========================
                         Support Alert
                       Supporter's Edition
                    ========================
                    www.techsupportalert.com

                 Your pointer to the very best
                  tech information on the Web

                   Issue 96 - 25th April, 2003

     Support Alert is a 100% subscription-only newsletter.
 

                      <<<<<<<<<>>>>>>>>

Quote of the Week
=================

"The first 90% of the code accounts for the first 90% of the
development time. The remaining 10% of the code accounts for the
other 90% of the development time."

Tom Cargill.
 

<<<<<<<<<>>>>>>>>
 
EDITORIAL

This doesn't sound ethical to me but that's not going to stop
people doing it.

It's a news form of marketing software that's geared to people
using file sharing software like KaZaa.

It works like this:

A software vendor uploads multiple copies of his product to a
file sharing network. He labels the product in such a way that
it looks like a pirate copy of his software.  He describes the
product so that it looks really attractive. He does this because
he actually wants people to download the "pirate" copy.

That's because it's more than a pirate copy. It also includes an
additional module not found in the original product: a trojan
horse.

When an unsuspecting user downloads and installs the software,
it appears to work just fine. However next time they connect to
the Internet, the software secretly connects to the vendor’s web
site and sends the user's name and default email address.

The vendor then sends the user a nasty threatening email letter
saying that they have illegally stolen the software. The letter
threatens that unless a legal copy is purchased immediately,
legal action will follow. The tone is very aggressive, so
aggressive that most people buy the software, whether they
really want it or not.

I know this because I had lunch last week with a software vendor
who claimed this is how he sold the overwhelming bulk of his
products.

Wow! I was shocked. As he told me the details I interjected and
said his technique was totally unethical.

"You are being too precious Gizmo," he said. "These dudes are
pirates and deserve everything they get. They’re happy to rip me
off so why shouldn't I rip them off?"

"But it's not up to you to judge their actions," I said. "If
they’re doing something illegal then you should make use of the
law to pursue them. What you are doing is both misrepresentation
and entrapment, and that's illegal as well. On top of that, you
are stealing their email address without permission and
distributing a trojan horse. Add all that together and I think
you end up with something rather worse than pirating software."

His faced flushed red and I could see he was getting angry.
Abruptly, he leapt up from the table, knocking over my glass of
wine in the process. I thought he was going to punch me.

Thankfully he didn't. Instead he just screamed "Get yourself a
life, you loser," and stormed off from the lunch.

"Get yourself a decent product," I yelled as he departed, "and
you won't need to use underhand marketing tricks."

Quite a lunch.

Quite a marketing technique.
 

Gizmo Richards
mailto:editor@techsupportalert.com
 

PS What's your take on the ethical balance here?  Did the vendor
have a point when he said pirates deserve what they get? Was I
being "too precious?"  Love to hear what you think. Just email
me a short note at the email address above.

PPS When emailing me, please use the above email address. Never
just hit the "reply" button in your email client. If you do,
your message will end up in a special webmail account along with
hundreds of undeliverable copies of this newsletter. I rarely
check this account, so I'll probably never see your message.

IN THIS ISSUE

1. TOP TECH SITES
 - Start-Up Applications Unplugged
 - Memory Types Explained
 - Latest Anti-Virus Software Reviews
 - Surf Anonymously
 - Download Missing DLLs (SE Edition)
 - Free Alternative to Mathematica (SE Edition)
 - Find Things Easier on the Internet (SE Edition)
 - Locate Spammers’ Real Locations (SE Edition)
 
2. UTILITIES
 - Define Your Own Hotkeys
 - Corporate Instant Messaging
 - Another Free Alternative to MS Office
 - Free PC Maintenance Software
 - Brilliant New KaZaa Lite
 - Excellent Free File Manager (SE Edition)
 - Free Utility Improves Wi-Fi Security (SE Edition)
 - Outlook Add-in Gives Email Account Flexibility (SE Edition)
 - Share Bookmarks Between Browsers (SE Edition)

3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
 - STOP PRESS: Three new MS Security Bulletins
 - Flaw in Windows NT/2K/XP Endpoint Mapper (MS03-010)
 - Flaw In Winsock Proxy Service/ISA Firewall Service (MS03-012)
 - Buffer Overrun in Windows Kernel Message Handling (MS03-013)
 - Apple Fixes QuickTime in Quick-time
 - Samba Flaw
 - Flaw in SETI Client
 - Another SendMail Vulnerability
 - Real Problems

4. OTHER USEFUL STUFF
 - Bluetooth LAN Access
 - Flash-it Faster
 - Self Aware Robots
 - Where It's At
 - One Dead Pixel Too Many
 - This Years Best New Gizmo? (SE Edition)
 - Install Your Laptop Drive in Your Desktop PC (SE Edition)
 - View Your Digital Photos on Your TV (SE Edition)
 - How Much is Your Old Cell Phone Worth? (SE Edition)

5. FREEBIE OF THE WEEK
 - Use One Keyboard with Several Computers
 - Free Utility Fixes Broken WinSock Installations (SE Edition)

Items marked "SE Edition" appear only in the special Supporter's
Edition of this newsletter. This edition is reserved exclusively
for those generous individuals who have donated to this site.

             <<<<<<<<<<<<<<<>>>>>>>>>>>>>

1. TOP TECH SITES
=================

Start-Up Applications Unplugged
It's frustrating trying to edit the Windows start-up list
because the filenames themselves tell you little about the
program's function. This free site lists thousands of common
startup files along with full descriptions of what they do plus
links back to the vendor's web site.  Top stuff.
http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

Memory Types Explained
Are you confident you know the difference between DDR400 and
DDR2 memory?  Do you fully understand the impact of memory type
on the real-life performance of today's PCs? If not, check out
this excellent article from Tom's Hardware.
http://www17.tomshardware.com/mainboard/20030401/index.html

Latest Anti-Virus Software Reviews
PC Magazine has just released their best-yet comparative review
of the major personal anti-virus suites. Some of their past
reviews, with emphasis on raw numbers of viruses detected, have
left me cold. This time round, however, they rightly focus on
the effectiveness of detecting current viruses "in-the-wild."
They rate Norton AV 2003 the best, a view shared by myself.
Another less well-known product, NOD32 2.0, got the nod as well
for its detection performance and meager call on system
resources. http://www.pcmag.com/article2/0,4149,989867,00.asp

Surf Anonymously
There are a number of ways to surf anonymously but most
techniques slow down your Internet connection dramatically. If
you only occasionally want to be anonymous, you might like to
use the free service available from this site. At their home
page just type in the URL you want to surf to and away you go.
Naturally, they try to sell you their paid subscription service.
http://www.megaproxy.com/
 

** Bonus Items for Supporters **

Free Alternative to Mathematica
Need to solve a quadratic equation or maybe five equations in
five unknowns?  At this site you'll find free utilities that
will give you answers to these problems and many more.
http://www3.telus.net/thothworks/Mathfxns.html

Download Missing DLLs
Most users have experienced a "missing DLL" error message. This
site provides a free library of DLL files that you can download.
http://www.dll-downloads.com/

Find Things Easier on the Internet
Stuck in a Google rut? Only searching using Google? Then expand
your research scope by checking out the range of interactive
search tools at this site.
http://www.noodletools.com/

Locate Spammers’ Real Locations
These folk provide a free online service where you can type in
an IP or URL (web site address) and get the geographical
location of the server. They also offer a variety of free tools
to allow web sites to customize their web pages according to the
geographical location of site visitors.
http://www.geobytes.com/FreeServices.htm  

Got some top sites to suggest? Send them to
mailto:supporters@techsupportalert.com
 

 2. UTILITIES
=============

Define Your Own Hotkeys
Hotkeycontrol XP is a free utility that allows you to define
your own hotkeys so that a single key press can launch an
application, insert commonly used text, change your volume, or
just about anything else.  Hotkeycontrol works with all versions
of Windows from 98 onwards, though some features will only work
with Win2K or XP. (0.91KB)
http://www.digital-miner.com/hkcontrol.html

Corporate Instant Messaging
PopMessenger is one of the new breed of instant messaging
products designed for internal corporate use. It's brim full of
features such as online chat, offline messaging, broadcasting,
file transfer, real-time message encryption, automatic answers
and configurable sound alerts. Prices start at $11.95 per
station dropping to $8.95 for 50 or more. Site licenses are also
offered. A free trial is available here: (1.26MB)
http://www.leadmind.com/products.html

Another Free Alternative to MS Office
Most folk are aware of StarOffice, the free alternative to MS
Office, but the EasyOffice Suite is also a genuine competitor.
It offers excellent Office file format compatibility and has a
raft of high quality component applications including a word
processor, spreadsheet, database and presentation program. It
even includes modules missing in MS Office such as an accounting
program, bar coding, PDF creation and voice recognition. I tried
it out over a week and came away with the view that many small
offices and schools should seriously consider this product. A
personal-use freeware version is available for download.  You'll
need to pay $39.95-$49.95 for commercial use. (68MB)
http://www.e-press.com/easy_office_premium.html

Free PC Maintenance Software
To keep the registries on my PCs in top running order I use the
Fix-It utilities and Norton Utilities as well.  Both of these
are commercial products so I was delighted when subscriber
Robert McMahon suggested the freeware product; JV16 Power Tools.
This offers a powerful set of registry maintenance tools, too
powerful in fact for inexperienced users. However if you are
technically savvy, go grab this free program now.
http://www.vtoy.fi/jv16/shtml/jv16powertools.shtml

Brilliant New KaZaa Lite
KaZaa Lite 2.1 has just been released. It’s a free, hacked
version of the immensely popular KaZaa file sharing client.  It
comes without the adware, spyware, scumware, banner ads and
popups found in the original. It is also vastly faster in both
searching and downloading, provides easy access to a number of
file sharing forums, plus much more. It’s a product that is in
every way superior to the original. If you are into file
sharing, go get this now. (2.86MB)
http://doa2.host.sk/

 ** Bonus Items for Supporters **

Excellent Free File Manager
Windows Explorer is fine for simple file management activities
but when you have some serious work to do, you need a two pane
file manager. I use EF Commander which is excellent but costs
$25.  Recently I discovered 2X Explorer.  It offers most of the
functionality of EF Commander and is totally free. As a bonus,
its user interface is very similar to Windows Explorer, so most
users will find this tool easy to learn and use.(392KB)
http://netez.com/2xExplorer/intro.html

Free Utility Improves Wi-Fi Security
MS have released an update for Windows XP that implements WPA
(Wireless Protected Access), a new standards-based wireless
security solution developed by the Wi-Fi Alliance. Amongst other
things, the update fixes known cryptographic weaknesses,
implements an improved technique for the automatic distribution
of encryption keys and improves packet security. (932KB)
http://www.microsoft.com/downloads/details.aspx?FamilyId=009D8425-CE2B-47A4-ABEC-274845DC9E91&displaylang=en

Free Outlook Add-in Gives Email Account Flexibility
RealAccount is a freeware plug-in for MS Outlook 2002 that
allows you to designate a default email account and signature
for any Outlook Folder. The program is a late beta but has
proved totally stable on my Windows XP Pro PC. Yet another free
utility that provides functionality that should have been
included in the original product. (338K)
http://www.realpopup.it/realaccount/

Share Bookmarks between Browsers
BookMarkBridge is a free open source utility that allows you to
share and synchronize your bookmarks between several browsers.
I've got 3 browsers installed at the moment: IE 6, Opera 7 and
Netscape 4.7.  BookMarkBridge correctly identified and
synchronized the first two but it couldn't cope with the old
version of Netscape.(2.69MB)
http://bookmarkbridge.sourceforge.net/  

Got some favorite utilities to suggest? Send them to
mailto:supporters@techsupportalert.com
 

3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
=================================================

STOP PRESS: Three new Microsoft Security Bulletins have just
been issued:

(1) Cumulative Patch for Outlook Express (MS03-014)
http://www.microsoft.com/technet/security/bulletin/MS03-014.asp

(2) Cumulative Patch for Internet Explorer (MS03-015)
http://www.microsoft.com/technet/security/bulletin/MS03-015.asp

(3) A revision of MS02-007 relating to a serious buffer
underflow problem in Windows NT and 2000 servers
http://www.microsoft.com/technet/security/bulletin/MS03-007.asp

-----------------------------------------------------

Flaw in Windows NT/2K/XP Endpoint Mapper (MS03-010)
MS has issued an advisory rated "important" that covers a
vulnerability in a part of the Remote Procedure Call protocol
that deals with message exchange over TCP/IP. By using a
malformed message, an attacker could mount a DOS attack.  The
most interesting aspect of this advisory is that patches are
provide for Windows 2000 and XP but not for NT because of "the
architectural limitations of Windows NT 4.0."  Perhaps so, maybe
they just want you to upgrade. More details here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-010.asp

Flaw in Microsoft VM (MS03-011)
This critical level advisory relates to a flaw in all previous
versions of the Windows Virtual Machine (VM) that could allow an
attacker to gain control of a machine using a malicious Java
script. VM, Microsoft’s version of Java, is found on most
Windows computers. Users should apply the patch available from
the Windows Update service or upgrade to the latest version of
VM (5.0.3910) which includes a fix for this vulnerability and
all other known vulnerabilities.
http://www.microsoft.com/technet/security/bulletin/ms03-011.asp

Flaw In Winsock Proxy Service/ISA Firewall Service (MS03-012)
MS issued this "important" rated advisory: "There is a flaw in
the Winsock Proxy service in Microsoft Proxy Server 2.0, and the
Microsoft Firewall service in ISA Server 2000 that would allow
an attacker on the internal network to send a specially crafted
packet that would cause the server to stop responding to
internal and external requests. Receipt of such a packet would
cause CPU utilization on the server to reach 100%, and thus make
the server unresponsive."  More details here:
http://www.microsoft.com/technet/security/bulletin/MS03-012.asp

Buffer Overrun in Windows Kernel Message Handling (MS03-013)
MS also issued this "important" rated advisory: "There is a flaw
in the way the (Windows) kernel passes error messages to a
debugger. Vulnerability results because an attacker could write
a program to exploit this flaw and run code of their choice. An
attacker could exploit this vulnerability to take any action on
the system including deleting data, adding accounts with
administrative access, or reconfiguring the system. For an
attack to be successful, an attacker would need to be able to
logon interactively to the system, either at the console or
through a terminal session." More details here:
http://www.microsoft.com/technet/security/bulletin/MS03-013.asp

Apple Fixes QuickTime in Quick-time
Security firm Idefense has revealed details of a serious buffer
overflow vulnerability in QuickTime 6, that could allow an
attacker to take total control of a PC. Apple has issued
QuickTime 6.1 which fixes the problem. More details here:
http://www.idefense.com/advisory/03.31.03.txt

Samba Flaw
Security firm Digital Defense, Inc. has announced (apparently
prematurely) a buffer overflow vulnerability in all stable
versions of Samba. Samba is a widely used Open Source software
suite used for file sharing between Unix/Linux machines and
Windows and forms a part of most distribution versions including
RedHat, Debian and MandrakeSoft.  Samba has released V2.2.8a, an
update which fixes the flaw.
http://us2.samba.org/samba/samba.html

Flaw in SETI Client
More than 4.4 million people donate spare computing resources to
the search for extra terrestrial intelligence (SETI) by running
their distributed computing client on their PC. If you are in
this category, you should update to the latest version to
overcome a serious buffer overflow vulnerability which could
allow an attacker to take control of your PC.
http://setiathome.berkeley.edu/download.html
 
Another SendMail Vulnerability
CERT has issued an advisory covering a serious buffer overflow
vulnerability that exists in most versions of the popular
SendMail email software package. By using a suitably crafted
message, an attacker could mount a DOS attack on the server or,
in certain circumstances, execute code of choice. A patch is
available for versions 8.9, 8.10, 8.11, and 8.12. Users of
earlier versions should upgrade.
http://www.cert.org/advisories/CA-2003-12.html

Real Problems
RealNetworks has disclosed a flaw in its popular RealOne media
player as well as an older player, Real8. The flaw could allow
an attacker to execute code of choice. Patches are available and
should be applied by all users by using the "update" feature
available within each product.
http://service.real.com/help/faq/security/securityupdate_march2003.html

Apache Server 2.0.45 Released
The Apache people have released an update to the Apache Server
software to fix a vulnerability that could have lead to a Denial
of Service attack. The update includes a number of bug fixes as
well. Click the link below for more details.
http://www.apache.org/dist/httpd/Announcement2.html
 

4. OTHER USEFUL STUFF
=====================

Bluetooth LAN Access
Connecting Bluetooth devices to your LAN has never been easy or
cheap.  However, with the arrival of the Belkin F8T030 Bluetooth
Access Point, things have changed.  As a bonus, you also get a
free print server. LAN Access is provided via 10/100 Ethernet
port but performance is limited to Bluetooth's maximum data
rates of around 800Kbps. The street price for the F8T030 is
around $110.
http://www.file.cc/Belkin_F8T030_Bluetooth_Access_Point_B00008I9IR.html
 
Flash-it Faster
USB Flash drives are the rage at the moment but you should be
cautious about buying a USB 1.1 unit now that USB 2 ports are
becoming standard on modern PCs.  The USB 2 flash drives have a
practical data transfer rate of around 8Mbs - about 10 times
faster than USB 1.2 - and are backward compatible with older PCs
using USB 1.1 ports. The Kanguru MicroDrive 2.0 256 MB is
typical of good modern units and has a street price of around
$120. A 1GB version will set you back around $700.
http://www.ecost.com/ecost/shop/detail.asp?DPNo=114842

Self Aware Robots
Information scientists are developing a new type of control
software that understands its own inner workings. "Self aware"
robots, if you like. The idea is that such robots could deal
with novel situations that they were never initially programmed
to handle. Sounds smarter than a lot of vendor tech support
staff I've dealt with lately ;>)
http://www.technologyreview.com/articles/roush1202.asp

Where It's At
Find out what's hot and what's not at the ever-fascinating
Google Zeitgeist Page.
http://www.google.com/press/zeitgeist.html

One Dead Pixel Too Many
Most LCD screens have some dead pixels the day you buy them but
how many is too many? This survey of 33 manufacturers by Tom's
Hardware gives you a guide for when you should complain.
http://www6.tomshardware.com/display/20030319/index.html

** Bonus Items for Supporters **

This Years Best New Gizmo?
Wow, this is way cool; a USB flash pen drive that is also an MP3
player, voice recorder and FM radio. It even has a tiny screen
that displays ID3 tags! The only minus is that it is USB 1.1 not
the faster USB 2.0. About $150 for a 128MB unit or $200 for
256MB of storage.
http://www.mp3playerstore.com/buy_it_now__/ibead.htm

Install Your Laptop Drive in Your Desktop PC
The tiny 2.5" and 3.5" drives that are found in most laptops
have very different data and power connectors than desktop PCs.
These special adaptors allow you to easily shoehorn your old
laptop drive into your desktop box. About $13.50.
http://cyberguys.com/cgi-bin/sgin0101.exe?UID=2003040615290117&GEN6=00&GEN9=5CG01&HKW=5CG01&T1=161+0405&UREQA=1&UREQB=2&UREQC=3&UREQD=4

View Your Digital Photos on Your TV
Here's a neat idea: the SanDisk Digital Photo Viewer allows you
to view digital photos on a normal TV. It accepts CompactFlash,
SmartMedia, MultiMediaCard, SD and MemoryStick formats and comes
with a remote control that allows you to delete, rotate and zoom
in on images. With a street price of around $50, it's good
value.
http://www.sandisk.com/consumer/dpv.asp

How Much is Your Old Cell Phone Worth?
Probably nothing, but at this site you can enter the make and
model and find out. My two year old Nokia was worth about the
same as 4 cups of cappuccino.
http://www.cellforcash.com/main/index.asp
 

5. FREEBIE OF THE WEEK
======================

Use One Keyboard with Several Computers
Normally you need a hardware switch to achieve this but Synergy
is a free open source package that lets you do it with software.
As a bonus, you can also switch between computers with different
operating systems. Switching is achieved by simply moving your
mouse off the edge of your screen. You can even cut and paste
between machines. Neat eh?  (543KB for Windows version)
http://synergy2.sourceforge.net/

** Bonus Freebie for Supporters **

Free Utility Fixes Broken WinSock Installations
If you've ever had a piece of software break your Winsock setup,
you'll know just what a pain it is to repair it. LSP-Fix is a
free Winsock repair utility that does the job semi-automatically.
http://www.cexx.org/lspfix.htm

Got some top sites and services to suggest? Send them in
to mailto:supporters@techsupportalert.com
 

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

Visit the Subscriber's only section of the Support Alert website
================================================================

You'll find all back issues plus a growing list of resources
exclusively available to Supporters.

The area is password protected.  Use the username and password
mailed to you when you first donated.

http://www.techsupportalert.com/supporters/private.htm
 

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

MANAGE YOUR SUBSCRIPTION
=======================

This edition of Support Alert is only available to those
generous souls who have made a donation to keep the newsletter
ad-free. For donation details click on the following link:
http://www.techsupportalert.com/benefits2.htm
 
To subscribe to the standard edition of the newsletter, send a
totally blank email to supportalert-subscribe@webelists.com.

To unsubscribe from this newsletter, send me an email at
supporters@techsupportalert.com. Remember to state the email
address at which you are currently subscribed.

To change your delivery email address, send me an email at
supporters@techsupportalert.com. Remember to state the email
address at which you are currently subscribed and the new
address where you wish to subscribe.
 

This edition of Support Alert was proofread by subscriber A.
Belile who kindly donated her services. My hearty thanks.

(c) Copyright TechSupportAlert.com 2003