Support Alert
                       Supporters' Edition

                 "Gizmo's top picks of the best
                  Tech resources and utilities"

                 Issue 112 - 18th August, 2004

    Support Alert is a registered online serial publication
                         ISSN 1448-7020.


0. EDITORIAL: Microsoft Security Revisited

 - More Networking Help
 - Searching for Solutions to Tech Problems
 - Windows XP Tips Galore
 - Is Your Bank Account at Risk?
 - Extended List of Extensions
 - HotMail Plays Catch-up
 - Free Up Space on Your Hard Drive (SE Edition)
 - Cheap Groupware/Collaboration Option (SE Edition)
 - Good Resource for Server Software (SE Edition)
 - How to Prevent Your Bank account from Being Plundered (SE
 - The Best BitTorrent Client?
 - Clean Out Internet Explorer
 - Excellent Free Backup Program
 - Lookout Returns
 - Change Proxy Settings Easily
 - Surf Anonymously for Nix (SE Edition)
 - Free Tool Sorts Out Problem-Prone Programs (SE Edition)
 - Free Network Management Tool (SE Edition)
 - Free Utility Speeds-Up Adobe PhotoShop (SE Edition)
 - Best Way to Check Disk Space Usage

 - Cumulative Security Update for Internet Explorer (867801)
 - Vulnerability in HTML Help Could Allow Code Execution (840315)
 - More Vulnerabilities Revealed in Bluetooth Phones
 - Serious Flaw in AOL Instant Messenger
 - Multiple Flaws in PNG Image Format Library

 - Windows XP SP2 Feature Leaves Intel Users in the Cold
 - Swiss Army Knife with USB Flash Drive
 - Memory Timing Explained
 - Wi-Fi Phones Finally Arrive in the USA
 - Sick of Windows? Try Linux
 - Are Humans Encrypted by Aliens?
 - Dream Remote Control (SE Edition)
 - What's New in the World of Hacking (SE Edition)
 - Tweak Your PC To Be Both Fast and Stable (SE Edition)
 - Read New York Times Articles for Free (SE Edition)
 - Make Internet Explorer Open Links in New Window.

 - Tweak Your TCP Settings
 - 309 Megabytes of Free, High Quality Windows Software (SE


"Something stinks in the state of Denmark
Something pongs foul in Seattle
Something reeks all the way from Redmond
But nothing smells sweeter than my Apple"

- Subscriber Jenny Johnson commenting on Microsoft security.
OK Jenny, a little gloating is allowed round here. Not too much
mind you ;>)


The way people think never ceases to amaze me.

Take for example the line of argument put forward by some folks
in their email response to my "move away from Microsoft"
editorial in the last issue.

The argument goes like this:

"There aren't any particular security problems with Microsoft
products. Rather, the problems experienced are largely a result
of the popularity of Microsoft products. It is this very
popularity that makes them a target for hackers. If Apple and
Linux were as popular, they would have the same security

Now, up to this point, I have no problem with this reasoning. In
fact, it clearly has an element of truth to it. Personally, I
think that it's only half the story but let's leave put that
aside for the moment.

No, the problem I have is with the conclusion. The conclusion
that because Microsoft's products are no worse than others in
terms of security defects, there is no reason to change.

I couldn't disagree more.

The popularity of Microsoft products is going to make them an on-
going target for hackers for a very long time. This means that
the security problems currently being experienced will continue
indefinitely. They may even get worse.

Microsoft can't win. They will always be playing a catch-up
game. Whatever patches and fixes they release, the hackers will
be working on new vulnerabilities.

So the popularity of Microsoft products is not a reason for
staying with their products; it's the reason for abandoning them!

Unless of course, you relish the idea of using software that is
constantly the focus of hacker's attacks.

Now don't get me wrong. I'm not Microsoft bashing. If Apple
became as popular as Microsoft and subject to the same security
attacks, I'd suggest you abandon Apple!

The issue is not Microsoft, it's your security. Forget about
being committed to Microsoft or anyone else. Think instead about
what's best for you.

So my advice to you today is the same as I gave last issue. If
you want to reduce your security exposure, start thinking about
using non-Microsoft products. It's in your interest to do so.

And first cab off the rank should be Internet Explorer. With
over 90% of the market, it's going to be the target for hacker
attacks for a very long time.

The case for moving away from Internet Explorer is made more
compelling by virtue of the fact that there is a great
alternative; Mozilla FireFox. It's a better browser, a safer
product and it's free.

As promised last issue, I've written a guide to help you
convert. It argues the pros and cons of making the change and
gives a step by step guide to making a painless transition.

And it's yours for free dear reader. I've put it up on the Tech
Support Alert website at this address:


See you next issue.



More Networking Help
A couple of issues back I mentioned the excellent wireless
networking resources offered by the Practically Networked site.
This prompted subscriber Richard Cowper to write in about the
Home Net Help site.  Nice find Richard. The coverage is wider
than just wireless networking too. Well worth visiting.

Searching for Solutions to Tech Problems
Next time you go Googling to solve a computer problem, try
searching Google Groups, a complete database of millions of
Usenet posts. I find the group search hits for tech problems to
be far more relevant, particularly for more obscure problems.

Windows XP Tips Galore
The first link is to a site offering a nice list of 101 tips
covering ways you can improve performance, increase privacy and
more. The second link is another site which, rather cleverly,
lists its tips in popularity order. Backing
up/restoring/disabling XP activation topped the popularity list.

Is Your Bank Account at Risk?
If you feel that I harp too much about internet security then I
suggest you scan this sobering Garner report about how, during
2004, more than two million folks have had their bank accounts
plundered by Internet bandits.

Extended List of Extensions
This is about as good a list of Windows file type extensions
that I've seen.

HotMail Plays Catch-Up
Last month I mentioned the new upgraded Yahoo webmail service
that offers 2GB for $19.95 a year. Hotmail has now matched this
offer and thrown in a few freebies like anti-virus scanning and
no ads. Ah, it's amazing what happens when you set a Google
amongst the pigeons.

** Bonus Items for Supporters **

Free Up Space on Your Hard Drive
One of the most common questions I get from subscribers is,
"what file types can be safely deleted?"  It's actually a
surprisingly complex question but there's a pretty good answer
at this site.

Cheap Groupware/Collaboration Option
If you are trying to coordinate the efforts of project team
members who are located in different places, you might like to
check out BaseCamp, a web based collaboration service. It's
remarkably simple to set up and use and the service fee is very
modest compared to many other collaboration products. It's not
the fanciest product around but a good example of KISS.

Good Resource for Server Software
The old 32bit.com site has been re-launched to exclusively cover
server software.  The range of products is extensive and grouped
into handy categories like Intrusion Detection, Network
Monitoring, Help Desk Packages, etc. No reviews are provided but
products within each category are listed in user rating order.
A useful resource for network admins and I.T. professionals.

How to Prevent Your Bank Account From Being Plundered
Some phishing hoaxes are so cleverly put together that they even
have arch cynics like me momentarily thinking, "Is this real or
not?"  However, with a small amount of detective work it's
pretty easy to uncover the scam. This short article, "Ten Tips
to Topple E-mail Fraud", provides some useful guidelines to help
you along the way.

Got some top sites to suggest? Send them to


The Best BitTorrent Client?
It's amazing how quickly BitTorrent has become one of the major
download formats. With good reason, too: it's fast, equitable
and efficient. If you haven't yet installed a BitTorrent client
on your PC, you should as there are some great free programs
available. I recommend the Open Source program Azureus. It's
beautifully implemented, well supported and, being Java based,
is available for multiple platforms.  Of course the Java code
will eat up your CPU cycles so you need a fast PC. Those with
older machines should check out BitTornado. It's also cross
platform and is fast and highly configurable as well. Both
products are adware and spyware free.
http://azureus.sourceforge.net/ (4.4MB)
http://bittornado.com/ (3.3MB)

Clean Out Internet Explorer
Over time IE can get loaded up with lots of buttons, toolbars,
context menus and other items that are installed by third party
applications. ToolBarCop is a free utility that allows you to
identify what's been installed and easily remove any item with
the click of your mouse. I used it to remove the remnants of a
download manager that was hanging around long after the product
was uninstalled. Freeware, 132KB.

Excellent Free Backup Program
Thanks to subscriber Brock Keckritz for letting me know about
Cobian backup V5, an open source Windows backup utility with
some advanced features including multi-threading and the ability
to run either as an application or a Windows service. It will
backup to other partitions, drives, network devices and to FTP
either on demand or according to a schedule. Zip compression is
supported. Alas, it won't backup to CD or DVD, but that aside
it's an impressive product well suited to many folks’ data
backup needs. Freeware, 4.3MB.

Lookout Returns
Last issue I mentioned Lookout, an impressive new indexing
program for Outlook 2000 and above. It appears it impressed
Microsoft, too, because they just bought the company. As a
result, the free beta immediately disappeared from the Lookout
web site. (Thanks to subscriber Gary Kuever for letting me
know.) The latest news is that due to public outcry, Microsoft
has re-instated the free beta on the MS website. I've been using
it for a week and it's a great product. It finds email within
Outlook almost instantly and I'd rate it as just as good as
Enfish. Go get it while it's free. (860KB)

Change Proxy Settings Easily
If you move your laptops between different networks, changing
proxy setting can become very tedious. This tiny free utility
permanently stores all your profiles so that changing proxies
takes only two mouse clicks. Freeware, 15KB.

** Bonus Items for Supporters **

Surf Anonymously for Nix
I don't have much need to surf anonymously but, when I do, I use
JAP, a free randomized multi-server service that curiously
enough was developed in Germany. Unfortunately, the system works
so well that the German government recently insisted that a back-
door be added to this system. If you find this off-putting then
you might like to try Tor, a system based on work at the U.S.
Naval Research Lab. It, too, uses chains of random servers to
create anonymity but uses a cute trick where messages are
uniquely encrypted between each successive server pair so that
the full path can never be known. Is there a back door in this?
Well, it did come out of the US Navy ;>)
http://anon.inf.tu-dresden.de/index_en.html (JAP - 370KB)
http://www.freehaven.net/tor/ (Tor - 728KB)

Free Tool Sorts Out Problem-prone Programs
Thanks to Will over at www.fileant.com for letting me know about
Dependency Walker. As the web site states, "This is a free
utility that scans any 32-bit or 64-bit Windows module (exe,
dll, ocx, sys, etc.) and builds a hierarchical tree diagram of
all dependent modules. For each module found, it lists all the
functions that are exported by that module, and which of those
functions are actually being called by other modules. Another
view displays the minimum set of required files, along with
detailed information about each file including a full path to
the file, base address, version numbers, machine type, debug
information, and more." (415KB)

Free Network Management Tool
NetClick LE allows you to manage all computers connected to
Windows NT/2K/XP networks from a single console. The utility
supports both NT domains and Active Directory. It allows central
control of many functions including access to files and shared
resources as well as running processes on any PC. It also allows
full management of all basic objects in the Active Directory and
includes a simple object search. It's free for home or
commercial use but the free version is restricted to 20
computers and two domains. A nice tool for small networks.

Free Utility Speeds-Up Adobe PhotoShop
A couple of issues ago I mentioned a way you could speed up the
load time for the Adobe Acrobat Reader by disabling unnecessary
plug-ins. This free utility will do the same thing for Adobe
Photoshop. (311KB)

Best Way to Check Disk Space Usage
Regular contributor Jeff Partridge writes, "I think you should
take a look at a utility, FolderSizes, as it seems to be the
most complete folder, drive, and file size tracker I’ve come
across. It can be used to track usage data on all drives, even
if they’re on a networked machine, by mapping them into the main
Explorer-like Folder Browser pane. A nice extra touch is that
this software can also search out and display duplicate files
wasting space on your system. What makes this software the most
useful I’ve found is that all these functions can be viewed at
one time. The program window is split into 4 panes. That makes
it easy to remember what you’re doing as you switch back and
forth in your file management chores. Also, program functions
are added to your context menu, so you can reach them from
inside Windows Explorer."  Nice find Jeff but at $34.95 this is
a product that will only appeal to those with a serious space
management problem. Shareware, free trial, 3.5MB.

Got some favorite utilities to suggest? Send them to


The really big news this month is that Microsoft has released
their long awaited Service Pack 2 for Windows XP.

SP2 will be available to end-users by direct download, free CD
or through the normal Windows Update service. As of the time of
writing it's only available by direct download. Microsoft's
official line is "if you want it, turn on automatic Windows
Updates and wait."  The hot tip is that it will progressively
released to Windows update starting from the 26th of August.

However IF you really want it now here's the Microsoft download

Be warned though, it's a 272MB download. That's a mere 10 hours
on your 56kbps modem!

If you wait for SP2 to appear on Windows Update, you'll end up
with a smaller download as the update service will only download
the components that are not already installed on your PC. That's
a much smaller download - maybe only 70MB. No kidding, 'tis true.

If you already have a fully patched PC and you run a firewall
there's no compelling reason to rush in and install SP2 at all.
There's simply not enough in it for you other than a heap of
potential problems.

Microsoft has already released a list of known application
incompatibilities (see below). It will grow, this much I can
assure you. So hang in there and wait for SP2a or whatever the
"revised" version is called.

There are two groups however, that will really benefit from SP2:
first, new PC buyers who at last will have an installed version
of Windows that includes recent security updates and second,
"the great unpatched," the 50% of all users who never patch
their PCs.

The latter are a real problem group as their unpatched PCs are a
vector for viruses.

That's why I suggest you get as many SP2 CDs from Microsoft that
you wheedle out of them. Then distribute them to your friends
and relatives. Heck, why stop there. Give them to folks in the
street. Anyone you can.

The fewer virus vectors out there, the better off we all are.

That job done, I advise relax, sit back and wait for the release
of SP2a.

Some XP SP2 Resources:

Review of SP2:

Changes to Internet Explorer

Microsoft's SP2 Page

Microsoft's SP2 CD Request Page

Microsoft's Listing of Programs that Stop Working with SP2

SP2 Firewalls limitations

This month Microsoft also released an out-of-course set of
patches for three critical vulnerabilities in Internet Explorer
and another critical vulnerability in the Windows HTML Help
System. If you haven't already installed these patches, go to
Windows Update and install them now as there are exploits for
some of these vulnerabilities currently in circulation.

Cumulative Security Update for Internet Explorer (867801)
Severity: Critical
Systems Affected: Internet Explorer V5 and 6
Problem:  “This update resolves three newly discovered public
vulnerabilities. If a user is logged on with administrative
privileges, an attacker who successfully exploited the most
severe of these vulnerabilities could take complete control of
an affected system..."

Vulnerability in HTML Help Could Allow Code Execution (840315)
Severity: Critical
Systems Affected: Win 98/SE/ME, Win NT (except Sp6a), Win 2000
SP/3/3, Win XP/SP1, Server 2003
Problem:  “This update resolves two newly-discovered
vulnerabilities. If a user is logged on with administrative
privileges, an attacker who successfully exploited the most
severe of these vulnerabilities could take complete control of
an affected system, including installing programs; viewing,
changing, or deleting data; or creating new accounts that have
full privileges...."

More Vulnerabilities Revealed in Bluetooth Phones
What started out as a curiosity item is now turning into a real
threat.  Not only can an attacker steal confidential information
stored on your Bluetooth phone, but they can also modify
information or even convert your phone onto a microphone for
eavesdropping on your private conversations.  This site lists
known vulnerabilities and the phone models affected.

Serious Flaw in AOL Instant Messenger
Security firm Secunia has reported vulnerability in AOL IM
V5.5.3595 and possibly other versions. "The vulnerability is
caused due to a boundary error within the handling of "Away"
messages and can be exploited to cause a stack-based buffer
overflow by supplying an overly long "Away" message (about 1024
bytes). A malicious website can exploit this via the "aim:" URI
handler by passing an overly long argument to the
"goaway?message" parameter. A hacker could use the "Away"
message feature to take control of a PC."  AOL has acknowledged
the problem and a new version of IM is available that resolves
the vulnerability.

Multiple Flaws in PNG Image Format Library
CERT has issued an advisory covering six potentially serious
flaws in Libpng, a public domain library of programs used in
processing the widely used PNG image format. The flaws if
exploited could cause system crashes or worse. The SourceForge
project team has released an updated version of the library
1.2.6rc1 that resolves the problem. Many systems and vendors use
the library including Linux, Apple, Microsoft and Mozilla to
name a few. Mozilla fixed the problem same day.


Windows XP SP2 Feature Leaves Intel Users in the Cold
Microsoft has been trumpeting a new security feature in SP2
called Data Execution Prevention (DEP) that helps prevent buffer
overflow exploits. The catch is that the feature only works on
PCs with AMD Athlon 64, Sempron (mobile), or Opteron processors.
Intel CPU support will not be introduced until late 2004 or
early 2005.

Swiss Army Knife with USB Flash Drive
Last issue I mentioned a watch with a built-in flash drive. This
issue, it's a Victorinox Swiss Army Knife. It's only a 64MB unit
but that’s not the only problem; try getting this baby through
airport security.

Memory Timing Explained
Do you need expensive PC4000 memory for your PC or can you get
away with the cheaper PC3200? Get the answer to this question
and more from this useful though somewhat jargon-ridden article.

Wi-Fi Phones Finally Arrive in the USA
Japan and Europe have had for some time cell phones that move
voice and data calls seamlessly between the cell network and Wi-
Fi networks. Motorola has just announced a US model, the CN620,
to be released by Fall or early 2005. It's a quad band GPS phone
so it's most likely to be carried by AT&T Wireless, Cingular
Wireless and T-Mobile USA.

Sick of Windows? Try Linux
With all the ongoing security problems, even Windows stalwarts
must be beginning to think it's time to explore Linux. There are
several ways you can do this without abandoning Windows: You can
run Linux from a boot CD version like Knoppix, run Linux in a
virtual machine, or simply operate a dual boot Windows/Linux
system. This article from CNet offers a step by step guide to
the dual boot option.

Are Humans Encrypted by Aliens?
The renowned Astrophysicist Paul Davies has proposed the
fascinating idea that human DNA could contain primordial
messages encoded early in our evolution by advanced extra-
terrestrials. Carl Sagan must be smiling in his grave. More here:

** Bonus Items for Supporters **

Dream Remote Control
With a Linux operating system, 200 MHz processor, 32 megabytes
of on-board memory, USB interface and a Memory Stick media slot,
the Sony Navitus Remote Control is more powerful than many 1980s
PCs. All this power drives the myriad of features that include
full programmability, auto learning from other remotes, a full
color tactile response touch screen and much more. I
particularly liked the macro capability that allows you to
initiate a myriad of pre-programmed operations at the touch of a
single button. Oh, the price. Around $700. Dream on baby, dream

What's New in the World of Hacking
Discover all by reading this excellent summary of what happened
at Defcon 12, the most recent black-hat hacking conference.

Tweak Your PC To Be Both Fast and Stable
According to Ben Kirkwood, the trick is to utilize lean, well-
made apps. Full details here:

Read New York Times Articles for Free
The NYT requires registration and/or a fee to access much of
their archival online material. According to the trade ezine
Search Engine Watch, you can bypass the system by just adding
&partner=USERLAND to the end of any NYT URL. Apparently it's a
spin-off from a deal arranged with blogger Dave Winer. There's
even a tool available that automates the process.


Make Internet Explorer Open Links in New Window.

If you intend to continue using Internet Explorer, here's a way
to overcoming one of its most annoying habits.

Since V5, Internet Explorer opens all links that you click
within other applications such as email, in the same window.  So
for example, if you are reading this newsletter and click two
links in succession, the first will load and then be over-
written by the second. Tres annoying.

Far preferable is to have IE open the second and any subsequent
link in separate windows. Here's how you do it:

From Internet Explorer select Tools/Internet Options/Advanced.

Then uncheck the option "Reuse windows for launching shortcuts".

Click "Apply" and the job is done. No more over-written browser

Once you've made this change, the next logical step is to ensure
the new windows open in the background so as not to disturb your
reading. You can do this using a free tool called "Heldup". Get
it from here:


Tweak Your TCP Settings
Whether you use a modem or broadband, you'll get a faster
connection if you tweak your connection's TCP parameters. Among
the most important of these is MaxMTU which, in simple terms, is
the largest chunk of data you can send without it being broken
up into smaller chunks en-route. Most techies determine MaxMTU
by trial and error pinging using different packet sizes but it's
a tedious procedure and definitely not for beginners.
TCPOptimizer from SpeedGuide.net is a free utility that will do
the job for you automatically. Furthermore, it will use this
value to advise you on your other TCP settings and then apply
these values at the press of the button. There are commercial
programs that will do much the same thing but TCPOptimizer does
it just as well and is totally free. The only minus is the lack
of in-program help. However you'll find a useful FAQ at the
SpeedGuide site. (225KB)

** Bonus Freebie for Supporters **

309 Megabytes of Free, High Quality Windows Software
In previous issues I've mentioned some of the outstanding free
Linux software compilations that are available but this is the
first time I've seen anything comparable for Windows. The
quality is outstanding and the range excellent. There is
software here that will handle most normal PC tasks and it's all
free. The download is in the form of a 309MB ISO file which
you'll need to burn to CD. Conventional FTP and BitTorrent
download options are available.

Got some top sites and services to suggest? Send them in to


You'll find all back issues, a downloadable archive of every
issue ever published plus a growing list of resources
exclusively available to Supporters.

The area is protected.  Use the security information sent to you
when you first subscribed or in subsequent advisories.


If you no longer wish to receive this newsletter, send me an
email at supporters@techsupportalert.com. Remember to state the
email address at which you are currently subscribed.

To change your delivery email address, go the Supporters' area
of the website. There you can manage your subscription on-line.

Receiving duplicate issues?  If you are receiving an unwanted
copy of the standard edition of this newsletter, you can cancel
that subscription by going to
http://www.webelists.com/cgi/lyris.pl?enter=support.alert. Enter
your email address. No password is needed. You can then cancel
your free subscription.

Thanks to subscriber A. Belile for proofreading this issue.

You can contact this newsletter by snail mail at:
Support Alert
PO Box 243
Comstock Park, MI  49321-0243

Content of this newsletter is (c) Copyright
TechSupportAlert.com, 2004

See you next issue