========================
                         Support Alert
                    ========================
                    www.techsupportalert.com

                 Your pointer to the very best
                  tech information on the Web

                   Issue 87 - 4th November, 2002

    Support Alert is a 100% subscription-only newsletter.
 Instructions how to un-subscribe are at the end of each issue.
                 
                      <<<<<<<<<>>>>>>>>

Quote of the Week

Actually, this week it's both a quote and a joke.

"In a park people come across a man playing chess against a dog.
They are astonished and say: 'What a clever dog!' But the man
protests: 'No, no, he isn't that clever. I'm leading by three
games to one!'

Garry Kasparov
Fifteen-times World Chess Champion

                      <<<<<<<<<>>>>>>>>
                 

FROM THE EDITOR

I just love you subscribers.

Why?

Because you think just like me.

I know this because I've just finished analyzing the recent
subscriber survey and the answers that you gave are pretty much
the same answers I would have given.

So here's what you think I should do about this newsletter. And
it's not only what you think I should do, it is also what I AM
going to do.

1. The content of the newsletter should stay pretty much the way
   it is.
2. No ads in the newsletter.
3. Fund production costs of the newsletter by asking for
   voluntary contributions.

In other words, pretty much steady as she goes.

I'll explain more about voluntary contributions next issue but
basically it will work like this:

For those of you who choose to contribute to the support of the
newsletter, you'll get a special enhanced version with lots more
items. This will be called the "Supporter's Edition." You'll
also get some great freebies but more about that next issue.

If you choose not to contribute, you'll still receive this
newsletter exactly as before. I know there are a lot of students
and folk from poorer countries who read this newsletter so I
have no intention of penalizing these folks. Hey, I was a broke
student once.

So thanks to the all the readers who took time to complete the
survey.  I've read all your comments and will do my best to
ensure your needs are well met in future issues of this
publication.

Gizmo Richards
mailto:editor@techsupportalert.com

PS I love to receive your mail but please use the email address
   above rather than hitting the "Reply" button in you email
   reader.


                 <<<<<<<<<<<<<<<>>>>>>>>>>>>>

IN THIS ISSUE

1. TOP TECH SITES
 - Great Free Support Site
 - ZoneAlarm Tutorial
 - New Security Site - Free Trial
 - Free Windows XP Tips for IT Professionals
 - Catch the Bus Here
 - Free Trojan Horse Whitepaper

2. UTILITIES
 - Free Hardware, Software and Network Auditing Tool
 - Remember Those Appointments
 - Monitor Registry Changes
 - Get Control of Your Digital Photos
 - Rebuff the Attack of the Killer Printers
 - New Version of PestPatrol
 - Backup Your Windows Drivers

3. BUGS, SERVICE RELEASES AND PATCHES
 - Kerberos Vulnerability
 - Unchecked Buffer in PPTP Could Cause DoS Attack (Q329834)
 - IIS Cumulative Patch (Q327696)
 - Windows 2000 Default Permissions Problem (Q327522)
 - Trojan Version of Ad-Aware

4. OTHER USEFUL STUFF
 - HP/Compaq Laptop with 1.6GHz CPU for $719
 - It's a Portable CD/DVD player. It a CD Rewriter. Its a ...
 - Server Migration Tips
 - The World's Best for $99
 - How to Move a Windows XP Installation to Different Hardware
 - Microchip Your Employees
 - Defaced Websites
 - Google Lays an Egg
 - Just for Fun
 - Contest: Win a Free Subscription
 - Freebie of the Week

             <<<<<<<<<<<<<<<>>>>>>>>>>>>>

1. TOP TECH SITES
=================

Great Free Support Site
There are many tech forums that offer answers to user's
questions. Many are poorly patronized, others offer feeble
advice. The best I've encountered is Suggest A Fix, a site
suggested to me by subscriber Fred Miller. It offers a level of
support and expertise that puts many paid support sites to
shame. You'll have to register to post a question but it's free
and well worth the effort.  Highly recommended and many thanks
to Fred for the suggestion.
http://www.suggestafix.com/

ZoneAlarm Tutorial
Confused on how to configure ZoneAlarm personal firewall? Try
this free tutorial.
http://www.hackfix.org/software/configure/zone.html

New Security Site - Free Trial
Compiled by former Support Alert editor Robert Schifreen, this
site provides IT security awareness training to everyone in your
company. It is normally open only to paying subscribers but
Robert has set up a free account for the exclusive use of
Support Alert readers.  Log in free through to the end of
November using an ID and password of "supportalert".
http://www.securitysavvy.com

Free Windows XP Tips for IT Professionals
This free Microsoft guide provides some highly useful tips on XP
deployment, management and networking.
http://www.microsoft.com/windowsxp/pro/using/itpro/default.asp#section5

Catch the Bus Here
This excellent article clearly explains how system performance
is related to different system buses, memory configuration and
processor speed. Highly recommended. (The article is at the
bottom of the page.)
http://www.deviantpc.com/articles/systembus/index.shtml

Free Trojan Horse Whitepaper
Frame4 Security Systems has prepared an excellent whitepaper
covering trojans and their features. The treatment is at an
intermediate to advanced level and quite useful for those who
are seeking to expand their knowledge of this subject. It's
available for free, in multiple formats, direct from their site.
http://www.frame4.com/publications/index.php

Know some great tech sites? Send them in to
mailto:editor@techsupportalert.com


 2. UTILITIES
=============

Free Hardware, Software and Network Auditing Tool
I just can't believe that this is freeware. AIDA32 is a one of
the most thorough system inventorying tools I've seen. It will
document just about every aspect of your hardware and software
configuration. Throw in the fact that it checks out networks,
gives memory benchmarks and that it is totally free, and you end
up with a product that should be in everyone's toolkit. Download
from the link below but remember to download the documentation
as well. Corporate users need to register - there is no charge.
http://www.aida32.hu/aida-features.php?bit=32

Remember Those Appointments
Tray Helper is an effective little shareware utility that allows
you to easily set up reminders for appointments, birthdays and
other easily forgotten occasions. For annual events, it will
automatically remind you in subsequent years as well. It does
lots of other things too, like checking your Webmail and killing
pop-ups, but the reminder function is the clincher. It's well
priced at $14.99 and there's a 30-day trial version available
direct from the vendor.
http://www.trayhelper.republika.pl/indexeng.html

Monitor Registry Changes
There are lots of utilities and Windows registry monitors that 
record what changes are made to your registry when you install a
new program. However, I've been impressed at the simple but
effective approach used by Elcomsoft's Advanced Registry Tracer.
Not only does it take a series of registry snapshots and
identify differences, but changes can also be rolled back easily
using an undo feature. This straight-forward approach,
uncluttered with fancy features, results in a product that is
both easy to use and totally effective. At $40 it's not cheap,
but it's a very useful tool for support staff.  There's a 30-day
trial available, and by now some of you will already be
thinking, "Why can't I use this product to identify it's own
installation registry changes then work out how to keep the 30-
day trial going forever?"  Naughty, naughty.
http://www.elcomsoft.com/art.html

Get Control of Your Digital Photos
I've been dreading the job of loading, renaming, re-touching and
resizing the hundreds of digital photos I took in Japan.
Normally I use DCE AutoEnhance to batch process then use
PhotoShop to touch up the really difficult shots. Always in
search of a better solution, I recently tried out a new product
called PhotoLightning. It's only at version 1 but results were
pretty promising. Its main features are its speed and ease of
use. Certainly the re-touching and processing are not in the
league of the products mentioned above, though they are good
enough for most uses. Resizing options are also very limited.
However. it gets the job done quicker than anything else I've
found and for many folks that will be the key. Get a 30-day
trial version here:
http://www.photolightning.com/howitworks.html

Rebuff the Attack of the Killer Printers
Earlier this year, CERT warned of multiple vulnerabilities
in the SNMP protocol used by many network devices, including
some printers.  These vulnerabilities could be used by an
attacker to initiate a DoS attack on your server.  SilverCreek
is an SNMP test suite from Interworking Labs that is designed to
test for these vulnerabilities. A free trial is available.
http://www.storageadmin.com/Articles/Index.cfm?ArticleID=24568
http://www.iwl.com/

New Version of PestPatrol
In my recent anti-trojan reviews, PestPatrol version 3 came out
as the best product for detecting trojan tools, though it's
performance in detecting actual trojans was not quite as
impressive. Version 4 has just been released and features
improved detection capabilities plus a new user interface.
Spyware detection has also been beefed up. PestPatrol identified
many products on my PC missed by Ad-aware, the otherwise
excellent freeware Spyware detector. A free 30-day trial is
available from the PestPatrol website.
http://www.pestpatrol.com

Backup Your Windows Drivers
WinDriversBackup is a nifty free utility that identifies all
your Windows driver files and saves them to a nominated
location. This utility is great for simplifying operating system
reinstalls,  particularly for PCs whose exact hardware
configuration is not fully known or documented. Works across a
network as well. Recommended.
http://www.jermar.com/wdrvbck.htm


Got some favorite utilities? Why not share the news? Send
your top picks to
mailto:editor@techsupportalert.com


3. BUGS, SERVICE RELEASES AND PATCHES
=====================================

Kerberos Vulnerability
The Computer Incident Advisory Capability (CIAC) has issued a
warning of a stack overflow flaw in the Kerberos V4
compatibility administration daemon.  The flaw could allow an
attacker to gain unauthorized access to the key distribution
center (KDC) host, threatening the security of the entire
system. The problem affects all releases of MIT Kerberos 5, up
to and including krb5-1.2.6, and all Kerberos 4 implementations
derived from MIT Kerberos 4, including Cygnus Network Security
(CNS). A patch is available here:
http://www.ciac.org/ciac/bulletins/n-009.shtml

Unchecked Buffer in PPTP Could Cause DoS Attack (Q329834)
If you us e Point to Point Tunneling Protocol (PPTP) as part of
your VPN implementation with Windows 2000 or XP, then you'd
better take note of this critical advisory from Microsoft. An
unchecked buffer in the code used to establish, maintain and
tear down PPTP connections could allow an attacker to corrupt
kernel memory and bring the system down. Both servers and
workstations are vulnerable. Patches are available from
Microsoft.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-063.asp



IIS Cumulative Patch (Q327696)
This includes all previous security patches released for IIS 4.0
since NT SP6a plus all previous patches released for IIS 5.x. It
also includes fixes for four new vulnerabilities.  If you run
IIS, you really should install this patch ASAP. Full details
here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-062.asp

Windows 2000 Default Permissions Problem (Q327522)
Microsoft has issued a moderate level advisory concerning the
default permissions on a Windows 2000 workstation . These
permissions could, under certain circumstances, enable a user to
gain full access to the root folder and install a trojan program
with the same name as an existing file. The trojan could then be
executed when another user logs-on with the full permissions of
that user. The fix involves a change in administrative procedure
rather than a patch. Full details here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-064.asp

Trojan Version of Ad-aware
LavaSoft, makers of the excellent free spyware removal program
Ad-aware, has advised that there is a Trojan version of the
program in circulation. The file may be called aware.com or some
variant.  P2P users in particular should be on the alert. If you
want to install Ad-aware, make sure you get it from one of the
reputable sources listed on the vendor's site.
http://www.lavasoftsupport.com/index.php?act=ST&f=1&t=163&s=707a34c4feecf43600cd086a4b31a728


4. OTHER USEFUL STUFF
=====================

HP/Compaq Laptop with 1.6GHz CPU for $719
Staples has a special deal on the HP Pavilion ZE400 0 built-to-
order notebook.  They are offering a $300 instant coupon code
discount plus a $100 mail-in rebate. Using these, you can get a
1.6GHz Celeron with 128MB memory, 20GB hard drive, 14.1" XGA
screen and a spare battery for $719. Just a year ago, a similar
spec'd machine would have cost you $2500.
http://www.staples.com/Catalog/Browse/skuset.asp?PageType=2&SkuSetID=992339&bcFlag=True&bcSCatId=3&bcSCatName=Technology&bcCatId=71&bcCatName=Computers&bcDeptId=1863&bcDeptName=+Notebooks&bcClassId=141821&bcClassName=Compaq+Notebooks

It's a Portable CD/DVD player. It a CD Rewriter. Its a ...
Sony has released details of their intriguing new portable
CD/DVD R/W drive. Looking like a Discman, this battery-operated
device will play audio CDs, MP3s, WAVs, and DVDs, and allow you
to burn CD-Rs.  Playback can be optionally through the device,
through your TV or via your PC.  Just the thing for laptop
owners who want to be able to burn CD backups while on the road
and watch DVDs on the hotel TV as well.
http://www.dcviews.com/press/Sony_MPD-AP20U.htm

Server Migration Tips
ZDNet is running a short report from Gartner which contains a
useful list of questions you should ask when planning a server
migration.  Nothing profound here, just good common sense
suggestions that hopefully, will give you the warm comfortable
feeling that your planning has covered the main issues.
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2895832,00.html

The World's Best for $99
World chess champion Vladimir Kramnik drew four matches all with
off-the-shelf computer program Deep Fritz V7 at the "Brains in
Bahrain" man-machine match.  The final score was a 4-4, with two
wins each and four draws. Deep Fritz V7 runs on a standard PC
and costs around $99. Kramnik costs a tad more and probably runs
about as well as most chess nerds.
http://www.chessbase.com/newsdetail.asp?newsid=561
https://secure.magic-moments.com/bcmches/deepfritz7order.htm

How to Move a Windows XP Installation to Different Hardware
If you've upgraded your disk drive or are moving to a new PC,
you'll find this Microsoft Knowledge Base article very helpful.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q314070&

Microchip Your Employees
As a mark of respect for the integrity of your employees, you
can now legally microchip them so they can't wander into
unauthorized areas or walk out with the company's assets. You'll
need their approval of course but if you threaten them with
dismissal you'll get that easily enough. And while you are at
it, don't forget to microchip your wife and children. Kind of
gives a new meaning to "a chip off the old block."  Worrying,
very worrying.
http://www.adsx.com/news/2002/102402.html

Defaced Websites
Want to see a running log of websites recently defaced by
hackers?  Check out this security site. Reports are coming in at
a rate of about one per minute. You can also view the hacker's
handiwork.
http://www.zone-h.com/en/defacements

Google Lays an Egg
Changes made last month to the Google search algorithm in order
to prevent spamming, seem to have made search results noticeably
less relevant. If you are feeling frustrated with your Google
searches, try the Teoma or All-The-Web search engines, both of
which have made enormous gains in the search relevancy stakes.
Additionally, Teoma now offers a browser search bar similar to
Google's, while ATB now has downloadable skins. Maybe King
Google's reign is coming to an end.
http://www.teoma.com/
http://www.alltheweb.com

Just for Fun
This product has absolutely no right to be included in this
serious journal but it is just so much fun that I have to tell
you about it.  It's called CrazyTalk and it allows you to
animate a still photo to make the person or thing in the photo
look as though they are talking.  You've seen lots of talking
dogs and pigs etc at the movies but the genius of this product
is that it allows you to easily do it yourself on a normal PC.
The results can be hilarious. Get a free but feature-limited
trial copy here:
http://www.office3d.com/products/entertainment/CrazyTalk/ct_download.asp


Contest: Win a Free Subscription
This follows on from the previous item. If you could animate a
photo of Bill Gates, what would you have him say? The winner
gets a free, one-year subscription to the Enhanced Edition of
Support Alert. The result will be announced next issue. Send
your suggestions to:
mailto:editor@techsupportalert.com


Freebie of the Week
This may be the best Windows process viewer I've used and it's
totally free. PrcView displays detailed information about all
running Windows processes including memory used, threads and DLL
usage. For each process and DLL, full path and version
information is also displayed. Individual processes can be
killed or their priorities changed. It even allows you to
automatically run a script to check if a process is running and
kill it. All this is crammed into a tiny 100KB package.  Works
for all versions of Windows. Highly recommended.
http://www.teamcti.com/pview/prcview.htm
 

Got some top sites and services to suggest? Send them in
to
mailto:editor@techsupportalert.com

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

Win $10,000 and a Sony CD Player

If you like this newsletter, why not recommend it to your friends
and colleagues?

If you do, you'll automatically get a chance to win:

1.  $10,000
2.  A fantastic Sony CD Player

You've got nothing to lose and everything to gain.
Just click on the following link:

http://www.recommend-it.com/l.z.e?s=877794

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

The Small Print
===============

To subscribe to this newsletter send a totally blank email to
supportalert-subscribe@webelists.com.

To unsubscribe from this newsletter send a blank email to
supportalert-unsubscribe@webelists.com or to the address shown
at the bottom of this page.

To change your delivery email address go to
http://www.webelists.com/cgi/lyris.pl?enter=supportalert.
Enter your old email address. No password is needed. You can
then change your subscription email address directly.

For lots more free IT newsletters see
http://www.freetechmail.org/infobase.asp?TPubId=79

This edition of Support Alert was proof-read by subscriber A.
Belile who kindly donated her services. My hearty thanks.

(c) Copyright TechSupportAlert.com 2002