========================
                         Support Alert
                    ========================
                    www.techsupportalert.com

                 Your pointer to the very best
                  tech information on the Web

                   Issue 92 - 5th February, 2003

     Support Alert is a 100% subscription-only newsletter.
    Un-subscribe instructions are at the end of each issue.
 
                      <<<<<<<<<>>>>>>>>
 

Quote of the Week
=================

"Applying computer technology is simply finding the right wrench
to pound in the correct screw."

Anonymous
 

<<<<<<<<<>>>>>>>>
 

FROM THE EDITOR

If you are deleting your spam, I suggest you stop right now.

Spam has suddenly become valuable.

In fact, instead of deleting it, you should be storing it away
in a special folder.

You see, the upcoming generation of spam mail filters needs to
be taught the difference between real mail and spam. This
process works far more effectively when the filter learns from
YOUR mail and YOUR spam.

Just like your real mail, your spam is unique to you. This may
sound strange but it's not.  Spam is not sent randomly. Each
spam campaign is sent to a list. There are of course, many lists
and your name may be on several but hopefully not the lot.  You
will be on one collection of lists, I will be on another.
That's why your spam is different to mine.

For example, my neighbor Fraser gets inundated with porn spam
while I get only a few. I get flooded with Nigerian scam spam
while he's never received one.

Smart spammers have started tweaking their spam mailers so they
pass through generic spam filters.  Commercial services have
already sprung up that tell spammers what filters will intercept
their planned messages. Using these tools, a spammer can easily
craft a message to that will not be detected as spam.

But because your mail is unique and your spam is unique, it's
not practical for spammers to craft a message to get through a
filter calibrated to your unique settings. You are relatively
safe.

Of course this only makes sense if you have a mail filter smart
enough to be able to calibrate itself to your unique mail
characteristics. Most current filters don't.

Sure, most filters "learn." As mail comes they add to your
personal whitelist and blacklist. But that's a different process
and doesn't directly affect the simple rule-base used for
classifying text as spam. This rule-base is either fixed or
updated periodically from a central server based on generic
averages rather than your email. Most spam filters are, in this
sense, dumb.

Leading the smart filter charge are the new "naive Bayesian"
filters. Early examples include products like POPFile,
Spammunition and Spam Bully all of which are based on an
adaptive filter technique outlined by Paul Graham.

But this is just the start.  Gary Robinson has recently made
suggestions for improvements to Graham's method using a
technique that rejoices in the wonderful name of "modified
bogofilters."  Others more refined methods will soon follow.
Even traditional "classification" filters like SpamAssassin are
now adding Bayesian capabilities.

All these adaptive spam filters require sets of spam and non-
spam email for training.  They calculate the probability of a
message being spam by first breaking up the message into
individual words or tokens each of which is assigned a
probability of being spam based on the relative occurrence of
these words in the spam vs. non-spam training sets. The spam
probabilities of the most common set of tokens in the message
are then combined to form an overall probability that the
message is spam.

One of the many intrinsic virtues of this approach is that the
word or token probabilities can be easily calibrated to your
unique mail characteristics. For example the word "nigeria"
would have a high probability of being spam in my mail, but a
much lower one for my neighbor Frasar.

I've being testing three naive Bayesian filters now for over a
month and they show great promise. In particular, the rate of
false positives has been astonishingly low. For one of the
products I tried, it has been nil across a sample of nearly 1000
messages!

Am I impressed? You bet.

Folks believe me. Stop deleting your spam. Instead simply move
it to a dedicated spam folder. You are going to need it.

Gizmo Richards
mailto:editor@techsupportalert.com

PS If you want to read more and you are not scared of a little
maths, then check out Paul Graham's "A Plan for Spam" at
http://www.paulgraham.com/spam.html. I've also featured a review
of the top rated Bayesian Spam filter in the Supporter's Edition
of this newsletter.

<<<<<<<<<<>>>>>>>>>>>>>

IN THIS ISSUE

1. TOP TECH SITES
 - Windows XP Tips from Microsoft
 - Free Windows 2000 Cram Sheets
 - Top Online Application Vulnerabilities
 - Alternative Downloads
 - 50 Ways to Leave Your Buffers

   ** Additional items in Supporter's Edition **

 - Commercial Software for Free
 - How Fast do You Really Surf
 - Messenger Spam Vulnerability Test
 - Easy Way to Set Up a Linux Firewall
 - Best Free Web Site Resources

2. UTILITIES
 - Free XP Systems Utilities
 - Collect Your Yahoo Webmail from POP3
 - Trojan Hunter Updated
 - Batch Process Digital Images for Free
 - Ad-aware 6 Released
 - Excellent Free Scumware Remover

   ** Additional items in Supporter's Edition **
 
 - The Best Spam Filter Yet? HOT PRODUCT ALERT
 - Free Utility Kills Instant Messaging Viruses
 - How to Remove Desktop Clutter
 - Free Sticky Notes Utility
 - Free Digital Photo Album Organizer
 - Add Tabs to Internet Explorer

3. BUGS, SERVICE RELEASES AND PATCHES
 - Spammers Grab Hotmail and MSN Addresses
 - Browser Hijacking Menace Spreads
 - Critical Flaw in MS Locator Service (MS03-001)
 - Open Source CVS Vulnerability

4. OTHER USEFUL STUFF
 - Cheap Wireless Broadband Router
 - Run Your ATA Drive from USB
 - Stealth Technology Breakthrough
 - New CD-RW Standard
 - Mobile Phones Damage Rats Brains
 - Self Healing Software
 - Remove Windows XP CD Autorun

   ** Additional items in Supporter's Edition **

 - Tiny Scanner for Road Warriors
 - Fake Email Addresses for Your Personal Use
 - Understand Recordable DVD Formats
 - Make Your PC Quieter
 - A Really Easy to Learn Programming Language
 - Fix Corrupted IE and Outlook Express Files
 
5. FREEBIE OF THE WEEK
 - Free Secure Erase Utility
 
** Additional freebie in Supporter's Edition **

 - An Entire Suite of Windows Software for Free
 

             <<<<<<<<<<<<<<<>>>>>>>>>>>>>

1. TOP TECH SITES
=================

Windows XP Tips from Microsoft
Dozens of XP Pro tips including a sneaky way to bulk rename
files. I didn't know you could do that it Windows. Guess you
learn something every day.
http://www.microsoft.com/windowsxp/expertzone/tips/default.asp

Free Windows 2000 Cram Sheets
Most certification sites charge for exam cram sheets but this
one is giving away sheets for the Windows 2000 core exam for
free. I checked them out and they are excellent.
http://www.beachfrontdirect.com/enb16.html

Top Online Application Vulnerabilities
The Open Web Application Security Project (OWASP) has just
released a report listing the top ten vulnerabilities. A useful
tick list against which you can evaluate your applications.
http://www.owasp.org/

Alternative Downloads
Shareware downloads often fail due to overloaded or unavailable
servers. If you know the file name you want, this sites lists
alternative mirror sites for your download.  Also a great site
for users of GetRight and other file splitting programs.
http://www.filemirrors.com

50 Ways to Leave Your Buffers
At this site they have listings all the Microsoft Security
Bulletins by year.  This is the 2002 page.  It's a good way to
cross check you've not missed any of the 71 (sic) advisories
issued.  Probably a good way to get depressed as well, unless
you are a UNIX user that is ;>)
http://www.activewin.com/bugs/secb2002.shtml

** Additional Items in Supporter's Edition **

- Commercial Software for Free
- How Fast do you Really Surf
- Messenger Spam Vulnerability Test
- Easy Way to Set Up a Linux Firewall
- Best Free Web Site Hosting Without Ads
- Best Free Web Site Statistics

Stop missing out on all the good stuff.
Click below to donate $10 and get the Supporter's Edition now.
Donate through CCNow or PayPal's secure servers.
http://www.techsupportalert.com/se-edition.htm

Got some top sites to suggest? Send them to
mailto:editor@techsupportalert.com

 2. UTILITIES
=============

Free XP Systems Utilities
Free backup, drive cloning, partition image and registry cleanup
utilities form part of this awesome collection of free software.
Note: Windows XP only.
http://home.carolina.rr.com/lexunfreeware/

Collect Your Yahoo Webmail from POP3
I've been a long time user of the commercial shareware program
Web2POP to collect my Yahoo webmail mail from Outlook. I've just
changed over to the freeware product YahooPOPs! that does the
same thing for free. It works from any POP3 email client, is
available for a variety of operating systems, it runs faster
than Web2POP and as an added bonus has more features as well.
http://yahoopops.sourceforge.net/

Trojan Hunter Updated
I've long held that Magnus Mischel's Trojan Hunter program to be
the best designed and implemented anti-trojan available. Well
it's just got even better. He's just released version 3.0 that
features a slick new user interface, a script checker, heuristic
scanning, an improved LiveUpdate utility, UPX unpacking and a
command line scanner.
http://www.misec.net

Batch Process Digital Images for Free
Irfanview is a free multimedia viewer and editor that supports a
huge range of file formats. Each new version seems to add more
capabilities but to me, its most powerful features are its speed
and its batch processing capability.  If you want to resize sets
of digital images for the web or for transmission by email,
Irfanview is the best free solution available.  It's also a
mighty fine image viewer as well. I just can't believe something
this good is free.
http://www.filemirrors.com/search.src?file=iview380.exe&size=841216

Ad-aware 6 Released
The long awaited upgrade to the popular adware and spyware
killer is finally out, though if you want the free version
you'll have to wait until later this week. The versions
currently released are Ad-aware Plus 6 at $26.95 and a network
version at $39.95. Both versions feature a real time monitor in
addition to the normal scanner. The free version, I believe, has
no monitor. Upgrades are free to registered users of previous
versions. No trial downloads appear to be available so if you
want these products you'll have to purchase them. Alternatively,
just wait a few days for the free version.
http://lavasoft3.element5.com/news/20030127.jsp

Excellent Free Scumware Remover
Thanks to the readers who suggested I stop waiting for the
update to Ad-aware and start using Spybot's free Search and
Destroy program instead. Well I took your advice and can report
that S&D is indeed, an excellent piece of work. It scans for a
wider range of pests than Ad-aware and caught a number of
nasties on my PC previously missed. Removing them was
effortless. After testing the standard product, I downloaded the
latest beta version. This clearly moves S&D into a different
league as it offers a monitor for active protection against a
wide range of malware products including some nasty ActiveX
exploits. Final judgment will have to wait until I test Ad-aware
6 but at this stage, S&D is definitely the front runner.
http://security.kolla.de

Free Cookie Cruncher
PC Magazine has just released the latest version of their
popular Cookie Cop Program. The new version (2.2) features some
significant enhancements including the ability to transform
"permanent cookies into session only cookies that don't leave
any crumbs." Also new to the latest version is popup ad blocking
and the capacity to wipe clean referrer information that is
passed from one web site to another.
http://www.pcmag.com/article2/0,4149,2019,00.asp

** Additional Items in Supporter's Edition **

- The Best Spam Filter Yet?  HOT PRODUCT ALERT
- Free Utility Kills Instant Messaging Viruses
- How to Remove Desktop Clutter
- Free Sticky Notes Utility
- Free Digital Photo Album Organizer
- Add Tabs to Internet Explorer

Help Keep this Newsletter Ad-free
Click below to donate $10 and get the Supporter's Edition now.
Donate through CCNow or PayPal's secure servers.
http://www.techsupportalert.com/se-edition.htm
 
Got some favorite utilities to suggest? Send them to
mailto:editor@techsupportalert.com

3. BUGS, SERVICE RELEASES AND PATCHES
=====================================

Spammers Grab Hotmail and MSN Addresses
If your Hotmail account is flooded with spam, here's a possible
explanation. The anti-spam site, Spamhaus, has reported that
both Hotmail and MSN are open to dictionary based password
attacks. Hotmail alone has supposedly been probed over 52
million times in the last 5 months. Even with a 2% success rate
that's over a million broken accounts.  Good reason to get a
stronger password. or switch to Yahoo mail who offer a better
deal anyway.
http://www.spamhaus.org/index.lasso?-database=sbl_news&-layout=detail&-response=newsstory.lasso&-recordID=13&-search

Browser Hijacking Menace Spreads
Ever had your browser home page mysteriously changed? Well
that's just a basic form of browser hijacking, a new type of
scumware activity that is becoming increasingly common.  Other
common symptoms include unsolicited downloads, the addition of
unwanted shortcuts and the modification of default search pages.
One of the prime offenders is Xupiter, a superficially innocuous
search bar offered as a free download and bundled in with a
number of ad-supported freeware products. To make matters worse,
some hijackers are designed so that that they cannot be manually
uninstalled. If you have a Xupiter or other scumware infection,
you can find out how to remove your unwanted guest here:
http://www.spywareinfo.com/articles/hijacked/

Critical Flaw in MS Locator Service (MS03-001)
Since I've been editor, I can't recall a single issue of this
newsletter that hasn't carried news of yet another Microsoft
buffer overrun problem. This issue is no different. This flaw is
in Locator, a name service that maps logical names to network-
specific names in 2000 and NT domain controllers. Utilizing the
vulnerability, an attacker could execute code of choice. Windows
NT, 2000 and XP workstations are also affected but the risk for
these devices is rated only as "moderate."  Patches are now
available here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-001.asp

Open Source CVS Vulnerability
CERT have issued an advisory about a defect in CVS, a widely
used version control and collaboration system used by open-
source software development projects. The vulnerability could
allow an attacker with anonymous, read-only access to a CVS
server to execute arbitrary code, mount a DOS attack or even
tamper with open source programs.  Vendor specific patches are
now available. Full details here:
http://www.cert.org/advisories/CA-2003-02.html/

4. OTHER USEFUL STUFF
=====================

Cheap Wireless Broadband Router
Thanks to subscriber Val Clark for telling me about the new
Linksys WRT54G, a combo access point, router and 4 point switch
which handles both the IEEE 802.11b and the news 54Mbs IEEE
802.11g standards. The price is amazing.  Val paid just $129.99
from CompUSA but I notice that it's even cheaper at ecost.com
where its sells for $122.99 with free shipping! That's a lot of
function for the money.
http://www.ecost.com/ecost/shop/detail.asp?dpno=102407

Run Your ATA Drive from USB
Why buy a dedicated USB external drive unit when you can use
this external casing kit to connect up any ATA drive including
hard disks and CD drives. With a street price of around $80 this
is a cost effective solution particularly if you already have
some old ATA drives lying around.
http://www.adstech.com
http://www4.tomshardware.com/storage/20030116/index.html

Stealth Technology Breakthrough
A new way to sneak away from your desk without being seen?
http://www.star.t.u-tokyo.ac.jp/projects/MEDIA/xv/oc.html

New CD-RW Standard
The Mt. Rainier format is a new standard for direct operating
system support of CD-RW drives that includes, among other
things, proper media defect handling. The first drives are
already on the market. This is going to be big. Read more about
it here:
http://www.cdfreaks.com/document.php3?Doc=75

Mobile Phones Damage Rats Brains
An authoritative Swedish study has demonstrated brain cell
damage in adolescent rats after only two hours exposure to cell
phone cell radiation. Worrying, very worrying. Is Wi-Fi next?
http://ehp.niehs.nih.gov/press/012903.html

Self Healing Software
IBM has announced new versions of its DB2 and WebSphere software
products that utilize the "self-fixing" technology from IBM's
autonomic computing initiative.  The aim is to allow MIS staff
to concentrate on running daily operations while the servers and
software look after themselves, even in the event of software or
system failure. While I welcome the idea of self healing
software, I'd settle for software that just works OK right from
the start ;>)
http://search400.techtarget.com/newsItem/0,289139,sid3_gci864876,00.html

Remove Windows XP CD Autorun
Sick to death of Windows XP auto-running every CD you put in the
tray? Can't stop the stupid thing regardless of the options you
select?  Find instructions here how to kill Autorun for good:
http://www.dougknox.com/xp/tips/cd_autoplay_pro.htm

** Additional Items in Supporter's Edition **

- Tiny Scanner for Road Warriors
- Fake Email Addresses for Your Personal Use
- Understand Recordable DVD Formats
- Make Your PC Quieter
- A Really Easy to Learn Programming Language
- Fix Corrupted IE and Outlook Express Files

Get Gizmo's Special "Desert Island Utilities" Report
Click below to donate $10 and get the Supporter's Edition
Plus the report immediately.
Donate through CCNow or PayPal's secure servers.
http://www.techsupportalert.com/se-edition.htm

5. FREEBIE OF THE WEEK
======================

Free Secure Erase Utility
Eraser is a free, GNU license utility that will securely erase
files, folders or even whole disks from any Windows or DOS PC.
Eraser overwrites data area with selectable random data patterns
and also wipes data in the paging file, Internet cache,
temporary files, Internet cookies, unused disk space and a
number of other places where data can secretly lurk.  It handles
FAT16, FAT32 and NTFS partitions as well.  Erasing files with
high security will always be a difficult and time consuming task
and can never offer absolute 100% safety. However Eraser makes
the task about as easy as it be, with a security level beyond
most conceivable requirements. An impressive package. (2.6MB)
http://www.heidi.ie/eraser/

** Additional Freebie of the Week in Supporter's Edition **

An Entire Suite of Windows Software for Free

Be an Internet Giver not Just a Taker
Click below to donate $10 and get the Supporter's Edition now.
Donate through CCNow or PayPal's secure servers.
http://www.techsupportalert.com/se-edition.htm

Got some top sites and services to suggest? Send them in
to mailto:editor@techsupportalert.com

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

Win $10,000 and a Sony CD Player

If you like this newsletter, why not recommend it to your friends
and colleagues?

If you do, you'll automatically get a chance to win:

1.  $10,000
2.  A fantastic Sony CD Player

You've got nothing to lose and everything to gain.
Just click on the following link:

http://www.recommend-it.com/l.z.e?s=877794
 

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

THE BENEFITS OF BEING A SUPPORTER
=================================

This is the free edition of Support Alert newsletter. If you
like this version, you'll be blown away by the enhanced edition
that our supporters get.

Supporting this newsletter means we can continue to be ad-free.
So why miss out on all the best stuff?. Donate $10 now and receive
all the benefits of being a supporter. Click this link for details:
http://www.techsupportalert.com/se-edition.htm
 

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>
 

MANAGE YOUR SUBSCRIPTION
========================

To subscribe to this newsletter send a totally blank email to
supportalert-subscribe@webelists.com.

To unsubscribe from this newsletter send a blank email to
supportalert-unsubscribe@webelists.com or to the address shown
at the bottom of this page.

To change your delivery email address go to
http://www.webelists.com/cgi/lyris.pl?enter=supportalert.
Enter your old email address. No password is needed. You can
then change your subscription email address directly.

For lots more free IT newsletters see
http://www.freetechmail.org/infobase.asp?TPubId=79

This edition of Support Alert was proof-read by subscriber A.
Belile who kindly donated her services. My hearty thanks.

(c) Copyright TechSupportAlert.com 2003