"Your pointer to the very best
Tech information on the Web"
Issue 102 - 16th October, 2003
Support Alert is a registered online serial publication
Quote of the Week
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we computer professionals come in.
- Nathaniel Borenstein
I have seen The Beast and my heart has been smitten with fear.
No, folks, I haven't gone all religious. I'm talking about this year's hot trojan horse called "The Beast."
The Beast is one of the new generations of "process-injecting" trojans. To avoid detection these trojans attach themselves to a process that forms a key part of the Windows operating system itself.
In the case of The Beast, the processes chosen for infection are winlogon.exe and explorer.exe. These have been selected because they are always present on any XP/2000/NT-based PC.
This stealthing approach makes The Beast particularly hard to detect. Certainly a normal process scanner won't reveal its presence and almost all common anti-virus scanners will miss it as well.
Killing the trojan is also difficult as it resides within a process essential for the operation of Windows. Killing the process will also kill Windows.
And if you think that the .dll checksum feature in your firewall will help you, think again. The particular version of The Beast I tested came with a module that pulled down 32 of the most popular firewalls and anti-virus scanners and many anti-trojan monitors as well.
Watching a PC being infected by this kind of trojan is a scary experience. Terrifying, actually.
I ran The Beast on a test PC set up with the same extensive protection that I use on all my normal working PCs.
I just sat by and watched Norton Anti-Virus 2003 disappear, closely followed by my Sygate Personal Firewall Pro and the BoClean anti-trojan monitor. Not only were these defenses pulled down, they were permanently destroyed so they could not be restarted.
Once The Beast has infected your PC the attacker essentially has complete control. He/she can view, upload or erase any of your files and log all your keystrokes including your all your passwords. Worse still, you may not even know your PC is infected.
So what do you do to protect yourself again these evil products?
Well, practicing "safe hex" is a start. You can get a free guide to what's involved at http://www.claymania.com/safe-hex.html, and you'll find lots more if you do a Google search under "safe hex."
But it's almost impossible to practice 100% safe hex. In fact, doing so would, for many users, just about ruin the pleasure of using their PC. It would mean, for example, not downloading any programs, movies or other executables, as well as a total end to file sharing.
If you are not prepared to make this sacrifice, you should protect yourself using every weapon available. A regularly updated anti-virus program is mandatory as is a robust firewall. You should also seriously consider a specialist anti-trojan program with powerful file scanning capabilities so that you can detect trojans before they are executed.
Even here the news is not all good. There are a lot of anti-trojan programs available but frankly only two of them cut the mustard. These are TDS-3 and Trojan Hunter 3. Most of the others are useless against the latest generation of trojans.
I know this opinion will offend a lot of people who have their own favorite anti-trojan programs. I know too, it will offend many vendors. However I’m prepared to stand by what I think and have documented the reasons over at http://www.anti-trojan-software-reviews.com.
Trojans are becoming ever more sophisticated. Each new trojan generation becomes more difficult to detect and is armed with ever more aggressive weapons aimed at your defenses.
There will never be 100% protection. I wish I could tell you otherwise,
but this, unfortunately, is the harsh truth.
LAST ISSUE’S QUIZ: - "Is it possible to merge multi-part MIME messages using Microsoft Outlook? If so, how?"
ANSWER: Here's a paraphrase of the winning answer from Dennis Jones: "Sorry Gizmo, it can't be done as Outlook simply does not have that functionality even though its young cousin Outlook Express does. Maybe this is because OE is also a newsreader and multi-part mime messages are very common in that environment. There is a work-around: export the multi-part message from Outlook, import the parts into Outlook Express and re-assemble them there."
Nice work, Dennis, but your answer will disappoint the dozens of readers who wrote in desperate to find the answer. This high level of interest doesn't surprise me as splitting large files into multiple email messages using multi-part mime is a handy way of overcoming the maximum email file size restrictions imposed by ISPs. It's an irony that Outlook Express users have long had this ability while Outlook users have been denied.
THIS ISSUE’S QUIZ: Win a free copy of PestPatrol!
What's the best free registry cleaner and why is it the best?
Send your answer to the address below and win a copy of
mailto:firstname.lastname@example.org. Use the subject line "The
IN THIS ISSUE
1. TOP TECH SITES
- Free Certification Help
- A Search Engine That Understands
- Free Excel Help
- Encryption, Hashing, and Obfuscation
- Secure Programming Tips (SE Edition)
- How to Expose Conflicts of Interest (SE Edition)
- Free Training Videos (SE Edition)
- Cut Linux Boot Time by Half (SE Edition)
- Free Newsreader Specially For Downloading Binaries
- Free Networking Calculator
- Undelete for Linux Users
- Utility Allows Access to Obscure Newsgroups
- Ban Sites and Stop Ads With a Single Click
- Easy to Use Encryption Program (SE Edition)
- Free Admin Tool for MS Office (SE Edition)
- High End Groupware at a Modest Cost (SE Edition)
- A Tool That Helps Techies Write Better (SE Edition)
3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
- Cumulative Patch for Internet Explorer (828750)
- Flaw in IBM DB2 for Linux
- Three Open-source Vulnerabilities
- New MailWasher Release Supports IMAP and AOL
4. OTHER USEFUL STUFF
- Cheap DVD Writer
- Access the Command Prompt Easily
- Things That Move When They Shouldn't
- Keep Out The SpamBots
- Marriage Ruins Your Chances
- News Aggregators Reviewed
- USB Flash Drive Synchronizes with PCs(SE Edition)
- Utility Lets You Discover Who's Cheating (SE Edition)
- The Very Worst Tech Jobs (SE Edition)
- Simple IT Trick Improves User Productivity 10% (SE Edition)
5. FREEBIE OF THE WEEK
- Free FTP Client and Server
- Free Utility Manages Windows Windows (SE Edition)
Items marked "SE Edition" appear only in the special Supporter's
Edition of this newsletter. This edition is reserved exclusively
for those generous individuals who have donated to this site.
1. TOP TECH SITES
Free Certification Help
This site is giving away free download copies of its popular Exam Cram sheets covering the four MCSE core exams plus twelve elective exams including Windows XP Professional and 2000.
Free Tools for Power Surfers
A Search Engine That Understands
Brainboost is a search engine that takes a natural language question and rewords it for submission to three major search engines including Google. I entered "what is the tallest building in the world" and got the correct answer. When I tried "what is a gizmo" I got "gizmo is cool" and "gizmo is in need of a loving home in Florida. Word has it that only one of these responses was correct;>)
Free Excel Help
If you've got an Excel problem you can't solve, try the busy forum at this site. It's free and the folks are very helpful.
Encryption, Hashing, and Obfuscation
OK, these are three different ways of hiding data but what's the difference between them? Find out here in this excellent plain English article from ZDNet.
** Bonus Items for Supporters **
Secure Programming Tips
This site has a lot of useful resources for those interested in writing more secure code. It's mainly geared to C and its variants but there's lots of other material as well. Oddly enough, nothing from MS. ;)
How to Expose Conflicts of Interest
Here's something simple but valuable - a sample conflict of interest disclosure form. Use it as a template for deigning your own. That way you'll be well armed next time you deal with consultants and 3rd party suppliers.
Free Training Videos
Thanks to subscriber Cliff Krahenbill for suggesting this site that offers a selection of a dozen or so free training AVI's covering Cisco setup as well as Microsoft Windows 2000 and XP topics. The aim of the site is to sell you more training but there's nothing stopping you from just collecting the freebies.
Cut Linux Boot Time by Half
This article from IBM DeveloperWorks shows how.
Got some top sites to suggest? Send them to
Free NewsReader Specially For Downloading Binaries
There are lots of free Windows newsreaders but when it comes to downloading binaries XNews is arguably the best. It handles multiple simultaneous news servers, multiple downloads, and has sophisticated filtering. But, most importantly, it's relatively easy to use. I say "relatively" because UseNet will always remain arcane and inaccessible for those not prepared to invest the time and effort to understand the system. (680KB)
Free Networking Calculator
IPCalc is a tiny little IP calculator that will help you with your bit crunching. It converts decimal IP addresses to hex, displays the masks and IDs for networks, subnets, and the host, identifies invalid host addresses for a particular subnet, and a lot more. Weighs in at a massive 14KB!
Undelete for Linux Users
Windows users can easily restore accidentally deleted files and now Linux users can do the same with LibTrash, a tiny free utility. (73KB)
Utility Allows Access to Obscure Newsgroups
If you want to access a newsgroup that is not carried by your ISP then you should try a public access newsgroup server. Finding the right server is made easily by NewsWolf, a free utility that gives you easy access to a database of public servers. Download it from here: (313KB)
Ban Sites and Stop Ads With a Single Click
Thanks to subscriber Dave Compton for suggesting Web Nuke. This is tiny free tool that adds a site to your hosts file simply by right clicking on the unwanted web page, graphic or ad and selecting Web Nuke. Once the address is added to your hosts file it is permanently blocked. Requires IE 5+ (761KB)
** Bonus Items for Supporters **
Easy to Use Encryption Program
Encrypting your data may sound like a good idea but it can be a real pain when it comes to working with your files on a day to day basis. Kind of like having five locks on your front door. Nice idea but... Cryptainer is the first program of it's kind I've used that you can actually live with. It works by creating a virtual encrypted drive on your PC where you can store your sensitive files. Once you've opened the drive with your password, you work with the files transparently, just as if they were on a normal drive on your PC. You can read, write, modify, drop and drag files to your heart’s delight. However when you close Cryptainer, all the files are secured and, in fact, are not even visible. The product also provides an easy way of sending secure emails, provided the recipient knows the password. Cryptainer LE is free though the size of each virtual drive is limited to 5MB and the encryption to 128-bit. But these restrictions are not major limitations as you can have multiple 5MB drives and 128-bit BlowFish encyption strength is more than enough for non-military needs. (2MB)
Free Admin Tool for MS Office
Office Update Inventory Tool is a free tool from Microsoft that allows administrators to inventory the state of updates across all of their Office installations. The reporting is quite comprehensive with details for each machine covering what updates have been installed and what updates are available for installation. It works with most versions of Windows but only covers Microsoft Office 2000 & XP (162KB)
High End Groupware at a Modest Cost
A few issues back I ran an item about a charity that was looking for a web-based collaborative system for its international workers. I suggested Xerox's Sparrow system but the item prompted subscriber Greg Rice to write in about the groupware product Convea. I've since had a chance to check Convea out and I can tell you that it's very impressive. It's essentially an intranet groupware product designed for the creation and sharing of knowledge, distributed under a GNU license. What blew me away was the Outlook-style user interface which is triumph of design managing to achieve great ease of use with enormous power and flexibility. Too much to talk about here other than to say that if you are looking for a groupware solution at modest cost you must include Convea in your evaluation list.
A Tool That Helps Techies Write Better
WordDog is an add-in for Microsoft Word that allows you to check documents for wordy phrasing, repetition, overworked expressions and other classic signs of sloppy writing. It integrates nicely into Word, providing an additional function alongside spelling and grammar checking. I ran it on a copy of this newsletter and it found 19 points of objection, 11 of which were valid and four definitely worth changing. Overall, a useful tool for techies who write a lot of reports. Just don't expect it to turn fundamentally bad writing into gems of prose. It costs $24.95 and there is a free, though limited, trial version. (1.2MB)
Got some favorite utilities to suggest? Send them to
3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
Cumulative Patch for Internet Explorer (828750)
Systems Affected: IE V5.01, 5.5, 6.0, 6.0 for Server 2003
Problem: This patch fixes the various critical vulnerabilities left exposed by the last cumulative patch MS03-032 (issued just a month ago) that is now being exploited by the QHosts trojan. This patch, folks, is mandatory. If you haven't installed it yet, go straight to Windows Update and install it now or suffer the consequences.
Flaw in IBM DB2 for Linux
Systems Affected: DB2 for Linux Version 7
IBM has advised of a buffer overflow vulnerability could allow exposure and compromise of database contents. By utilizing a specially formulated request, an attacker with low privileges could gain total control of the database. A fix pack is available from the following page.
Three Open-source Vulnerabilities
The OpenSSL Project has released patches to fix three vulnerabilities. The first two deal with buffer problems in OpenSSL in all versions up to and including 0.9.6j and 0.9.7b, and all versions of SSLeay. These vulnerabilities if exploited could lead to a DOS attack by crashing the system. Potentially more serious is the third vulnerability which exists in versions of the widely used Sendmail package prior to 8.12.10. Vendors who use the package include HP, IBM and Red Hat. This buffer overflow flaw could allow a remote attacker to execute arbitrary code with root privileges. Patches are available here:
New MailWasher Release Supports IMAP and AOL
Mailwasher has long been my spam filter of choice when I'm traveling. It’s ability to kill spam and unwanted large messages directly on the mail server prior to downloading is really appreciated when using modem access. The latest release, V3.2, adds IMAP support and now provides access to AOL accounts. The upgrades are limited to the $29.95 Pro version as the freeware version is now "frozen". (2.3MB)
4. OTHER USEFUL STUFF
Cheap DVD Writer
The price of these things is really dropping. Like this 4X NEC ND 1300A Dual DVD+RW/+R DVD-RW/-R for $118. It's bare bones with no software but you can't complain at that price.
Access the Command Prompt Easily
Here's a registry patch for Win2000/XP that allows you to open a command prompt in any folder just by right clicking from Windows Explorer.
Things That Move When They Shouldn't
Check out this sensational optical illusion.
Keep Out The SpamBots
These malicious nasties are constantly spidering web sites looking for email addresses to harvest. This useful site shows how you can easily deflect SpamBots from Apache servers. The concept is also applicable to MS server sites.
Marriage Ruins Your Chances
Fancy your chances of making a major scientific breakthrough? Then you'd better do it before you are 30 and before you are married according to this research report. Apparently tying the knot has put an end to many a promising scientific career.
News Aggregators Reviewed
Extremetech is running a comparative review of six of the best RSS readers. Frankly, I find the RSS concept over-hyped, but then again I was the one who predicted the Dow would fall to 6000 by the end of the year;>)
** Bonus Items for Supporters **
USB Flash Drive Synchronizes with PCs
Many users have been utilizing flash drives to transfer data between home and work PCs as well as laptops. Forward Solutions has announced Migo, a product that takes the process one step further by using a flash drive with integrated software to automatically synchronize Outlook mail, favorites, desktop and other data between PCs. Their key ring size 256MB unit sells for around $199.
Utility Lets You Discover Who's Cheating
Here's a clever idea - a free program that compares two MS Word files for copied or plagiarized sections of text. Should be in every teacher's toolkit and handy for legal purposes too. I wonder if it works with computer code… maybe we should send a copy to both Linux and SCO ;>)
Excellent Collection of Free Fonts
This site offers an excellent collection of fonts, many of which are free.
The Very Worst Tech Jobs
This list from Popular Science includes some real horrors. Not for the faint of heart.
Simple IT Trick Improves User Productivity by 10%
A study conducted by the University of Utah for NEC-Mitsubishi and a number of other vendors indicate that worker productivity improves by an average of 10% when multiple monitors are used rather than a single monitor.
5. FREEBIE OF THE WEEK
Free FTP Client and Server
It's going to take a lot to wean me from WS_FTP Pro but I must admit that I was quietly impressed by the Open Source FTP client FileZilla. It's a relatively small program that includes a lot of features including a site manager, firewall and proxy support, SSL and Kerberos GSS security and a lot more. Most importantly, FileZilla is really easy to use (for a FTP client) and this will win over many users. I didn't try the free server myself but I hear that it's just as good as the client. (1.7MB)
** Bonus Freebie for Supporters **
Free Utility Manages Windows Windows
In the last issue I mentioned a $19.95 utility that allow you to keep any Window always on top as well as allowing you to minimize the window to a system tray icon. Thanks to subscriber Kevin Forrester who let me know about the freeware program TrayDevil, and a lot else as well. (56KB)
Got some top sites and services to suggest? Send them in
Visit the Subscribers-only section of the Support Alert website
You'll find all back issues plus a growing list of resources
exclusively available to Supporters.
The area is password protected. Use the username and password
mailed to you when you first donated.
MANAGE YOUR SUBSCRIPTION
If you no longer wish to receive this newsletter, send me an email at email@example.com. Remember to state the email address at which you are currently subscribed.
To change your delivery email address, send me an email at
firstname.lastname@example.org. Remember to state the email
address at which you are currently subscribed and the new
address where you wish to subscribe.
Thanks to the following volunteer reviewers for their efforts:
Daniel Rose (D.R.)
Annie Scrimshaw (A.S.) aka Annmarie at www.cybertechhelp.com
Jeff Partridge (J.P.)
Sheila Foss (S.F) aka PippieT
Reviews written by Annie, Daniel, Jeff and Sheila are indicated
by their initials at the end of the review.
Thanks too, to subscriber A. Belile for proofreading this issue.
Content of this newsletter is (c) Copyright TechSupportAlert.com, 2003
See you next issue
Ian “Gizmo” Richards