Support Alert
                       Supporters' Edition

                 "Gizmo's top picks of the best
                  Tech resources and utilities"

                 Issue 120 - 20th April, 2005

    Support Alert is a registered online serial publication
                         ISSN 1448-7020.


0.   EDITORIAL: Are free security products good enough? Part 2.

1.1  Google Gmail Accounts for All
1.2  Yahoo Mail Offers 1GB Storage for Free
1.3  More Secure Cookie Management for Internet Explorer
1.4  The Best Internet Network Information Site
1.5  Top Freeware for Pocket PCs
1.6  Free Driver Sites (SE Edition)
1.7  Using Gmail for Storing Large Files Online (SE Edition)
1.8  No Need to Hang Around While Windows Installs (SE Edition)
1.9  Reduce the Noise from your PC (SE Edition)
1.10 Free Reminder Service (SE Edition)
2.1  Best Free Startup and Process Viewer
2.2  Get This Top Program Launcher While It's Free
2.3  How to Remind Yourself to Include Attachments
2.4  Free Sound File Format Converter
2.5  Free IBM Spam Filter Spams Spammers
2.6  An Essential ZoneAlarm Accessory (SE Edition)
2.7  An Easy way to Learn to Use Regular Expressions (SE Edition)
2.8  How to Scan Without Using a Scanner (SE Edition)
2.9  How to Restore Computers to a Standard Configuration (SE)

3.1  Microsoft Security News
3.2  New Microsoft Jet Vulnerability
3.3  Serious Flaw in OpenOffice
3.4  Maxthon Browser Vulnerability
3.5  New Version of Firefox and Mozilla Fixes Security Flaws
3.6  New Rootkit Detector from Microsoft

4.1  The Fastest Flash Drive
4.2  FireFox Extension Stores Web Pages
4.3  How to Display Full Email Headers
4.4  Ten Things That Don't Make Sense
4.5  The Proxomitron Explained (SE Edition)
4.6  FireFox Extension Lets Users Alter Web Pages (SE Edition)
4.7  The Top Ten BitTorrent Sites (SE Edition)
4.8  How to Buy Digital Media without DRM (SE Edition)
5.1  How to Back up Mozilla FireFox and Thunderbird

6.1  Remove Web Ads, Popups, Cookies and Enhance Your Privacy
6.2  A Better Un-installer for Windows



Last month I discussed free security products and addressed the
question of whether they are good enough to adequately protect
your computer.

I concluded that the best free security programs are very good
indeed but for the most part, not quite as good as the best
commercial security programs.

However, I qualified this statement with the observation that no
security product, even the best, provides perfect protection.
Perfect malware protection is a fantasy. It does not exist.

The most important point in last month's editorial was the
observation that users of free security products can greatly
improve their detection rates by combining several free products
to provide layered detection.

Using the free AVG anti-virus scanner as an example, I showed
that by adding another layer in the form of the free Ewido anti-
trojan scanner, users could get aggregate protection that was as
good as or better than using the class-leading NOD32 anti-virus

This was not idle speculation but was based on actual detection
rates using a test set of infected files downloaded from the
KaZaa P2P network.

On this test set NOD32 managed a detection rate of around 86% of
malware products while AVG detected around 84%. The combination
of AVG and Ewido detected around 90%.

This last month I've supplemented these results by looking at
the effect of adding another layer of protection in the form of
a spyware scanner.

I used three popular products to check my test set of infected
files. First, the free products SpyBot Search and Destroy V1.4b2
and Microsoft's Antispyware b1, and then the commercial product
Ad-Aware SE Pro V1.05.

When I simply scanned the infected files, none of the three
products detected a single malware file; they all missed the lot.

This is not surprising. Anti-spyware products have very poor
performance when used to scan files. That's because the real
strength of these products is in detecting already installed
spyware programs or programs that are trying to install

This means that's there's not much point using an anti-spyware
program to scan a file that you are yet to install.  It's
unlikely it will find anything.

That's why many anti-spyware products have the file scanning
option hidden or buried deeply within the product.

When I executed rather than scanned the malware infected files
in my test set, the spyware scanners performed much better. Here
are the number of malware files each product detected:

MS Antispyware  32
Ad-Aware        28
SpyBot          25

These results are consistent with recent findings by other
researchers and reinforce my belief that the free MS product is
currently the class leader while SpyBot's performance has
slipped markedly in recent months.
Now the really interesting part: the overall effect of adding
this additional layer of protection.

With a three layer system using AVG anti-virus, Ewido anti-
trojan and Microsoft Antispyware, the overall detection rate
jumped to 95%.

That's pretty impressive by any standard. When you consider that
all these products are free, it's an outstanding result.

Letís briefly recap:

A one layer protective system using the $39 NOD32 anti-spyware
system detected 84% of malware products in the test set of
infected files.

A one layer system using the free AVG anti-virus scanner
detected 82%.

A two layer system using the free AVG anti-virus scanner and the
free Ewido anti-trojan scanner detected 90%.

A three layer system the free AVG anti-virus scanner, the free
Ewido anti-trojan scanner and the free Microsoft Antispyware
scanner detected 95%.

This is really encouraging news for users of free security
software. One question remains unanswered, however: what
detection rates can be achieved by using a three layer system
using the best commercial software?

For the answer to that question, folks, you will have to wait
until next month's issue.



1.1  Google Gmail Accounts for All
Google is currently offering Gmail accounts at random from its
home page To get an account, keep on pressing
"refresh" until the offer comes up. Alternatively simply go to
this link:

1.2  Yahoo Mail Offers 1GB Storage for Free
Coinciding with the imminent release of Google's GMail service,
rival Yahoo has announced that it will upgrade its online mail
storage allowance for free accounts from 250MB to 1GB. I've
always thought Yahoo Mail to be one of the best free mail
services and this latest change reinforces that conviction.

1.3  More Secure Cookie Management for Internet Explorer
If you configure IE to not accept any cookies, you'll find quite
a few web sites won't work correctly. I was over at the JAP
security site the other day and noticed this downloadable IE6
cookie configuration file that allows you accept cookies for a
single web session and then dispose of them when the session
ends. It's a neat solution.

1.4  The Best Internet Network Information Site
It's been a while since I last visited the DNS Tools site and in
the interim it has added a whole batch of new online inquiry
tools to its already excellent collection of free services.
There are too many tools to describe but if you need to know
anything about a web site, URL, email address or web routing
then this is the place to go.

1.5  Top Freeware for Pocket PCs
The folks over at the KVPUG forums have got an interesting
thread going on this topic.

** Additional Items in the SE Edition **

1.6  Free Driver Sites
I'm always getting asked where the best place to find device
drivers is. Unfortunately one of the best sites,, charges a $29.95 subscription fee but there
are some pretty good free alternatives. Here are three of them:

1.7  Using Gmail for Storing Large Files Online
A couple of issues back I mentioned GMail drive, a shell
extension for Windows Explorer that allows you to treat your
1000MB GMail web allocation as another drive on your system.
Local files can then be "copied" to/from the new drive. It's
very nicely implemented but is limited to files smaller than
10MB, the maximum email size allowed by Goggle. Another program,
gDrive, has been released that overcomes this file size
limitation. It's a free PHP script that you can use on your own
server or from the demo version on the developer's site. It's
primitive compared to the GMail drive shell extension but may be
just the thing if you need to store large files.

1.8  No Need to Hang Around While Windows Installs
There are several different approaches you can take to automate
Windows XP installation so that no manual intervention is
required. I rather like the approach outlined at the Microsoft
Forum Network that allows you to automate application
installation as well as the OS.

1.9  Reduce the Noise from your PC
If the noise from your PC is starting to drive you insane then
check out this useful guide. It outlines the various options to
reduce noise and provides some useful links to products that
will help.

1.10  Free Reminder Service
Subscriber Sam Moore has come up with a really neat solution to
the problem of sending yourself reminders. After trying a number
of options he's settled on using a phone/web service called K7.
Sam writes "It's free and easy to set up. They assigned me a
phone number which I can call and leave a voicemail.
Immediately (and I do mean immediately!), the voicemail is sent
to my email account as a .wav file.  It's that simple.  Here's
the catch: the phone numbers they assign for the free service
use Seattle, Washington's area code.  Now this is no problem for
me for I only use it with my mobile phone and have nationwide
calling."  Nice find Sam, that you can also use the same number
for receiving faxes. These are then forwarded to your email
account along with your voice messages. K7 also offers a toll
free number but you have to pay for that service.

Got some top sites to suggest? Send them to


2.1  Best Free Startup and Process Viewer
In the "46 Best-ever Freeware" listing I have two entries in the
best startup manager category: Mike Lin's Startup Control Panel
and Nir Sofer's StartupRun. Subscriber Nikita Kobrin wrote in to
suggest a third option called Starter. It's a fine suggestion;
it combines many of the strengths of the other products and
additionally includes a first rate process viewer. As a bonus,
it can be run directly from the executable without installation
which makes it a handy item to have on your toolkit CD or flash
drive. This is a real find, thanks Nikita. Freeware, All Windows
versions, 466KB.

2.2  Get This Top Program Launcher While It's Free
A couple of issues back I mentioned H-Menu the excellent free
launch bar come desktop organizer by Hans de Vries. I visited
the site recently and it states that from the 22nd of April
development will be suspended. My guess is that the product may
be going to morph into shareware so go grab the free version
while you can. It's a great product providing one of the very
best solutions to desktop clutter. Freeware, Win9X and later,

2.3  How to Remind Yourself to Include Attachments
Forgetting to append an attachment to an email is a common
problem. There are a couple of commercial products [1,2] for
Outlook that will remind you. They work by looking for words
like "attached" or "enclosed" in the email body and then warning
you if nothing is attached. However it's quite possible to use a
VB macro to do the same job for free. Here are two [3, 4] free
downloadable macros for Outlook that work nicely but you'll need
to be quite computer savvy to sort it all out.
[1] $14.95,
[2] $5.00

2.4  Free Sound File Format Converter
Thanks to modest subscriber "willemien" for suggesting this free
utility that will convert from wav, mp3, ogg, flac, aac, wma,
au, aiff, ogg, msv, dvf, vox, atrac, gsm, dss and other formats
into mp3 or wav. There's a paid version as well that handles
even more formats but the free version should meet the needs of
most users. Check out the other sound utilities at the site, all
of which work together to form a most impressive sound
processing suite.  Freeware, all Windows versions, 312KB.

2.5  Free IBM Spam Filter Spams Spammers
IBM has released FairUSE, a free server-side spam filter for
mail administrators that works by verifying user identity rather
than evaluating content. Equally interesting is the fact that
for each possible spam email detected, it sends a challenge
email to the originating computer rather than (usually faked)
email origin address. The idea is simple and sweet: filter the
majority of spam and at the same time grind the spammers'
computers into the ground.  According to the IBM website,
FairUSE "tries to find a relationship between the envelope
sender's domain and the IP address of the client delivering the
mail, using a series of cached DNS look-ups. For the vast
majority of legitimate mail, from AOL to mailing lists to vanity
domains, this is a snap. If such a relationship cannot be found,
FairUSE attempts to find one by sending a user-customizable
challenge/response. This alone catches 80% of UCE and very
rarely challenges legitimate mail. A future version will
incorporate Sender Policy Framework (SPF) or similar sender
identification systems." (404KB) 

** Additional Items in the SE Edition **

2.6  An Essential ZoneAlarm Accessory
VisualZone is a free utility that analyzes log files from the
ZoneAlarm firewall and lists attempted intrusions. You can do
this yourself from within ZoneAlarm but VisualZone's clear
presentation makes it easier to identify possible attacks and
provides more information to help in analysis.  In particular,
it has the ability to back trace any attempted intrusion to
reveal details of the attacking site plus a few other nice
features such as email notification of specific intrusion
attempts. It works with both the free and pro versions of
ZoneAlarm. Most technically oriented ZoneAlarm users should have
this product. Freeware, Windows 98 and later, 2.6MB.

2.7  An Easy way to Learn to Use Regular Expressions
The term "Regular Expression" refers to a special language used
to find patterns in text. Finding patterns in text is something
computer users do all the time. For example, listing all the
.txt files in a folder or finding every time a word or phrase
occurs in a word processing document. Once you know how to use
regular expressions, you can find very complex patterns very
easily. That's why most good search and replace utilities
support regular expressions, as do the better text editors. To
help you learn this important skill, I've located the clearest
tutorial on the web along with Regex Coach, a free utility that
allows you to practice your skills. It's not all that difficult
folks; in one hour you will have learned enough to transform
your text manipulation skills forever. If you want some real
life practice, download the trial version of EditPad Pro text
editor. Its search and replace fully supports regular
expressions. I suggest you hide your credit card first, though.
EditPad Pro is such a brilliant text editor you are going to be
mighty tempted to buy it once the 30 day trial expires.  (2.28MB) (1.8MB)

2.8  How to Scan Without Using a Scanner
Subscriber Louise Johnson recently asked if there was any easy
way to convert multi-page Word documents to GIF files without
having to scan the documents.  She needed this because her
company wanted to distribute documents in a format that could
not be easily altered and was also platform independent. I put
forward a number of suggestions but she finally opted for
"Universal Document Converter," a virtual printer utility that
can convert Adobe PDF, Microsoft Word documents, PowerPoint
presentations, AutoCAD and Visio drawings into JPEG, TIFF, GIF,
PNG or BMP images with resolutions of up to 1200 DPI.
Shareware, $45.00, 3.2MB.

2.9  How to Restore Computers to a Standard Configuration
Reader Keith Welton writes, "Your recent editorial about
ShadowSurfer sounds similar to a program that we deploy in the
school district that I work in.  We use a program called Deep
Freeze.  As an IT department it allows us to configure a PC
exactly how we want it, then we "Freeze" it.  Any user can do
whatever they want to the machine, load software, open viruses,
etc., but as soon as you the reboot the pc it returns exactly to
the way we initially configured it.  This program is especially
great for Win 98 machines - we have hundreds! I'm not sure if
this will be helpful for anyone else, but it works for us.  As
always, keep up the good work!  Your newsletter is the
greatest!"  Thanks for that Keith. The way I read it, Deep
Freeze sounds more like restoring from a drive image than
ShadowSurfer but it looks like a great tool for tech support.
Pricing starts from $29.95 per PC but drops substantially for
volume purchases.

Got some favorite utilities to suggest? Send them to


3.1  Microsoft Security News
In March MS didn't issue any security patches. However, they
sure made up for this in April with the release of eight new
Security Bulletins, five of which were rated as "Critical."
Full details can be found here:

If you have the automated Windows Updates feature turned on then
it's likely that these patches will already have been installed
on your PC. If not, or you are unsure whether your PC is
updated, visit the Windows Update at

3.2  New Microsoft Jet Vulnerability
Security firm HexView has released details of yet another flaw
in Microsoft's trouble-prone Jet Database Engine. The flaw could
allow a system to be compromised simply by opening a specially
crafted .mdb file.  No patch or workaround is currently
available.  Exploitation code is already circulating on the
internet so all users are advised to avoid opening any .mbd file
whose integrity can not be verified.

3.3  Serious Flaw in OpenOffice
A flaw has been reported in OpenOffice by AD-LAB which could
allow a system to be compromised simply by opening a suitably
crafted .doc file.  A patch is currently available and a full
updated version of OpenOffice that corrects the flaw is expected

3.4  Maxthon Browser Vulnerability
Security firm Secunia is carrying details of a serious flaw in
the Maxthon Browser. According to Secunia, "the vulnerability is
caused due to a design error where the security ID of a plug-in
is not properly protected from being included and accessed on an
external website via the script tag. This can e.g. be exploited
to read and write arbitrary files via the "readFile()" and
"writeFile()" API functions via directory traversal attacks.
The vulnerability has been reported in version 1.2.0 and 1.2.1.
Prior versions may also be affected." All users should update to
the version 1.2.2.

3.5  New Version of Firefox and Mozilla Fixes Security Flaws
The Mozilla organization has released Firefox 1.0.3 and Mozilla
1.7.7 that fix a known flaw in the product's JavaScript Engine.
The new versions are purely security related and contain no
product enhancements or operational fixes. Nevertheless, all
users of these products should update immediately.

3.6  New Rootkit Detector from Microsoft
Last month I mentioned Blacklight [1], the new rootkit detection
utility being distributed for free by security company F-Secure.
The release of that product sparked a war between the hacker
community and F-Secure with sustained denial of service attacks
on the F-Secure site.  Now Microsoft [2] has entered the fray by
including rootkit trojan detection capabilities in their
Malicious Software Removal Tool. The MS move highlights the high
level of danger presented by rootkit trojans.


4.1  The Fastest Flash Drive
As the capacity of thumb drives has increased so too has the
time taken to transfer information. Drives differ enormously in
speed from a few hundred kilobits per second to more than 10
Mbps. The Pocket Rocket from Memina at 18MBPS is among the
fastest, though this speed comes at some cost penalty compared
to slower drives. Capacities range from 512MB to 4GB with
corresponding prices of $79 to $469

4.2  FireFox Extension Stores Web Pages
This free extension will save to your hard drive all the web
pages you visit using FireFox. This allows you to use your
desktop search program to search the pages and access them
offline. I've been using this for a while now and it's proved
very useful for storing a whole lot of material for later
offline research.

4.3  How to Display Full Email Headers
Most email clients will display no email headers or only partial
headers. Sometimes it's useful to see the full headers - for
example, when you want to trace the path taken by an email in
reaching you. Another example is when you want to discover the
subscription email address you used for mass mailed publications
like Support Alert.  Almost all email clients have an option to
allow you see the full headers but it's often buried. At this
site [1] they show how to locate this information in different
email programs. The list of clients is extensive but a bit out
of date. The University of Alberta site [2] is more current but
features fewer clients. It also has a very clear explanation of
how to interpret the header information. It's definitely worth
spending a few minutes learning how this stuff actually works as
you'll find it surprisingly useful.

4.4  Ten Things That Don't Make Sense
A fascinating compilation from the highly reputable New
Scientist magazine of phenomena still awaiting explanation. It
covers items as diverse as Homeopathy and Tetraneutrons.

** Bonus Items for Supporters **

4.5  The Proxomitron Explained
Scott R. Lemmon's "The Proxomitron" is one of the most powerful
web filters ever built. It's a free tool that can remove from
any web page ads, popups, flashing text, scrolling status bars
and just about everything else you could ever want. However,
it's not all that simple to configure. Finally someone has put
together a knowledge base that ties together a whole range of
information that was formerly scattered across many sites.  It's
an excellent resource for existing users and a definite first
stop for aspiring users. Tragically, Scott died before seeing
his work achieve its current cult status.

4.6  FireFox Extension Lets Users Alter Web Pages
Here's a free product that provides a lot of the functionality
of The Proxomitron in a simpler package. GreaseMonkey [1] is a
controversial FireFox extension that allows users to change the
way web pages are presented locally in your FireFox browser. It
can be used for basic actions like ad and content filtering as
well as sophisticated applications like changing a web page's
Amazon affiliate links to your own or removing the registration
requirement for New York Times articles. The range of scripts
available [2] is amazing.

4.7  The Top Ten BitTorrent Sites
This personal compilation contains some useful links.

4.8  How to Buy Digital Media without DRM
Engadget [1] created a small storm when it published details of
a new program by the infamous Jon Johansen (aka DVD Jon) that
allows users to purchase tracks from Apple's iTunes online music
store that are not limited by DRM. Apple promptly fixed the
problem by issuing a new version of iTunes while Johansen
responded with a new work-around. It all seems much ado about
nothing compared to the controversial Russian All-of-MP3 site
[2] which offers users DRM free music for a few cents per song.


5.1  How to Back up Mozilla FireFox and Thunderbird

FireFox users need to regularly back up to guard against the
possibility that their profile gets corrupted or wiped after
installing a new extension or a new version of FireFox.

If you use Thunderbird then it's even more important that you
backup to ensure you don't accidentally lose your email
correspondence and account settings.

There are two ways to backup: use a backup utility or do it
yourself manually.

Backup Utilities

MozBackup is a free utility written by Pavel Cvrcek that will
automatically backup Firefox and Thunderbird as well as Netscape
and the full Mozilla suite. It works like a charm - the whole
process is driven by a Wizard so easy to use that even raw
beginners will be able to set up automatic backups. It also
offers encryption of the backup files and a complete push-button
restore option.

There are a couple of issues with MozBackup. First, it is no
longer being supported by the developer. Second, it only backs
up the essential information rather than all the information in
your Mozilla profile. That said, it's still the best option for
most users. You can get MozBackup here:

There are also a couple of commercial utilities that will backup
FireFox and Thunderbird. I've not used them but you can find
details at

Manual Backup

Backing up FireFox and Thunderbird manually is as simple as
copying their respective profile folders to another location. If
you do that, youíll have a full backup with all your setting and
personal data saved.

The hard part is finding the profile folders. First up, they are
not located where you would expect to find them. Secondly, they
are located in different places for different versions of
Windows. Thirdly, they may be assigned random file names that
make them difficult to recognize.

On Windows 2000/XP machines the locations for your FireFox and
Thunderbird profiles are respectively:

C:\Documents and Settings\<Windows login/user name>\Application Data\Mozilla\Firefox\Profiles\<Profile name>\
C:\Documents and Settings\<Windows login/user name>\Application Data\Thunderbird\Profiles\<Profile name>\

On Windows 9x/Me PCs they can usually be found at:

C:\Windows\Application Data\Mozilla\Firefox\Profiles\<Profile name>\
C:\Windows\Application Data\Thunderbird\Profiles\<Profile name>\

If you can't locate your profiles then check out this document
for more information:

On my XP laptop the profiles are:

C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\default.ebq
C:\Documents and Settings\Ian\Application Data\Thunderbird\Profiles\25ve0lz5.default

To back these up I copy the profiles to an external USB drive.
It's as simple as that. I do it manually but you could also use
Windows Scheduler or a backup manager to do the job
automatically.  Make sure, though, that FireFox and Thunderbird
are not running before you backup.

6.1  Remove Web Ads, Popups, Cookies and Enhance Your Privacy
My favorite tool for filtering web content has long been "The
Proxomitron" but I'm well aware that it's way too complex for
most users to set up.  A lot simpler is the free Open Source
utility Privoxy. It's basically an enhanced version of the well
known JunkBuster utility and filters content in the same way as
JunkBuster by setting up a proxy server that sits between your
browser and the web. In addition to filtering ads, it can also
enhance your privacy and security by blocking cookies and
masking referrer and other browser information. Once installed
all that's involved is configuring your browser's proxy
settings, a 30 second job. Most users can simply use the default
settings and they'll be rewarded with some excellent and
intelligent filtering. Advanced users will find a lot to play
with. FireFox users won't find much at all as FireFox already
has excellent filtering via the free AdBlock extension.
Freeware, all Windows versions, 1.27MB. <= The Proxomitron <=  Proxomitron help

** Bonus Freebie for Supporters **

6.2  A Better Un-installer for Windows
The Windows Add/Remove Programs applet in the control panel
constantly annoys me with its limitations. I've been looking
around for some time for a replacement that provides more
information about installed programs and more functionality.
Well I've hit the jackpot. MyUninstaller is a free program that
works just like the Windows Add or Remove Programs applet but is
a much more capable product than the Windows version. It gives
you much more information about each installed program including
product name, company, version, uninstall string, installation
folder and Windows Registry details. It also allows you to
delete orphaned and obsolete entries from the list as well as
the ability to save a list of all installed applications into a
text file or HTML.  As no installation is required, it can be
run from a CD or USB drive which makes it an excellent addition
to your diagnostic toolkit. Once you've used this program,
you'll never use the Windows un-installer again. Freeware, 40KB

Got some top sites and services to suggest? Send them in to


The best way to manage your SE Edition subscription is from the
Supporters' section of the Support Alert website.

There you'll also find all individual back issues, a
downloadable back issue archive, plus a growing list of
resources exclusively available to Supporters.

The Supporters' area is protected.  To log-in, use the security
information sent to you when you first subscribed or in
subsequent update messages.

If you no longer wish to receive this newsletter, send me an
email at Remember to state the
email address at which you are currently subscribed.

To change your delivery email address, go the Supporters' area
of the website. There you can manage your subscription on-line.

Receiving duplicate issues?  If you are receiving an unwanted
copy of the free edition of this newsletter, you can cancel
that subscription by going to:
Enter your email address. No password is needed. You can then
cancel your free subscription.

Note that the free and paid editions are totally different
publications so you can unsubscribe to the free edition without
any chance of impacting your paid subscription.

You can renew your subscription to this premium SE Edition here:

Thanks to subscriber A. Belile for proofreading this issue.

You can contact this newsletter by snail mail at:
Support Alert
PO Box 243
Comstock Park, MI  49321-0243

Content of this newsletter is (c) Copyright, 2005

See you next issue.