========================
                         Support Alert
                       Supporters' Edition
                    ========================
                    www.techsupportalert.com

                 "Gizmo's top picks of the best
                  Tech resources and utilities"

                 Issue 114 - 20th October, 2004

    Support Alert is a registered online serial publication
                         ISSN 1448-7020.

                        <<<<<<<<<>>>>>>>>
 

IN THIS ISSUE:
==============
 
0. EDITORIAL: Security Software Survey – First Results

1. TOP TECH SITES
 - Excellent Free Tech Support Site
 - The Dangers of Scrap Files
 - Stop Sending Email to Yourself
 - Black Hats Get Organized
 - A Better Way to Build a Tin Can Wi-Fi Antenna
 - Free Linux Desktop Guide for Non-Linux Users
 - New Service Stops Unknown Email Viruses (SE Edition)
 - Move Your Bookmarks from One Browser to Another (SE Edition)
 - Why Linux File Systems Don't Fragment (SE Edition)
 - Learn HTML for Free (SE Edition)
 - What to do When You Get the Blue Screen of Death (SE Edition)
 
2. UTILITIES
 - Free Desktop Search from Google
 - The Best File Sharing Client?
 - Run Windows Software on a Mac
 - Free Product Zaps New and Unknown Viruses
 - How to Manage Your XP SP2 Firewall
 - The Best Free Registry Editor (SE Edition)
 - Great Free HTML Editor and PHP Editor (SE Edition)
 - How to Legally Share Music & Videos (SE Edition)

3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
 - Microsoft Dumps All Non-XP Users
 - Microsoft JPEG Flaw to be the Next Big Thing
 - Serious Unpatched Flaws in Word 2000 and ASP.NET
 - Cumulative Security Update for Internet Explorer (834707)
 - Windows Shell Bug Could Allow Remote Code Execution (841356)
 - NNTP Flaw Could Allow Remote Code Execution (883935)
 - Vulnerability in SMTP Allows Remote Code Execution (885881)
 - Zipped Folders Flaw Could Allow Remote Code Execution (873376)
 - Vulnerability in Excel Allows Remote Code Execution (886836)
 - Security Update for Microsoft Windows (840987)
 - Don't Opt Out of Spam Email
 - RealPlayer PCs Could be Exploited by Playing Movie

4. OTHER USEFUL STUFF
 - Control Your PC from 10 feet Away
 - Huge Capacity CompactFlash Memory Cards Arrive
 - Get Opinions on Everything
 - Tidy Up Those Cables
 - A Real Flight of the Imagination
 - Twenty Six Malware Products on Each PC
 - How to Improve Your Chances of Getting that Job (SE Edition)
 - Difference Between Regedit and Regedt32 (SE Edition)
 - How to Find the Cheapest Gas (SE Edition)
 - How to Speed up Your P2P Downloads (SE Edition)
 - Adware Gets Past Gizmo

 
5. TIP OF THE WEEK
 - Disabling Windows Messenger

6. FREEBIE OF THE WEEK
 - The Best Windows Program Launcher
 - The Best Free Anti-Trojan Scanner - revised (SE Edition)

QUOTE OF THE WEEK
=================

"The problem with troubleshooting is that trouble shoots back.”

- Anon.

0. EDITORIAL
============

This is a “good news” editorial. Actually the good news is from
you dear readers, I'm just reporting it.

Last issue I asked readers to send in details of the security
products they use and their experiences with how these products
work together.

Well nearly 1000 folks wrote in, 974 to be precise.  I was
overwhelmed with the generosity of your response. Thank you all.

It's going to take quite a while to analyze the results and in
the coming weeks I’ll write up a full report on the web site.
But even now certain things are already clear. Three things in
fact:

First, a lot of you readers have very well protected systems.

Second, those with good protection rarely, if ever, have
security problems.

Third, compatibility between different security products was not
really a major issue. However, product overlap was.

In the limited space of this editorial, I'm only going to deal
with the first finding. I'll deal with the others in the full
report on the web which I hope to have ready by next issue.

Now, it's not really too surprising that so many of you have
excellent computer security. After all, this is a technical
newsletter and you, dear subscribers, are not exactly your
average Joe in the street.  Bear in mind, too, that the folks
who responded to the survey are more likely to have good
security compared to subscribers as a whole.  That's because
they are rightly proud of how they have secured their systems
and hence more likely to respond to the survey.

But what is a well protected system? Simple: it's a system with
layered defense. That is, a system that does not rely on a
single security product but one that utilizes several different
products, each designed to carry out a specialized task.

By the far the most common configuration reported in the survey
was a three layer approach:

- A virus scanner (Usually Norton, McAfee, AVG or Avast)
- An anti-spyware product (Ad-Aware, SpyBot or SpySweeper)
- A 3rd party firewall (ZoneAlarm, Kerio, Sygate or hardware-
based)

(The products shown in brackets were the most commonly used.)

Some folks had fewer layers, many had more. Jim Kerrigan had the
most - 11 products covering seven different layers. No one is
getting into Jim's system anytime soon!

The more layers, the better protection. However, the more
layers, the greater the setup complexity, the greater the CPU
overhead, the greater the user inconvenience and the greater the
maintenance requirement.

What's the ideal number of layers?  The answer depends on your
risk level.

If you are a normal user who just uses email and does a bit of
surfing then three is probably fine.

If you use P2P networks or IM, install a lot of utilities or
like to explore the nether regions of the web then you need
additional layers. The more adventurous your activities, the
greater your need for protection. But what additional protection
layers do you need?

To start, you need a specialized Trojan scanner. AV scanners are
just not good enough at detecting modern Trojans. To underscore
the point, I'm currently reviewing anti-Trojan products over at
http://www.anti-trojan-software-reviews.com using a test set of
Trojans that were all missed by Norton AV 2004. That’s right
folks, using the trojans MISSED by Norton. Before you AVG users 
get too chirpy, let me tell you AVG missed even more!

In the reader security survey, the most common anti-Trojan
applications used were TDS-3, Trojan Hunter and BoClean. The
first two are fine choices but I have reservations about
BoClean. You can find my reviews of them over at the anti-Trojan
site if you are interested. There are some passable free anti-
trojan scanners as well and I’ll cover these in the full web
report.

Another layer is active protection for your key Windows system
areas. This includes protection of the Windows startup areas,
the registry, browser helper objects and the integrity of DLLs
and running processes.

Now, some of these functions may be performed by other security
layers. Some firewalls for example optionally check process CRC
integrity while some anti-spyware products keep an eye on
startup programs and browser helper objects. No single product
does everything, however, so you need at least one, maybe two
additional products.

In the security survey, the most common additional product was
WinPatrol. Again, a good choice, though it does overlap with the
monitor in SpyBot and is not as powerful as my favorite, RegRun.

Yet another security layer you can add is active protection for
your security products themselves. Modern malware will now
routinely try and pull down your defenses.  Thankfully, security
vendors are now building better defenses into their products.
Indeed, some AV scanners and firewalls now run at kernel level
and can't be easily pulled down. Many, however, including
products like SpyBot, Ad-Aware and WinPatrol, are vulnerable to
attack and need to be defended.

According to the survey, the most common protective program used
was Process Guard. It's a great choice as it is the best product
in its class though, frankly, a beast to properly setup.

Another additional security layer you might want to consider is
generic malware protection.  This is a relatively new approach
which tries to detect malware products by their behavior rather
than by their unique individual signatures. Products in this
group are targeting a weakness in all AV scanners: the short
time gap between the time a new virus emerges and the time the
AV vendors update and distribute their signature databases.
During that time, your AV scanner is largely useless in
defending you against any new virus.

Not many folks in the survey currently use these generic defense
products. The only two mentioned were Abtrusion Protector and
Qwik-Fix Pro, two quite products that adopt quite different
approaches. The degree of effectiveness of these products is yet
to be established but certainly the promise is attractive.
Personally I find Abtrusion Protector eats up too many CPU
resources to warrant general recommendation and I’m yet to be
convinced whether Quik-Fix is worthwhile. If you use either of
these products let me know what you’ve found.

The final way to add additional protection is to duplicate an
existing protective layer. Quite a few users who responded to
the survey do this. Examples would include running a hardware
and software firewall, using two spyware scanners not just one
and using a second anti-virus product as an on-demand scanner.

I think this is a great way to go, particularly if you can use
free products. However it’s also the area most liable to product
conflict. In my full web article I’ll be giving specific product
recommendations how to duplicate your protection without product
conflict.

The number of layers of protection you use is ultimately a
personal choice. Like all security systems, greater security
means greater inconvenience in return for improved protection.

At the very least you need three layers: an AV scanner, a
firewall and an anti-spyware product. After that it's your call.

By next issue I should have the full report up on the web. It
will deal with the question of choosing the right products for
each layer, product combination and product interaction. It’s a
complex issue but one I’m sure you’ll find most interesting.

Thanks again to those who responded to the survey. It really is
appreciated - we can all learn from each others’ experience.

See you next issue.

Gizmo
Editor@techsupportalert.com
 

1. TOP TECH SITES
=================

Excellent Free Tech Support Site
Subscriber Ted Green writes: "Thanks a million Gizmo for telling
me about the Tek-Tips forums. With the help of the forum members
I solved a Windows shutdown problem that was driving me nuts."
Note, though, that Tek-Tips is geared toward  experienced users.
Beginners may get better results from the TechSupportGuy forums.
Both are free and well worth trying.
http://www.tek-tips.com/
http://forums.techguy.org/

The Dangers of Scrap Files
Almost no-one has heard of Windows scrap files, a strange file
type that's a by-product of the Windows OLE system. The problem
is that because of icon similarity, they can easily be mistaken
for text files, and simply opening one may lead to you being
infected by a Trojan.  I suggest all PC users read this useful
article which not only explains the concept but also lets you
know what to look out for.
http://www.trojanhunter.com/papers/scrapfiles/

Stop Sending Email to Yourself
A lot of folks regularly email information from one mail account
to another. Most commonly this is from a work account to a home
account and vice versa.  This site offers a free service that
allows you to post notes to yourself on the site which you can
then access from any web browser. Kind of like post-it notes
that you can read from anywhere. No-one else can read the notes
as they encrypted with your password.  A neat free service.
http://www.chimenote.com/

Black Hats Get Organized
Metasploit Framework is a site guaranteed to scare a little
common sense into those complacent about computer security. It
offers "an advanced open-source platform for developing,
testing, and using exploit code." In other words, an easy-to-use
modular system for script kiddies and other ill-intentioned
individuals to put together their own exploits.
http://www.metasploit.com/projects/Framework/
 
A Better Way to Build a Tin Can Wi-Fi Antenna
Surprisingly, these things actually work. I've mentioned a
construction guide in a previous issue but this one from
ExtremeTech is both clearer and more precise.
http://www.extremetech.com/article2/0,1558,1643394,00.asp

Free Linux Desktop Guide for Non-Linux Users
This really is a splendid piece of work. It's complete, it's
well written, it's downloadable and it's free. Starting at
basics, it works its way through file management, using email
and the internet and on to using Open Office. It's offered under
the Creative Common license and is available in both OpenOffice
Writer and PDF formats. This is a gem.
http://www.iosn.net/training/end-user-manual/
 

** Bonus Items for Supporters **

New Service Stops Unknown Email Viruses
One of the problems of anti-virus products is that they offer
very little protection against new viruses until the new virus
is included in the AV signature file.  This can leave users
exposed for hours or even days. Avinti is offering a clever
solution in the form of an isolation server that sits between
the corporate mail server and the user. The isolation server
executes any email scripts or attached executables in an
isolated virtual machine environment and checks for malware-like
behavior. If found, the offending attachment is stripped from
the email.  More details here:
http://www.avinti.com/products/iserver.asp

Move Your Bookmarks from One Browser to Another
IE, Mozilla and FireFox all offer bookmark (favorites) import
and export options. However, with some browsers (such as AOL),
the options are more limited. This site offers a free service
that allows you to import bookmarks in nine different formats
and export them in seven. A site well worth, er, bookmarking.
I'm yet to find a product that allows me to locally hot sync my
FireFox and IE bookmarks. If you know one, drop me an email.
http://www.linkagogo.com/go/Convert

Why Linux File Systems Don't Fragment Like Windows
If you are like me and wondered why, you'll find the answer in
this article which discusses file system architecture in great
detail.  Warning - high geek factor.
http://namesys.com/content_table.html

Learn HTML for Free
I often get requests from readers asking how they can best learn
HTML. I usually refer them to this site that offers a free on-
line tutorial. The course starts from a very basic level and
takes about five hours to complete after which you will have
learned more than enough to build a simple web site.  The same
site offers a number of other free courses such as dynamic HTML
and Windows 2000 server but I haven't tried these.
http://www.e-learningcenter.com/free_html_course.htm

What to do When You Get the Blue Screen of Death
TechRepublic is offering an excellent PDF white paper that
explains in detail the error conditions that give rise to the
dreaded BSOD and offers useful guidance how to track down the
problem. It's free but registration is required.
http://itpapers.techrepublic.com/abstract.aspx?docid=46597&promo=490060

Got some top sites to suggest? Send them to
mailto:supporters@techsupportalert.com
 

2. UTILITIES
=============

Free Desktop Search from Google
Well the long-awaited Google desktop search has finally arrived
(at least in beta form) and it's looking awesome. Like other
desktop search programs, it indexes the content of your local
files such as email, Office documents and web pages.  The full
list of file types indexed at the moment is: TXT, HTML, DOC,
XLS, PPT, Outlook 2000+, Outlook Express 5+, AOL 7+ and AOL
Instant Messenger 5+, with more types to be added in later
versions.  The feature that really grabbed my attention, though,
is the indexing of all web pages that you visit as well as pages
you have visited in the past. It works brilliantly and will
really help with the standard problem of finding information you
remember seeing on some now-forgotten web site. (Before you get
worried about security issues, Google provides an option of
turning off indexing for secure html pages.) Also nice is the
ability to search email and view the results in conversational
threads. Yet another neat feature is the integration of desktop
and web search into a single function with the presentation of
all search results in familiar Google format. I only have two
beefs: first the display format is not ideal for quickly finding
email. Second, it only works with Internet Explorer which is a
bit of a bummer for we FireFox users. Let's hope for a Mozilla
version soon. Initial impression?  It's still only a beta but
this will be one to beat. Once it matures, I can't imagine any
PC being without it. Freeware, 446KB.
http://desktop.google.com/about.html

 
The Best File Sharing Client?
Regular readers of this newsletter know that I regard public
file sharing networks to be malware distribution systems. That
said, I know a lot folks use them so I'll pass on this comment
from subscriber Jenny Ho. "Gizmo, you've mentioned KaZaa lite a
couple of times as the best P2P client. It is a good program but
all my friends have now moved on to Shareaza. It's a public
domain program, doesn’t contain any adware and spyware, and it
connects all the major P2P networks. It's also fast and really
easy to use." Well, I can confirm Jenny's comments about ease of
use - Shareaza has the best interface of any P2P client I've
seen. On speed I found Shareaza's downloads to be faster only
for larger files. I know because I used both clients to download
over 1,000 executable files to create a test data set for my
most recent series of reviews of anti-Trojan programs.
(Incidentally, over 300 were infected with malware.) MP3
swappers would be advised to read the Shareaza FAQ which tells
you how to set up block lists to keep the RIAA at bay. Freeware,
3.15MB.
http://www.shareaza.com

Run Windows Software on a Mac
Microsoft has released version 7 of Virtual PC for Mac, a
Windows OS emulation package that runs on the Mac as a host
operating system. Early reports suggest that you need at least a
G5 to get decent performance but, that caveat aside, it's a
great way to run a piece of essential Windows software on a Mac
yet retain full Mac OS functionality. Prices start at $129.
http://www.microsoft.com/mac/products/virtualpc/virtualpc.aspx?pid=virtualpc

Free Product Zaps New and Unknown Viruses
Even users with well protected PCs are vulnerable to new viruses
and worms during the critical time slot between the first
appearance of the virus and the time it takes for AV vendors to
update their signature database. A number of companies offer
claimed solutions: one is PivX who markets a product called Qwik-
Fix Pro. This works by providing a degree of generic protection
combined with defenses against potential exploits the company
has identified from its own research. I have no way of testing
such a product but the idea is sound - just think of all those
known but yet unpatched Internet Explorer bugs. Others clearly
agree - the company certainly has some heavyweight customers.
The good news is that a home PC edition is available and it's
free until the end of October. Registration required, 1.26MB.
http://www.pivx.com/qwikfix.asp

How to Manage Your XP SP2 Firewall
Ok.  You've taken the plunge and installed SP2. Wouldn't it be
nice to be able to control your enhanced firewall, check current
activity or inspect the logs? Well you can do all that with
FirePanel XP, a $10 shareware product. The download is only
170KB but you need to have the Microsoft .NET framework
installed on your PC.
http://www.router19.org/

** Bonus Items for Supporters **

The Best Free Registry Editor
I've used the full version of Resplendent Registry Editor for
years and have never had any reason to look for an alternative.
Recently a subscriber asked me what was the best free registry
editor and that made me realize I've never looked at that
particular product category. The first product I checked out was
Registrar Lite, the free version of Resplendent Registry Editor
and I'd have to say it's an impressive freebie. To start with,
it works totally reliably - an essential feature for any
registry editor. On top of that, the user interface is simple,
the functionality excellent and, perhaps most importantly, it
has a really fast search. I did, however, miss a "search and
delete" option - that's only available on the full product. That
said, it leaves Regedit for dead. If you know a better free
registry editor, drop me an email. Freeware, 2.0MB.
http://www.resplendence.com/reglite

Great Free HTML Editor and PHP Editor
Subscriber Robert Murray writes, "Hi Gizmo, I enjoy every issue
of your great newsletter so I thought I'd repay you by letting
you know about two little finds of my own.  Both are from the
hand of seventeen year old Danish wunderkind Michael Pham.  The
first is a neat HTML editor called HTMLGate and the other is a
PHP programming editor called PHP Designer. I'm a semi-
professional web site designer and use both products every day.
What more can I say?"  Indeed, Robert, using these products
professionally is a high tribute.  I note that both are only
free for home use so I hope you made a generous contribution to
Michael ;>)
http://www.mpsoftware.dk/htmlgate.php  (2.0MB)
http://www.mpsoftware.dk/phpdesigner.php (1.3MB)

How to Legally Share Music and Videos with your Friends
Grouper is a free P2P software application that allows you share
MP3s, photos and other files with up to 30 family members or
friends. Where Grouper differs from other P2P networks like
KaZaa or eDonkey is that it allows users in the group to access
media files held on another PC. This means you can play music on
your PC that is stored on someone else's PC. Non-copyright files
like digital photos can be physically transferred if you wish.
Add to this free chat and messaging and you have a very
attractive package.  Currently it's free. (1.2MB)
http://www.grouper.com/

Got some favorite utilities to suggest? Send them to
mailto:supporters@techsupportalert.com
 

3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
=================================================

Another bad month for Microsoft.  First, lots of negative
publicity about the company dumping non-XP users. Second, the
ominous appearance of several different examples of malicious
programs that utilize a JPEG vulnerability that affects dozens
of MS products. Third, independent researchers revealed serious
unpatched flaws in important MS products. Finally, Microsoft
itself released a massive batch of 10 new security advisories,
seven of which are rated 'Critical."

Microsoft Dumps All Non-XP Users
During the month, the folks at Redmond have spelled out loud and
clear that the security enhancements to Internet Explorer
offered in Windows XP SP2 will not be made available for any
Windows operating system prior to XP.  The intent is evident:
they want everyone to upgrade to Windows XP. If you don't want
to upgrade then you really should abandon using Internet
Explorer right now as hackers will be emboldened by the
announcement to target IE on non-XP PCs. FireFox is a great
alternative browser, a superior product in fact, so why wait?
Read my IE to FireFox migration guide here:
http://www.techsupportalert.com/firefox.htm

Microsoft JPEG Flaw to be the Next Big Thing
When Microsoft announced last month a widespread JPEG flaw in
its products, experts predicted it was only a question of time
before a massive web-wide attack occurred utilizing the bug.
The first exploits in fact appeared within a week of the MS
revelations, though they were more demonstration examples than
active threats. Later examples have proved more threatening,
though none has yet to include an effective propagation system.
It looks increasingly likely though, that the threatened big one
will happen. To prevent your system being attacked you have to
do more than rely on Windows Update. You also have to visit the
Office Update site and do additional checks for other vulnerable
products as well. Full instructions here:
http://www.microsoft.com/security/bulletins/200409_jpeg.mspx

Serious Unpatched Flaws in Word 2000 and ASP.NET
Security company Secunia has issued an advisory covering a
“highly critical" buffer overrun problem in Word 2000 and
possibly Word 2002 as well. Secunia has advised users not to
open untrusted Word documents especially those that are hosted
on web sites. Microsoft is investigating the claim.  They have,
however, conceded another flaw, this one covering the widely
used ASP.net server product. The flaw could allow an attacker to
gain access to a password protected area of a web site simply by
a simple character substitution in the URL. No patch is
available but MS has published a workaround.
http://secunia.com/advisories/12758/
http://support.microsoft.com/?kbid=887459

Cumulative Security Update for Internet Explorer (834707)
Severity: Critical
Systems Affected: Internet Explorer V5 and V6
Problem:  This major update addresses seven new IE
vulnerabilities including three rated as critical. All users
should apply this update immediately through Windows Update.
http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx

Windows Shell Bug Could Allow Remote Code Execution (841356)
Severity: Critical
Systems Affected: Most versions of Windows other than XP SP2
Problem:  This patch covers two flaws, only one of which is
rated critical. The critical flaw "exists in the way that the
Windows Shell starts applications. An attacker could exploit the
vulnerability if a user visited a malicious Web site. If a user
is logged on with administrative privileges, an attacker who
successfully exploited this vulnerability could take complete
control of an affected system."
http://www.microsoft.com/technet/security/bulletin/ms04-037.mspx

NNTP Flaw Could Allow Remote Code Execution (883935)
Severity: Critical
Systems Affected: Specific versions of NT/2000/2003 server as
well as Exchange server
Problem:  "A remote code execution vulnerability exists within
the Network News Transfer Protocol (NNTP) component of the
affected operating systems. This vulnerability could potentially
affect systems that do not use NNTP. This is because some
programs that are listed in the affected software section
require that the NNTP component be enabled before you can
install them. An attacker could exploit the vulnerability by
constructing a malicious request that could potentially allow
remote code execution. An attacker who successfully exploited
this vulnerability could take complete control of an affected
system."
http://www.microsoft.com/technet/security/bulletin/ms04-036.mspx

Vulnerability in SMTP Could Allow Remote Code Execution (885881)
Severity: Critical
Systems Affected: Server 2003 plus some Exchange server 2003
configurations
Problem:  "A remote code execution vulnerability exists in the
Windows Server 2003 SMTP component because of the way that it
handles Domain Name System (DNS) lookups. An attacker could
exploit the vulnerability by causing the server to process a
particular DNS response that could potentially allow remote code
execution. An attacker who successfully exploited this
vulnerability could take complete control of an affected system.
The vulnerability also exists in the Microsoft Exchange Server
2003 Routing Engine component when installed on Microsoft
Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service
Pack 4."
http://www.microsoft.com/technet/security/bulletin/ms04-035.mspx

Zipped Folders Flaw Could Allow Remote Code Execution (873376)
Severity: Critical
Systems Affected: Windows XP/XP SP1 and Server 2003
Problem:  "A remote code execution vulnerability exists in
compressed (zipped) folders because of an unchecked buffer in
the way that it handles specially crafted compressed files. An
attacker could exploit the vulnerability by constructing a
malicious compressed file that could potentially allow remote
code execution if a user visited a malicious Web site. An
attacker who successfully exploited this vulnerability could
take complete control of an affected system. However, user
interaction is required to exploit this vulnerability."
http://www.microsoft.com/technet/security/bulletin/ms04-034.mspx

Vulnerability in Excel Could Allow Remote Code Execution (886836)
Severity: Critical
Systems Affected: Excel 2000/2002/2003 plus Mac versions. Note
Office XP Service Pack 3 systems are NOT vulnerable.
Problem:  "A remote code execution vulnerability exists in
Excel. If a user is logged on with administrative privileges, an
attacker who successfully exploited this vulnerability could
take complete control of the affected system."
http://www.microsoft.com/technet/security/bulletin/ms04-033.mspx

Security Update for Microsoft Windows (840987)
Severity: Critical
Systems Affected: Win2k SP3/SP4, Windows XP/XP SP1, Server 2003
Problem:  "This fix covers four flaws, one of which, a bug in
the graphics rendering system, is rated critical. A remote code
execution vulnerability in the rendering of Windows Metafile
(WMF) and Enhanced Metafile (EMF) image formats that could allow
remote code execution on an affected system. Any program that
renders WMF or EMF images on the affected systems could be
vulnerable to this attack. An attacker who successfully
exploited this vulnerability could take complete control of an
affected system."
http://www.microsoft.com/technet/security/bulletin/ms04-032.mspx

Don't Opt Out of Spam Email
Experienced users have long known not to click opt-out links in
spam mail. That's because clicking these links can tell the
spammer that they have scored a live email address. As a result,
you'll get more spam not less.  But now there's another reason
not to click these links. Security firm MessageLabs claim they
have identified a number of spam messages that use JavaScript to
redirect anyone who clicks an opt-out link to a hostile website.
That site then attempts to download an executable file that
would allow the spammer to take control of the user's PC. The
moral of the story: totally ignore all spam.
http://www.messagelabs.com/news/virusnews/detail/default.asp?contentItemId=1177&region=

RealPlayer PCs Could be Exploited by Playing Movie
RealNetworks has announced a critical vulnerability in numerous
versions of RealPlayer that could allow an attacker to run a
Trojan program. The flaw can be exploited by simply tempting a
user to run a specially encoded movie file. A fix is available
and can be accessed by using the update feature within
Realplayer.
http://service.real.com/help/faq/security/040928_player/EN/
 

4. OTHER USEFUL STUFF
=====================

Control Your PC from 10 Feet Away
Here's something to consider if you play music or watch TV from
your PC but don't want to pay for Windows Media Center Edition.
SnapStream Firefly is a remote control/software bundle designed
to allow you to operate your PC at a distance. It works by
displaying options on your PC using a large screen font. You can
then select between options using the wireless remote.  It works
with 80 or so multi-media applications and offers a degree of
customization.  The 30-foot range remote is a plus though,
unfortunately, it's not a universal unit with learning
capability. Oh well, one more remote to add to the pile. Street
price is around $45.
http://www.snapstream.com/Products/firefly/default.asp

Huge Capacity CompactFlash Memory Cards Arrive
Feeling the need for a little more storage in your digital
camera? Perhaps these new 8GB CF cards from Sandisk will give
you what you want.  Mind you at $965 they are not exactly cheap.
A more modest 2GB CF card has a street price of around $240.
http://www.tomshardware.com/hardnews/20040930_171542.html

Get Opinions on Everything
This amusing tool uses Google to search the web to discover what
people think about a particular person or topic.
http://www.googlism.com/

Tidy Up Those Cables
Here's a simple idea that will help you organize your computer
cabling. Cable markers are little numbered clips that attach to
either end of your cables. I asked regular contributor Jeff
Partridge to have a look at them and here's what he found:
"These clips are fairly sturdy little things about 5/16” across,
made of white plastic. They’re made to provide a secure marking
system for Cat3, 5, or 6 cables, but I’ve found that any cable
or bundle of wires of the same size works as well. There’s
enough spring in these small plastic clips to provide some
leeway in cable size. The number on each cable marker is
engraved into it and colored by a black paint. I found that with
a tiny bit of effort (necessary to overcome my less-than-
perfectly-organized ways) these markers can save an amazing
amount of time. The longer the cable runs, the more time they
save. I now have a small text file saved with the cable numbers
and routing info of each network cable in my setup. This is a
product that really works!"  $9.95 per bag of 400 which is
enough to label a 96 port wiring closet. Larger sizes are
available.  Order direct from the aaa web site.
http://www.aaa-communications.com/cable_id.htm

A Real Flight of the Imagination
Are you a keen MS Flight Simulator fan? If so, check out some of
these setups. Thanks to subscriber Lex Davidson for the link.
http://www.wideview.it/pictures.htm

Twenty Six Malware Products on Each PC
A few issues ago I mentioned that most PCs I've seen belonging
to average users are infected with Spyware and worse. Well,
security company (are we missing a word here? :)) has just
released some scary statistics from their free on-line spyware
scanning service called Spy Audit. Some 3.2 million scans
uncovered 83.4 million instances of adware and worse. 65 million
were just relatively harmless adware cookies but 17.5 million
were full-on adware and spyware programs. Worse still, there
were 1.3 million instances of keyloggers and Trojans.  That's
more than 1 in 3 PCs infected. Scary stuff.
http://www.webroot.com/services/spyaudit_03.htm  <= Free Scan
http://www.webroot.com/company/pressreleases/20041004-spywarereport/ <= Press release
 

** Bonus Items for Supporters **

How to Improve Your Chances of Getting That Job
Here's a useful crib sheet to help you answer the 25 most
difficult questions that may get thrown at you during a job
interview.  Useful stuff indeed.
http://www.datsi.fi.upm.es/~frosal/docs/25mdq.html

Difference Between Regedit and Regedt32
Still habitually typing regedt32 rather than Regedit? Well, if
you are running Windows XP or Server 2003, you are wasting your
time as the two programs have been merged in those operating
systems and all regedit32 does is run Regedit. In older systems
there are real differences, full details of which can be found
in this MS article:
http://support.microsoft.com/default.aspx?kbid=141377

How to Find the Cheapest Gas
GasBuddy offers an excellent free service that allows you to
find the lowest prices in any USA and Canadian neighborhood. The
site is actually a portal for 170 or so local gas price sites.
Note that the price information is derived from consumers and
GasBuddy staff so it's not 100% complete.
http://www.gasbuddy.com/

How to Speed up Your P2P Downloads
One of the many changes made to your system settings by Windows
XP SP2 is to reduce the maximum number of new internet
connections to 10 per second.  This really impacts the
performance of all P2P clients including BitTorrent. You can get
a free patch from this site that increases the maximum from 10
to 50 per second. Does it make a difference? You bet.
http://www.lvllord.de/
http://www.xn.se/sp2-speed/fix.htm  <=Some usage tips

Adware Gets Past Gizmo
One thing I've learned in this game is that there is always
another trap you can fall into. Last issue I recommended a free
games site www.justfreegames.com. Subscriber Bruce Jackson
promptly wrote in to say that some of their games contain adware
and low-level spyware. Bruce was right so how did I miss it?
Easy.  The adware is Internet Explorer specific and I use
FireFox. If you downloaded any games you'd better run SpyBot
and/or Ad-Aware to clean the nasties out of your system. Yet
another reason for using FireFox, eh?
http://www.safer-networking.org/en/index.html <= SpyBot
http://www.lavasoftusa.com/software/adaware/ <= Ad-Aware
 

5. TIP OF THE WEEK
==================

Disabling Windows Messenger

First, let's clarify what "messenger" we are talking about.
Clarification is necessary because Windows actually has three
"messengers." First there's MSN Messenger and then there's
Windows Messenger and finally there's the Windows Messaging
service.

MSN Messenger is Microsoft's end-user oriented instant messaging
(IM) service.

Windows Messenger is also an IM service but its intended use is
within corporations. It's only available for Windows XP and some
versions of Win2k. Unlike MSN Messenger, Windows Messenger is
quite tightly integrated into key Microsoft products like
Outlook, Exchange and Windows XP itself.

Both share the same icon in Windows. Both make use of the same
.NET contacts and are, in a general sense, interchangeable.
That's the way I'm going to treat them here.

Then there's Windows Messenger Service. Unfortunately, some
folks incorrectly refer to this as "Windows Messenger" which
just adds to the confusion.  In fact, Windows Messenger Service
is not an IM product at all.  It's a network messaging product
that was introduced with Win2K.  Its intended use was to provide
popup information windows in a network environment. For example,
when Tech Support wants to broadcast a message to all users like
"the system is going down in 10 minutes."

Unfortunately, the Windows Messenger Service has been exploited
by spammers who used it to pop up their nasty little ads. For
this reason most folks have got rid of it from their PCs.
Zapping it is easy; just download Steve Gibson's "Shoot the
Messenger" program from here:
http://www.grc.com/stm/shootthemessenger.htm

"OK," you say, "I can understand why I should get rid of Windows
Messenger Service, but why should I get rid of Windows
Messenger?"

Well, if you are one of the many folks who don't use IM or you
use a non-Microsoft IM product, Windows Messenger is an unwanted
annoyance. It's also responsible for those pesky “sign up for a
Microsoft Passport account" messages. Worse still, Windows
Messenger is wasting your CPU cycles. It may also present a
security risk.

Alas, removing it is not easy. First there's no uninstall
option. Simply exiting Messenger doesn't work either as it re-
starts the next time you re-start Windows. Hacking the registry
to stop Windows Messenger starting doesn't work as Outlook and
some other programs just reinstate it.

Microsoft has a KB article that tells you what to do but their
method doesn't seem to work reliably for all machines.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q302089

The approach that seems to work best is to run the following
command from the command window.

RunDll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove

I think you'll find this will do the job. If not, try this web
site. There you'll find two other ways of getting rid of this
stubborn pest.
http://www.druid628.com/techtips/windows/msmsgs/uninstall_msn.htm
 

6. FREEBIE OF THE WEEK
======================

The Best Windows Program Launcher
A while back I received this suggestion from subscriber Graham
Keellings: "Gizmo, I have been looking for months (maybe years)
for a good program launcher, preferably one that doesn't write
to the registry, so that I can run it from a USB flash drive.
Well, I’ve found it and it's called Windows Power Pro. It was
originally shareware but has now reverted to freeware. It's not
only a great program launcher but it also does a myriad of other
things and is incredibly customizable." Graham is quite right;
this is an excellent product and the ideal tool for those who
find their Windows desktop becoming cluttered with program
icons. With Windows Power Pro you can get rid of the lot and
still be able to launch any programs with a single mouse click.
Additional functions include a hotkey and keyboard macro
facility, the capability to easily schedule program execution,
to control window attributes (including the ability to minimize
any program to a tray icon), and even the creation of virtual
desktops.  Quite a box of tricks and therein lies the problem.
Windows Power Pro takes a fair amount of time to learn and
configure. Those prepared to make that initial time investment
will be well rewarded. Freeware, 2.6MB.
http://powerpro.webeddie.com/index.html

** Bonus Freebie for Supporters **

The Best Free Anti-Trojan Scanner (Revised)
Last issue I mentioned that I had at last found a free anti-
Trojan scanner that was worth recommending. Well, when it rains
it pours. I've found another and I'm recommending it as well.
Ewido is a terrific anti-Trojan, maybe even better than a2. It
has an advanced design, a huge and well-maintained signature
database and an excellent interface.  On my tests it was one of
the few products that could reliably detect polymorphic and
process injecting Trojans.  No, it's not as good as TDS-3 or
Trojan Hunter but you get what you pay for. The free version of
Ewido doesn’t have a memory monitor but the on-demand scanner is
so good you'll have no complaints. If you installed a2 as a
result of my recommendation last week, leave it installed and
install Ewido as well and scan your hard drive with both
products. They will happily work together and the two scanners
will give you better detection than either one alone. I've now
tried this two scanner approach on five PCs belonging to friends
and relatives and in each case I've found malware products and
in one case multiple products. Both scanners are free, so go get
them now; you may be surprised what they find on your PC.
http://www.ewido.net/en/  (2.2MB)
http://www.emsisoft.com/en/software/free/ (A2, 2.9MB)
 

Got some top sites and services to suggest? Send them in to
mailto:supporters@techsupportalert.com
 

VISIT THE SUBSCRIBERS-ONLY SECTION OF THE SUPPORT ALERT WEBSITE
================================================================

You'll find all back issues, a downloadable archive of every
issue ever published, plus a growing list of resources
exclusively available to Supporters.
http://www.techsupportalert.com/supporters/private.htm

The area is protected.  Use the security information sent to you
when you first subscribed or in subsequent advisories.

MANAGE YOUR SUBSCRIPTION
=======================

If you no longer wish to receive this newsletter, send me an
email at supporters@techsupportalert.com. Remember to state the
email address at which you are currently subscribed.

To change your delivery email address, go the Supporters' area
of the website. There you can manage your subscription on-
line.http://www.techsupportalert.com/supporters/private.htm

Receiving duplicate issues?  If you are receiving an unwanted
copy of the standard edition of this newsletter, you can cancel
that subscription by going to
http://www.webelists.com/cgi/lyris.pl?enter=support.alert. Enter
your email address. No password is needed. You can then cancel
your free subscription.

Thanks to subscriber A. Belile for proofreading this issue.

You can contact this newsletter by snail mail at:
Support Alert
PO Box 243
Comstock Park, MI  49321-0243
UNITED STATES

Content of this newsletter is (c) Copyright
TechSupportAlert.com, 2004

See you next issue

Gizmo
editor@techsupportalert.com
 

PS Never respond to this newsletter by hitting the “reply”
button on your email client as your message will end up in a
graveyard mail account along with thousands of automated reply
messages. Instead, send all mail to my personal email address
above.