Support Alert

                 "Gizmo's top picks of the best
                  Tech resources and utilities"

                 Issue 105 - 21st January, 2004

    Support Alert is a registered online serial publication
                         ISSN 1448-7020.


Quote of the Week

"If a packet hits a pocket on a socket on a port,
and the bus is interrupted as a very last resort,
and the address of the memory makes your floppy disk abort
then the socket packet pocket has an error to report!

If your cursor finds a menu item followed by a dash,
and the double-clicking icon puts your window in the trash,
and your data is corrupted 'cause the index doesn't hash,
then your situation's hopeless, and your system's gunna crash."

- Prof. Gene Ziegler
Extract from "A Grandchild's Guide to Using Grandpa's Computer"


Folks, there are some nasty things out there.

Over the years I've had to deal with some truly virulent viruses,
tormenting trojans and wrathful worms but I've just had a run-in
with a piece of scumware that's just simply detestable.

And it nearly ruined my Christmas!

It all started at our annual extended family Christmas party.
Now, in one respect, I never really look forward to these things
as I just know I'm going to get collared at some stage by some
obscure relative looking for me to fix their broken PC.

This year I was sailing fine.  It was nearly time to go home and
the only computer talk was from a nephew who wanted to buy a
laptop for college.

Then I saw my cousin Andrew coming towards me. He had his eyes
fixed on me as he walked. I knew immediately that my lucky streak
was coming to an end.

"Hi Cousin Ian, been meaning to talk to you all day. I've got a
real serious computer problem ..."

My fate was sealed. I was going to have to take the 60 mile ride
over to Andrew's place to see what was wrong.

A week later I was sitting in front of my Cousin's PC and it was
clear he really did have a problem. His browser had been
hijacked. It was defaulting to a seedy homepage and would
navigate to strange sites at random. Then there were all those
offensive banner ads.

I'd seen this many times before. I yawned, reached for my utility
CD containing SpyBot and Ad-aware and installed the products.
"Could be out of here in an hour,Ē I was thinking.

SpyBot detected a host of problems but most were minor pests.
Except one. CoolWebSearch.

CoolWebSearch (CWS) is an infamous browser hijacker. I'd heard
about it but had never encountered it. CWS was almost certainly
the cause of the hijacking problem.

SpyBot went through its cleaning procedures, I reset the browser
home page and I announced to Cousin Andrew that his PC was now
fixed. I rebooted and started packing up.

Not so fast. When I tested the browser I found that the homepage
had been hijacked again.

I repeated the cleaning procedure. As before, Spybot detected the
problem, said it had cleaned it, yet the problem was still there.

So I tried Ad-aware. Same result.

Faced with the prospect of spending hours looking for registry
entries and checking every single Windows auto-start location, I
ran a Google search and came up with a site that lists the full
history of CWS and the various techniques it uses to gain control
of your browser.


It makes frightening reading. There are over 24 variants of CWS
with new mutations appearing regularly. Each variant uses a
different mix of clever tricks to avoid detection and removal.

The dudes behind CWS are serious. Worse, they are fiendish. Worse
still, they are very smart.

The particular variant on my Cousin's PC used two processes to
watch each other. If one was killed, the other process restarted
it. That's why SpyBot and Ad-aware were unable to get rid of it.

That's not a new trick. Many virus scanners use the same
technique to prevent viruses from pulling down the scanner.  But
this implementation was particularly clever - fiendishly clever.

Luckily the site offers a free cleaning utility, CWShredder, to
remove CWS. I downloaded it and it worked just fine. If you've
got CWS, save yourself a lot of time and download the free
cleaner from the spywareinfo.com website.  It's updated regularly
to include the latest CWS mutations.

The basic mechanism of CWS infection is through the two loopholes
in Microsoftís implementation of Java. Microsoft has issued fixes
for both problems but like most PCs, my Cousin's machine was

If your machine is unpatched, you can get infected merely by
visiting an unfriendly website or clicking on a spiked ad.

However I don't suggest you should just rush out and install the
patches. I suggest you address the root cause and consider
removing the MS Java Virtual Machine altogether from your PC.
Instead, install the free, and more recent, Sun version.

MS Java Virtual Machine is a dead product. MS ceased supporting
it on January 1, 2004.  That means no more fixes, no more
patches. As such, MS VJM is now a security risk. Even MS suggests
you remove it. In fact Windows XP SP1a does just that.

You'll find Microsoft's position statement here:

However, you probably need Java. There are a lot of apps that use
it and many websites that require you to have it. So install the
Sun version instead.

You'll find instructions for removing the MS version at this
link, though be warned, it involves some registry editing:

If anyone knows of a utility that will do this automatically,
please let me know and I'll publish it in a future issue.

Installation instructions for Sun Java can be found at this link:

Take heed folks. This is serious.


Support Alert relies on voluntary donations to survive.  If you
feel that you've benefited from reading this newsletter perhaps
you would like to consider donating.

If you donate you'll get 12-months subscription to the special
enhanced "Supporters' Edition" of this newsletter which contains
almost twice the number of great tech sites and free utilities as
the standard edition. It's also ad-free,

Donate now and you'll also get my special report "Gizmo's Desert
Island Utilities" which outlines the software I consider most
useful, including many free products.

This month one lucky person who donates will also win a free copy
of the top anti-trojan program TDS-3, rated as the best in class
over at www.anti-trojan-software-reviews.com. Valued at 49.00
it's a great prize.


The suggested donation is $10 which can be made by check, postal
order or credit card using either ClickBank or PayPal.

Click the link below to donate now:



 - Good Freeware Site
 - Free System Tools
 - Secure Way to Access Remote Servers
 - Free Hardware Advice
 - Free Innovative Software
 - The Best CD Media Revealed (SE Edition)
 - Solve Windows File and Printer Sharing Problems (SE Edition)
 - Spam Filters Reviewed (SE Edition)
 - Excellent Free Cryptography Resource (SE Edition)
 - Free Time Correction Utility That Works
 - Free Network Monitor
 - Best Free Calculator?
 - Add Mouse Gestures to Your Browser
 - Change Formatted Text to Plain text
 - The Best Windows Text Editor? (SE Edition)
 - Easily Identify Changes in System Directories (SE Edition)
 - Low Cost Professional Time Scheduler (SE Edition)
 - Free Batch File Processor That Works With LANs (SE Edition)

 - KaZaa Excels at Delivering Digital Malware
 - Cisco Firewall Flaw Could Lead to DOS Attacks
 - Windows XP Service Pack 1.5?
 - Symantec Fixes Norton Anti Virus 2004 Activation Bug
 - MS Word Passwords Easily Broken with Hex Editor
 - Vulnerability in Microsoft ISA Server (816458)
 - Vulnerability in Exchange Server 2003 (832759)
 - Buffer Overrun in MS MDAC Could Allow Code Execution (832483)

 - PC DVD Player Works With PC Turned Off
 - 1.5GB Key Chain USB Drive for 199.00
 - Too Many Phishers in the Sea
 - Extreme Geekdom
 - Google Expands Search Yet Again
 - Where do Ikea Names Come From?
 - Password Breakers for Nix (SE Edition)
 - Help for Windows Update Problems (SE Edition)
 - Controlling Search Engine Spiders (SE Edition)
 - How to Use Windows Drivers with Linux (SE Edition)
 - How to Scroll the Start/All Programs Menu

 - Free Anti-Virus Protection and Firewall
 - Best Free Startup Manager (SE Edition)


Good Freeware Site
Thanks to subscriber Richard Steinitz for letting me know about
the Freeware World Team site which lists more than 13,000
freeware programs by category.  A nice feature of the site is
they try to give links to the last known free version of once-
free products that have gone commercial. This is not 100%
implemented but useful where available. There is also multi-
language support though I must say the English spelling and
grammar needed some attention. Well worth visiting.

Free System Tools
This site offers an excellent collection of free command line
tools of use to sysadmins and other tech heads. The two I tried
worked a treat.

Secure Way to Access Remote Servers
The SSH protocol is starting to get a lot of traction. If you use
Telnet or FTP for connecting to remote servers, you really should
bone up on the security advantages that SSH offers. This site
tells you all you need to know and includes a useful list of free
Windows clients to help you on your way.

Free Hardware Advice
This site is an excellent resource for anyone looking to buy new
hardware as well as those who want to get the best from what they
already own. There are many product reviews and some of the most
active user forums on the web.  While at the site, check out the
useful weekly newsletter.

Free Innovative Software
I really liked this site's collection of unusual freeware.  With
many products listed I've never heard of, it's a welcome change
from other freeware sites. There's a strong Linux orientation but
there is a good assortment of products of interest to experienced
Windows users as well. If you are looking for a notepad
replacement or clipboard utility, go elsewhere ;>)

** Bonus Items for Supporters **

- Find out the best blank CD Media
- How to solve Windows file and printer sharing problems
- Spam filters reviewed. Which is best?
- Discover an excellent free site for cryptography information

Got some top sites to suggest? Send them to


Free Time Correction Utility That Works
A lot of folks have difficulty getting time correction software
to work on their PC. If that's you then you should try Dimension
4, a free utility that gives you the choice of connecting to a
time server either by standard TCP protocol or by the more common
(and more problem-prone) SNTP protocol. If you haven't yet got a
time correction utility, this is the one.  It's free, itís easy
to use, and it has every function that you could conceivably
want. Because it works from both the command line and Windows,
it's ideal for batch files, too. (292KB)

Free Network Monitor
Here's a useful utility I picked up from Jack Teem's "Neat Net
Tricks" newsletter. Network Probe is a network monitor/protocol
analyzer that gives you a real-time view of the total traffic on
your network. It allows you not only to identify and locate
congestion, but also to diagnose the cause.  Version 0.5 is
available for free, though the very latest version is a $300
commercial product.  I found V0.5 worked just fine. It's
relatively simple to use and offers lots of diagnostic
information. Just the thing for cheapskate Network
Administrators. Versions are available for Windows NT and later,
Linux, and even Mac OS X. Freeware, 4.31MB.  P.S. Over the years
I've picked up quite a few tools like this from Jack's newsletter
and I recommend it heartily. I've included a link below.

Best Free Calculator
I was recently chastised by a subscriber for not featuring this
category in my "46 Best Freeware Utilities" list.  I plead guilty
but cite chronic PC calculator fatigue syndrome in mitigation.
Anyway, the last time I researched the subject my choice was
EBSCalc. For accounting types it offers an "adding machine" style
scrolling results tape.  For tech types and students it has all
the technical functions you could ever need. If anyone knows a
better free product, let me know. Boring, boring, boring.
Freeware, 742KB.

Add Mouse Gestures to Your Browser
Mouse gestures are specific mouse movements that allow you to
control browser navigation. They can be used for any Windows
control function but Internet navigation is the most common and,
once you get used to them, they are a real time saver. Some
modern browsers have gestures built-in but not Internet Explorer.
EasyGoBack is a free utility that adds a number of the most
useful gestures to IE and to other browsers that use the IE
engine. The handiest gesture is the ability to navigate backwards
and forwards just by right clicking and moving the mouse to the
left or right respectively.  EasyGoBack adds other functionality
too, like the ability to open a new browser window by clicking
the wheel button. Works well. Freeware, 208KB.

Change Formatted Text to Plain text
When I first saw PureText I thought, "Why use this when I can
simply cut and paste into Notepad or other text editor?"  Well,
the answer is that it's simpler and quicker and anyway itís free.
Just copy your required text from any formatted document such as
a web page, Word document or PDF file and the hit a hot key to
paste it into another document as plain text.  Works with all
Windows versions. Freeware, 13KB.

** Bonus Items for Supporters **

- The Best Windows Text Editor?
- A Free utility that identifies changes in System Directories
- Low cost professional time scheduler impresses
- A free advanced batch file processor that works over LANs

Got some top utilities to suggest? Send them to


KaZaa Excels at Delivering Digital Malware
A recent study by security firm TruSecure found that 45% percent
of the executable files downloaded through KaZaa contained Trojan
horses, viruses and other forms of malicious code.

Cisco Firewall Flaw Could Lead to DOS Attacks
Cisco Systems has issued an advisory covering two flaws in some
switch models that could be used for a denial-of-service attack.
The advisory covers Cisco Firewall Services Module (FWSM) for
Cat*lyst 6500 Series and 7600 Series switches. See below for
patch details.

Windows XP Service Pack 1.5?
No, there is no new service pack yet but there is an "Update
Rollup 1 for Windows XP" that incorporates 22 individual patches
released since SP1 into a single file.  It only works with PCs
where SP1 has been installed and where none of the 22 individual
patches have been mounted so it's not much use to most users.
But itís handy when installing new machines or upgrading to XP.
(9 MB)

Symantec Fixes Norton Anti Virus 2004 Activation Bug
As soon as NAV 2004 came out there were complaints from users
that the productís new activation system was broken. At first
Symantec denied it, then they accused the victims of stealing
their products, then they admitted it but said it was very rare.
Now they have finally produced a fix. If your copy of NAV 2004
needs frequent reactivation, you'd better check this out:

Alternative short link: http://www.urltrim.com/ct/t.php?l=56

MS Word Passwords Easily Broken with Hex Editor
A German security company has published simple instructions
demonstrating how to break one of the most commonly used Word
document password protection schemes. MS has responded by saying
that particular scheme, activated by clicking on Tools/Protect
Document, was not intended as a security feature. It looks like
somewhere along the line MS forgot to tell Word users that
protecting a document with a password wasn't really meant to
protect. Go figure.  Meantime, use the Tool/Options/Security
option for protecting your Word documents. That protection
scheme, apparently, actually protects ;>)

Vulnerability in Microsoft ISA Server (816458)
Severity: Critical
Systems affected: ISA Server 2000, Small Business Server
"A security vulnerability exists in the H.323 filter for
Microsoft Internet Security and Acceleration Server 2000 that
could allow an attacker to overflow a buffer in the Microsoft
Firewall Service in Microsoft Internet Security and Acceleration
Server 2000. An attacker who successfully exploited this
vulnerability could try to run code of their choice in the
security context of the Microsoft Firewall Service. This would
give the attacker complete control over the system. The H.323
filter is enabled by default on servers running ISA Server 2000
computers that are installed in integrated or firewall mode." For
fix details see the full bulletin at the link below:

Vulnerability in Exchange Server 2003 (832759)
Severity: Moderate
Systems affected: Microsoft Exchange Server 2003
This vulnerability exists in the way that Hypertext Transfer
Protocol (HTTP) connections are reused and could allow an
attacker escalation of privileges." System administrators should
install this security update on all front-end servers that are
running Outlook Web Access for Exchange Server 2003.

Buffer Overrun in MS MDAC Could Allow Code Execution (832483)
Severity: Important
Systems affected: Windows 2000/XP, SQL Server, Server 2003
Problem: There is a buffer overflow problem with one of the
subsystems of Microsoft Data Access Components (MDAC) versions
2.5-2.8 that could enable an attacker to gain an elevation of
privileges. A patch is available from the link below.


PC DVD Player Works With PC Turned Off
This is a clever idea: a combined DVD drive, MP3 player and FM
radio that fits into a single 5 1/4 inch bay in your PC. Most
importantly, the Gigabyte GO-M1600A has its own front panel
controls as well as a remote, so it works even if your PC is
switched off.  It's priced right, too, with a retail of 170.00.

1.5GB KeyChain USB Drive for 199.00
There's no stopping them; flash drives are taking over the world.
This 1.5GB USB 2.0 unit is selling at Amazon for 199.00 Remember
the days of 360KB disks? Well you could fit the contents of over
4,000 of them on one of these babes.

Too Many Phishers in the Sea
Phishing is the ignoble email art of extracting confidential
information from unsuspecting recipients by using a fake message
supposedly from well known suppliers like Yahoo, Amazon, Visa,
etc. Some are so fiendishly clever they have momentarily fooled
arch cynics like me.  Learn more from this free article.

Extreme Geekdom
I just rediscovered this site.  Sing, Sing Halt were a group of 9
sysadmins who achieved their five minutes of fame with their
classic Y2K song. They even made an MP3 and video. Appropriately,
the video links on this page don't work but you can still
download the MP3. If you can't follow all the words, you can
print them off with the handy Sendmail script. ;>)

Google Expands Search Yet Again
Google keeps adding new features. The latest is a numeric search
feature that brings up maps for area codes, CarFax reports for
vehicle VIN numbers, on-time reports for airline numbers, status
reports for USPS and FedEx tracking numbers, and more. Entering
your name doesn't currently tell you when your number's up but
they are probably working on it. ;>)

Where do Ikea Names Come From?
This is totally irrelevant but interesting if you're like me and
wondered where Ikea gets those weird Scandinavian product names
like Armo, Munsa and Sagolek let alone Jerker and Fartful. Well
you'll get the answer here and there's more to this than you
might think.

** Bonus Items for Supporters **

- A whole collection of password breakers for nix
- Help for Windows Update problems
- Controlling search engine spiders
- How to use windows drivers with Linux

How to Scroll the Start/All Programs Menu
If you've installed a lot of programs on your Windows XP PC
you'll soon discover that you've run out of room to display all
the programs when you select Start/All Programs.  The solution is
to change to a scrolling display.

To do this right-click on a blank space in the Taskbar, then
select Properties/Start Menu/Customize/Advanced. Browse the
"Start Menu Items" box for the item "Scroll Programs" and click
to select.


Free Anti-Virus Protection and Firewall
Computer Associates are currently giving away to any "Microsoft
customer", their well-regarded eTrust EZ Armor Security Suite
along with 12 months of free updates. The suite consists of a
virus scanner and a personal firewall and features automatic
virus updates, advanced email attachment protection, port
stealthing, ad blocking and cookie control features.  The virus
scanner has performed very well in independent tests and the
firewall is no slouch either. The offer has some restrictions,
most notably that it is for new home users of the product and is
limited to one copy per household. If you qualify, you are
getting quite a product for quite a price. Go for it! (18MB)

** Bonus Freebie for Supporters **

The Best Free Startup Manager
Everyone needs a startup program utility so they can exercise
control over what third party programs start automatically with
Windows. My long time choice has been PC Magazine's Startup Cop
but alas, this is no longer freeware - it's now only available if
you subscribe to the magazine's software service.  My new choice
is small, capable and has powerful features not found in Startup
Cop including the ability to edit or add entries. A top utility.

Stop missing out on all this good stuff! Become a Supporter today
and receive the SE Edition immediately


This is the free edition of Support Alert newsletter. If you
like this version, you'll be blown away by the enhanced edition
that our supporters get.

Donate now and you'll not only get 12 months subscription to the
enhanced "Supporters' Edition", you'll also get "Gizmo's Desert
Island Utilities" report outlining the very best software
utilities on the market, including many free products.

Donate by check, Postal Order or credit card using ClickBank or



Support Alert is a free newsletter. If you liked this issue why
not email it to a friend.  To subscribe, send a totally blank
email to: supportalert-subscribe@webelists.com or sign up online
at http://www.techsupportalert.com/al_subscribe.htm.

Back Issues
A searchable library of back issues is available at:

If you no longer wish to receive this newsletter just go to
http://www.webelists.com/cgi/lyris.pl?enter=supportalert. Enter
your email address. No password is needed. You can then cancel

To change your delivery email address go to
Enter your old email address. No password is needed. You can then
change your subscription email address directly.

For lots more free IT newsletters see

Thanks to the following volunteer reviewers for their efforts:

Daniel Rose (D.R.)
Annie Scrimshaw (A.S.) aka Annmarie at www.cybertechhelp.com
Jeff Partridge (J.P.)
Sheila Foss (S.F) aka PippieT

Reviews written by Annie, Daniel, Jeff and Sheila are indicated
by their initials at the end of the review.

Thanks too to A. Belile for proofreading this issue.

You can contact this newsletter by snail mail at:
Support Alert
PO Box 243
Comstock Park, MI  49321-0243

Content of this newsletter is (c) Copyright TechSupportAlert.com,

See you next issue