========================
                         Support Alert
                   ========================
                    www.techsupportalert.com

                 Your pointer to the very best
                  tech information on the Web

                   Issue 96 - 25th April, 2003

     Support Alert is a 100% subscription-only newsletter.
 

                      <<<<<<<<<>>>>>>>>

Quote of the Week
=================

"The first 90% of the code accounts for the first 90% of the
development time. The remaining 10% of the code accounts for the
other 90% of the development time."

Tom Cargill.
 

<<<<<<<<<>>>>>>>>
 
EDITORIAL

This doesn't sound ethical to me but that's not going to stop
people doing it.

It's a news form of marketing software that's geared to people
using file sharing software like KaZaa.

It works like this:

A software vendor uploads multiple copies of his product to a
file sharing network. He labels the product in such a way that
it looks like a pirate copy of his software.  He describes the
product so that it looks really attractive. He does this because
he actually wants people to download the "pirate" copy.

That's because it's more than a pirate copy. It also includes an
additional module not found in the original product: a trojan
horse.

When an unsuspecting user downloads and installs the software,
it appears to work just fine. However next time they connect to
the Internet, the software secretly connects to the vendor’s web
site and sends the user's name and default email address.

The vendor then sends the user a nasty threatening email letter
saying that they have illegally stolen the software. The letter
threatens that unless a legal copy is purchased immediately,
legal action will follow. The tone is very aggressive, so
aggressive that most people buy the software, whether they
really want it or not.

I know this because I had lunch last week with a software vendor
who claimed this is how he sold the overwhelming bulk of his
products.

Wow! I was shocked. As he told me the details I interjected and
said his technique was totally unethical.

"You are being too precious Gizmo," he said. "These dudes are
pirates and deserve everything they get. They’re happy to rip me
off so why shouldn't I rip them off?"

"But it's not up to you to judge their actions," I said. "If
they’re doing something illegal then you should make use of the
law to pursue them. What you are doing is both misrepresentation
and entrapment, and that's illegal as well. On top of that, you
are stealing their email address without permission and
distributing a trojan horse. Add all that together and I think
you end up with something rather worse than pirating software."

His faced flushed red and I could see he was getting angry.
Abruptly, he leapt up from the table, knocking over my glass of
wine in the process. I thought he was going to punch me.

Thankfully he didn't. Instead he just screamed "Get yourself a
life, you loser," and stormed off from the lunch.

"Get yourself a decent product," I yelled as he departed, "and
you won't need to use underhand marketing tricks."

Quite a lunch.

Quite a marketing technique.
 

Gizmo Richards
mailto:editor@techsupportalert.com
 

PS What's your take on the ethical balance here?  Did the vendor
have a point when he said pirates deserve what they get? Was I
being "too precious?"  Love to hear what you think. Just email
me a short note at the email address above.

PPS When emailing me, please use the above email address. Never
just hit the "reply" button in your email client. If you do,
your message will end up in a special webmail account along with
hundreds of undeliverable copies of this newsletter. I rarely
check this account, so I'll probably never see your message.

IN THIS ISSUE

1. TOP TECH SITES
 - Start-Up Applications Unplugged
 - Memory Types Explained
 - Latest Anti-Virus Software Reviews
 - Surf Anonymously
  
2. UTILITIES
 - Define Your Own Hotkeys
 - Corporate Instant Messaging
 - Another Free Alternative to MS Office
 - Free PC Maintenance Software
 - Brilliant New KaZaa Lite
 

3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
 - STOP PRESS: Three new MS Security Bulletins
 - Flaw in Windows NT/2K/XP Endpoint Mapper (MS03-010)
 - Flaw In Winsock Proxy Service/ISA Firewall Service (MS03-012)
 - Buffer Overrun in Windows Kernel Message Handling (MS03-013)
 - Apple Fixes QuickTime in Quick-time
 - Samba Flaw
 - Flaw in SETI Client
 - Another SendMail Vulnerability
 - Real Problems

4. OTHER USEFUL STUFF
 - Bluetooth LAN Access
 - Flash-it Faster
 - Self Aware Robots
 - Where It's At
 - One Dead Pixel Too Many
 

5. FREEBIE OF THE WEEK
 - Use One Keyboard with Several Computers
 

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

1. TOP TECH SITES
=================

Start-Up Applications Unplugged
It's frustrating trying to edit the Windows start-up list
because the filenames themselves tell you little about the
program's function. This free site lists thousands of common
startup files along with full descriptions of what they do plus
links back to the vendor's web site.  Top stuff.
http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

Memory Types Explained
Are you confident you know the difference between DDR400 and
DDR2 memory?  Do you fully understand the impact of memory type
on the real-life performance of today's PCs? If not, check out
this excellent article from Tom's Hardware.
http://www17.tomshardware.com/mainboard/20030401/index.html

Latest Anti-Virus Software Reviews
PC Magazine has just released their best-yet comparative review
of the major personal anti-virus suites. Some of their past
reviews, with emphasis on raw numbers of viruses detected, have
left me cold. This time round, however, they rightly focus on
the effectiveness of detecting current viruses "in-the-wild."
They rate Norton AV 2003 the best, a view shared by myself.
Another less well-known product, NOD32 2.0, got the nod as well
for its detection performance and meager call on system
resources. http://www.pcmag.com/article2/0,4149,989867,00.asp

Surf Anonymously
There are a number of ways to surf anonymously but most
techniques slow down your Internet connection dramatically. If
you only occasionally want to be anonymous, you might like to
use the free service available from this site. At their home
page just type in the URL you want to surf to and away you go.
Naturally, they try to sell you their paid subscription service.
http://www.megaproxy.com/

Got some top sites to suggest? Send them to
mailto:editor@techsupportalert.com
 

 2. UTILITIES
=============

Define Your Own Hotkeys
Hotkeycontrol XP is a free utility that allows you to define
your own hotkeys so that a single key press can launch an
application, insert commonly used text, change your volume, or
just about anything else.  Hotkeycontrol works with all versions
of Windows from 98 onwards, though some features will only work
with Win2K or XP. (0.91KB)
http://www.digital-miner.com/hkcontrol.html

Corporate Instant Messaging
PopMessenger is one of the new breed of instant messaging
products designed for internal corporate use. It's brim full of
features such as online chat, offline messaging, broadcasting,
file transfer, real-time message encryption, automatic answers
and configurable sound alerts. Prices start at $11.95 per
station dropping to $8.95 for 50 or more. Site licenses are also
offered. A free trial is available here: (1.26MB)
http://www.leadmind.com/products.html

Another Free Alternative to MS Office
Most folk are aware of StarOffice, the free alternative to MS
Office, but the EasyOffice Suite is also a genuine competitor.
It offers excellent Office file format compatibility and has a
raft of high quality component applications including a word
processor, spreadsheet, database and presentation program. It
even includes modules missing in MS Office such as an accounting
program, bar coding, PDF creation and voice recognition. I tried
it out over a week and came away with the view that many small
offices and schools should seriously consider this product. A
personal-use freeware version is available for download.  You'll
need to pay $39.95-$49.95 for commercial use. (68MB)
http://www.e-press.com/easy_office_premium.html

Free PC Maintenance Software
To keep the registries on my PCs in top running order I use the
Fix-It utilities and Norton Utilities as well.  Both of these
are commercial products so I was delighted when subscriber
Robert McMahon suggested the freeware product; JV16 Power Tools.
This offers a powerful set of registry maintenance tools, too
powerful in fact for inexperienced users. However if you are
technically savvy, go grab this free program now.
http://www.vtoy.fi/jv16/shtml/jv16powertools.shtml

Brilliant New KaZaa Lite
KaZaa Lite 2.1 has just been released. It’s a free, hacked
version of the immensely popular KaZaa file sharing client.  It
comes without the adware, spyware, scumware, banner ads and
popups found in the original. It is also vastly faster in both
searching and downloading, provides easy access to a number of
file sharing forums, plus much more. It’s a product that is in
every way superior to the original. If you are into file
sharing, go get this now. (2.86MB)
http://doa2.host.sk/
 

Got some favorite utilities to suggest? Send them to
mailto:editor@techsupportalert.com
 

3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
=================================================

STOP PRESS: Three new Microsoft Security Bulletins have just
been issued:

(1) Cumulative Patch for Outlook Express (MS03-014)
http://www.microsoft.com/technet/security/bulletin/MS03-014.asp

(2) Cumulative Patch for Internet Explorer (MS03-015)
http://www.microsoft.com/technet/security/bulletin/MS03-015.asp

(3) A revision of MS02-007 relating to a serious buffer
underflow problem in Windows NT and 2000 servers
http://www.microsoft.com/technet/security/bulletin/MS03-007.asp

-----------------------------------------------------

Flaw in Windows NT/2K/XP Endpoint Mapper (MS03-010)
MS has issued an advisory rated "important" that covers a
vulnerability in a part of the Remote Procedure Call protocol
that deals with message exchange over TCP/IP. By using a
malformed message, an attacker could mount a DOS attack.  The
most interesting aspect of this advisory is that patches are
provide for Windows 2000 and XP but not for NT because of "the
architectural limitations of Windows NT 4.0."  Perhaps so, maybe
they just want you to upgrade. More details here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-010.asp

Flaw in Microsoft VM (MS03-011)
This critical level advisory relates to a flaw in all previous
versions of the Windows Virtual Machine (VM) that could allow an
attacker to gain control of a machine using a malicious Java
script. VM, Microsoft’s version of Java, is found on most
Windows computers. Users should apply the patch available from
the Windows Update service or upgrade to the latest version of
VM (5.0.3910) which includes a fix for this vulnerability and
all other known vulnerabilities.
http://www.microsoft.com/technet/security/bulletin/ms03-011.asp

Flaw In Winsock Proxy Service/ISA Firewall Service (MS03-012)
MS issued this "important" rated advisory: "There is a flaw in
the Winsock Proxy service in Microsoft Proxy Server 2.0, and the
Microsoft Firewall service in ISA Server 2000 that would allow
an attacker on the internal network to send a specially crafted
packet that would cause the server to stop responding to
internal and external requests. Receipt of such a packet would
cause CPU utilization on the server to reach 100%, and thus make
the server unresponsive."  More details here:
http://www.microsoft.com/technet/security/bulletin/MS03-012.asp

Buffer Overrun in Windows Kernel Message Handling (MS03-013)
MS also issued this "important" rated advisory: "There is a flaw
in the way the (Windows) kernel passes error messages to a
debugger. Vulnerability results because an attacker could write
a program to exploit this flaw and run code of their choice. An
attacker could exploit this vulnerability to take any action on
the system including deleting data, adding accounts with
administrative access, or reconfiguring the system. For an
attack to be successful, an attacker would need to be able to
logon interactively to the system, either at the console or
through a terminal session." More details here:
http://www.microsoft.com/technet/security/bulletin/MS03-013.asp

Apple Fixes QuickTime in Quick-time
Security firm Idefense has revealed details of a serious buffer
overflow vulnerability in QuickTime 6, that could allow an
attacker to take total control of a PC. Apple has issued
QuickTime 6.1 which fixes the problem. More details here:
http://www.idefense.com/advisory/03.31.03.txt

Samba Flaw
Security firm Digital Defense, Inc. has announced (apparently
prematurely) a buffer overflow vulnerability in all stable
versions of Samba. Samba is a widely used Open Source software
suite used for file sharing between Unix/Linux machines and
Windows and forms a part of most distribution versions including
RedHat, Debian and MandrakeSoft.  Samba has released V2.2.8a, an
update which fixes the flaw.
http://us2.samba.org/samba/samba.html

Flaw in SETI Client
More than 4.4 million people donate spare computing resources to
the search for extra terrestrial intelligence (SETI) by running
their distributed computing client on their PC. If you are in
this category, you should update to the latest version to
overcome a serious buffer overflow vulnerability which could
allow an attacker to take control of your PC.
http://setiathome.berkeley.edu/download.html
 
Another SendMail Vulnerability
CERT has issued an advisory covering a serious buffer overflow
vulnerability that exists in most versions of the popular
SendMail email software package. By using a suitably crafted
message, an attacker could mount a DOS attack on the server or,
in certain circumstances, execute code of choice. A patch is
available for versions 8.9, 8.10, 8.11, and 8.12. Users of
earlier versions should upgrade.
http://www.cert.org/advisories/CA-2003-12.html

Real Problems
RealNetworks has disclosed a flaw in its popular RealOne media
player as well as an older player, Real8. The flaw could allow
an attacker to execute code of choice. Patches are available and
should be applied by all users by using the "update" feature
available within each product.
http://service.real.com/help/faq/security/securityupdate_march2003.html

Apache Server 2.0.45 Released
The Apache people have released an update to the Apache Server
software to fix a vulnerability that could have lead to a Denial
of Service attack. The update includes a number of bug fixes as
well. Click the link below for more details.
http://www.apache.org/dist/httpd/Announcement2.html
 

4. OTHER USEFUL STUFF
=====================

Bluetooth LAN Access
Connecting Bluetooth devices to your LAN has never been easy or
cheap.  However, with the arrival of the Belkin F8T030 Bluetooth
Access Point, things have changed.  As a bonus, you also get a
free print server. LAN Access is provided via 10/100 Ethernet
port but performance is limited to Bluetooth's maximum data
rates of around 800Kbps. The street price for the F8T030 is
around $110.
http://www.file.cc/Belkin_F8T030_Bluetooth_Access_Point_B00008I9IR.html
 
Flash-it Faster
USB Flash drives are the rage at the moment but you should be
cautious about buying a USB 1.1 unit now that USB 2 ports are
becoming standard on modern PCs.  The USB 2 flash drives have a
practical data transfer rate of around 8Mbs - about 10 times
faster than USB 1.2 - and are backward compatible with older PCs
using USB 1.1 ports. The Kanguru MicroDrive 2.0 256 MB is
typical of good modern units and has a street price of around
$120. A 1GB version will set you back around $700.
http://www.ecost.com/ecost/shop/detail.asp?DPNo=114842

Self Aware Robots
Information scientists are developing a new type of control
software that understands its own inner workings. "Self aware"
robots, if you like. The idea is that such robots could deal
with novel situations that they were never initially programmed
to handle. Sounds smarter than a lot of vendor tech support
staff I've dealt with lately ;>)
http://www.technologyreview.com/articles/roush1202.asp

Where It's At
Find out what's hot and what's not at the ever-fascinating
Google Zeitgeist Page.
http://www.google.com/press/zeitgeist.html

One Dead Pixel Too Many
Most LCD screens have some dead pixels the day you buy them but
how many is too many? This survey of 33 manufacturers by Tom's
Hardware gives you a guide for when you should complain.
http://www6.tomshardware.com/display/20030319/index.html

5. FREEBIE OF THE WEEK
======================

Use One Keyboard with Several Computers
Normally you need a hardware switch to achieve this but Synergy
is a free open source package that lets you do it with software.
As a bonus, you can also switch between computers with different
operating systems. Switching is achieved by simply moving your
mouse off the edge of your screen. You can even cut and paste
between machines. Neat eh?  (543KB for Windows version)
http://synergy2.sourceforge.net/

 

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

Win $10,000 and a Sony CD Player

If you like this newsletter, why not recommend it to your friends
and colleagues?

If you do, you'll automatically get a chance to win:

1.  $10,000
2.  A fantastic Sony CD Player

You've got nothing to lose and everything to gain.
Just click on the following link:

http://www.recommend-it.com/l.z.e?s=877794
 

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

 

MANAGE YOUR SUBSCRIPTION
========================

To subscribe to this newsletter send a totally blank email to
supportalert-subscribe@webelists.com.

To unsubscribe from this newsletter send a blank email to
supportalert-unsubscribe@webelists.com or to the address shown
at the bottom of this page.

To change your delivery email address go to
http://www.webelists.com/cgi/lyris.pl?enter=supportalert.
Enter your old email address. No password is needed. You can
then change your subscription email address directly.

For lots more free IT newsletters see
http://www.freetechmail.org/infobase.asp?TPubId=79

This edition of Support Alert was proof-read by subscriber A.
Belile who kindly donated her services. My hearty thanks.

(c) Copyright TechSupportAlert.com 2003