re stuck away from the office, you can use any internet café to polish up that presentation or amend that spreadsheet. We feel these features are a great pitching point for Microsoft as they mark something of a confident stride towards the cloud, something business users are coming to rely on more and more.

Open Office, however, remains the basic, uncluttered suite of applications that it’s always been. That said, this mustn’t been seen as huge downside, as most users will be able to achieve what they need to with what’s on offer. A noteworthy feature is Open Office’s subscription to the International Organisation for Standardisation, which ensures its ability to read and write in other formats. Naturally this includes Microsoft’s.

Whilst the omission of certain advanced features sets Open Office a few paces behind it needn’t put off small business users, as the suite is readily available and can be installed very quickly on any broadband-enabled workstation. So being out of the office needn’t affect your productivity with either offering.


3) Performance :-

In terms of system requirements, Open Office strides ahead, demanding only 450MB of hard disk space over Microsoft Office’s 3GB. This could prove to be a telling factor in laptop and ultra-mobile installations not to mention the ageing, stalwart computers which keep most offices ticking over to some extent whether we like to admit it or not.

Disk space aside, it’s pleasing to see both sides paying attention to lower-end hardware. As any IT decision maker will attest, there are seldom more unpleasant words than ‘hardware upgrade’ and these applications will enable even the most basic office PCs to keep up with the times for a good while yet.

It’s worth noting that speed is somewhat of a subjective matter. Not everyone will have the same level of horse power as our test unit and some will see greater results thanks to even beefier kit. But we have provided some examples as points of references.

When it comes to performance the pedigree of Microsoft Office shines through, with the 2010 suite opening its applications very swiftly. Word, for example, opened within a second. The open source competitor labours somewhat with its equivalent taking a leisurely 10 seconds to open up ready for use.

These times were reflected throughout the suite of applications with the exception of Outlook as, of course, Open Office doesn't include an email client although it does make for a good bedfellow with Mozilla’s 'Thunderbird' and 'Lightening' for email and calendar. Both of which operate as quickly as Outlook.

We don’t want to cast the aspersion that Open Office is a slacker though. It really is a stable and mature suite of applications, which represent great ideals and value. Just don’t expect them to beat the hare, as they’re more of a reliable old tortoise.


4) Support :-

There's more support for Microsoft Office than anyone could possibly take advantage of: Official support from Microsoft itself, authorized support from people who have earned Microsoft licenses, professional call centers, dozens of books, and countless websites offering tips and guides for modifying, configuring, and using Office software. OpenOffice's support is more community driven, and generally free, with a documentation project and discussion forums led by volunteers. It's easier to find Microsoft Office training and support, and there are some free resources specifically for nonprofits, but tailored support is likely to cost more.

One final consideration: because OpenOffice has much looser licensing requirements, you needn’t worry about installing unlimited copies around your office or for friends or partner organizations. When you buy or receive a version of Office 2010, however, you may only install it on a specified number of computers within your organization, so you'll need to keep track of exactly where it's been installed.


5) Document Sharing :-

In general, both Office 2010 and OpenOffice can create files that can be read by others, with some caveats. In the case of Office 2010, this is because Microsoft has established de facto file standards such as .doc (and .docx) for Word documents and .xls (and .xlsx) for Excel. Partners that are running Office 2003 or older versions may need to convert the files Office 2010 creates from the new file formats (docx) to the older ones (like .doc) to be able to open them. This isn’t done automatically in the older versions, although Microsoft offers a free utility to do it for you.

OpenOffice, on the other hand, uses open standards for its native files, but can both read and write files in Microsoft's format. In fact, OpenOffice users can choose to automatically save out files in Microsoft 2003 formats by default. OpenOffice has invested a lot of effort in ensuring that Writer, Calc, and Impress users can share documents with Microsoft users and has succeeded in all but a few specific cases … as long as you’re trying to share documents in Office 2003 or prior. OpenOffice can open and save Office 2003 documents with a high degree of fidelity, with only a few exceptions. If you’ve created Word documents that make extensive use of columns, header formats, and embedded images, the file is likely to show up in Writer with minor formatting issues that have to be adjusted by hand. This isn’t likely to be prohibitive for a document or two, but could be a time consuming for a whole library of templates and collateral.

The two applications are also incompatible when it comes to macros or spreadsheet pivot tables. Both applications support both features (pivot tables are created with a feature called Data Pilot in OpenOffice), but you will not be able to use the macros or pivot tables created in one application with the other. You may also have some minor issues with translating charts from one spreadsheet program to the other.

Interestingly, OpenOffice can open substantially older versions of Microsoft Office files than Microsoft Office itself can, or even some corrupted files that Microsoft Office can’t open. For an IT department, OpenOffice is worth having around just for that.

However, OpenOffice does not have complete support for the new file formats created by Office 2007 and 2010. In our tests, simply saving an Office 2003 document into the Office 2010 file format and then opening that same document in OpenOffice resulted in a substantial loss of formatting fidelity, particularly from Word to Writer. As these file formats are fairly new, one would expect the OpenOffice community to improve their support over time. OpenOffice also cannot save to the new 2007 and 2010 file formats; however, as Office 2010 is able to open the Office 2003 file formats, this is not a substantial limitation.

Both applications now provide the ability to export any file to an un-editable PDF format – ensuring that viewers can see the document exactly as you intended.


6) Remote Access :-

Microsoft Office 2010 also introduces new web-collaboration features. You can save any Office document to Microsoft’s “SkyDrive” — the company’s online server — and access it via Microsoft’s new Web Apps, which provides online stripped-down versions of the office applications. Here, you can view the complex formatting of your offline versions, although not necessarily edit it. For instance, Web Apps will allow you to apply heading styles that you’ve created in a desktop version of Word, but not to edit those styles or create new ones.

Microsoft is also moving (slowly) toward supporting real-time online collaboration. Currently, multiple users can edit documents simultaneously in the Web Apps version of Excel but not Word or PowerPoint. However, this is likely to change over time. Interestingly, Microsoft has just announced a version of Web Apps called Web Docs that integrates with Facebook. Presumably, this will allow easy document collaboration among Facebook contacts.

OpenOffice doesn’t offer any of these features, continuing to operate on a pure desktop model. You can certainly email files to yourself or others, but you can’t edit them directly on the web, or collaborate with others in real time.


7) Security :-

Microsoft Office and OpenOffice are both reasonably secure as long as you follow standard security procedures: install updates and patches as soon as they're released; maintain firewalls, antivirus, and antispyware; and so on. However, while OpenOffice let everyone know about possible security issues (allowing users to protect themselves and hackers to potentially exploit issues), Microsoft keeps security issues close to the vest — possibly preventing hackers from finding out about them, but also forestalling users' ability to take protective measures beyond the standard security updates Microsoft provides automatically. It's like the dilemma that arises each time police officers are faced with a serial killer: Should they alert people and possibly make the perp move on to another community, or should they keep their investigation quiet and zero in on the guy? There are strong arguments for both approaches.


8) Email Integration :-

For many folks, one of the big advantages of Microsoft Office is its integration with Microsoft Outlook, an email and calendaring software package (among other things). These features not only allow you to send a document directly from the Microsoft Office (for instance, you can send a Word document in an email directly from the Word interface), but to preview Microsoft Office documents directly in Outlook without opening the application.


9) Specific Features :-

So let's get on with it, you may be saying. I want a head-to-head comparison of the feature differences between the two suites. This is very difficult, primarily as the applications are so fundamentally similar. Each suite has been copying the best enhancements and innovations of the others for years, so you need to be doing pretty complex things before you find either suite lacking.

In general, Microsoft Office has a greater depth when it comes to very advanced features. For instance:

* Grammar checking : Microsoft Word has a built-in grammar-checking tool. The Open Office community has provided a few add-ons that you could install to provide grammar checking, but they’re generally considered to be less robust than Word’s default options.

* Document-viewing options : The options to view documents are not as powerful in Open Office’s Writer as they are in Word. You can only choose to see a “Web View,” which doesn’t show all the formatting that you’ve included for a printed document, or a full-page layout that shows the entirety of the page including headers, footers, and margins. Word gives you several more choices, including a nice view that preserves the page layout without showing margins or headers.

* Conditional formatting : Both spreadsheet packages offer conditional formatting (the ability to automatically format cells based on the properties of the data within them), but Microsoft offers a lot more flexibility and control in this realm.

* Microsoft Office’s “Smart Art” diagrams : Word, PowerPoint, and Excel all introduced a new feature in the 2007 version: Smart Art, a useful feature that allows you to easily create diagrams in a many common formats (like pyramids, cyclical diagrams, org charts, and more). OpenOffice doesn’t offer anything that comes close to the diagramming power.

On the other hand, OpenOffice tends to be somewhat simpler to understand, and can output to some more useful file formats. For instance:

* A single interface for the whole suite : OpenOffice provides an overall gateway to easily get to any of the individual components. Using Microsoft Word, you need to open each application separately.

* File size : OpenOffice’s native format generally creates much smaller files than Microsoft Office. When saving files out into Microsoft’s file formats, however – for instance, to create files that can be opened in Word – the file sizes are similar to Microsoft’s.

* HTML production : HTML purists tend to favor Writer's markup to Word's, though few people with knowledge of HTML use either editor in producing web pages. For simple tasks, Writer’s Web Wizard makes it incredibly easy to produce pages with HTML, PDF, and images.


So, the overall rating is :
MS Office 2010 : 8/10
Open Office.org : 6.5/10
***********************
Related Posts Plugin for WordPress, Blogger...