========================
                         Support Alert
                       Supporters' Edition
                    ========================
                    www.techsupportalert.com

                 "Gizmo's top picks of the best
                  Tech resources and utilities"

                 Issue 106 - 11th February, 2004

    Support Alert is a registered online serial publication
                         ISSN 1448-7020.

                        <<<<<<<<<>>>>>>>>

Quote of the Week
=================

Tech Support 2004 Style

Conversation with support at a certain controller manufacturer:

"I can't answer that, please call your dealer."
"I am the dealer."
"Then call your distributor"
"He said for me to call you"
"Then have the customer call us"
"AAAAAGH!" <click>

 
EDITORIAL
=========

In the last issue I spoke of the clever tricks being used by the
latest generation of browser hijackers and other scumware
products.

Tricks to infect your computer just by visiting a web site and
equally cunning techniques to prevent you removing the products
once your PC has been infected.

Well, the programmers behind these thieving products have just
lifted their game and it's bad news for all.

The Spybot home page is currently carrying this warning:

"CoolWWWSearch.SmartKiller (v1 and v2) is a new, real ugly
variant of CoolWWWSearch. When running, it will close every
browser window you use to visit a large list of anti-spyware-
sites, and even will close Spybot-S&D and some other anti-
spyware applications as well."

So we are now in a new game. A game of cat and mouse between the
scumware merchants and the anti-scumware vendors like SpyBot.

A game where the scumware programmers will keep coming up with
new tricks to pull down and destroy products like SpyBot. A game
where the anti-spyware vendors will have to be continually
updating their products to protect them from being trashed by
the very scumware products they are designed to detect.

But there's even worse news: you can now get infected with
scumware just by running some anti-scumware software products.

No, not products like SpyBot and Ad-aware. They are the good
guys. The baddies are the dozens of pseudo spyware/adware
removers that are being sold or offered as "free downloads" that
actually contain scumware products or behave in a similar manner
to scumware.

Here's a list of these products I got from
http://www.netrn.net/spywareblog.  Some are borderline
offenders, others quite flagrant:  Spy Wiper, AdWare Remover
Gold, BPS Spyware Remover, Online PC-Fix, SpyFerret, SpyBan,
SpyBlast, SpyGone, SpyHunter, SpyKiller, SpyKiller Pro,
SpywareNuker, TZ Spyware-Adware Remover, xp-AntiSpy, SpyAssault,
InternetAntiSpy, Virtual Bouncer, AdProtector, SpyFerret,
SpyGone, and SpyAssault.

Now that's nasty; getting infected by the very products you've
installed to protect yourself. Kind of like getting pregnant
BECAUSE you used a contraceptive. ;>)

So what to do?

Without doubt, the most important thing you can do is to take
all action necessary to ensure you don't get infected in the
first place. Once infected, it's going to be increasingly
difficult in the future to remove the scumware from your PC.

So passive measures like disk scans with SpyBot are now second
priority. Much more important is active prevention.

As a start you should minimize your chance of infection by
fixing Windows vulnerabilities exploited by the scumware
merchants. Stay current with all the Windows patches by visiting
the Windows Update often.  Better still, turn on automatic
update notification. And don't forget to update MS Office and
other software products on your PC. They can be exploited as
well.

Another preventative step is to ensure your browser settings are
safely configured.  In Internet Explorer, select Tools/Internet
Options/Security and make sure the slider control is set to at
least "Medium."  Then select "Custom” and set "Download signed
ActiveX controls" to Prompt, "Download unsigned ActiveX
controls" to Prompt or Disable and "Initialize and script
ActiveX controls marked as unsafe" to Disable. Hit OK and exit.

Now check your browser's current vulnerability to known exploits
by running the security tests at these sites (Internet Explorer
and IE based browsers only):
http://browsercheck.qualys.com/
http://www.jasons-toolbox.com/BrowserSecurity/

Prevention also means using the active anti-infection measures
offered in some anti-spyware products. Spybot has its
"inoculation" option. The paid version of Ad-aware has something
similar.

One of the very best anti-infection programs is a freeware
product called SpywareBlaster. It's not a scanner like SpyBot
but rather a stand-alone inoculation routine. It provides
protection against more than 1500 products that use ActiveX
based exploits.  That's about three times as many products as
SpyBot's "inoculate."

A companion program to SpywareBlaster is SpywareGuard. Again,
this is not a file scanner like SpyBot. It is a protective
program that works like an anti-virus suite by checking programs
before they are executed.

Both SpywareBlaster and SpywareGuard are quality freeware, are
regularly updated, and have active support forums.  They should
be on every PC. If you haven't got them, I strongly recommend
you download and install them at the first opportunity.  Get
them here:
http://www.javacoolsoftware.com/spywareblaster.html

The next preventative step is to keep all your defenses current.
In this cat and mouse game you are already at a disadvantage
because the bad guys have the initiative.  Spybot, Ad-aware,
SpywareBlaster and SpywareGuard all have features that make
updating easy.  Make sure you use them.
 
Finally, only use reputable anti-spyware software products like
the ones mentioned in the preceding paragraph. Do some research
before installing any new product. Just how embarrassing would
it be to get infected by a product you installed to protect
yourself!

Gizmo
Editor@techsupportalert.com

P.S. In the last few weeks I sent out the first lot of re-
subscription notices. Unfortunately they went out late because
of the MyDoom virus drama. Even so, over 80% of you have re-
subscribed. Thanks for that and thanks for the vote of
confidence. In return, I'll try to give you my best.

IN THIS ISSUE:
==============

1. TOP TECH SITES
 - Is Your Browser Infected With Scumware?
 - Upgrading to Windows XP
 - Popup Stopper Wars
 - Fonts Galore
 - Free Modem Help
 - How to Run an Application as a Service (SE Edition)
 - Free HTML Tutorials (SE Edition)
 - 50 Free Support Guides (SE Edition)
 - Free Windows Networking Help (SE Edition)
 
2. UTILITIES
 - Free Anti Spam Utility
 - New WinZip V9 Beta
 - Free Offline Browser Leaps to Top of Class
 - Remove Hidden Data from Office Documents
 - Free Font Manager with In-built Text Graphics Editor
 - Share Outlook Contacts and Appointments (SE Edition)
 - New Free Network Inventory Tool (SE Edition)
 - The Best Boilerplate Text Manager (SE Edition)

3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
 - Multiple Vulnerabilities in RealOne Player and RealPlayer
 - ASN.1 Vulnerability Could Allow Code Execution (828028)
 - Cumulative Security Update for Internet Explorer (832894)
 - File Spoofing Vulnerability in Internet Explorer

4. OTHER USEFUL STUFF
 - Directly Print CD Labels on CDs
 - Multi Layer Password Protection Utility
 - With PCs, Small is Good, Tiny is Better
 - Death to the Penguin
 - The Top Windows XP Tips
 - Make a Ti-Vo for $140 (SE Edition)
 - Life Discovered on Mars (SE Edition)
 - The Mother of All Conversion Calculators (SE Edition)
 - How to Walk on Water (SE Edition)
 - Free Tool That Thoroughly Cleans Your System (SE Edition)
 
5. TIP OF THE WEEK
 - Copying Text to the Command Prompt

6. FREEBIE OF THE WEEK
 - Best Free Startup Manager (Part 2)
 - The Free Encryption Utility That I Use (SE Edition)

1. TOP TECH SITES
=================

Is Your Browser Infected With Scumware?
In the editorial above, I mentioned a site where you can test
your browser for vulnerabilities. At this site, you can get a
quick check for actual infection. The test doesn't cover all
known products but it's well worth visiting.
http://www.doxdesk.com/parasite/

Upgrading to Windows XP
With Win98 approaching the end of its life, many users are now
faced with upgrading to XP.  ZDNet is offering a free 11-step
guide to upgrading, written at a level comprehensible to the
average user.
http://reviews-zdnet.com.com/4520-3000_16-5117047-1.html

Popup Stopper Wars
How well does your popup stopper rate? Find out by running the
tests at this site. The site also rates a range of freeware and
commercial popup stoppers. The top performing free product was
EMS Free Surfer, a product I'd never heard of.
http://www.popuptest.com
http://www.kolumbus.fi/eero.muhonen/FS/  <= EMS Free Surfer

Fonts Galore
I never thought I'd live to see it - a free font site without
ads. What's more, the site's multi-dimensional font
classification system makes it easy to find and select which of
the 3700+ fonts you want. Thanks to subscriber Richard Steinitz
for letting me know about this one.
http://www.dafont.com/en/

Free Modem Help
Reader Alex Goode says, "This site is my first port of call when
I run into modem problems or when I'm looking for modem
info..."  I've checked it out and it is as goode as Alex says.
http://www.modemhelp.Net
 

** Bonus Items for Supporters **

Free Outlook Help
Some users just never get the hang of Microsoft Outlook.  If you
need help, check out this listing of Outlook Web tutorials, most
of which are free.  These tutorials are not just for beginners;
there are some useful advanced guides as well.
http://www.techtutorials.info/emoutlook.html

Tweaks for XP Freaks
We've mentioned this excellent collection of free Windows XP
registry tweaks before but on a recent visit I noticed that it's
now bigger and better than ever. Each tweak can be downloaded as
a .reg file to save you the task of editing your registry.
http://www.kellys-korner-xp.com/xp_tweaks.htm

Free HTML Tutorials
This site offers an excellent directory of HTML resources
including many free tutorials. While at the site, check out
their free HTML editor. I've not tried it but, based on the
description, it sounds most impressive. If you try it, give me
some feedback and I'll pass it on to other readers.
http://www.evrsoft.com/

50 Free Support Guides
Daniel Petri runs an excellent site for MCSE aspirants, but it
includes a lot of material of more general interest, too.  This
page features Daniel's 50 most popular guides. Bookmark the one
on re-installing TCP/IP. It's the best I've seen and one day
just may save your bacon.
http://www.petri.co.il/top.htm

Free Windows Networking Help
Got a networking problem?  Want a networking tutorial? Need some
background on Windows networking technology?  Then head straight
for this excellent resource site. The content quality is a bit
variable but hey, it's free.
http://www.wown.com/

Got some top sites to suggest? Send them to
mailto:supporters@techsupportalert.com
 

2. UTILITIES
=============

Free Anti Spam Utility
XTerminator operates in a very similar way to MailWasher, long
one of my favorite anti-spam utilities.  These products are both
email previewers and work by trying to identify and delete spam
mail on your email server before you download it to your PC.
This saves bandwidth and is usually faster. Looking at these two
similar products, Mailwasher has the better interface and offers
more ways to detect and filter spam, but the freeware version is
limited to one email account. xTerminator, however, allows
multiple accounts and has more configurable filters. I use both;
when away from the office, I use Mailwasher for deleting obvious
spam before downloading email to my laptop. However, I use
xTerminator at work for automatically deleting from my mail
server specific types of unwanted mail such as easily identified
spam and viruses. Freeware, 1.87MB
http://www.artplus.hr/adapps/eng/xterminator.htm

New WinZip V9 Beta
There's a new beta version of WinZip out that features improved
compression and encryption, the ability to create archives of
"virtually unlimited size" and an improved interface. After
using it for a few days I'd have to say it's really just more of
the same. I'd trade any of the new features for RAR, ACE and
BZIP archive support. The integration with Windows, though,
remains the best of any archiver and this, combined with
WinZip's stability and reliability, will keep it as first choice
for most users. Free beta, 2.2MB
http://www.winzip.com/betawz.cgi#DOWNLOAD

Free Offline Browser Leaps to Top of Class
Thanks to subscriber R.A. for letting me know about HTTrack, a
free GPL license web ripper. This is one impressive product:
it's easy to use, has an excellent user interface, offers every
feature you could want, is blindingly fast and free of any
adware as well.  If you like to download web sites so that you
can browse them offline, this is the product to get. In fact, it
goes straight to my Top 46 Freeware list, bumping out Web Reaper
in the process.  Freeware, 3.23MB.
http://www.httrack.com/

Remove Hidden Data from Office Documents
Microsoft Word, Excel and PowerPoint all retain recent changes
to documents even though these changes are no longer visible.
Unfortunately, this information can be easily recovered with a
simple text editor. This presents a real security threat and
potential legal problems as well. Microsoft has released a free
Office XP/2003 add-in that removes this hidden information.
This is an essential download for all Office XP/2003 users.
Free, 280KB
http://www.microsoft.com/downloads/details.aspx?FamilyID=144e54ed-d43e-42ca-bc7b-5446d34e5360&displaylang=en

Free Font Manager with In-built Text Graphics Editor
When I first looked at X-Fonter V4.1 I though that this was just
another font manager. I was wrong on two grounds. First, as a
font manager, X-Fonter is top flight and right up there with the
best. Second, it has a built-in graphics editor that allows you
to easily create many enhanced text effects and save the
resulting graphics file for the web or email use.  The editor is
surprisingly effective and produced, within its limited range,
effects as good as I can manage with Photoshop. There isn't much
documentation showing how to use the graphics editor but it's
pretty easy to figure out through experimentation. Freeware,
886KB.
http://users.pandora.be/eclypse/

** Bonus Items for Supporters **

How to Run an Application as a Service
Running a program as a Windows Service can be beneficial in
certain situations. For example, you may want to hide the
application from users or reduce clutter. The most important
benefit, however, is that the application can run without the
user being logged in. In Windows NT/2000/XP, just about any
program can be run as a Windows service. Setting it up manually
is not too difficult - you can find instructions for NT/2000 at
the first link below and for XP at the second. The next two
links point to free utilities that may make the task easier,
though neither are exactly point and click.  The final link is
to shareware utility Firedaemon, which offers the simplest route
of all. There's a free lite version but it's limited to 1
service per PC. (1.51MB)
http://www.urltrim.com/ct/t.php?l=60 (support.microsoft.com)
http://www.tacktech.com/display.cfm?ttid=304
http://www.codeproject.com/system/xyntservice.asp
http://www.mofunzone.com/downloadsoftware/500000033488.shtml
http://www.firedaemon.com

Share Outlook Contacts and Appointments
Calshare is a free web-based service that allows any Outlook
2002/2003 user to share designated folders containing contacts
or appointments with other users via the web. Each user must
first register, then download, the client software. It works OK
but the documentation is very thin so you'll be doing a lot of
guessing during installation. It also requires the use of either
Windows 2000 or XP. However, it's a workable free solution to a
perennial problem. 1.52MB
http://www.pagethink.com/calshare.asp

New Free Network Inventory Tool
Here's a new product for the toolkit. N.E.W.T. is a network
inventory utility that detects and scans all remote NT/2000/XP
networked PCs on single or multiple domains, work groups or IP
ranges. It then catalogs key data for each machine in an easy to
read report. I have the feeling this one will morph into
shareware so grab it now. Makes a nice companion to AIDA32, my
favorite inventory utility.  Free for use on up to 10 PCs, 2.1 MB
http://www.komododigital.com/

The Best Boilerplate Text Manager
Ah, the Darwinian struggle for software survival on my PC
continues. CastlePaste, my longtime favorite utility for
inserting snippets of boilerplate text into documents, has just
been bumped off by KeyText. It's quicker than Castle Paste when
you need to enter new text, has a neater way of inserting the
snippets into other documents, and has fewer formatting problems
when inserting text into html email. On top of that, KeyText has
a scripting language that lets you add variable fields such as
dates to your text snippets as well as allowing you to record
macros to automate repetitive tasks or assign hotkeys to
specific functions. If your work involves re-using standard
blocks of text, you should check this one out. Shareware, $25,
518KB.
http://www.mjmsoft.com/keytext.htm
 

Got some favorite utilities to suggest? Send them to
mailto:supporters@techsupportalert.com
 

3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
=================================================

Multiple Vulnerabilities in RealOne Player and RealPlayer
If you have RealPlayer V8/V10 or RealOne Player V1/V2, you had
better hit the "Check for Update" button located in the product
to patch a gaggle of recently discovered vulnerabilities, the
most serious of which could completely compromise your system.
http://www.service.real.com/help/faq/security/040123_player/

ASN.1 Vulnerability Could Allow Code Execution (828028)
Severity: Critical
Systems affected: Windows NT 4/2000/XP and Server 2003
Problem: Abstract Syntax Notation 1 (ASN.1) is a data standard
that is used by many applications and devices in the technology
industry.  A buffer over-run flaw in the Microsoft
implementation of ASN.1 could allow an attacker to execute code
with full privileges on an affected system. The vulnerability is
more easily exploited in servers than workstations but all are
vulnerable so end users as well as administrators should apply
the patch immediately
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp

Cumulative Security Update for Internet Explorer (832894)
Severity: Critical
Systems affected: All versions of Internet Explorer
Problem: This is the latest in the continuing series of IE
cumulative updates. It patches many known and new
vulnerabilities including the notorious address bar spoofing
vulnerability. While fixing a number of problems, the patch may
actually cause problems for some users and websites as it
removes support within IE for HTTP URL's that make use of the
username:password@ format in the userinfo field. FTP is not
affected. It's unlikely you'll encounter this problem but you
should be aware that it exists. That caveat aside, this is a
mandatory update, if you haven't already installed it, go to the
Windows Update site and do so now. More details here:
http://www.microsoft.com/technet/security/bulletin/MS04-004.asp

File Spoofing Vulnerability in Internet Explorer
Yet another spoofing vulnerability in IE, this one allowing
malicious web sites to fake the file extension of downloadable
files.  So, you could download what you think is an MP3 when it
is really an executable file. This is not in itself all that
dangerous but users who habitually click "Open" after a download
could be in for a nasty surprise.  Click "Save" instead and
check the extension on the saved file. It has been verified for
IE6 though other versions could be affected. Check your
vulnerability here:
http://secunia.com/internet_explorer_file_download_spoof/
 

4. OTHER USEFUL STUFF
=====================

Directly Print CD Labels on CDs
If you are sick of fiddling with messy stick-on labels for your
CD-Rs then you might want to check out these printers that print
labels directly on CD media.
http://www6.tomshardware.com/howto/20040127/index.html

Multi Layer Password Protection Utility
Ever wonder if one day you might be forced to reveal your
computer password under duress?  The Phonebook project uses a
technology called *Deniable Encryption to provide multiple
layers of information encryption. One password reveals a layer
of "semi-secret" information while another reveals the real
goodies. Disclosure of the first password will get you out of a
fix but there's no way your coercers can know about the
existence of the second.
http://www.freenet.org.nz/python/phonebook/

With PCs, Small is Good, Tiny is Better
Small Form Factor (SFF) PCs are super hot. To get street cred in
this game your SFF PC must be really small, unusually housed or
just plain cool. For examples of the first two categories check
out the first link below. For some really cool acrylic cases for
Shuttle XPCs, check out the second link.
http://www.mini-itx.com
http://www.outsideloop.com/company/clearview.html

Death to the Penguin
Help Bill out by swatting the penguin as far as possible.
http://www.casper.ru/temp/pingu3/?namn=422

The Top Windows XP Tips
Here you'll find the most popular XP tips in each of the
following three categories: for XP Users, for XP Administrators
and XP Registry tips. Quite a few gems here amongst the usual
dross.
http://is-it-true.org/nt/xp/hottips.shtml
 

** Bonus Items for Supporters **

Make a Ti-Vo for $140
SnapStream Personal Video Station 3 is one of the cheapest ways
of converting a PC to a Ti-Vo style device. The software is
around $70 and a compatible PC TV tuner card about the same. For
this modest investment you get time shifting, commercial
skipping, TV program guides, lots of PC fan noise and a very
full hard drive. ;>)  Kidding aside, it works well providing you
use Windows 2000/XP and one of the recommended video cards and
tuners. A remote control will cost you around $35 extra. A quiet
PC helps too.
http://www.snapstream.com/Products/Products_PVS3.asp

Life Discovered on Mars
Forget the Mars Rover. If you want sure proof of extra-
terrestrial life just check out the Japanese consumer market.
Many fine examples can be found at this site but be prepared,
it's a wild ride.
http://www.jlist.com

The Mother of All Conversion Calculators
In the last issue I mentioned my bout of PC-calculator-induced-
ennui. Subscriber Carl Kruger tried to cheer me up by suggesting
this web-based conversion calculator which goes well beyond the
ordinary. For example, it cleverly worked out the number of
calories I consumed when I climbed 1500 feet on a hike last
weekend. However it couldn't tell me how many hairs I ripped up
coping with thousands of MyDoom laden emails. ;>)
http://www.calchemy.com/uclive.htm

How to Walk on Water
I've always been intrigued by insects that use surface tension
to walk on water, if for no other reason than it's the perfect
example of a process in nature that cannot be scaled up.  MIT
has been studying the fluid mechanics and have now worked out
how the insects manage to propel themselves. They’ve even built
a tiny mechanical water strider. Details at this site - nice
video too.
http://web.mit.edu/newsoffice/nr/2003/robostrider.html

Free Tool That Thoroughly Cleans Your System
This tool does four things. First, it cleans up all those
temporary files that just hang around and chew up your disk
space. Second, it erases your computer usage history including
search history and most recently used file list. Third, it
allows you to edit and delete programs that autostart with
Windows. Finally,  it allows you to view and delete browser
helper objects.  Quite a package but potentially dangerous in
the hands of beginners. Free, 268KB.
http://www.igorshpak.net/

5. TIP OF THE WEEK
==================

Copying Text to the Command Prompt
A subscriber recently asked me why he can't paste text copied in
Windows into the command prompt box.  Well, it's true that you
can't use Control-V to paste the text but you can right click
from within the command box and select the "Paste" option.
Simple as that.

A little less obvious is the way you copy and paste within a
command box line. Here are the Microsoft instructions: "Select a
phrase by moving the mouse over it while you hold down the left
mouse button. Then right-click twice to paste the selection at
the cursor's position."
 

6. FREEBIE OF THE WEEK
======================

Best Free Startup Manager (Part2)
Last issue I mentioned Mike Lin's Startup Control Panel.  If you
find his minimalist approach too daunting, you might like to try
another free utility called Windows Startup Inspector.  This
offers a number of advantages for the less experienced users: it
displays all startup programs in a single unified list, it gives
you details about each startup application from a 3500+ online
database, and it gives advice on whether the product is needed
or not. Works well. Freeware, 779KB.
http://www.windowsstartup.com/
http://www.mlin.net/StartupCPL.shtml <= Mike Lin's SCP

** Bonus Freebie for Supporters **

The Free Encryption Utility That I Use
This is what the web site says: "dsCrypt is AES/Rijndael file
encryption software with simple, multi-file, drag-and-drop
operations. It features optimal implementation, performance and
safety measures. dsCrypt uses an advanced encryption algorithm
and offers unique options for enhanced security." To that I'll
add the fact that it's tiny, easy to use, has open code, employs
proven techniques that are essentially unbreakable and comes
from a highly reputable source.  In summary, dsCrypt offers the
average user everything they want in a secure encryption program
and it's free. That's why I use it myself. (25KB)
http://freezip.cjb.net/freeware/

Got some top sites and services to suggest? Send them in to
mailto:supporters@techsupportalert.com

Visit the Subscribers-only section of the Support Alert website
================================================================

You'll find all back issues plus a growing list of resources
exclusively available to Supporters.

http://www.techsupportalert.com/supporters/private.htm

The area is protected.  Use the security information sent to you
when you first donated.

<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

MANAGE YOUR SUBSCRIPTION
=======================

If you no longer wish to receive this newsletter, send me an
email at supporters@techsupportalert.com. Remember to state the
email address at which you are currently subscribed.

To change your delivery email address, send me an email at
supporters@techsupportalert.com. Remember to state the email
address at which you are currently subscribed and the new
address where you wish to subscribe.

ACKNOWLEDGEMENTS
==============
Thanks to the following volunteer reviewers for their efforts:

Daniel Rose (D.R.)
Annie Scrimshaw (A.S.) aka Annmarie at www.cybertechhelp.com
Jeff Partridge (J.P.)
Sheila Foss (S.F) aka PippieT

Reviews written by Annie, Daniel, Jeff and Sheila are indicated
by their initials at the end of the review.

Thanks, too, to subscriber A. Belile for proofreading this
issue.

You can contact this newsletter by snail mail at:
Support Alert
PO Box 243
Comstock Park, MI  49321-0243
UNITED STATES

Content of this newsletter is (c) Copyright
TechSupportAlert.com, 2004

See you next issue

Gizmo

editor@techsupportalert.com