Support Alert
                       Supporters' Edition

                 "Gizmo's top picks of the best
                  Tech resources and utilities"

                 Issue 111 - 21st July, 2004

    Support Alert is a registered online serial publication
                         ISSN 1448-7020.


0. EDITORIAL: Windows: Unsafe at any Speed

 - Send Files up to 1GB for Nix
 - Great PDF Resource Site
 - Imaging Processing Tips
 - Spam Filters Compared
 - New Search Engine Targets Research
 - Good Spyware Resource Site (SE Edition)
 - The Definitive Microsoft Outlook Resource Site (SE Edition)
 - Wireless Networking Risks (SE Edition)
 - Build a High Performance PC for Less Than $1500 (SE Edition)
 - Overcoming the "Updating Windows Conundrum"
 - Free Reminder Program
 - Free Utility to Backup FireFox
 - Free ISO of SUSE 9.1 Linux
 - Free Port Scanner
 - Remove HomeSearch Browser Hijack
 - Free Word DOC to PDF Converter (SE Edition)
 - Run Microsoft Office under Linux (SE Edition)
 - Free Utility Controls User Access to USB Drives (SE Edition)
 - Cheap Way to Search Your Email (SE Edition)

 - Vulnerability in Task Scheduler Allows Code Execution (841873)
 - Vulnerability in HTML Help Could Allow Code Execution (840315)
 - Vulnerability in Shell Allows Remote Code Execution (839645)
 - Yet Another Unpatched IE Browser Flaw
 - Some Good Security News

 - A Flash Drive Watch with Street Cred
 - Delete Microsoft's Secret Files from Your PC
 - Great PC Tips Book at Bargain Price
 - Hairy Computer Threat
 - Use your iPod for Revenge
 - Snazzy PDA Cell Phone Comes With Wi-Fi Access (SE Edition)
 - Add Google PageRank to Your Mozilla GoogleBar (SE Edition)
 - Private File Sharing - The Next Big Thing? (SE Edition)
 - A Surprisingly Easy Way to Become an Einstein (SE Edition)
 - How to Overcome Update Problems Updating AVG Anti-virus

 - The Best Free Windows Explorer Replacement
 - A KaZaa Lite Download Link That Works (SE Edition)



Customer: "I am getting an error on my computer"
Tech Support: "What kind of error?"
Customer: "It says I have a corrupted file on my hard drive, and
I should use 'Check Disk.’"
Tech Support: "Ok, we need to call in a ticket, and someone will
be down shortly."
Customer: "Can you make sure you bring some extra Check Disks,
because mine does not work."
Tech Support: With smile on face,  "Uh. We're out of stock right
now, but I'll order some for you."

From http://rinkworks.com


I have a sneaking suspicion that during the last month many of
the readers of this newsletter were thinking the same thing.

And what was everybody thinking?

The current Windows computer security situation is totally out
of control.

The evidence is compelling: new viruses and trojans daily,
phishing attacks running rampant, ever more sophisticated
spyware, drive-by downloads from major websites that have been
compromised, unpatched Internet Explorer flaws and a Windows
patching regime that is in shambles. And I don't even need to
talk about spam.

Confronted with this unbelievable mess, the folks I feel really
sorry for are the average PC users.

All my PC's are protected by sophisticated multi-layer defenses.
They are all fully patched. Yet I know they are vulnerable.

However the average user has very few of these defenses. They
are fully exposed to whatever wave of exploits is sweeping the
Net. They are sitting ducks.

In fact, I have not seen during 2004, a single PC owned by an
average user that was NOT infected with one or more malware
products. Not one. Many in fact, had multiple infections.

I'm not talking about PCs owned by technically savvy users, such
as the readers of this newsletter. I'm talking about the
computers owned by the Moms and Dads - the Joe Blows of the

Of the dozen or so such machines I've looked at this year, every
single one was infected with some sort of Spyware. Three were
also infected with the Sasser worm and another two with custom
key logging trojans.

Now, I admit these machines were no random sample - they were
PCs that friends or relatives asked me to look at because they
had problems. Some of the problems were caused by the malware.

That said, I still expect the results would be similar for most
end users’ PCs. I expect most to be infected.

Old PCs running Windows 95 are effectively a lost cause. Most
haven't even got the processing power needed to run the security
products they need to defend themselves. Try running Norton
Internet Security 2004 on a 166 MHz Pentium! Many older Windows
98 PCs are not much better.

But collectively, such machines account for almost half of all
PCs in use!

Let's get the full meaning of this straight: nearly half of all
PCs are effectively undefendable from malware infection.

When these PCs become infected, they become vectors for
infecting other machines. They become part of the problem. They
make the situation worse for all.

The situation for average folks buying new Windows PCs is not
much better. Almost every new PC sold today comes equipped with
Windows XP with Service Pack 1.  That means it is missing every
Windows Security Patch issued since SP1 was released.  That
folks, was September 09, 2002.  No, that's not a typo -
September 09, 2002!

This negligence is outrageous, the implications horrifying.

Take a single example. One of the many security patches missing
on new PCs is the one that prevents it from being infected by
the Sasser worm, a worm that can get simply by connecting to the

And that's exactly what is happening to folks when they connect
their brand new PCs to the Internet after installation. I've
seen new PCs get infected less than a minute after first
connection. A subscriber recently told me that he's seen it take
as few as 15 seconds.

With a bit of luck, these brand new PCs will have a vendor
installed anti-virus product. With even more luck, the AV
product's signature database may be sufficiently up to date to
catch the Sasser Virus.

But don't depend on it. All three Sasser infected PCs I've seen
this year were new, brand-name machines, with virus scanners

Folks, we have a crisis. One that in many ways is reminiscent of
the automobile safety crisis of the 1960s. That crisis was
created by large and powerful companies producing defective
autos and getting away with it by deflecting the problem back to
drivers and the road network. (Read “end users and the Internet”)

That was only resolved when Ralph Nader published "Unsafe at Any
Speed" and for the first time focused attention on the real
cause, the negligence of the manufacturers.

0 Boy, do we need a contemporary version of Ralph.

In the interim, I now have a totally new approach to PCs. Quite
simply, I no longer recommend Windows PCs for average users.
Windows is unsafe at any speed.  When someone asks me for
purchase advice, I tell them to go buy an Apple.

For tech savvy users and those committed to the Windows
environment, my advice is simple. First, defend your PCs to the
hilt. Second, abandon Internet Explorer and use alternatives
like FireFox, Mozilla or Opera. Third, don't even think about
using Outlook Express. Fourth, think seriously about migrating
away from MS Office. And, if you’re running a server with IIS,
drop it and go to Apache. In other words, abandon GM and buy a

Now it's easy to state these things but none of these changes is
totally straight-forward or without cost or compromise. That's
why in the next issue I'll talk about what products you need to
properly defend your PC and in subsequent issues to discuss
practical alternatives to mainstream MS products.

Ralph, where are you? We need you.



Send Files up to 1GB for Nix
This is impressive - a free service that allows you to send a
file up to 1GB to another PC or person. Just type in the
recipient’s email address and upload the file. The recipient is
then notified by email and can download the file anytime within
7 days before it is deleted from the server. "No passwords to
share, no software to install, no accounts to create, and no
full mailboxes. Start sending now!"

Great PDF Resource Site
If you are looking for Adobe PDF information or utilities, head
straight for PDFZone. They are currently running an article on
the "Ten Best Free PDF utilities."  Here's the link to the

Imaging Processing Tips
This site offers a good selection of free Photoshop tutorials
and tips. The focus is mainly on photographic images but other
applications are covered as well.

Spam Filters Compared
If you are looking for a new spam filter, this feature
comparison chart may prove handy. It covers 13 major clients
including 8 free products. The second link below is to a series
of product reviews at about.com.

New Search Engine Targets Research
With Google dominating the search engine market, new players are
looking for niches. One such aspirant is Ujiko, a Flash-based
search engine that utilizes the Yahoo search database. It offers
a super clean interface, an elegantly simple site rating system
and a clever way of storing searches. Great for doing in-depth
research, but you'll need Flash installed.

** Bonus Items for Supporters **

Good Spyware Resource Site
The current spyware/adware/scumware plague is reaching near
epidemic proportions.  This free site offers an excellent set of
protection/removal tools and many other resources.

The Definitive Microsoft Outlook Resource Site
Whether you use Outlook as a stand-alone client or together with
Exchange, this site is quite simply the best Outlook resource on
the web.

Wireless Networking Risks
This Wireless LAN Security FAQ conveniently lists in one place
the major Wi-Fi security problems and exposures.

Free Utility Reveals Real HTML Links
This site offers a free web service that shows all the details
an HTML request returns to your browser.  Great for tracking
down what actually happens when you click on sneaky re-directed

Build a High Performance PC for Less Than $1500
Find out how using this step by step guide from ExtremeTech.

Got some top sites to suggest? Send them to


Overcoming the "Updating Windows Conundrum"
As I mentioned in my editorial, anyone who's recently bought a
new Windows XP PC, or is installing Windows XP on an old one, is
faced with a real problem. The version of Windows that's
installed will almost certainly be missing all of the recent
critical Windows updates that prevent the PC from becoming
infected with worms and viruses when connected to the Internet.
But the only easy way of getting the updates is to connect to
the Internet! Even worse, with a modem, the updates can take
hours to download and install, leaving ample opportunity for the
Sasser worm and other nasties to attack your PC. One solution is
to turn on the inbuilt Windows firewall before connecting - the
first link below shows how. Another is to download the updates
on another PC and install them from CD or other media. Rather
than download the patches individually a better alternative is
AutoPatcher, a free service that offers all the post SP1 updates
in a single installation file. (Thanks to subscriber Joe Miles
for prompting me to mention Autopatcher.)

Free Reminder Program
Organik is simple organizer that allows you create scheduled to-
do lists with follow-up alarms and reminders. It handles re-
occurring tasks and has priority settings. It's best suited to
busy folks who simply have lots of different things to get done
rather than those who operate on tight, daily time-slotted
schedules.  Overall, the features are functional rather than
fancy and I'd rate it as a practical and totally usable product.
It's written in Java and thus requires the Java Runtime
Environment. 409KB.

Free Utility to Backup FireFox
"MozBackup is a utility for creating backups of Mozilla, Mozilla
FireFox, Mozilla Thunderbird and Netscape profiles. It allows
you to backup mail, favorites, contacts, etc. This program is
freeware." 731KB.

Free ISO of SUSE 9.1 Linux
The Distrowatch reports, "Departing from its past practice of
not providing ISO images for free download, SUSE has released a
complete, bootable, and installable ISO image of SUSE LINUX 9.1
Personal. You can find it on SUSE's main FTP server or one of
its mirrors, although there is no news about the release on
SUSE's own web site. This is a great way to try out SUSE LINUX
9.1 and see its capabilities, before upgrading to the
Professional edition via FTP or purchasing the full boxed
versions (which includes commercial software).” Amen. I
downloaded it and had absolutely no installation problems.
Download from here: (700MB)

Free Port Scanner
Has your firewall left any of your PC's TCP ports open to
intruders? Find out using this free port scanner. (3.2MB)

Remove HomeSearch Browser Hijack
As you all know, there is a plague of browser hijackers at the
moment. One called HomeSearch is among the most troublesome to
remove. If your browser is linking to res://<some random
characters>.dll/index.html#<more random characters> you are
infected.  Remove HomeSearch using this free tool. Before
running, check out the instructions in the second link. (173KB)

** Bonus Items for Supporters **

Free Word DOC to PDF Converter
This is the first free Word to PDF converter I've seen and I
must say it seems to work very well.    If you want to use some
of the product's advanced features you will have a watermark on
the output, but most users will be able to use the product
without limitation. As a bonus, the product is available in
English, French, German and Spanish versions.  Freeware, 2.6MB

Run Microsoft Office under Linux
Running familiar Windows apps under Linux is one way to
gradually wean users away from the meretricious allure of
Redmond.  There are numerous options for achieving this,
including the venerable Wine, but one of the least troublesome
alternatives is a commercial package called Crossover Office. I
tried it under SUSE Linux V9.1 and had no problems running
Office XP, Adobe Photoshop or even Internet Explorer! (Sic)
Prices start at $39.95 and there's a 30-day free trial. (11.2MB)

Free Utility Controls User Access to USB Drives
Subscriber Bill Henderson writes, “I am one of the IT managers
that distrusts USB drives. A work-around is to download a
program called DEVCON.EXE from the Microsoft web site.
Distribute that round the network, then force-run it on logon
with parameters "disable @USB/*" to kill off all USB activity."
Nice find Bill.  Devcon is a good free alternative to some
expensive commercial products that do the same thing.

Cheap Way to Search Your Email
Regular readers know I'm fond of Enfish Find for searching my
email messages and other personal documents. I recently tried
out another program called Lookout that does essentially the
same thing.  Lookout, however, costs $29.95 rather than the
$49.95 you’d pay for Enfish.  If you use Outlook, I'd definitely
recommend trying out the 30-day free trial version. 849KB.

Got some favorite utilities to suggest? Send them to

What a disastrous month for Microsoft. Horrendous publicity
about unpatched security faults in Internet Explorer followed by
advice from dozens of Security Experts and authorities that
users should consider abandoning Internet Explorer for safer
alternatives like FireFox and Opera.  Even the usually staid
U.S. government's Computer Emergency Readiness Team (US-CERT)
strongly suggested users should switch to another browser!

On July 2 Microsoft released a patch for Internet Explorer that
attempted to reduce future exploits by shutting down ADODB, one
of IE's special (i.e. non-standards compliant) features. It was
no fix rather a kludge with the side effect of breaking all web
sites that rely on ADODB. Worse still, the released patch did
not even cover a number of known IE vulnerabilities despite the
fact that there are active exploits in circulation. They
apparently won't be patched until Windows XP SP2 is released. In
the meantime users who don't want to abandon IE, should set IE
to the highest security setting. This will mean that even more
web sites won't work properly.  Not good folks, not good.  More
details here:

Later in the month Microsoft released seven more patches for
their products as part of their normal monthly security updates.
Two of these were rated "critical." Expect these newly announced
vulnerabilities to lead to a future spate of exploits directed
at unpatched machines. One vulnerability MS04-024, a patch which
MS did not even rate as "critical", looks like a sitting duck.
Some security experts expect the first viruses and worms using
the vulnerability to appear within a week. Go to the Windows
Update service and patch now - thou hast been warned. Here are
the critical patches as well as MS04-024.

Vulnerability in Task Scheduler Allows Code Execution (841873)
Severity: Critical
Systems affected: Win2K SP2-4, Windows XP, XP-SP1
Problem:  “A remote code execution vulnerability exists in the
Task Scheduler because of an unchecked buffer...If a user is
logged on with administrative privileges, an attacker who
successfully exploited this vulnerability could take complete
control of an affected system."

Vulnerability in HTML Help Could Allow Code Execution (840315)
Severity: Critical
Systems affected: NT Workstation and Server 4.0 SP6a
Problem:  “An attacker who successfully exploited this
vulnerability could take complete control of an affected system,
including installing programs; viewing, changing, or deleting
data; or creating new accounts that have full privileges."

Vulnerability in Shell Could Allow Remote Code Execution (839645)
Severity: Important
Systems affected: NT Workstation and Server 4.0 SP6a, Win2K SP2-
4, Windows XP/XP SP1, Server 2003 and possibly Win 98/98SE and ME
Problem:  “A remote code execution vulnerability exists in the
way that the Windows Shell launches applications...If a user is
logged on with administrative privileges, an attacker who
successfully exploited this vulnerability could take complete
control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts
with full privileges. "

Yet Another Unpatched IE Browser Flaw
Security company Secunia is carrying details of a serious flaw
in multiple browsers including IE, Mozilla and Opera that allows
a malicious website to load arbitrary content in an arbitrary
frame in another browser window owned by a trusted site. This
opens major fraud and spoofing opportunities. The problem has
now been fixed in the latest versions of Mozilla, Opera and
FireFox. The vulnerability still exists in several other
browsers including the well known malware vector, Internet

Some Good Security News
In Issue 83 I gave a highly favorable review of the website
vulnerability checking tool called N-Stalker. Since then, the
product has been enhanced and re-launched as SandCat Suite. Its
vulnerability scanner module now applies more than 29,000 checks
to a target website. Another module assesses Apache and PHP
configuration files for potential information leakage while a
third checks HTML pages for potential information disclosure.
Also impressive is a log analyzer tool that looks for attacks
and determines whether they were successful. Most impressive of
all is the subscription price which starts at around $300 a year
which is only a fraction of that for competitive products. The
SandCat Suite brings industrial strength web security within the
reach of even modest sized companies. A free trial version is


A Flash Drive Watch with Street Cred
There are several watches on the market that include an internal
USB flash drive but I wouldn't be caught dead in any of them.
However, a new model called the Edge DiskGo! has just been
released that features a quite attractive steel watch case. No
Cartier mind you, but eminently wearable. The watch includes 128
or 256MB of storage, a retractable USB lead and is available at
an impressively low street price of around $100.

Delete Microsoft's Secret Files from Your PC
Subscriber Ronnie C. writes, “Your readers should be aware of
the really secret Microsoft files that require special knowledge
to even uncover. These files took up almost 3GB on my hard
drive, and caused my WIN98SE OS to crash ... This is a serious
breach of trust, and privacy ... hope you can free up some space
on your server using this info."  Ronnie gave the following
links to an explanatory article and a free removal utility.
Interesting stuff - a little dated but excellent fodder to feed
your MS paranoia. And you know the old definition: "Paranoia is
simply an accurate perception of reality." ;>)

Great PC Tips Book at Bargain Price
Here's a deal. Steve Bass's famous PC Annoyances book is
currently selling at Amazon for $7.98 rather than the normal
$19.95.  For those not familiar with Steve's work, it features
lots of useful tips and tricks written in a light hearted and
irreverent style.  Read it then give it to Aunt Maud to stop her
phoning you for PC help - "It's in the book Aunt Maud, just read
it again."

Hairy Computer Threat
Zinc whiskers are microscopic metallic hairs that can zap the
electronics in your computer systems. The phenomenon has been
known for years but with shrinking electronic componentry,
whiskers are now a real risk for computer users and

Use your iPod for Revenge
From SlashDot: "Ever want to silence the urban assault vehicle
beside you at the stop light, pounding out gangster angst at
orthodontia-rattling volumes? Now you can, and here's how,
courtesy Engadget."

** Bonus Items for Supporters **

Snazzy PDA Cell Phone Comes With Wi-Fi Access
Nice idea eh?  Access data using your PDA phone over Wi-Fi when
in range of a local wireless network, and at other times use the
traditional cell phone system.  Don't rush out with your check
book just yet. Like many cell phone innovations, it's currently
only available in Europe.

Add Google PageRank to Your Mozilla GoogleBar
If you use the IE Google Toolbar, you know just how useful the
Google Page Rank indicator is for determining the importance of
a web site. Users of Mozilla browsers have their own version of
the Google Tool Bar but the Page Rank display is missing. Not
any longer. Nick Stallman has now come up with a version that
adds it in. It's for Mozilla 1.6 and FireFox 0.9. Tip: uninstall
your existing toolbar first and re-start your browser before
installing Nick's upgraded toolbar.

Private File Sharing - The Next Big Thing?
You can see the appeal of closed group file sharing: great for
work groups and a good way to get the RIAA out of the loop. A
few issues back I mentioned Foldershare but there's a lot
happening at the moment. Check these sites:

A Surprisingly Easy Way to Become an Einstein
The Theory of Relativity is about a hundred years old yet most
folks still can't get their head around it. This cute site
explains it simply and light heartedly with animated panels and
even a few games. If you ever wanted to understand relativity,
this is your big chance. All the material is freeware and can be
downloaded for offline use.


How to Overcome Update Problems Updating AVG Anti-virus
The free AVG anti-virus scanner is a life saver for those folks
who can't afford a commercial AV product. However, many folks
experience problems accessing the Grisoft server to get the AV
signature file updates. Outlined below is a procedure (based on
material from http://www.pcsympathy.com) that shows you how to
work around the problem.
A. Navigate to your AVG install directory and rename your
existing url.ini file to url.iniold.

B. Copy and paste the following text between the dotted lines
into notepad.  Don't copy the dotted lines themselves.


Actual URL=3
C. Save the text in your AVG install directory as url.ini.

D. From AVG, you'll now have 3 server options to connect to,
with www.grisoft.com being the default. If one server doesn't
work, try the others. Problem solved!


The Best Free Windows Explorer Replacement
Anyone who tries to do any serious file management quickly runs
into the limitations of Windows Explorer. There are lots of more
powerful replacements available but most of these are expensive
commercial products. The best free version has long been
2xExplorer and the good news is the vendors of that product have
now developed an even more powerful product called Xplorer**2
(the **2 is my plain text transcription of a superscript "2"). A
shareware "Pro" version is available but what interests me is
their free "Lite" version that offers all the features of
2xExplorer plus 31 more! Impressive to say the least. Try it.
Once you get used to a two pane file manager, you'll wonder how
you ever worked without it. Free for home or academic use. 575KB.

** Bonus Freebie for Supporters **

A KaZaa Lite Download Link That Works
A few issues back I mentioned the latest version of KaZaa Lite,
the adware- and spyware-free version of the popular KaZaa file
sharing client. Every week I get email from readers telling me
that the link I gave to KaZaa Lite is now dead. Well, it's true
and so are many other similar links as the owners of KaZaa have
been waging a systematic campaign to eliminate the product from
the Internet. I've located a couple download links that actually
work and, even better, I've also found some links to the latest
version, KaZaa Lite Resurrection. Both KaZaa Lite and
Resurrection are not only free of spyware but also offer
advanced download acceleration together with inbuilt defenses
against RIAA probes. These links could well be pulled down soon
so, if you are into file sharing, grab a copy now while you can.

Final Version of KaZaa Lite, V2.43e (2.66MB)

KaZaa Lite Resurrection (the latest version) (4.0MB)

Got some top sites and services to suggest? Send them in to


You'll find all back issues, a downloadable archive of every
issue ever published plus a growing list of resources
exclusively available to Supporters.

The area is protected.  Use the security information sent to you
when you first subscribed.


If you no longer wish to receive this newsletter, send me an
email at supporters@techsupportalert.com. Remember to state the
email address at which you are currently subscribed.

To change your delivery email address, go the Supporters' area
of the website. There you can manage your subscription on-line.

Receiving duplicate issues?  If you are receiving an unwanted
copy of the standard edition of this newsletter, you can cancel
that subscription by going to
http://www.webelists.com/cgi/lyris.pl?enter=support.alert. Enter
your email address. No password is needed. You can then cancel
your free subscription.

Thanks to subscriber A. Belile for proofreading this issue.

You can contact this newsletter by snail mail at:
Support Alert
PO Box 243
Comstock Park, MI  49321-0243

Content of this newsletter is (c) Copyright
TechSupportAlert.com, 2004

See you next issue