Techradar

Nintendo 3DS sells out in 24 hours on Japan release
Explained: A day in the life of an email
Review: LG W2363V
Review: Asus ML248H
Tutorial: How to detect unknown malware with WinPatrol
Review: Acer S243HLAbmii
Review: HP EliteBook 8540w
Tutorial: Windows Event Viewer tips and tricks

Nintendo 3DS sells out in 24 hours on Japan release

Posted: 28 Feb 2011 01:17 AM PST

The Nintendo 3DS handheld has reportedly sold out within 24 hours of hitting shelves in Japan – with the 3D friendly games gadget proving a smash hit in its home territory.

Nintendo has always been a huge force on home soil, so the likelihood of a sell-out for the brand new autostereoscopic Nintendo 3DS handheld was always likely.

But if reports from the likes of Andriasang are to be believed then 400,000 units have been snapped up within 24 hours – all of the available stock from Nintendo.

UK release date

The Nintendo 3DS has a UK release date of 25 March, a day ahead of the US launch, although the amount of stock that will be arriving has not been confirmed.

In the past, Nintendo gear has been difficult to get in the UK, with the Wii in particular selling out within days or even hours of stores getting skimpy amounts of stock.

TechRadar's Hands on: Nintendo 3DS review suggests that this will be a popular purchase within Britain, as fans race to try out the 3D screen and the improved analogue stick.

And, with the Sony NGP - the codename for the PSP 2 – on the horizon, 2011 is certainly shaping up to be an exciting period for handhelds.

Explained: A day in the life of an email

Posted: 27 Feb 2011 04:00 AM PST

Email is now so ubiquitous, we no longer even consider how it all works. Billions of emails are sent each day (the majority of which are spam, admittedly), and even with the rise of social networking, we haven't abandoned email yet.

Some good, some bad; some work-related, some personal: it's the communications medium of the 21st century. But what exactly is an email? How does it get from me to you? What processes and servers have to be running in order to ensure all this magic works to the point where we don't need to worry about it?

Back in the very early days, messages could only be sent from computer to computer on the same network. For this to happen, both computers had to be running and online (that is, both endpoints had to have users logged in) since the originating computer made a direct connection to the destination computer in order to transfer the message.

This worked in essentially the same way that phone switches work to route a call: the originating and the destination phone must be connected directly for the length of the phone call. For computers on the same network, this method worked pretty well, but it didn't scale at all once we started to link local networks together.

The birth of email

In 1969, the precursor of the internet, ARPANet, was created by a research team at MIT and at DARPA (Defense Advanced Research Projects Agency). It was the first packet-switched network, so named because all data traffic was split up into packets. The packets were numbered sequentially and put into digital envelopes, with destination addresses encoded into the envelopes.

ARPANet was a collection of servers, each able to receive and pass packets onto other servers on the network. This meant that a large message would be split into different packets, and each packet might be routed a different way through the network to the destination. Each node on the network knew only enough to pass on packets that weren't destined for itself, and it was the receiving computer that was responsible for collecting all the packets that made up a message and checking that none were missing.

This methodology meant that packets from many different messages from many sources could be interleaved and sent on a link, without the need to tie up the link to send a single message.

A couple of years later in 1971, Ray Tomlinson implemented the first system that we would recognise as email. His system was based on a program that copied files across a network and allowed users of different networks to send messages (as files) to each other.

To help with the addressing of the email, he came up with a simple solution: separate the username from the remote network domain name by use of the '@' sign - a convention we still use today.

The earliest emails sent were text files, usually seven-bit ASCII. Although emails are no longer physical files, they remain as text.

An email consists of two main parts: the header and the message section, separated by a single null line (that is, a line that that only comprises a carriage return/line feed).

Modern messages

Nowadays, the message section can - and usually does - have a lot more structure associated with it thanks to the MIME (Multipurpose Internet Mail Extensions) standard. This standard extends the original seven-bit ASCII-only messages to incorporate other character sets including Unicode, attachments (usually encoded with something like Uuencode or base64) and multiple parts (where a message is encoded as pure text, HTML and rich text within the same email).

The header section remains resolutely ASCII (although MIME does allow for addressing with other character sets). It consists of various header information about the email, such as the subject, the recipient address(es), who sent it, a unique message ID, where replies should go to, and so on.

Email clients usually suppress most of this information when displaying an email, although there's usually a way to show them. Figure 1 shows an example header section from a recent email from the Association for Computing Machinery (ACM). Reading this you can see who sent it (and where to send the response to if I wanted to reply) and when it was sent.

The message itself is in a multipart MIME format (the line that defines the boundary between the parts is shown) - as it happens, the message is represented in both straight text format and in HTML within parts of the email and it's up to the email client as to which is actually displayed to the user.

Routing for emails

What also generally happens when an email is sent across the internet is that intermediary servers add extra routing information to the header section. For simplicity, this information is prepended to the header section, so the server doesn't have to hunt for the end of the section to add it.

The routing information generally details which email systems looked after and rerouted the email on its way to the inbox. For example, I've set up my personal email so that all messages are rerouted to Gmail, which means I can access my email easily using a browser or my phone.

The routing information included on the example email from Figure 1 shows (reading from the bottom upwards) the originating server name, the receipt by my email server at my personal domain, its sending on of the email to Google, the receipt by Gmail, and the final delivery to my inbox (see Figure 2).

By tracing the times shown on the routing information, I can see that the email appeared in my domain's inbox in a matter of seconds, whereas the automated Gmail fetch process took about 30 minutes. Although legitimate email servers will provide valid information as they prepend routing information, many others won't.

Spam emails especially tend to contain fake routing information, so you can't rely on this header information until the point when it reaches your email server.

Having touched on routing for emails, we should take a look at what goes on when you hit 'Send' on an email message until the point when the recipient reads it in their email client.

The vast majority of email uses two types of server to send an email from A to B: the outgoing mail server and the incoming mail server. The outgoing email server is almost certainly an SMTP server (Simple Mail Transfer Protocol), while the incoming server can be a POP3 (Post Office Protocol) or IMAP server (Internet Mail Access Protocol).

When you set up your email client (let's say this is Microsoft Outlook, since that's what I use), you specify for it the address of your SMTP server. You also define to it the user ID and password that has been assigned to you to use the server's facilities (without a properly protected SMTP server, your email could be hijacked for spam broadcast purposes).

You write an email in Outlook, specify the recipient and press 'Send'. Outlook formats the message according the email standards (since 2008 this is defined in the RFC5322 document, which superseded RFC2822 from 2001, which in turn superseded RFC822 from 1982). It then connects to the SMTP server on port 25, passing the user id and password for authentication, and sends the email.

Once the SMTP server gets the email (and adds its routing information), it looks for the address to send it to within the header section. It strips off the username and the @ sign, leaving the domain name that the email must be sent to. The SMTP server queries the Domain Name System (DNS) for the MX (Mail eXchange) records for that domain name.

The DNS entry for a domain name consists of a set of records defining the addresses of servers that process various types of connection (there are A records, AAAA records, CNAME records, and so on), and the MX record defines the server that can receive emails for the domain. For example, with my personal domain, the A record currently points to 97.74.144.79. This is the IP address of the server that hosts my domain and my website.

My highest priority MX record (you can have several MX records and they are ordered according their priority, the order in which SMTP servers try to connect with them) is pointing to smtp. secureserver.net, the GoDaddy server that deals with my email. And, yes, your SMTP server then has to resolve secureserver.net to an IP address in order to continue.

You've got mail

Your SMTP server then sends your email to the recipient's MTP server using the Simple Mail Transfer Protocol. Of course, it may be that, due to unforeseen circumstances, my SMTP server is offline or down.

In this case, your SMTP server will put your email in a queue and try to send it again later. If the server finds that after several tries it can't send the email at all, it wraps the email in a 'cannot deliver' message and posts that to your email inbox. But let's assume that all goes well and my SMTP server receives your email (and adds its routing information). It in turn reads the recipient email address, works out the user name, and puts the email in my inbox.

By 'inbox', I don't mean the inbox in Outlook or whatever email client you use. I mean the inbox on the email server for my email address. In the old days, the inbox was very simple: it was a set of text files, one per email, in a folder named after my email address (or maybe a single text file and new emails were appended).

These days it's more integrated - the inbox is in a database, with the usual failsafe guarantees that provides. Incoming mail servers We now come to the opposite end of the email trail: the incoming mail server. Ignoring the heavy duty corporate email systems such as Microsoft Exchange, Lotus Notes or Blackberry Server, there are two main ones in use today: the POP3 server and the IMAP server.

POP3 is the older and less sophisticated of the two, but they both have roughly the same features. The main difference between them is what happens to the emails. With POP3, although you can leave emails on the server, there's no provision for marking any as read/ unread - the assumption is that emails are downloaded to your client and deleted from the server.

Of course, this presents a problem if you want to use a variety of clients to access your email, because you may find that a particular email that you want to read is on a different PC to the one you're currently using.

With IMAP, the assumption is the opposite: emails are left on the server and can be marked as read/unread. This means that you can access your emails through a variety of email clients (desktop, phone, web) and all clients will agree on the current state of the emails.

With IMAP you can also do things like set up an inbox folder tree on the server or move emails around the tree, and again the clients will all agree on the current state of the inbox.

Let's assume that I'm using POP3. Again, I will have configured Outlook so that my incoming server is at such and such address and has a particular user ID and password (I can't have all and sundry reading my emails after all).

When I ask Outlook to retrieve all my emails, it will log in to the POP3 server with the credentials I gave, ask for a list of emails, and then download and delete them one by one. It will read the header information from each email in order to ascertain how the message is structured, how the constituent parts are encoded, from whom the email came, the delivery date/time, and so on.

Outlook will then decode and display the emails for me to peruse and read, and with that we come to the end of the journey for that email, from your PC to mine.

Review: LG W2363V

Posted: 27 Feb 2011 03:00 AM PST

You would have no trouble believing that the LG W2363V could have come from a design team such as Bang & Olufsen. The shiny-white oval base matches the smart white bezel, with a black bar across the bottom of the screen providing some visual contrast.

The ports and connectors are arranged vertically on the rear with DVI-D, VGA, RCA audio and Component, plus a mini jack for audio in, along with a mains power connector. On the left side of the screen there are two HDMI connectors above a headphone jack, so you have plenty of scope for connecting a DVD player, a TV set-top box and a games console.

While we hoped that the black bar might house a pair of punchy speakers, this is not the case. In fact, the headphone jack merely acts as a pass through for HDMI audio, while the black bar accommodates a series of lights for a gadget called Tru-light which is triggered by the audio signal that is fed to the display.

There's a rocker control to the right-hand side of the screen which controls the pattern of the lights 'to maximise the sensation of the entertainment experience'; however, the three settings are all much of a muchness. Thankfully, one of the options allows you to disable this affront to good taste.

There are other annoyances. The auto-detect seems reluctant to select the picture input, so you may have to fiddle with the OSD to make the screen come to life. This was especially vexing because the touch controls are tricky to use and the functions of each button unclear.

The LG display follows the current trend and combines basic TN panel technology with LED backlights. Despite this apparent lack of originality, we were impressed by the quality of the picture and found that the image really packed a visual punch.

LG has delivered a decent display at a low price, but it could have been so much better if they had dispensed with all the gimmicks.

Related Links

Review: Asus ML248H

Posted: 27 Feb 2011 02:30 AM PST

The ML248H is part of the Asus Designo series. As the name suggests, the designers have been hard at work on this model and the panel is slender with a shiny-white casing on the rear.

At first there appeared to be no stand, but further investigation revealed that the package contains two strange metal hoops. You attach one hoop to the back of the panel with a single screw and then attach a second ring that forms the base with a second screw.

The screen is solidly supported and has swivel as well as tilt adjustment, but in terms of design it is unlike anything we have seen before.

The rear of the panel has a small opening to connect the external power adapter and also for the headphone jack, HDMI and VGA inputs.

Although the lower bezel of the display measures a beefy 75mm and looks as though it should house stereo speakers, this is just an illusion, as the ML248H is silent when you use a VGA cable. The headphone jack becomes active when you switch to an HDMI connection.

Asus includes VGA and HDMI-to-DVI-D cables in the box and both worked perfectly. On the other hand, when we fed the Asus with an HDMI-to-HDMI signal, the picture gained a 1cm black border and looked poor, so the blame seems to lie with the Windows signal that is fed to the display, rather than the HDMI input itself.

The picture is perfectly decent, but after we had moved through the Theatre, Game, Scenery, Night View and RGB modes, we left the display in Standard mode as we found that suited us best.

Changing brightness or contrast is easy enough, as there are shortcuts that reduce the button pressing, but diving into the menus, for example to change the headphone volume, is an arduous task.

The Asus people describe the touch controls as a Marmite feature. They may love the controls, but we certainly do not.

The Asus ML248H looks very appealing, but the size of the lower bezel is ridiculous, we didn't get on with the touch controls and the price is too high.

Related Links

Tutorial: How to detect unknown malware with WinPatrol

Posted: 27 Feb 2011 02:00 AM PST

Host-based intrusion detection is a serious consideration for people wishing to stay safe online from as-yet unknown threats.

Knowing exactly what's happening under the hood is also the first step in controlling what your computer does and when. Linux has enjoyed the protection of major open source intrusion detection systems (IDS) for some time.

Windows users have fewer options, but that doesn't mean the threats facing it are any less dangerous. The landscape is now changing so fast that it takes a large and growing online security industry to keep up.

To help gain and keep the upper hand, it's becoming necessary to counter unknown threats as well as trying to spot and stop the known ones. To help, a new class of anti-malware has emerged.

Combining the advantages of an intrusion detection system (IDS) with other software can help detect and block malicious activity, and even clean up after a successful attack.

Detecting intrusions

There are two main types of IDS, which differ in the scope of their protection. A network IDS (NIDS) sits at a strategic point on the network – such as between the internet router and the internal network – where it can see all the data packets as they flow by. It inspects all traffic flowing across, into and out of the network, looking for activity indicating a remote attack.

By contrast, a host-based IDS (HIDS) is installed on each networked computer, and monitors traffic flowing in and out of just that machine. This second type of IDS can be quite specialised, and can monitor individual aspects of the system and its behaviour – such as changes to the Registry.

A protocol-based IDS (PIDS) is an even more dedicated IDS. It's installed on a server (or somewhere it can see all the traffic flowing in and out of the server) and monitors use of the server's specific network connections. It might be installed on a web server protocols, for example.

The detection techniques employed by an IDS fall into several categories. The simplest of these is signature-based. Like most antivirus packages, this tests a huge number of traffic patterns against a large database of profiles generated by known attack types. As with antivirus software, this database must be updated regularly, as new attack signatures become available.

Unlike static virus signatures however, an IDS attack signature has a distinct time element because it needs to understand the order, sequence and possibly even the delays between the packets involved in the attack as they arrive.

Anomaly detection

Anomaly-based intrusion detection is more sophisticated and intelligent. It first establishes a baseline of 'normal' network activity by monitoring network traffic for a while, including the general amounts of bandwidth used, the protocols used, the associated ports, the number of connections and which devices generally connect to each other.

Once in detection mode, the system will compare this baseline to subsequent network traffic patterns. Anything out of the ordinary is considered suspicious.

detected threat

POSSIBLE THREATS: If you find something potentially dodgy on your system, you can view its details and even add a note for future reference so you don't forget

In an application protocol IDS (APIDS), the baseline is even more specific and has to be far more detailed. To be effective, the APIDS monitors the traffic received and transmitted by the network protocol, so it has to understand in depth the way the protocol is being used in order to look for anything that deviates from the way it's normally used.

Regardless of the detection technique used, once an IDS identifies suspicious activity, it can take two courses of action: active or passive. A passive IDS simply detects and logs anomalies in system behaviour and reports them to the user or system administrator.

An active IDS (intrusion prevention system) can respond automatically to the perceived threat by blocking incoming IP addresses, blocking specific applications from transmitting data, blocking potentially malicious changes to the system, and even by preventing code from running.

WinPatrol

WinPatrol has been protecting computers for over a decade, and has just received an overhaul for Windows 7. Although the commercial version has some very useful facilities, the free one is perfectly good for protecting computers on a home network.

After downloading, run the installation executable and click 'Next'. That's all there is to it. At the end, click 'Finish' to run the application and the user interface will appear. If you have audio enabled you'll hear a 'woof' sound.

The main user interface is packed with three rows of tabs, though some are only accessible in the Plus (paid) version of the software. Click the 'Startup programs' tab and you'll see a list of all the programs that start when Windows does.

Although Windows 7 is blindingly fast to boot up compared to earlier versions of the operating system, it can be slowed by this extra load. By selecting a program and clicking 'Remove' or 'Disable', you can temporarily suspend auto-startup of that program, or if it proves to be the one increasing your system boot up time, remove it from the list.

Removal doesn't uninstall the program. If there's anything in this list that you don't recognise, select it and press the 'Info' button. If you're still not convinced that it's benign based on the information, disable it and reboot. If nothing untoward happens, remove it from the list.

The next tab, 'Delayed start', enables you to stagger the startup times of different applications. If you always use a browser first when you boot up and log in, you can add it to the 'Delayed start' tab to make sure that there are no resource contentions, and that the rest of the operating system is up and running before the browser tries to connect to the internet.

Click 'Add', then navigate to the executable for the application. Select it and click 'OK'. Select whether you want the application to start for all users or just you then click 'OK'. Now click the 'Delay options' button. Enter a title for the startup job and a time to wait from bootup to running the application. If the program needs any command line options passing to it, enter these in the 'Parameters' box.

Finally, select the way you want the program to appear – maximised, in a window or minimised to the task bar. Click 'OK' and the name of the delayed startup job changes to the one you entered. Reboot and WinPatrol should implement your changes.

Many people refuse to upgrade to the latest version of Internet Explorer, which means it's the target of all kinds of malicious and potentially malicious browser helper objects (BHOs). These extend the functionality of IE and are loaded when you run the browser. They can also increase the browser's startup time.

They often can't be uninstalled or even seen by normal users – perfect for installing adware and spyware.

Cleaning up IE

Click on the 'IE Helpers' tab in WinPatrol and you'll see a long list of these, plus the browser's toolbar add-ons. If you're irritated by installation programs insisting that you install the Yahoo Search bar, for example, you can remove it here.

The amount of on-screen space taken up by IE's normal toolbars is substantial, without having it further reduced by something you don't want. Select a BHO or toolbar from the list and click 'Info' to learn more. If you don't like what you see, click 'Remove' to delete it from IE and the system.

You'll be asked to confirm your choice before deletion takes place. Malware can also pose as or hijack legitimate scheduled tasks. To inspect these, click the 'Scheduled tasks' tab. Again, click 'Remove' to take any unnecessary or dodgy tasks out of the list.

This and the other two startup tabs are also a great way to clean up a new PC that annoys you with nagware. Now we can move on to the meat of host-based intrusion detection: detecting changes to the system that may indicate the presence of malware, spyware, or adware.

Click the 'Options' tab to configure WinPatrol for detection. Homepage hijacking is finding increasingly sophisticated roles in online crime. With 'Detect Changes to Internet Explorer home and search pages' selected, you'll be notified of any changes to the browser or its configuration.

Detecting changes

The HOSTS file is a throwback to the days before DNS, but it's also the first port of call for any internet-aware program trying to resolve domain names into IP addresses. These programs will use the domain/IP address mappings in the HOSTS file without question, so if this file is changed it can make you believe you're accessing legitimate websites when in fact you're being redirected to malicious ones.

HOSTS

HOSTS FILE: If malware makes changes to the HOSTS file on your computer, it can redirect you to anywhere on the internet without your knowledge

The 'Warn if changes are made to my internet HOSTS and critical system files' option will keep you safe from this form of attack. You can also view the 'HOSTS' file with the appropriate button; Notepad pops up to display it.

The 'HOSTS' file contains a few examples of mappings between DNS names and the associated IP addresses. If you see one without a hash ('#') symbol before it, indicating that the line is edited out, and you didn't put it there, place a hash at the start of the line, save the file and reboot to see if it breaks anything. If not, malware may well be trying to redirect you to a malicious page.

As WinPatrol runs, it creates a log file of events that you can view with the 'WinPatrol log' button. The resulting HTML page gives information about everything that happens on your PC. Pressing the 'Spreadsheet report' button will create a spreadsheet containing the same data. This is written to 'BillP\WinPatrol' in the 'Program Files' folder of your C:\ drive.

One last useful option on this tab is 'Lock file types'. If you've ever been frustrated by legitimate programs changing your carefully modified file associations even when you asked them not to, this option is for you. It prevents such changes from happening.

Review: Acer S243HLAbmii

Posted: 27 Feb 2011 02:00 AM PST

Acer has gone to town with the styling of the S243HLAbmii and the result is unlike anything we have seen before.

The headline figure is the claimed panel thickness of just 15mm and if you look at the screen from the side, you'll see the panel is indeed very thin. This tiny form factor is thanks in part to the use of LED backlight technology, but there's no avoiding the fact that a fair amount of hardware has been shifted from the main panel to the stand.

The stand is a bulky affair that houses the dual HDMI and single VGA connectors, but no DVI input. The OSD control buttons are arranged vertically up the front of the stand. They work well enough, but are overshadowed by the panel, so you will be hard-pressed to see the legends next to the controls in low light conditions.

Acer has included profiles called Text, Graphics and Movies as alternatives to the standard profile. Text is darker than standard, while Graphics and Movies boosts the intensity of the colours, but frankly we found they look much the same as each other.

For some reason Acer has offset the stand to one side in an L-shape with the main support shifted to the right-hand side. If you give the display a knock it shakes around alarmingly and this arrangement offers no obvious benefit.

We were mystified to see that Acer has chosen a mono 2-Watt speaker rather than stereo audio.

The Acer has tilt adjustment, but the pivoting joint between the panel and the base has been turned into a piece of industrial art and the function suffers as a result. In use we found the panel doesn't tilt back far enough to give a comfortable viewing angle.

The Acer is a triumph of style over substance and, while the panel does a competent job, you would have to be rather shallow to be lured by its cosmetic appeal.

Related Links

Review: HP EliteBook 8540w

Posted: 27 Feb 2011 01:30 AM PST

HP's EliteBook range targets those in need of power and corporate features and the EliteBook 8540w packs both in equal measures.

With its semi-rugged design, it is a highly resilient machine and ideal for demanding use. It has been tested to the MIL-STD 810G standards for resilience to vibration, dust, humidity and high temperatures, so is tough enough for busy work outdoors and at home.

With its magnesium-alloy chassis and brushed-metal finish, the chassis is tough and has bags of style. The sleek design and gun-metal finish look fantastic.

At 3kg, it is light enough for basic travel, but the 224-minute battery life significantly trails the Panasonic Toughbook CF-31.

Thanks to its large 15.6-inch screen, the HP has a spacious keyboard. All keys are firm, responsive and move near silently, making it great to work with. The board is spill-resistant and a tiny LED light in the screen panel illuminates the keys when working in dark conditions.

HP elitebook 8540w

The sharp screen features a Full HD resolution and is ideal for demanding multimedia use. Images are sharp, with strong colour and contrast bringing photos to life. The matt-TFT panel also suppresses reflections well.

Designed as a mobile workstation, it's no surprise that this laptop offers ample power. With its high-end Nvidia Quadro FX 1800M GPU, the HP provides ample graphics power, making it ideal for design and multimedia tasks.

Office performance is also extremely capable and falls in line with the Getac V200 and Panasonic. The cutting-edge Intel Core i7 620M processor and staggering 8192MB of memory run complex office software with ease and make light work of the most demanding daily multi-tasking.

Benchmarks

Battery life: 224 minutes
MobileMark 2007: 259
3D Mark 2003: 21,786

Ample storage

Where the HP also excels is storage. The 500GB hard drive is generous and is backed up by a Blu-ray drive for watching high-definition movie discs.

A 6-in-1 card reader is also in place for accessing the most popular multimedia storage cards. Adding to the security features of this machine, the hard drive is shockmounted and features an accelerometer. This detects when the laptop has been dropped and parks the disk heads, in order to prevent the disk being scratched and causing damage to your data.

While the semi-rugged design of the EliteBook 8540w won't suit the most taxing outdoor use, its tough chassis, great usability and stunning performance make it ideal for busy urban professionals. Packed with style and features, it makes a fantastic rugged workstation.

Related Links

Tutorial: Windows Event Viewer tips and tricks

Posted: 27 Feb 2011 12:00 AM PST

The Event Viewer doesn't look like a very exciting Windows componment. If your PC is unstable you might use it to check for error messages, but otherwise, well, that's about all. Or is it?

Look a little closer and you'll discover that the tool has all kinds of useful additional capabilities. It can sometimes be hard to find important events using the default settings, but creating a custom view will help you zoom in quickly on the data that really matters, which can be an essential troubleshooting aid.

If you have a network, then you can set up one copy of the Event Viewer to collect events from several PCs, and manage them all centrally.

One excellent feature gives you the ability to run a particular program or task when a given event occurs. If a program crashes you could restart it, for example. If you're short on hard drive space, you could delete your temporary files – whatever you like.

Then there are the secret Event Logs that you may not even know exist, the leftover logs that need to be deleted, the hidden management features and a whole lot more.

Please note, while we're focusing on the Windows 7 Event Viewer here, much of what we're saying also applies to Vista and even XP. Whichever version of Windows you're using, the Event Viewer deserves a much closer look.

The basics

Event viewer

The prime purpose of Event Viewer is to act as a log for various applications and Windows components. Many of these issues don't have an interface, or don't report all their problems and status issues via alert messages, so if you want to find out what's really going on with your PC then it's essential to take a look at the Event Viewer on a regular basis.

You can access the viewer via the Control Panel (go to 'System and security | Administrative tools | View event logs' if you're using Windows 7), but we find it easier to launch the tool directly: click 'Start', type eventvwr.msc, click the 'Event Viewer' link and it will pop up in a second or two.

If you just want to find out more about your PC, then you can expand the 'Windows Logs' section of the tree and browse the Application, Security, Setup and System logs for any interesting looking events.

These logs are presented in reverse chronological order, so the most recent events are at the top and as you scroll down you'll move back in time.

What will you see here? It depends entirely on the setup of your system, but we checked a test PC and came up with many interesting entries. There were detailed error messages for application and system crashes, for instance. If you come home and someone tells you the PC crashed an hour ago, but they can't remember the error message, the Event Log may tell you more.

We found performance-related information, including an Outlook message that said its launch was delayed because of a particular add-on. There were also warnings about four boot drivers that had failed to load. That's information we wouldn't have found anywhere else, and could explain all kinds of odd system behaviour.

Other issues

There were also events relating to the PC startup and shutdown process, installed programs, hardware problem, and many other issues. You wouldn't want to browse the Event Viewer for fun, but if you're having any kind of computer issues then it's wise to give it a closer look – you just might find the clues you need to uncover their real cause.

The problem with scrolling through the main Windows logs is that there are only a few interesting events, and they're masked by a great deal of irrelevant junk. Fortunately the Event Viewer provides several alternatives that will help you zoom in on the data that matters.

Custom view

The Windows 7 Event Viewer, for instance, opens with a useful 'Summary of Administrative Events'. Particularly important event types, such as 'Critical', 'Error' and 'Warning', are listed right at the top and you can expand these to find out more.

Trying this on our test system revealed seven disk errors in the past week. Double-clicking the entry revealed the details, and it turned out one of our drives was experiencing controller errors. Could the drive be about to fail? We're not sure, but at least the Event Viewer has given us a warning so we can back it up.

Another possible option is to expand the 'Applications and Services Logs' section of the viewer. This area contains logs dedicated to applications and areas of your system, such as hardware events, Internet Explorer and Media Center.

Perhaps the most important log here is a little buried, though. Browse to 'Applications and services logs | Microsoft | Windows | Diagnostics-Performance | Operational' and you'll find information about your PC's boot and shutdown processes. Again, everyone will see different things, but when we checked this log on our PC we found a wealth of essential data.

There were events warning us that the Bonjour Service, Function Discovery Resource Publication Service and Orbit Downloader were all causing delays in the system shutdown process. Other events pointed fingers at particular programs for delaying our PCs boot, too – if we were to remove anything non-essential, our system would speed up.

There were general warning events too, such as 'Video memory resources are over-utilised and there is thrashing happening as a result'. If your PC seems slow, or unstable, then this could be a clue. Simply closing some windows could make all the difference, as might updating the video drivers.

As usual, these logs are packed with clues to all sorts of problems, many of which you may not even realise you have. Take a look – it's surprising what you can learn.

Subscriptions

Subscriptions

The Event Viewer isn't only able to reveal issues with your own PC. It can also collect information on Vista or Windows 7 systems all across your network, so you can troubleshoot many problems from the comfort of your own desktop.

To set this up you must prepare the remote computers to forward events. First launch an elevated command prompt on each of these (do this by right-clicking the link 'cmd.exe' and selecting 'Run as administrator'), then enter the command winrm quickconfig.

Next, go to the central PC where you'll be collecting these events, launch another elevated command prompt and enter the command wecutil qc.

You can then launch the Event Viewer on the collecting computer, click 'Subscriptions | Create subscription' and tell the system exactly which events you'd like to collect from which computers. These will then appear in the log you specify, and you'll be able to view and filter them just as you can events on your own computer. Well, that's the basic principle at least.

In practice, there are usually some complications. You might have to specifically allow the Remove Event Log Management process to connect through your firewall, for instance, and you'll need to add an account with administrator privileges to the Event Log Readers group on each of the remote PCs. Check the 'Event viewer help' file under 'Manage subscriptions' for more details.

Run a task

Alert

So far we've only used Event Viewer in a passive way, allowing it to record what various apps are doing, but the best part of the tool is that it can also be active and dynamic, responding to events with the specific action that you choose.

Suppose one of your favourite apps has its own event log, for instance. It might only add one event a week, but that event might be very important and you may want to know about it right away. Is this a problem? Not at all. In a few clicks you can be alerted whenever a new event appears.

To make this happen, launch Event Viewer, expand the 'Applications and services logs' section of the tree, right-click your log of choice and select 'Attach a task to this log'. Click 'Next' twice, choose the 'Display a message' option, and click 'Next' again. Enter a title for your message, then the message itself, and click 'Next'. Click 'Finish' and that's it – Windows will now display a pop-up alert with your selected message whenever an event is placed in this particular log.

You can also attach a task to a specific event. If you see something that might be really important, like a message that a hard drive is returning controller errors, then right-click it, select 'Attach a task to this event' and the wizard will appear. With a few clicks, you can ensure that you're informed directly about important events, rather than just hoping you'll catch them later.

Perhaps most usefully, the Event Viewer can also launch a task in response to a particular event. If your system is regularly displaying some low-level drive error, for example, you could automatically launch Windows chkdsk or some other drive error checker to confirm that all is well.

If you're running short of hard drive space and related events are appearing, you could have these launch something like CCleaner to quickly free up a little space.

The principle is the same: right-click an event and select 'Attach a task to this event' to launch the Create Basic Task Wizard. This time, when you get to the 'Action' point, select 'Start a program'. Click 'Next', choose your program or script and any optional command line arguments, then click 'Next', finish the wizard and your configuration is complete.

Event details