Support Alert
                       Supporters' Edition

                 "Gizmo's top picks of the best
                   Tech resources and utilities"

                 Issue 105 - 21st January, 2004

    Support Alert is a registered online serial publication
                         ISSN 1448-7020.


Quote of the Week

"If a packet hits a pocket on a socket on a port,
and the bus is interrupted as a very last resort,
and the address of the memory makes your floppy disk abort
then the socket packet pocket has an error to report!

If your cursor finds a menu item followed by a dash,
and the double-clicking icon puts your window in the trash,
and your data is corrupted 'cause the index doesn't hash,
then your situation's hopeless, and your system's gunna crash."

- Prof. Gene Ziegler
Extract from "A Grandchild's Guide to Using Grandpa's Computer"


Folks, there are some nasty things out there.

Over the years I've had to deal with some truly virulent viruses,
tormenting trojans and wrathful worms but I've just had a run-in
with a piece of scumware that's just simply detestable.

And it nearly ruined my Christmas!

It all started at our annual extended family Christmas party.
Now, in one respect, I never really look forward to these things
as I just know I'm going to get collared at some stage by some
obscure relative looking for me to fix their broken PC.

This year I was sailing fine.  It was nearly time to go home and
the only computer talk was from a nephew who wanted to buy a
laptop for college.

Then I saw my cousin Andrew coming towards me. He had his eyes
fixed on me as he walked. I knew immediately that my lucky streak
was coming to an end.

"Hi Cousin Ian, been meaning to talk to you all day. I've got a
real serious computer problem ..."

My fate was sealed. I was going to have to take the 60 mile ride
over to Andrew's place to see what was wrong.

A week later I was sitting in front of my Cousin's PC and it was
clear he really did have a problem. His browser had been
hijacked. It was defaulting to a seedy homepage and would
navigate to strange sites at random. Then there were all those
offensive banner ads.

I'd seen this many times before. I yawned, reached for my utility
CD containing SpyBot and Ad-aware and installed the products.
"Could be out of here in an hour,Ē I was thinking.

SpyBot detected a host of problems but most were minor pests.
Except one. CoolWebSearch.

CoolWebSearch (CWS) is an infamous browser hijacker. I'd heard
about it but had never encountered it.  CWS was almost certainly
the cause of the hijacking problem.

SpyBot went through its cleaning procedures, I reset the browser
home page and I announced to Cousin Andrew that his PC was now
fixed. I rebooted and started packing up.

Not so fast. When I tested the browser I found that the homepage
had been hijacked again.

I repeated the cleaning procedure. As before, Spybot detected the
problem, said it had cleaned it, yet the problem was still there.

So I tried Ad-aware. Same result.

Faced with the prospect of spending hours looking for registry
entries and checking every single Windows auto-start location, I
ran a Google search and came up with a site that lists the full
history of CWS and the various techniques it uses to gain control
of your browser.


It makes frightening reading. There are over 24 variants of CWS
with new mutations appearing regularly. Each variant uses a
different mix of clever tricks to avoid detection and removal.

The dudes behind CWS are serious. Worse, they are fiendish. Worse
still, they are very smart.

The particular variant on my Cousin's PC used two processes to
watch each other. If one was killed, the other process restarted
it. That's why SpyBot and Ad-aware were unable to get rid of it.

That's not a new trick. Many virus scanners use the same
technique to prevent viruses from pulling down the scanner.  But
this implementation was particularly clever - fiendishly clever.

Luckily the site offers a free cleaning utility, CWShredder, to
remove CWS. I downloaded it and it worked just fine. If you've
got CWS, save yourself a lot of time and download the free
cleaner from the spywareinfo.com website.  It's updated regularly
to include the latest CWS mutations.

The basic mechanism of CWS infection is through the two loopholes
in Microsoftís implementation of Java. Microsoft has issued fixes
for both problems but like most PCs, my Cousin's machine was

If your machine is unpatched, you can get infected merely by
visiting an unfriendly website or clicking on a spiked ad.

However I don't suggest you should just rush out and install the
patches. I suggest you address the root cause and consider
removing the MS Java Virtual Machine altogether from your PC.
Instead, install the free, and more recent, Sun version.

MS Java Virtual Machine is a dead product. MS ceased supporting
it on January 1, 2004.  That means no more fixes, no more
patches. As such, MS VJM is now a security risk. Even MS suggests
you remove it. In fact Windows XP SP1a does just that.

You'll find Microsoft's position statement here:

However, you probably need Java. There are a lot of apps that use
it and many websites that require you to have it. So install the
Sun version instead.

You'll find instructions for removing the MS version at this
link, though be warned, it involves some registry editing:

If anyone knows of a utility that will do this automatically,
please let me know and I'll publish it in a future issue.

Installation instructions for Sun Java can be found at this link:

Take heed folks. This is serious.


PS I mentioned a couple of issues back that I'd be introducing a
subscription system in 2004 to replace the donation system. It's
now largely in place and I'll be sending out the first batch of
re-subscription notices in the next few weeks.

I feel sad about phasing out the donation system, it's the
passing of an era. The simple fact is that this newsletter would
not have survived beyond 2003 without your assistance. However
the subscription model will enable Support Alert to continue on
into the indefinite future. Thanks guys, for your support.


 - Good Freeware Site
 - Free System Tools
 - Secure Way to Access Remote Servers
 - Free Hardware Advice
 - Free Innovative Software
 - The Best CD Media Revealed (SE Edition)
 - Solve Windows File and Printer Sharing Problems (SE Edition)
 - Spam Filters Reviewed (SE Edition)
 - Excellent Free Cryptography Resource (SE Edition)
 - Free Time Correction Utility That Works
 - Free Network Monitor
 - Best Free Calculator?
 - Add Mouse Gestures to Your Browser
 -  Formatted Text to Plain text
 - The Best Windows Text Editor? (SE Edition)
 - Easily Identify Changes in System Directories (SE Edition)
 - Low Cost Professional Time Scheduler (SE Edition)
 - Free Batch File Processor That Works With LANs (SE Edition)

 - KaZaa Excels at Delivering Digital Malware
 - Cisco Firewall Flaw Could Lead to DOS Attacks
 - Windows XP Service Pack 1.5?
 - Symantec Fixes Norton Anti Virus 2004 Activation Bug
 - MS Word Passwords Easily Broken with Hex Editor
 - Vulnerability in Microsoft ISA Server (816458)
 - Vulnerability in Exchange Server 2003 (832759)
 - Buffer Overrun in MS MDAC Could Allow Code Execution (832483)

 - PC DVD Player Works With PC Turned Off
 - 1.5GB Key Chain USB Drive for 199.00
 - Too Many Phishers in the Sea
 - Extreme Geekdom
 - Google Expands Search Yet Again
 - Where do Ikea Names Come From?
 - Password Breakers for Nix (SE Edition)
 - Help for Windows Update Problems (SE Edition)
 - Controlling Search Engine Spiders (SE Edition)
 - How to Use Windows Drivers with Linux (SE Edition)
 - How to Scroll the Start/All Programs Menu

 - Free Anti-Virus Protection and Firewall
 - Best Free Startup Manager (SE Edition)


Good Freeware Site
Thanks to subscriber Richard Steinitz for letting me know about
the Freeware World Team site which lists more than 13,000
freeware programs by category.  A nice feature of the site is
they try to give links to the last known free version of once-
free products that have gone commercial. This is not 100%
implemented but useful where available. There is also multi-
language support though I must say the English spelling and
grammar needed some attention. Well worth visiting.

Free System Tools
This site offers an excellent collection of free command line
tools of use to sysadmins and other tech heads. The two I tried
worked a treat.

Secure Way to Access Remote Servers
The SSH protocol is starting to get a lot of traction. If you use
Telnet or FTP for connecting to remote servers, you really should
bone up on the security advantages that SSH offers. This site
tells you all you need to know and includes a useful list of free
Windows clients to help you on your way.

Free Hardware Advice
This site is an excellent resource for anyone looking to buy new
hardware as well as those who want to get the best from what they
already own. There are many product reviews and some of the most
active user forums on the web.  While at the site, check out the
useful weekly newsletter.

Free Innovative Software
I really liked this site's collection of unusual freeware.  With
many products listed I've never heard of, it's a welcome change
from other freeware sites. There's a strong Linux orientation but
there is a good assortment of products of interest to experienced
Windows users as well. If you are looking for a notepad
replacement or clipboard utility, go elsewhere ;>)

** Bonus Items for Supporters **

The Best CD Media Revealed
The Internet never ceases to amaze me. This site has a whole
section dedicated to documenting the technical characteristics of
dozens of different brands of recordable CD media. Also featured
are media quality tests which show surprising brand differences.

Solve Windows File and Printer Sharing Problems
Suffering from invisible network printers? Only able to access
data one-way between PC's?  Get solutions to these and other
common Windows 2000/XP file and printer sharing problems here:

Spam Filters Reviewed
At this site they report a detailed review of seven different
spam filters suitable for workstation use. They found that once
they have been trained on a sufficient amount of mail, adaptive
statistical filters such as Bayesian and Bogofilters are
significantly better thean classification style filters.

Excellent Free Cryptography Resource
This site offers an excellent Cryptography FAQ. Well, it's more
than an FAQ, it's practically a textbook. And you can download

Got some top sites to suggest? Send them to


Free Time Correction Utility That Works
A lot of folks have difficulty getting time correction software
to work on their PC. If that's you then you should try Dimension
4, a free utility that gives you the choice of connecting to a
time server either by standard TCP protocol or by the more common
(and more problem-prone) SNTP protocol. If you haven't yet got a
time correction utility, this is the one.  It's free, itís easy
to use, and it has every function that you could conceivably
want. Because it works from both the command line and Windows,
it's ideal for batch files, too. (292KB)

Free Network Monitor
Here's a useful utility I picked up from Jack Teem's "Neat Net
Tricks" newsletter. Network Probe is a network monitor/protocol
analyzer that gives you a real-time view of the total traffic on
your network. It allows you not only to identify and locate
congestion, but also to diagnose the cause.  Version 0.5 is
available for free, though the very latest version is a $300
commercial product.  I found V0.5 worked just fine. It's
relatively simple to use and offers lots of diagnostic
information. Just the thing for cheapskate Network
Administrators. Versions are available for Windows NT and later,
Linux, and even Mac OS X. Freeware, 4.31MB.  P.S. Over the years
I've picked up quite a few tools like this from Jack's newsletter
and I recommend it heartily. I've included a link below.

Best Free Calculator
I was recently chastised by a subscriber for not featuring this
category in my "46 Best Freeware Utilities" list.  I plead guilty
but cite chronic PC calculator fatigue syndrome in mitigation.
Anyway, the last time I researched the subject my choice was
EBSCalc. For accounting types it offers an "adding machine" style
scrolling results tape.  For tech types and students it has all
the technical functions you could ever need. If anyone knows a
better free product, let me know. Boring, boring, boring.
Freeware, 742KB.

Add Mouse Gestures to Your Browser
Mouse gestures are specific mouse movements that allow you to
control browser navigation. They can be used for any Windows
control function but Internet navigation is the most common and,
once you get used to them, they are a real time saver. Some
modern browsers have gestures built-in but not Internet Explorer.
EasyGoBack is a free utility that adds a number of the most
useful gestures to IE and to other browsers that use the IE
engine. The handiest gesture is the ability to navigate backwards
and forwards just by right clicking and moving the mouse to the
left or right respectively.  EasyGoBack adds other functionality
too, like the ability to open a new browser window by clicking
the wheel button. Works well. Freeware, 208KB.

Change Formatted Text to Plain text
When I first saw PureText I thought, "Why use this when I can
simply cut and paste into Notepad or other text editor?"  Well,
the answer is that it's simpler and quicker and anyway itís free.
Just copy your required text from any formatted document such as
a web page, Word document or PDF file and the hit a hot key to
paste it into another document as plain text.  Works with all
Windows versions. Freeware, 13KB.

** Bonus Items for Supporters **

The Best Windows Text Editor?
IMHO, this has always been a two horse race between NoteTab and
EditPad.  Both are top flight products, both have free "Lite"
versions that make great Notepad replacements, and both have full
versions with additional features that make them first-rate
programming editors.  EditPad Lite has long been my Notepad
replacement of choice because of its speed and simpler interface;
however, for serious programming I've always preferred NoteTab
Pro because of its flexibility and extensibility. With the
release of EditPad Pro version 5, the margin has narrowed. The
new version is more customizable and adds a raft of enhancements
such as syntax coloring schemes for XML, CSS, MySQL and C#. The
availability of a Linux version in addition to the Windows
version is also a real plus. Existing users of NoteTab Pro may
not be wooed away but new users seeking a powerful text editor
should put EditPad Pro V5 on the top of their list. Shareware,
free evaluation version, $39.95, 1.8MB.

Easily Identify Changes in System Directories
FileMap is a freeware program that claims to "let you create an
inventory of the files in your Windows and System folders so that
you can do a comparison check later to determine what has been
added or removed.  You will then be in full control of any so-
called "shared files" you want to keep..."   Well, FileMap does
all this and does it very well indeed.  Furthermore, it requires
no installation, is tiny (102KB), is free, and is written by a
man who has a clear sense of humor. The only negative is the
somewhat rustic look of the product. The look though, does not
impact its functionality.

Low Cost Professional Time Scheduler
Pro Sched is a mature commercial product that is designed to
schedule the working time of professionals. It handles multiple
professionals (for example every member of a tech support team)
and exists in a stand-alone version or as a client server package
which allows multiple user access. The product is not a
specialist package for help desk staff scheduling though it can
be employed in this role. Rather, it is intended for general
application including doctors, lawyers and other professionals.
I tried out the stand-alone version and was quietly impressed
with its ease of use and flexibility. Starting at $100, it's not
cheap by shareware standards but, compared to similar specialist
professional products, it's an absolute bargain. There's a free
60-day trial version. (3MB)

Free Advanced Batch File Processor That Works With LANs
The web site description cannot be improved upon: "KiXtart is a
logon script processor and enhanced batch scripting language for
computers running Windows XP, Windows 2000, Windows NT or Windows
9x in a Windows Networking environment. The KiXtart free-format
scripting language can be used to display information, set
environment variables, start programs, connect to network drives,
read or edit the registry, change the current drive and  folder
and much more. KiXtart CareWare can be downloaded, installed and
evaluated at no charge. If you continue using KiXtart, you are
kindly requested to make a donation to a non-profit charitable
organization. A list of preferred charities is provided."   That
said, no LAN administrator should be without this product and
advanced workstation users will find plenty of applications as
well. This product is a gem. (542KB)

Got some favorite utilities to suggest? Send them to


KaZaa Excels at Delivering Digital Malware
A recent study by security firm TruSecure found that 45% percent
of the executable files downloaded through KaZaa contained Trojan
horses, viruses and other forms of malicious code.

Cisco Firewall Flaw Could Lead to DOS Attacks
Cisco Systems has issued an advisory covering two flaws in some
switch models that could be used for a denial-of-service attack.
The advisory covers Cisco Firewall Services Module (FWSM) for
Cat*lyst 6500 Series and 7600 Series switches. See below for
patch details.

Windows XP Service Pack 1.5?
No, there is no new service pack yet but there is an "Update
Rollup 1 for Windows XP" that incorporates 22 individual patches
released since SP1 into a single file.  It only works with PCs
where SP1 has been installed and where none of the 22 individual
patches have been mounted so it's not much use to most users.
But itís handy when installing new machines or upgrading to XP.
(9 MB)

Symantec Fixes Norton Anti Virus 2004 Activation Bug
As soon as NAV 2004 came out there were complaints from users
that the productís new activation system was broken. At first
Symantec denied it, then they accused the victims of stealing
their products, then they admitted it but said it was very rare.
Now they have finally produced a fix. If your copy of NAV 2004
needs frequent reactivation, you'd better check this out:
Alternative link: http://www.urltrim.com/ct/t.php?l=56

MS Word Passwords Easily Broken with Hex Editor
A German security company has published simple instructions
demonstrating how to break one of the most commonly used Word
document password protection schemes. MS has responded by saying
that particular scheme, activated by clicking on Tools/Protect
Document, was not intended as a security feature. It looks like
somewhere along the line MS forgot to tell Word users that
protecting a document with a password wasn't really meant to
protect. Go figure.  Meantime, use the Tool/Options/Security
option for protecting your Word documents. That protection
scheme, apparently, actually protects ;>)

Vulnerability in Microsoft ISA Server (816458)
Severity: Critical
Systems affected: ISA Server 2000, Small Business Server
"A security vulnerability exists in the H.323 filter for
Microsoft Internet Security and Acceleration Server 2000 that
could allow an attacker to overflow a buffer in the Microsoft
Firewall Service in Microsoft Internet Security and Acceleration
Server 2000. An attacker who successfully exploited this
vulnerability could try to run code of their choice in the
security context of the Microsoft Firewall Service. This would
give the attacker complete control over the system. The H.323
filter is enabled by default on servers running ISA Server 2000
computers that are installed in integrated or firewall mode." For
fix details see the full bulletin at the link below:

Vulnerability in Exchange Server 2003 (832759)
Severity: Moderate
Systems affected: Microsoft Exchange Server 2003
This vulnerability exists in the way that Hypertext Transfer
Protocol (HTTP) connections are reused and could allow an
attacker escalation of privileges." System administrators should
install this security update on all front-end servers that are
running Outlook Web Access for Exchange Server 2003.

Buffer Overrun in MS MDAC Could Allow Code Execution (832483)
Severity: Important
Systems affected: Windows 2000/XP, SQL Server, Server 2003
Problem: There is a buffer overflow problem with one of the
subsystems of Microsoft Data Access Components (MDAC) versions
2.5-2.8 that could enable an attacker to gain an elevation of
privileges. A patch is available from the link below.


PC DVD Player Works With PC Turned Off
This is a clever idea: a combined DVD drive, MP3 player and FM
radio that fits into a single 5 1/4 inch bay in your PC. Most
importantly, the Gigabyte GO-M1600A has its own front panel
controls as well as a remote, so it works even if your PC is
switched off.  It's priced right, too, with a retail of 170.00.

1.5GB KeyChain USB Drive for 199.00
There's no stopping them; flash drives are taking over the world.
This 1.5GB USB 2.0 unit is selling at Amazon for 199.00 Remember
the days of 360KB disks? Well you could fit the contents of over
4,000 of them on one of these babes.

Too Many Phishers in the Sea
Phishing is the ignoble email art of extracting confidential
information from unsuspecting recipients by using a fake message
supposedly from well known suppliers like Yahoo, Amazon, Visa,
etc. Some are so fiendishly clever they have momentarily fooled
arch cynics like me.  Learn more from this free article.

Extreme Geekdom
I just rediscovered this site.  Sing, Sing Halt were a group of 9
sysadmins who achieved their five minutes of fame with their
classic Y2K song. They even made an MP3 and video. Appropriately,
the video links on this page don't work but you can still
download the MP3. If you can't follow all the words, you can
print them off with the handy Sendmail script. ;>)

Google Expands Search Yet Again
Google keeps adding new features. The latest is a numeric search
feature that brings up maps for area codes, CarFax reports for
vehicle VIN numbers, on-time reports for airline numbers, status
reports for USPS and FedEx tracking numbers, and more. Entering
your name doesn't currently tell you when your number's up but
they are probably working on it. ;>)

Where do Ikea Names Come From?
This is totally irrelevant but interesting if you're like me and
wondered where Ikea gets those weird Scandinavian product names
like Armo, Munsa and Sagolek let alone Jerker and Fartful. Well
you'll get the answer here and there's more to this than you
might think.

** Bonus Items for Supporters **

Password Breakers for Nix
Thanks to long-time subscriber JW for letting me know about this
useful free site that offers a number of password breaking
utilities. Individual programs handle standard password text-
boxes, DUN logon, Outlook/OE accounts, PC Anywhere and more.

Help for Windows Update Problems
Many folks experience problems with the Windows update service,
the most common being the dreaded "0x800A138F" error. This short
guide from the windows2000tips.com site provides some useful tips
on causes and possible solutions.

Controlling Search Engine Spiders
All web sites should have a robots.txt file to direct incoming
search engine spiders. This site offers a good free tutorial
covering robot.txt syntax.

How to Use Windows Drivers with Linux
Yes, it's possible according to this article from the Inquirer.
One package is available now for free trial download.

How to Scroll the Start/All Programs Menu
If you've installed a lot of programs on your Windows XP PC
you'll soon discover that you've run out of room to display all
the programs when you select Start/All Programs.  The solution is
to change to a scrolling display.

To do this right-click on a blank space in the Taskbar, then
select Properties/Start Menu/Customize/Advanced. Browse the
"Start Menu Items" box for the item "Scroll Programs" and click
to select.


Free Anti-Virus Protection and Firewall
Computer Associates are currently giving away to any "Microsoft
customer", their well-regarded eTrust EZ Armor Security Suite
along with 12 months of free updates. The suite consists of a
virus scanner and a personal firewall and features automatic
virus updates, advanced email attachment protection, port
stealthing, ad blocking and cookie control features.  The virus
scanner has performed very well in independent tests and the
firewall is no slouch either. The offer has some restrictions,
most notably that it is for new home users of the product and is
limited to one copy per household. If you qualify, you are
getting quite a product for quite a price. Go for it! (18MB)

** Bonus Freebie for Supporters **

Best Free Startup Manager
Everyone needs a startup program utility so they can exercise
control over what third party programs start automatically with
Windows. My long time choice has been PC Magazine's Startup Cop
but alas, this is no longer freeware - it's now only available if
you subscribe to the magazine's software service.  My new choice
is Mike Lin's Startup Control Panel. Itís small, capable and has
powerful features not found in Startup Cop including the ability
to edit or add entries.  Alas these same features make it
potentially dangerous in the hands of newbies.  That caveat
aside, it's a great product. Thanks Mike. (59KB)

Got some top sites and services to suggest? Send them in to

Visit the Subscribers-only section of the Support Alert website

You'll find all back issues plus a growing list of resources
exclusively available to Supporters.


The area is protected.  Use the security information sent to you
when you first donated.



If you no longer wish to receive this newsletter, send me an
email at supporters@techsupportalert.com. Remember to state the
email address at which you are currently subscribed.

To change your delivery email address, send me an email at
supporters@techsupportalert.com. Remember to state the email
address at which you are currently subscribed and the new address
where you wish to subscribe.

Thanks to the following volunteer reviewers for their efforts:

Daniel Rose (D.R.)
Annie Scrimshaw (A.S.) aka Annmarie at www.cybertechhelp.com
Jeff Partridge (J.P.)
Sheila Foss (S.F) aka PippieT

Reviews written by Annie, Daniel, Jeff and Sheila are indicated
by their initials at the end of the review.

Thanks, too, to subscriber A. Belile for proofreading this issue.

You can contact this newsletter by snail mail at:
Support Alert
PO Box 243
Comstock Park, MI  49321-0243

Content of this newsletter is (c) Copyright TechSupportAlert.com,

See you next issue