========================
                         Support Alert
                    ========================
                    www.techsupportalert.com
 
                 Your pointer to the very best
                  tech information on the Web
 
                 Issue 84 - 16th September 2002
 
Support Alert is a 100% subscription-only newsletter.
Instructions how to Un-subscribe are at the end of each issue.
 
                      <<<<<<<<<>>>>>>>>

                      Quote of the Week

"Computer games don't affect kids; I mean if Pac-Man affected us
as kids, we'd all be running around in darkened rooms, munching
magic pills and listening to repetitive electronic music."

Kristian Wilson
Nintendo

                      <<<<<<<<<>>>>>>>>
 

FROM THE EDITOR

I hope I don't get sued over this.  Computer writers always run
this risk whenever they publicly criticize products. Some
have even been financially ruined. If you don't believe me, read
what the LockDown Corp did to Keith Little:
http://www.pc-help.org/suit/suit.htm

This editorial is really an open letter to the 100 plus
subscribers who wrote to me asking for specific advice about
purchasing an anti-trojan program. I'd love to answer your
letters individually but with this many, it's just not possible.
So here's my collective answer to the questions you raised:

Issue 1: "Do I really need an anti-trojan?" Well, if you
practise absolute 100% safe hex, the answer is no.  And if you
use Kaspersky AVS as your anti-virus program, the answer is no
again. Kaspersky has excellent anti-trojan capabilities. Maybe
not up there with TDS-3 but close.

And that's it.  If you don't fall into one of these two groups,
you need an anti-trojan. Sure you can wing it without any of
these products but one day you will be caught out big-time. It's
not a case of "if," it's merely a case of "when."

Issue 2: "I'm running an anti-virus suite (other than Kaspersky)
and/or a firewall, do I have sufficient protection?"  Well, yes
and no. You certainly have some protection.  More with McAfee
than most others though with Norton, considerably less. The real
problem is that although the anti-virals will catch some
trojans, they tend to miss the really dangerous modern ones; the
polymorphic trojans, those with complex compression schemes and
those with in-built defences against anti-virals and firewalls.

I wish I could demonstrate to you just how devastatingly
effective modern trojans can be in totally destroying your
defences. It works like this; before the trojan server is loaded
it executes a module designed to pull down and sometimes
permanently destroy your virus suite and your firewall. Watching
it take place is depressing, a few tenths of a second and you
are stripped naked. If you can't bring yourself to believe this,
then locate on the Web a copy of the trojan companion module
called AVKillar and try it on a <TEST> PC. I bet you'll end up
installing an anti-trojan same day!

Issue 3: "What anti-trojan should I use?"  This is a no-brainer.
If you are tech-savvy and you have a 1GHz+ PC then get TDS-3. It
will give you the best protection available. It will also gobble
up machine resources in order to give you that protection.
That's why you need a fast machine.

If you are not technically comfortable with PCs or have an older
PC, then get BoClean  It's lean but it's mean. It also has no
file scanner and this will be an issue to some people. You
didn't hear me say this but you could download the TDS-3 demo
and use it's scanner to make sure your disk is clean ;>)

As an alternative to BoClean you could consider Trojan Hunter.
It's fast, resource efficient and very well designed though its
rules file is a tad small.

If you currently have no anti-virus scanner, a fourth option is
to buy the Kaspersky AVS. That way you will get a great virus
scanner and a great anti-trojan. But you will pay for this dear
friends, with serious resource usage and a user interface that
defies description.  But if you have a very zippy PC and you are
the patient and understanding type then Kaspersky is a real
option.

Issue 4: "I currently have brand X anti-trojan. Should I replace
it with one of the products you've recommended?"  Again the
answer is easy. Look your vendor straight in the eye and ask
"does your product handle polymorphic trojans?" If they are
honest and answer "no", or squirm uncomfortably and start
talking about the weather, then it's time to move on.

The three top products in my review handled polymorphic trojans.
Most others don't. You can find my review here:

http://www.techsupportalert.com/best_anti_trojans.htm

Now if I spell it out any clearer I WILL get sued;>)
 

Gizmo Richards
mailto:editor@techsupportalert.com

PS I love receiving your email but please always send your mail
to the above address. Do NOT simply hit the "reply" button. If
you do, your precious epistle will end up lost amongst hundreds
of "Away from the office" autoresponse messages.  The chances of
me spotting your message in this lot is pretty small.

                 <<<<<<<<<<<<<<<>>>>>>>>>>>>>
 
IN THIS ISSUE
 
1. TOP TECH SITES
 - Microsoft Knows Best
 - Cookies Mastered
 - Firewalls Unplugged
 - Remote from the Facts or Facts on the Remote
 - Track Down Those Spammers
 - WAR on Wi-Fi
 - Windows Shutdown Problems
 
2. UTILITIES
 - *HOT* Product Alert
 - Tools for Spyware Paranoids
 - Restore Missing Toolbars
 - Say No to HTML Mail
 - Automatically Close Unwanted Dialog Boxes
 - AutoComplete Errors Fixed
 - Cost-Efficient Proxy Server
 - Cracking Office Passwords
 - Return Unwanted Mail to Sender
 - How to Cut Your XP Boot Time
 
3. BUGS, SERVICE RELEASES AND PATCHES
 - Windows XP SP1 Released - Deadly Flaw Corrected
 - Fix for Windows XP Deadly Flaw
 - Windows XP SP1 Release Notes & Resources
 - Apache/Linux Worm Exploits Vulnerability
 - New PGP Security Risk
 - Visual FoxPro 6 Vulnerability

4. OTHER USEFUL STUFF
 - Wireless Access Point Offers Excellent Bits Per Buck
 - Add USB Support to Linux
 - Help for Backward Users
 - Photo Printer for the People
 - Amazon Conquered
 - Using FTP Without FTP software
 - Latest Version of Ad-Free Kazaa
 - Free Anti-Trojan
 - Cell Phone Brain Frying - the Debate Hots Up
 - Protect Your Valuable Bits From Radiation
 
             <<<<<<<<<<<<<<<>>>>>>>>>>>>>

1. TOP TECH SITES
=================

Microsoft Knows Best
The Microsoft Knowledge Base (MKB) is a true fountain of
information but, even with the new interface, its pretty hard to
locate what you want.  At this site, they have filtered out the
most popular MKB articles and categorised them into meaningful
groups like "Office XP installation problems."  You'll be
surprised how much useful MS stuff is available, once you know
it's there. In addition to the MKB material, this site also has
its own tips and tricks and of course, a lot of advertising.
Definitely worth visiting.
http://www.tipsdr.com

Cookies Mastered
This site features everything you wanted to know about cookies
but were afraid to ask. There is information here for both Web
site developers and surfers alike.
http://www.cookiecentral.com/faq/

Firewalls Unplugged
I've received quite a lot of agitated email flowing from  the
item in our last issue on Robin Weirs "Firehole" demonstration
program that penetrates most personal firewalls. The bad news is
that there are quite a few programs that do the same. Indeed
most firewalls can be penetrated by one or more of these
techniques.  This site lists some of these programs and has a
useful chart comparing the performance of several popular
firewalls. Not happy reading.
http://www.pcflank.com/art21.htm

Remote from the Facts or Facts on the Remote
This site features everything you need to know about the new
generation of smart remote control devices such as the nifty
Philips Pronto or the unbelievably cool IPAQ/Nevo. Just the
thing for doing presentations from your laptop.
http://www.remotecentral.com/

Secure Mobile Email
This short report from the Gartner Group provides a useful
introduction to the issues involved in providing end-to-end
security for email sent by your mobile users.
http://tinyurl.com/1gsn
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2879336-2,00.html

 Track Down Those Spammers
Get 'dem spammers. Here are some tools to help you track them
down.
http://combat.uxn.com/

Free Web Site Resources
This site offers a variety of free tools to webmasters including
the best free site search service I've found. It even indexes
PDF files!  Check out the free server uptime monitoring service
as well, I use for on our site and it's terrific. So why pay
when you can get it for free?
http://www.master.com

WAR on Wi-Fi
There's a lot of it going on: WarDriving, WarChalking,
WarFlying and a myriad of other means of identifying wireless
networks. You'll find an excellent summary of how it's all done
in this downloadable text document.  It's grey-hat material but,
if I was a network administrator, I'd be giving this document my
close attention.
http://www.kraix.com/downloads/TDGTW-WarXing.txt

Windows Shutdown Problems
If you are experiencing problems with Windows XP shutdown you
might like to check out this useful guide:
http://dave-partridge.com/shutdown.shtml 

Know some great tech sites? Send them in to
editor@techsupportalert.com
 
 2. UTILITIES
=============

*HOT* Product Alert
In the last issue I mentioned EnFish Find, a powerful Windows
indexing program that allows you to quickly search your email
folders, word processing documents and other folders containing
personal documents.  After using EnFish for 2 weeks I can state
that this program is essential for anyone who has a large number
of documents or who has information scattered between email and
word processing files. Its speed is phenomenal and it's totally
seamless.  I've now given up filing and ordering any of my
documents as I can find what I want almost immediately with
EnFish.  A rave review? You bet! Download the trial here (6MB):
http://www.enfish.com/desktop/download_find.asp

Tools for Spyware Paranoids
I'm a great fan of Ad-Aware the nifty free adware and spyware
zapping utility but was surprised just how many more unwanted
items were detected on my computer by PestPatrol.  I discovered
this accidentally during my recent review of anti-trojans. After
more experience with PestPatrol I can definitely say it is
numero uno in the adware and spyware detection stakes. It's
performance as an anti-trojan is less impressive. More details
here:
http://www.techsupportalert.com/best_anti_trojans.htm

Restore Missing Toolbars
Inexperienced PC users just always seem to be losing their
Windows and Internet Explorer toolbars. I've never quite worked
out exactly how they do it but they sure manage it somehow.
Luckily, this free utility makes recovery a snack.
http://www.kellys-korner-xp.com/ToolbarRepair.Exe

Say No to HTML Mail
In the last issue I mentioned PocketKnife Peek, the free Outlook
add-in that allows you to view html without opening the message
and thus eliminating the risk of executing an embedded script.
Here's a shareware utility that does the same thing for Outlook
Express.
http://www.baxbex.com/nohtml.html

Automatically Close Unwanted Dialog Boxes
Buzof is a small shareware program that enables you to
automatically answer, close or minimize virtually any recurring
window including messages, prompts, and dialog boxes. You use it
by teaching the program to click the button that you would
normally click to get rid of the annoying window. Great for
removing repeated cookie requests and other repetitive nag
screens.
http://www.basta.com/ProdBuzof.htm

AutoComplete Errors Fixed
Internet Explorer's AutoComplete feature can save you a lot of
time when completing Web forms but it doesn't allow you to edit
"saved" responses. This can be a real pain, particularly when it
has saved wrong or mistyped responses. Now you can edit to your
heart's content with this free utility from PC Magazine.
http://www.pcmag.com/article2/0,4149,3116,00.asp

Cost-Efficient Proxy Server
Proxy+ is a software-based firewall, proxy, and mail server
that's been around a while now and offers an attractive option
for small networks to securely share an Internet connection and
simultaneously manage email needs. Proxy+ has a firewall
function but I'd be inclined to leave that to one of the free
specialist firewalls such as Sygate, ZoneAlarm or Tiny.  You'll
end up with a really effective and cost efficient solution for
small offices or workgroups.  Proxy+ is free for up to 3 users
with prices ranging up to $299 for unlimited users.
http://www.proxyplus.cz/

Cracking Office Passwords
Support staff are often asked to recover Office passwords.
People just forget their passwords or staff leave the company.
There are a number of recovery tools available but Advanced
Office XP Password Recovery from Elcomsoft
is easily the best I've seen. It utilizes a variety of
techniques to crack the passwords and if all else fails, will
resort to brute force.  It broke the standard low-level password
I use for personal Word documents in 41 seconds. Cracking the 8
digit random password I use for my financial data took 7 hours
and 31 minutes. Depending on your point of view you can call
that result brilliant or utterly depressing.
http://www.elcomsoft.com/aoxppr.html

Return Unwanted Mail to Sender
In previous issues we've mentioned how you can use our favourite
email previewer, Mailwasher, to bounce Spam. Here's another
shareware program that that does the same thing but also allows
you to download your mail directly rather than using your email
client.
http://www.spamstalker.com/index2.html

How to Cut Your XP Boot Time
This free utility from Microsoft allows you to quickly identify
how long each system component takes to load. Using this tool
and a bit of fine tuning, I managed to cut my boot time by one
third.
http://tinyurl.com/llc
http://www.microsoft.com/hwdev/platform/performance/fastboot/BootVis.asp

Got some favourite utilities? Why not share the news? Send
your top picks to editor@techsupportalert.com
 
 
3. BUGS, SERVICE RELEASES AND PATCHES
=====================================

Windows XP SP1 Released - Deadly Flaw Corrected
Microsoft has finally released Service Pack 1 for all versions
of Windows XP.  It includes all individual patches and fixes
previously released plus a few new ones. The later is important
as a number of security gurus including Steve Gibson are saying
that SP1 fixes an unannounced and deadly XP flaw. See item below
for more details.  I suggest you take his advice and install SP1
immediately.  I have and it went flawlessly.  You can download
the 130MB SP1 from the address below.
http://tinyurl.com/171p
http://www.microsoft.com/windowsxp/pro/downloads/servicepacks/sp1/default.asp

Fix for Windows XP Deadly Flaw
According to Steve Gibson "Windows XP has contained a critical
flaw that could be trivially exploited at any time by any
malicious hacker. By causing any Windows XP system to process a
specially-formed URL (web-style link), the XP system would
obediently delete all or most of the files within any specified
directory. (That's not good.) This flaw is considered critical
because these malicious URLs could be delivered to any XP user
through any means: via an eMail solicitation, a chat room, a
newsgroup posting, a malicious web page, or even processed
automatically without the user clicking anything by merely
visiting a malicious web page. (That's bad.) "  The fix is to
install XP SP1. In the meantime you might want to protect your
PC by installing Steve's 30KB XPDite utility available from his
site. Apparently all it does is rename a file which is the
source of the problem.  Microsoft have admitted the flaw but
denied they attempted to hide it by buying it in XP SP1 - see
link 2. below.
1. http://grc.com/xpdite/xpdite.htm

2. http://tinyurl.com/1gsp

2. http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/HCP1.asp

 

Windows XP SP1 Release Notes & Resources
Before you install XP SP1 I'd strongly suggest you read the
release notes from MS.  You should also check the Labmice web
site which already has an XP SP1 resources section.
1. http://tinyurl.com/1fsx

1. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q324722

 2. http://www.labmice.net/ServicePacks/winxpsp1.htm

 Apache/Linux Worm Exploits Vulnerability
Symantec has warned of over 3000 incidents involving the
Linux.Slapper.Worm which uses an OpenSSL buffer overflow exploit
to run a shell on a remote system. According to Symantec "The
worm targets vulnerable installations of the Apache Web server
on Linux operating systems which includes versions of SuSe,
Mandrake, RedHat, Slackware and Debian. The worm also contains
code for a Distributed Denial of Service attack."  To fix the
vulnerability upgrade to OpenSSL 0.9.6g
http://www.openssl.org/

New PGP Security Risk
Yet another serious PGP security alert. According to an advisory
from security firm Foundstone, email encrypted with the Pretty
Good Privacy program can be used to attack and take control of a
victim's computer. This is possible because of a flaw in the way
PGP handles long file names in an encrypted archive. Foundstone
states that this could allow an attacker to "take control of the
recipient's computer, elevating his or her privileges on the
organization's network." Affected versions are PGP Corporate
Edition 7.1.0 and 7.1.1.  A patch is available here:
http://tinyurl.com/1gsq
http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp

 Visual FoxPro 6 Vulnerability
Microsoft have issued an advisory covering a flaw in Visual
FoxPro 6.0  where a web page could automatically launch a Visual
FoxPro application (i.e., an .app file).
A patch is available and should be applied immediately.
http://tinyurl.com/1gsr
http://www.microsoft.com/technet/security/bulletin/MS02-049.asp

  4. OTHER USEFUL STUFF
=====================

Wireless Access Point Offers Excellent Bits Per Buck
The Netgear HE102 802.11a is a wireless access point that's easy
to setup yet has 54Mbps performance.  WEP security can be set
to  64, 128 or 152-bit protocols. I considered buying one when
they first came out priced at $349. However Comp-U-Plus now have
them on special at $214. At that price it's an attractive option
for migrating a workgroup or small office to high performance
wireless.
http://tinyurl.com/1gst
http://www.compuplus.com/insidepage.php3?sid=46zxe9vrt89g554&id=97

 Add USB Support to Linux
This useful article shows you how.
http://tinyurl.com/1gsv
http://www.techrepublic.com/article.jhtml?id=r00320020902mci01.htm&fromtm=e103-1

Help for Backward Users
At this site you'll find a mirror of the Google search engine
site. That is, how Google would look in a mirror.  Ideal for
oriental lexics or occidental dyslexics.
http://www.alltooflat.com/geeky/elgoog/

Photo Printer for the People
Cheap high quality digital cameras have transformed the way we
use photos in commerce and in the home. However printing
hardcopies cheaply and easily has long been a real problem. Not
any longer. HP have announced a top quality $199 photo printer
that can print directly from various format media cards,
operates independently from a PC and has inbuilt image
manipulation. It only produces standard postcard size prints but
that's all you need for 99% of occasions. I'm buying one.
http://tinyurl.com/1gsw
http://www.zdnet.com/supercenter/stories/review/0,12070,562164,00.htmlsxp.htm

Amazon Conquered
Everyone loves Goggle's clean and simple interface. At this site
they applied the same interface to access Amazon.  The Google
lawyers were not amused by the flattery so changes had to be
made. Even so, it's  still the simplest way to use Amazon.
http://www.kokogiak.com/amazon/

Using FTP Without FTP software
Many folk are not aware that you can make a FTP connection
directly from the Windows and Mac OS X command line without any
additional software. Full instructions here:
http://tinyurl.com/1gsx
http://www.macromedia.com/support/dreamweaver/ts/documents/ftp_instructions.htm

 Latest Version of Ad-Free KaZaa
The popular KaZaa Lite program is now available in version
1.7.2.  Use it to download free music, free software, free
trojans and more.
http://www.kazaalite.com/is

Free Anti-Trojan
Speaking of KaZaa, thanks to subscriber Bob Hillcox for advising
that there is a version of the excellent anti-trojan program
BoClean, currently floating around the P2P networks.
Unfortunately it's not really BoClean it's an automatic porno
phone dialler! Nice irony there. I must ask my software pirate
neighbour Fraser, whether he's checked his phone bill lately ;>)
Get the real BoClean here:
http://www.nsclean.com 

Cell Phone Brain Frying - the Debate Hots Up
The evidence continues to mount. A new Swedish study has show
that long term users of cell phones have up to an 80 percent
greater chance of developing brain tumours. The phone companies
say these findings only apply to older analogue phones and that
other studies on new digital phones users have been
inconclusive.  Quite true folks, but maybe that's because
digital phones have not been around as long as analogy. The
whole thing is panning out like a re-run of the cigarette
smoking farce of the 1960s: users in total denial, the industry
churning out spins.
http://tinyurl.com/1gsy
http://news.com.com/2100-1033-954896.html?tag=dd.ne.dtx.nl-hed.0

 Protect Your Valuable Bits From Radiation
Levi Strauss is planning to release trousers with an "anti-
radiation" cell phone pocket. A spokesman for LS said "We are
not saying radiation from mobile phones is harmful or not, but
with the pocket we are simply responding to consumer concern."
http://tinyurl.com/1gsz
http://news.com.com/2100-1033-957650.html?tag=dd.ne.dtx.nl-sty.0

Freebie of the Week
Windows Registry bloat gradually makes your PC run slower and
slower. I regularly use Norton WinDoctor to slow down the
process but it doesn't stop it. Recently I tried Advanced System
Optimizer's "Registry Defrager and Optimizer" and it made a real
difference. My PC is now positively flying.  Other modules in
the package were less impressive. Get a full featured trial
version at the link below.  As ever, backup your Registry before
making changes.
http://www.systweak.com

Got some top sites and services to suggest? Send them in
to editor@techsupportalert

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

Last Chance to Make Your Mark on the Future
*** Survey Ends This Week ***
Do you like some of the items that appear in this
newsletter more than others?  Then let me know by filling
in this quick on-line survey.  It takes less than 60
seconds to complete and your responses will shape the
future of this newsletter.
http://tinyurl.com/11ds
http://techsupportalert.master.com/texis/master/search/+/form/future.html

Trojan Survey Now Online
If you load new programs onto your PC, you need a trojan
detector otherwise one day you will be caught. Find out the
best products in our just-released survey.
http://www.techsupportalert.com/best_anti_trojans.htm
 
<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>
 
The Small Print
===============
 
Do Yourself a Favour Department
Support Alert is free. If you like Support Alert, some of your
friends and colleagues will too. Why not forward them this issue
right now? It's in your interest as the more readers we have,
the more suggestions we get and the better product for all.  To
subscribe, all they have to do is send a blank email from their
email account to: supportalert-subscribe@webelists.com
 
To unsubscribe from this newsletter, send a blank email to
supportalert-unsubscribe@webelists.com or to the address shown
at the bottom of this page.
 
To change your delivery email address go to
http://www.webelists.com/cgi/lyris.pl?enter=supportalert
Enter your old email address. No password is needed. You can
then change your subscription email address directly.
 
For lots more free IT newsletters see
http://www.freetechmail.org/infobase.asp?TPubId=79
 
(c) Copyright TechSupportAlert.com 2002