Support Alert
                       Supporter's Edition

                 "Your pointer to the very best
                  Tech information on the Web"

                 Issue 102 - 16th October, 2003

    Support Alert is a registered online serial publication
                         ISSN 1448-7020.


Quote of the Week

The most likely way for the world to be destroyed, most experts agree, is
by accident. That's where we computer professionals come in.

- Nathaniel Borenstein


I have seen The Beast and my heart has been smitten with fear.

No, folks, I haven't gone all religious. I'm talking about this year's hot
trojan horse called "The Beast."

The Beast is one of the new generations of "process-injecting" trojans. To
avoid detection these trojans attach themselves to a process that forms a
key part of the Windows operating system itself.

In the case of The Beast, the processes chosen for infection are
winlogon.exe and explorer.exe. These have been selected because they are
always present on any XP/2000/NT-based PC.

This stealthing approach makes The Beast particularly hard to detect.
Certainly a normal process scanner won't reveal its presence and almost all
common anti-virus scanners will miss it as well.

Killing the trojan is also difficult as it resides within a process
essential for the operation of Windows.  Killing the process will also kill

And if you think that the .dll checksum feature in your firewall will help
you,  think again. The particular version of The Beast I tested came with a
module that pulled down 32 of the most popular firewalls and anti-virus
scanners and many anti-trojan monitors as well.

Watching a PC being infected by this kind of trojan is a scary experience.
Terrifying, actually.

I ran The Beast on a test PC set up with the same extensive protection that
I use on all my normal working PCs.

I just sat by and watched Norton Anti-Virus 2003 disappear, closely
followed by my Sygate Personal Firewall Pro and the BoClean anti-trojan
monitor.  Not only were these defenses pulled down, they were permanently
destroyed so they could not be restarted.

Once The Beast has infected your PC the attacker essentially has complete
control. He/she can view, upload or erase any of your files and log all
your keystrokes including your all your passwords. Worse still, you may not
even know your PC is infected.

So what do you do to protect yourself again these evil products?

Well, practicing "safe hex" is a start. You can get a free guide to what's
involved at http://www.claymania.com/safe-hex.html, and you'll find lots
more if you do a Google search under "safe hex."

But it's almost impossible to practice 100% safe hex. In fact, doing so
would, for many users, just about ruin the pleasure of using their PC. It
would mean, for example, not downloading any programs, movies or other
executables, as well as a total end to file sharing.

If you are not prepared to make this sacrifice, you should protect yourself
using every weapon available. A regularly updated anti-virus program is
mandatory as is a robust firewall.  You should also seriously consider a
specialist anti-trojan program with powerful file scanning capabilities so
that you can detect trojans before they are executed.

Even here the news is not all good. There are a lot of anti-trojan programs
available but frankly only two of them cut the mustard. These are TDS-3 and
Trojan Hunter 3.  Most of the others are useless against the latest
generation of trojans.

I know this opinion will offend a lot of people who have their own favorite
anti-trojan programs. I know too, it will offend many vendors.  However I’m
prepared to stand by what I think and have documented the reasons over at

Trojans are becoming ever more sophisticated. Each new trojan generation
becomes more difficult to detect and is armed with ever more aggressive
weapons aimed at your defenses.

There will never be 100% protection. I wish I could tell you otherwise, but
this, unfortunately, is the harsh truth.

Gizmo Richards.




LAST ISSUE’S QUIZ: - "Is it possible to merge multi-part MIME messages
using Microsoft Outlook? If so, how?"

ANSWER:  Here's a paraphrase of the winning answer from Dennis Jones:
"Sorry Gizmo, it can't be done as Outlook simply does not have that
functionality even though its young cousin Outlook Express does.  Maybe
this is because OE is also a newsreader and multi-part mime messages are
very common in that environment. There is a work-around: export the multi-
part message from Outlook, import the parts into Outlook Express and re-
assemble them there."

Nice work, Dennis, but your answer will disappoint the dozens of readers
who wrote in desperate to find the answer. This high level of interest
doesn't surprise me as splitting large files into multiple email messages
using multi-part mime is a handy way of overcoming the maximum email file
size restrictions imposed by ISPs. It's an irony that Outlook Express users
have long had this ability while Outlook users have been denied.

THIS ISSUE’S QUIZ: Win a free copy of PestPatrol!

What's the best free registry cleaner and why is it the best?

Send your answer to the address below and win a copy of

mailto:editor@techsupportalert.com.  Use the subject line "The
Subscriber Quiz".



 - Free Certification Help
 - A Search Engine That Understands
 - Free Excel Help
 - Encryption, Hashing, and Obfuscation
 - Secure Programming Tips (SE Edition)
 - How to Expose Conflicts of Interest (SE Edition)
 - Free Training Videos (SE Edition)
 - Cut Linux Boot Time by Half (SE Edition)
 - Free Newsreader Specially For Downloading Binaries
 - Free Networking Calculator
 - Undelete for Linux Users
 - Utility Allows Access to Obscure Newsgroups
 - Ban Sites and Stop Ads With a Single Click
 - Easy to Use Encryption Program (SE Edition)
 - Free Admin Tool for MS Office (SE Edition)
 - High End Groupware at a Modest Cost (SE Edition)
 - A Tool That Helps Techies Write Better (SE Edition)

 - Cumulative Patch for Internet Explorer (828750)
 - Flaw in IBM DB2 for Linux
 - Three Open-source Vulnerabilities
 - New MailWasher Release Supports IMAP and AOL

 - Cheap DVD Writer
 - Access the Command Prompt Easily
 - Things That Move When They Shouldn't
 - Keep Out The SpamBots
 - Marriage Ruins Your Chances
 - News Aggregators Reviewed
 - USB Flash Drive Synchronizes with PCs(SE Edition)
 - Utility Lets You Discover Who's Cheating (SE Edition)
 - The Very Worst Tech Jobs (SE Edition)
 - Simple IT Trick Improves User Productivity 10% (SE Edition)

 - Free FTP Client and Server
 - Free Utility Manages Windows Windows (SE Edition)

Items marked "SE Edition" appear only in the special Supporter's
Edition of this newsletter. This edition is reserved exclusively
for those generous individuals who have donated to this site.

Become a Supporter and Win a copy of TDS-3 Anti-trojan

Donate now and you'll have an excellent chance of winning a copy
of the latest version of the top rated anti-trojan program, TDS-
3, worth $49.

When you donate your name will be automatically entered into a
draw with other new supporters.  A prize is given every issue so
your chances of winning are surprisingly good.

TDS-3 has been rated at http://www-anti-trojan-software.com as
the best anti-trojan on the market.  It's a great product and a
great prize.

So stop missing out on so much good stuff. Click below to donate
$10 and get the Supporters' Edition now. Donate by check, Postal
Order or credit card.


Free Certification Help
This site is giving away free download copies of its popular Exam Cram
sheets covering the four MCSE core exams plus twelve elective exams
including Windows XP Professional and 2000.

Free Tools for Power Surfers
Bookmarklets are little JavaScript programs that operate from within
Windows Explorer and Netscape bookmarks. Typically they are used to process
web pages but they can do other things.  For example, I use one to count
the number of words in a highlighted section of a local document. This site
offers dozens of bookmarklets and they are all free. Applications range
from emailing a friend a highlighted section of a web page to a neat
bookmarklet that reveals what information is being captured when a site
drops you a cookie.

A Search Engine That Understands
Brainboost is a search engine that takes a natural language question and
rewords it for submission to three major search engines including Google.
I entered "what is the tallest building in the world" and got the correct
answer. When I tried "what is a gizmo" I got "gizmo is cool" and "gizmo is
in need of a loving home in Florida.  Word has it that only one of these
responses was correct;>)

Free Excel Help
If you've got an Excel problem you can't solve, try the busy forum at this
site. It's free and the folks are very helpful.

Encryption, Hashing, and Obfuscation
OK, these are three different ways of hiding data but what's the difference
between them?  Find out here in this excellent plain English article from

** Bonus Items for Supporters **

- A site specializing in the techniques of secure programming
- A useful guide to help IT staff expose conflicts of interest
- A site offering lots of free training videos
- How to cut Linux boot times in half

Stop missing out on all this good stuff! Click below to donate
$10 and get the Supporters' Edition now. Donate by check, Postal
Order or credit card using ClickBank or PayPal.

Got some top sites to suggest? Send them to


Free NewsReader Specially For Downloading Binaries
There are lots of free Windows newsreaders but when it comes to downloading
binaries XNews is arguably the best. It handles multiple simultaneous news
servers, multiple downloads, and has sophisticated filtering.  But, most
importantly, it's relatively easy to use. I say "relatively" because UseNet
will always remain arcane and inaccessible for those not prepared to invest
the time and effort to understand the system. (680KB)

Free Networking Calculator
IPCalc is a tiny little IP calculator that will help you with your bit
crunching. It converts decimal IP addresses to hex, displays the masks and
IDs for networks, subnets, and the host, identifies invalid host addresses
for a particular subnet, and a lot more. Weighs in at a massive 14KB!

Undelete for Linux Users
Windows users can easily restore accidentally deleted files and now Linux
users can do the same with LibTrash, a tiny free utility. (73KB)

Utility Allows Access to Obscure Newsgroups
If you want to access a newsgroup that is not carried by your ISP then you
should try a public access newsgroup server.  Finding the right server is
made easily by NewsWolf, a free utility that gives you easy access to a
database of public servers. Download it from here: (313KB)

Ban Sites and Stop Ads With a Single Click
Thanks to subscriber Dave Compton for suggesting Web Nuke. This is tiny
free tool that adds a site to your hosts file simply by right clicking on
the unwanted web page, graphic or ad and selecting Web Nuke. Once the
address is added to your hosts file it is permanently blocked. Requires IE
5+ (761KB)

** Bonus Items for Supporters **

- At last, an easy to use file encryption program and it's
  highly secure as well
- A free admin tool for MS Office
- An impressive high end groupware product at a modest cost
- A tool that helps techies write better

Stop missing out on all this good stuff! Click below to donate
$10 and get the Supporters' Edition now. Donate by check, Postal
Order or credit card using ClickBank or PayPal.


Cumulative Patch for Internet Explorer (828750)
Severity: Critical
Systems Affected: IE V5.01, 5.5, 6.0, 6.0 for Server 2003
Problem: This patch fixes the various critical vulnerabilities left exposed
by the last cumulative patch MS03-032 (issued just a month ago) that is now
being exploited by the QHosts trojan. This patch, folks, is mandatory. If
you haven't installed it yet, go straight to Windows Update and install it
now or suffer the consequences.

Flaw in IBM DB2 for Linux
Severity: Critical
Systems Affected:  DB2 for Linux Version 7
IBM has advised of a buffer overflow vulnerability could allow exposure and
compromise of database contents. By utilizing a specially formulated
request, an attacker with low privileges could gain total control of the
database. A fix pack is available from the following page.

Three Open-source Vulnerabilities
The OpenSSL Project has released patches to fix three vulnerabilities. The
first two deal with buffer problems in OpenSSL in all versions up to and
including 0.9.6j and 0.9.7b, and all versions of SSLeay. These
vulnerabilities if exploited could lead to a DOS attack by crashing the
system.  Potentially more serious is the third vulnerability which exists
in versions of the widely used Sendmail package prior to 8.12.10.  Vendors
who use the package include HP, IBM and Red Hat. This buffer overflow flaw
could allow a remote attacker to execute arbitrary code with root
privileges.  Patches are available here:

New MailWasher Release Supports IMAP and AOL
Mailwasher has long been my spam filter of choice when I'm traveling. It’s
ability to kill spam and unwanted large messages directly on the mail
server prior to downloading is really appreciated when using modem access.
The latest release, V3.2, adds IMAP support and now provides access to AOL
accounts.  The upgrades are limited to the $29.95 Pro version as the
freeware version is now "frozen". (2.3MB)


Cheap DVD Writer
The price of these things is really dropping.  Like this 4X NEC ND 1300A
Dual DVD+RW/+R DVD-RW/-R for $118. It's bare bones with no software but you
can't complain at that price.

Access the Command Prompt Easily
Here's a registry patch for Win2000/XP that allows you to open a command
prompt in any folder just by right clicking from Windows Explorer.

Things That Move When They Shouldn't
Check out this sensational optical illusion.

Keep Out The SpamBots
These malicious nasties are constantly spidering web sites looking for
email addresses to harvest. This useful site shows how you can easily
deflect SpamBots from Apache servers. The concept is also applicable to MS
server sites.

Marriage Ruins Your Chances
Fancy your chances of making a major scientific breakthrough? Then you'd
better do it before you are 30 and before you are married according to this
research report.  Apparently tying the knot has put an end to many a
promising scientific career.

News Aggregators Reviewed
Extremetech is running a comparative review of six of the best RSS readers.
Frankly, I find the RSS concept over-hyped, but then again I was the one
who predicted the Dow would fall to 6000 by the end of the year;>)

** Bonus Items for Supporters **

- A USB flash drive that synchronizes data between PCs
- A clever utility that helps you discover who's cheating. Just
  the thing for auditing exams and tests!
- An extensive collection of free fonts
- The tech jobs you really don't want
- A simple IT initiative that can improve user productivity by
  ten percent


Free FTP Client and Server
It's going to take a lot to wean me from WS_FTP Pro but I must admit that I
was quietly impressed by the Open Source FTP client FileZilla. It's a
relatively small program that includes a lot of features including a site
manager, firewall and proxy support, SSL and Kerberos GSS security and a
lot more. Most importantly, FileZilla is really easy to use (for a FTP
client) and this will win over many users. I didn't try the free server
myself but I hear that it's just as good as the client. (1.7MB)

** Bonus Freebie for Supporters **

Free Utility Manages Windows Windows
In the last issue I mentioned a $19.95 utility that allow you to keep any
Window always on top as well as allowing you to minimize the window to a
system tray icon. Thanks to subscriber Kevin Forrester who let me know
about this neat freeware program that does this and a lot else as well.

Stop missing out on all this good stuff! Become a Supporter now.


This is the free edition of Support Alert newsletter. If you
like this version, you'll be blown away by the enhanced edition
that our supporters get.

Donate now and you'll not only get the enhanced "Supporters'
Edition", you'll also get "Gizmo's Desert Island Utilities"
report outlining the very best software utilities on the market,
including many free products.

Every issue I also give away a free copy of the top ranking anti-
trojan program TDS-3 worth $49 to someone who donates to this
newsletter.  There are only a very limited number of donations
made so your chances of winning are excellent! Just click the
link below:


Donate by check, Postal Order or credit card using ClickBank or



Back Issues
A searchable library of back issues is available at:

Support Alert is a free newsletter. To subscribe, send a totally
blank email to: supportalert-subscribe@webelists.com.

If you no longer wish to receive this newsletter just go to
Enter your email address. No password is needed. You can
then cancel your subscription on-line.

To change your delivery email address go to
Enter your old email address. No password is needed. You can
then change your subscription email address directly.

For lots more free IT newsletters see

Thanks to the following volunteer reviewers for their efforts:

Daniel Rose (D.R.)
Annie Scrimshaw (A.S.) aka Annmarie at www.cybertechhelp.com
Jeff Partridge (J.P.)
Sheila Foss (S.F) aka PippieT

Reviews written by Annie, Daniel, Jeff and Sheila are indicated
by their initials at the end of the review.

Thanks too to A. Belile for proofreading this issue.

Content of this newsletter is (c) Copyright TechSupportAlert.com, 2003

See you next issue

Ian “Gizmo” Richards