Beating the Wireless Blues

Everything was working swimmingly when Harold Martin (in photo, left) first set up his wireless network. But after a few weeks, the wireless gateway mysteriously started having problems. "It would drop the connection after 5 minutes," said Martin, a tech support specialist with a Des Moines, Iowa, ISP.

Martin installed NetStumbler on his laptop, an application he hoped would help him diagnose the problem. NetStumbler found eight other gateways, all using the same Wi-Fi channel as his. But changing his gateway's channel solved nothing.

In the end, his connection was restored when Martin enabled the Wireless Zero Configuration service, a part of Windows XP that his wireless card software had disabled. "I turned it back on, and all of a sudden, the computer picked up the wireless network and kept on working," he said.

Martin's case differs from the experience of many Windows XP users and the recommendations of Wi-Fi experts, some of whom suggest ditching the Wireless Zero Configuration service altogether. But it illustrates the maddeningly unpredictable nature of Wi-Fi problems. What works for me might not work for you.

With 4.5 million households in the Unites States going wireless, the benefits of Wi-Fi--a fast, untethered way to connect to other computers and devices on a network--are hard to ignore, as are the problems you might encounter.

Besides conflicts with Windows software, wireless networking hardware can fail or have bugs. Our readers report that Wi-Fi devices are the most troublesome type of peripheral we asked them about.

In PC World's most recent Reliability and Service survey, over 9 percent reported that a new wireless network device had problems--a far higher rate than the one for PCs, or for any other peripheral we asked about. And 36 percent of the respondents said a problem significantly limited the usefulness of their gateway.

The difficulties our readers reported are borne out in tests performed by the wireless networking industry's standards body, the Wi-Fi Alliance. The group tests products in its labs to make sure they work well together. "About 25 percent of the products we get in the labs fail our tests in their first pass, from catastrophic failures to performance problems," says Alliance spokesman C. Brian Grimm. "And these are products that have been prepared for testing."

If you're singing the wireless blues, there's good news. We've got solutions to five common Wi-Fi problems: dead zones; Windows glitches that stop you from connecting, even when you should be able to; poor Wi-Fi range; interference jamming your network; and security gaps.

Banish Wi-Fi Black Holes

In its tests, the Wi-Fi Alliance determined that your PC's wireless card can talk to a gateway that's situated 40 to 60 feet away within a home, and 60 to 80 feet away in an office. That range is smaller than the theoretical 150-foot radius promised by some Wi-Fi manufacturers.

You can't do much about the main problem--interference that is caused by interior walls, floors, or even those walking bags of signal-absorbing water we call human beings. But the antennas on your gateway can cause trouble, too. Even the best antenna can't radiate a perfect sphere of signal strength.

In these situations, you can move your gateway, or you can buy one or more new antennas (see "Bridging the Gap: Beat the Wi-Fi Black Holes"). Before deciding on a course of action, however, you need to measure the strength of the Wi-Fi signal around the dead spot--a place where you want to use a computer, but can't. For example, a survey might show that you can get a signal at one end of your dining room table, but not at the other, and that you could solve the problem just by moving your chair.

The utilities that accompany many Wi-Fi-enabled notebooks or cards include a rudimentary signal strength meter, but they rarely give enough data to perform real troubleshooting. With the help of NetStumbler, a free application, you can temporarily turn your laptop (or Wi-Fi-enabled Pocket PC) into a slick Wi-Fi signal analysis device that scans the frequencies used by Wi-Fi devices. The program lists all the nearby Wi-Fi devices it detects, and the precise strength of the signal you can receive.

NetStumbler is a little fidgety, however: It doesn't work with all models of Wi-Fi cards, and there's a steep learning curve to using it. An alternative is Smart ID's WFS-1 WiFi Detector ($25); like NetStumbler, it displays signal strength in the 2.4-GHz band. The WFS-1 is a handheld sensor about the size of a deck of playing cards, and it contains four LEDs that display signal strength while you hold down a button. Because it's directional, it can even help you figure out if a non-Wi-Fi device (like your microwave oven or a cordless phone) is the source of your problems--something that NetStumbler can't do.

Once you've ruled out obvious potential sources of interference, your next step is to move your gateway around, if at all possible--and ideally, closer to the dead spot. Pay special attention to the gateway's spatial orientation; even so-called omnidirectional antennas can be highly directional, so that a gateway hung on a wall might send its signal into the ceiling and floor. Each time you reposition the gateway or antenna, recheck the signal strength where you want to receive a signal.

If moving or reorienting the gateway or its antennas doesn't solve your problem, you may be able to use a different antenna. Apple, for instance, sells two antennas for its AirPort Extreme Base Station. Some companies make high-quality antennas--such as the SuperCantenna ($50)--that can work with any gateway, but there's a catch: Though you can legally purchase third-party antennas that will work with your gateway, FCC rules don't allow you to use antennas not specifically designed for your manufacturer's equipment. To our knowledge, nobody's ever gotten in trouble over this, but breaking the rules might pose problems someday.

Work Around Windows XP's Wi-Fi Quirks

The term zero configuration implies an easy setup, but with Windows XP's Wireless Zero Configuration (WZC) service, that frequently isn't the case.

The problem: From time to time, when you insert your card (or power up), XP won't let you connect to a network. As shown in the image at left, the most common symptom is that the Connect button in the networking dialog box is "grayed out," unavailable for use (click on image to enlarge). To complicate matters, the card will even flash its LEDs and appear to be installed properly in the Device Manager.

In some setups, this glitch arises every other time you reboot; in others, it's only every fifth or sixth time. Some people never see the problem at all, but whenever it happens, it's a major nuisance.

On discussion forums, some--but not all--users report that installing the Wireless Update Rollup Package from Microsoft may fix this particular Wi-Fi annoyance.

You may already have installed this rollup (released in October 2003) via Windows Update. To find out, click Start, Windows Update, then click View Installation History in the left pane. Look for an entry named 'Update for Microsoft Windows XP (KB826942)'. If it's present, you have the rollup installed.

If you have the patch, and the connection problem persists, try stopping and then restarting the Wireless Zero Configuration service. This forces Windows XP to reset the card's drivers, which should snap to attention immediately afterward.

To start this procedure, you must open the Services console: Right-click My Computer on the Desktop, and select Manage. In the management console, click the plus sign next to the Services and Applications item in the left pane, then click Services. Scroll down and double-click Wireless Zero Configuration in the right pane.

Unless you had previously shut off the service, the dialog box will report the service's status as Started, and the Stop button will be active. Click Stop, wait a moment, and then click the Start button when it becomes active. If this fixes the problem, you'll likely have to repeat the process each time you encounter the same set of symptoms. (See accompanying image; click to enlarge.)

If restarting the service doesn't fix the problem, you may need to update firmware in your notebook's Wi-Fi card, or update your Wi-Fi card drivers to versions that have been certified for Windows XP. In a worst-case scenario, where WZC fails more often than it works, use the instructions above to stop the service, and then just use the software that came with your card to set up a connection to your LAN.

Extend Your Network's Limits

When you want to spread a wireless network wider than the maximum range of a single gateway, you have a number of options. The cheapest ($35 to $80) and best alternative is to add more Wi-Fi gateways. Access points contain just a Wi-Fi radio, and as a result are simpler to configure and troubleshoot, but they often cost a little more than a gateway.

If you can run wires through walls or under floors, ethernet can link more than one gateway in a network, creating a much larger bubble of connectivity. Another option, called a wireless distribution system (WDS), lets you daisy-chain Wi-Fi gateways wirelessly. With WDS, a gateway in your home office, for example, can talk to another one halfway across the house, and that one can talk to a third gateway in the front of the house.

WDS is also known as wireless bridging, because traffic from each gateway is connected (bridged) to other gateways. But since WDS isn't a standard, not all gateways support WDS, and the system works differently in different manufacturers' devices. If you want to use WDS, it's safest to buy all your gateways from the same company. Buffalo's WBR-G54 ($85 to $110) and Apple's AirPort Extreme Base Station ($199) are good examples of WDS-enabled gateways with full Windows compatibility.

Whether you use gateways or access points, if you set up the WDS bridges incorrectly, you can cause more headaches. Eric Myerson of Los Angeles learned that lesson the hard way when he tried to bridge three access points: They talked in circles to one another, never reaching the Internet. "Figuring this out was quite frustrating," Myerson said.

In a typical home or office, you should set up one smart wireless gateway to bridge your wired network to wireless clients, to act as a firewall, and (optionally) to issue an IP address to any computer that connects to the network using DHCP (Dynamic Host Configuration Protocol). You want only one gateway to offer these features as your barrier and link between the Internet and your internal network.

The other gateways should be dumb, with all features other than the wireless access point disabled. (Problems will very likely crop up if more than one gateway has its DHCP server enabled. Run the DHCP server only on the gateway that connects directly to the Internet.)

Another way to extend the reach of your wireless network is to use a HomePlug product, which routes data over power lines. You could connect two relatively distant gateways within a single building to fill in any dead spots in your wireless network. To do so, you would attach the network cable from one gateway to a HomePlug adapter in one room, plug the adapter into a power outlet, plug in another HomePlug adapter in a distant room, and then connect the network cable from the second HomePlug adapter to the second gateway. Some companies even sell HomePlug-to-Wi-Fi adapters, which eliminate the need for another gateway.

HomePlug's main limitation is that it doesn't work over isolated circuits--power outlets wired directly to the circuit breaker--which might restrict its use in newer homes and buildings, where you're more likely to find such circuits.

For tools to stay connected while traveling, see "Wireless Networking Kit."

Solve Network Problems That Cross Property Lines

Even if your Wi-Fi network has glorious coverage one day, it might act up the next. The problem might be good neighbors running bad Wi-Fi technology.

All equipment that operates in the 2.4-GHz band (including Wi-Fi hardware) is designed to minimize interference with other devices using that band--such as cordless phones. Wi-Fi equipment has to sort out usable signals from the radio mishmash in the air. But some Wi-Fi chip sets don't play nicely with others.

For example, chip maker Broadcom last year released test results that it says show chips made by its rival, Atheros, interfere with other wireless network devices. Broadcom supplies 802.11g chips to Apple, Belkin, Buffalo, Linksys, and Motorola, as well as to Dell, EMachines, and Fujitsu for their laptops. Atheros technology is found in most D-Link and NetGear gateways and devices.

The problem, Broadcom alleges, stems from a proprietary Turbo setting available on Atheros-based gateways; this setting doubles the raw speed of the link if you use another Atheros-based device.

Atheros says that its engineers don't detect interference problems from its chips. CEO and president Craig Barrat says, "You can argue that the aggregate amount of interference generated is roughly unchanged." Barrat also says the company stands by its claim that its chips comply with FCC regulations. Grimm of the Wi-Fi Alliance says, "We're currently studying the issue of potential interference from channel-bonded 802.11g products in the lab."

So if your neighbor has Atheros-based equipment with Turbo mode, you might need to have a chat--if you can figure out who's responsible. Conversely, if you use Atheros-based gear, you might get a knock on the door from a neighbor asking, "Did you just install a new gateway?"

In any case, you could cut some of the interference if you and your neighbors agree to set the gateways to use different channels. But if you can't track down your interfering neighbor, and changing channels doesn't help, consider installing a directional antenna. Such an antenna in the right part of your house and aimed at the rest of it should boost your gateway enough to overcome the interference, without ruining anyone else's good time.

Improve Wi-Fi Security

Wi-fi earned a reputation early on as an insecure technology to link machines in a LAN. Most Wi-Fi devices ship with security features disabled, so anyone with a Wi-Fi-enabled laptop or PDA can park outside your home or place of business and access your wireless network.

The first line of defense, known as Wired Equivalent Privacy (WEP), didn't meet the security test. WEP is built into every Wi-Fi device, and using it is better than nothing, but its encryption routines are flawed. WEP keeps casual snoops at bay, though widely available software will let a serious intruder break a WEP key in as little as 15 minutes on a busy network.

You can limit access to your network by using Media Access Control (MAC) address filtering on your gateway, where you restrict access based on a unique code that's built into every Wi-Fi adapter (and ethernet adapter, for that matter).

MAC filtering may keep out neophyte hackers, but it also isn't foolproof: Since MAC addresses are sent in the clear even when you encrypt, a competent snoop can defeat MAC filtering easily.

Instead of relying solely on MAC filtering, combine its use with WEP's replacement, Wi-Fi Protected Access (WPA). WPA fixes all the broken parts of WEP, and it comes built-in on any Wi-Fi-certified device that's been released since September 2003. WPA firmware upgrades are available for many (but not all) older 802.11b gear sold between 1999 and 2002. Check the manufacturer's Web site for more information about your particular brand of card and gateway.

For Windows XP, you must download a patch before you can use WPA, though newer PCs may ship with the patch installed. The patch adds basic support for WPA in the operating system, along with several other new technologies that are required for WPA to work correctly.

Laptops with Intel's Centrino mobile wireless technology will also let you install the WPA patch; but even though Intel has released updated drivers, individual laptop manufacturers have to integrate those drivers into their versions of Windows XP before WPA will work on them. Check with your notebook manufacturer's tech support to find out whether, and how, to upgrade. Intel's new 802.11g Centrino adapter, due to appear in laptops this year, will fully support WPA without extra downloads or patches.

When you use WPA, you protect your network with a passphrase (a longish password, from 8 to 63 characters in length). You enter the passphrase into a WPA configuration page on your gateway; thereafter, anyone who wants to connect enters the same passphrase into the Wi-Fi card settings. Without the passphrase, a would-be user can't connect.

To enter the WPA passphrase into your Wireless Network Connections profile, double-click My Network Places, then click View Network Connections in the left pane. Right-click your Wi-Fi network connection, select Properties, and double-click an existing network in the Preferred Networks pane (in the lower half of the Properties dialog box). In the Association tab, choose WPA-PSK from the Network Authentication pop-up menu. (Unless you're on a business network, don't choose the plain WPA option.) In the Data Encryption pop-up menu, select TKIP, enter your WPA passphrase twice, and click OK to save the profile.

One proviso with WPA: Though this privacy standard is highly secure, a researcher reported in late 2003 that a passphrase less than 20 characters long composed entirely of words could be cracked. Use a longer passphrase, and include some punctuation marks or numbers for maximum security.

Bridging the Gap: Beat the Wi-Fi Black Holes

You can use three methods to extend the range of your wireless network, with the goal to fill any "dead spots," or simply to add areas where a single wireless gateway can't reach.

Wardriving: When Wireless Insecurity Strikes

"How did you know that name?" asked a concerned-looking Debrann Schad, an Oakland, California-based contractor, whose trip to the garbage can was interrupted by my question. "Only four people in the world know that nickname."

I'd found the name (which Schad asked me not to publish) using a wireless-enabled Pocket PC outside her house. Schad's gateway, located inside her home, was spilling Wi-Fi out to her curbside. The gateway had been set up in such a way that its identifier, labeled with Schad's high school nickname, was broadcast to anyone who happened to wander within range.

Though Wi-Fi is designed to work over short distances, folks who live or work adjacent to a Wi-Fi network (or who simply sit in a car near one) may be able to "borrow" access and use the wireless network.

Some Internet users scope out unprotected wireless networks (an activity known as wardriving) just for sport. A few Web sites publish maps that show the locations of open networks, with data provided by users who drive around and collect the information, using GPS-enabled laptops and software such as NetStumbler or Kismet. A search on WiGLE can yield anything from a handful to hundreds of listings of unprotected Wi-Fi networks, depending on the geographic location you search.

Using a pricey tool for network administrators called AirMagnet and a Pocket PC handheld, I saw her network identifier, or SSID, the brand of gateway she was using, the channel it was broadcasting on, and the fact that it was unencrypted.

In Schad's case, the risk was moderate. A friend had set up her network; Schad relied on it only occasionally, and never used it to check mail or shop online. But the friend left the gateway's default passwords enabled. Anyone nearby could have logged in, using the password published in the gateway's manual (and widely available on the Internet to those who know where to look), and altered her network settings.

If someone had deleted her DSL log-in, for example, Schad would have lost Internet access. An intruder could have set up WEP encryption, locking Schad out of her own network.

The risks would not have stopped there, however. A wardriving passerby probing Schad's local network would have discovered a networked printer and her PC, connected by wires to the gateway. Schad didn't have Windows' built-in file sharing enabled, but if she had, the snoop would have been able to root around in the files on her computer. A vandal could also have used up all the paper in Schad's networked printer, or could have printed obscene messages or images. And if a worm or a virus had placed a Trojan horse on her PC, someone could have remotely controlled it.

What can a Wi-Fi user do? "People, turn your security on, please," says Wi-Fi Alliance spokesman C. Brian Grimm, in a tone of mock exasperation. "At a bare minimum, change the default settings, like the SSID and passwords, and password-protect your shared drives, if you have any." Our Wi-Fi security section, and this month's Step-By-Step, offer other tips about encrypting and limiting access to your wireless network.

Andrew Brandt

Wireless Networking Kit

When you travel, keep copies of a few applications on your laptop or handheld as a sort of wireless toolbox to help you find networks you can use. A few hardware add-ons can improve your ability to surf, too. This small arsenal can effectively help you find a public hot spot and stay connected.

NetStumbler (free), when installed on your laptop or Pocket PC, will help you find a wireless network almost anywhere.

Boingo Wireless software (free), used for connections to that wireless ISP, can also be used by noncustomers of Boingo to store network profiles with encryption keys. If you use more than one encrypted network on a regular basis, the time savings of not having to reconfigure your Wi-Fi card settings with different WEP or WPA keys every time you switch networks make this freebie worth the download.

JiWire's AvantGo directory of hot spots (free) retrieves lists of free access points, then downloads them to your PDA. (Full disclosure: JiWire is a content partner of PC World, and Wifinetnews.com, author Glenn Fleishman's Web site, is part of JiWire's network.)

Smart ID WFS-1 Wi-Fi Detector ($25) is a handheld signal strength meter for the Wi-Fi band. It can help track down dead spots on a wireless network, and it can also reduce the number of awkward fumbles you make while balancing a laptop (and running down its batteries) as you search for a nearby Wi-Fi network you can use.

Cantenna Wireless Network Antenna ($50) may look like a simple metal cylinder, but it acts as a highly directional antenna that can vastly improve your ability to connect to a wireless network. Included in the package are connectors that allow you to screw the Cantenna into your wireless gateway or connect it to a network card, an 18-inch length of cable, and a small desktop-size tripod.

Andrew Brandt