archive

Elephant Boy Computers Reports - Archives

Current EBC Reports are here.

2002 2003 2004 2005 2006

2002

08-27-02 - Windows security issues; Windows Update
09-04-02 - Virus reminder; Windows XP Service Pack 1; browser trick
09-09-02 - Windows XP security flaw
09-23-02 - Viruses and hoaxes
10-03-02 - Security reminder; virus news; useful newsletters
10-16-02 - Internet Explorer security flaw; Windows XP security flaw; alternate browsers
10-19-02 - Browser pop-up ads; how to use Ad-aware; killing pop-ups
10-20-02 - Bogus Ad-aware information
10-25-02 - Windows (and other) Updates; beware of e-greeting cards; make your own TeleZapper
11-07-02 - New worm; alternate email clients
12-09-02 - Making address labels; newsgroups
12-14-02 - New Windows vulnerabilities
12-22-02 - Windows XP security flaw; OE 6 & attachments; support lifecycle; web amusements

Back to top
Home

2003

01-02-03 - Ad-aware information; update reminder
01-16-03 - Nasty Lirva worm
01-20-03 - APC product recall; computer cleanliness
02-12-03 - Reminder, Ad-aware 6.0, backup, spam
02-23-03 - Update on Ad-aware; patches and upgrades; Bulwer-Lytton Contest
03-18-03 - Domain Names & websites; virus and vulnerability warning
03-30-03 - Online music sites; spam
04-21-03 - Update reminder, backing up, Messenger spam
05-19-03 - Email warning; kid safety on the Internet
05-22-03 - Quick virus warning; file extensions
07-09-03 - Update reminder, scam warning, telemarketers
08-12-03 - Windows DCOM RPC Interface Buffer Overrun Vulnerability
08-27-03 - Postmaster bounces for email you didn't send
09-10-03 - More Microsoft vulnerabilities; what's a person to do?
10-06-03 - New cumulative Internet Explorer patch; why MS os's are vulnerable
10-16-03 - Microsoft security patches; iTunes for Windows; Google
10-30-03 - Updated Microsoft security patches; html in email
11-18-03 - Phishing and virus alert; Windows Update reminder
12-12-03 - Phishing continued; shopping spots

2004

01-13-04 - Windows 98 life extended; Trojan.Xombe
01-28-04 - W32/Mydoom
02-02-04 - Microsoft February updates; foil phishers
02-26-04 - Warning about Win Antivirus 2004
03-23-04 - Witty worm, Phatbot worm
05-01-04 - W32.Sasser, W32.Gaobot, legal music downloads article
05-07-04 - Sasser update
05-14-04 - Symantec vulnerabilities; May updates
05-29-04 - Passwords, end run around spyware
06-26-04 - New vulnerability in IE; HP recalls notebook memory
08-01-04 - Patch for Download.Ject vulnerability
08-07-04 - Windows XP Service Pack 2
09-14-04 - Windows XP Service Pack 2 - further information
09-19-04 - Arrrr, Matey! and general updating
09-25-04 - Updates for JPEG vulnerability
10-31-04 - Betrayalware; malware removal

2005

01-01-05 - Happy New Year; Security comments
01-16-05 - Security updates support; antivirus programs support; MS AntiSpyware Tool
01-24-05 - NT 4.0 Server End of Life; Service Pack level; Recovery cd's
02-10-05 - Microsoft Patches; browser vulnerabilities; Symantec vulnerabilities
02-27-05 - Program updates; email scam; beta software; XP's System Restore
03-20-05 - LimeWire vulnerability; Anti-Phishing consortium; MSN Messenger worm; Darwin Awards
04-28-05 - Firefox vulnerabilities; April Windows Updates; transferring data from old computer to new one
05-02-05 - Instant Messaging viruses
05-14-05 - Firefox and iTunes vulnerabilities; how you got the spyware
06-02-05 - MTOB worm; new Spybot and Ad-aware; SpywareInfo article
07-10-05 - MS and Claria; London Bombing Trojan; IE vulnerability; more on getting malware
07-13-05 - New version of Firefox; Microsoft-Claria deal is dead; Patch Tuesday; Apple updates to Tiger
08-12-05 - Serious identity theft ring; Patch Tuesday, Bulwer-Lytton awards
09-11-05 - No Microsoft Windows security updates this month; vulnerability in Firefox/Mozilla; sleazy spyware; Talk Like A Pirate Day
09-20-05 - Malware that spoofs Google; Opera browser is now free; Microsoft Shared Computer Tookit; buying a new computer
10-12-05 - Patch Tuesday; fake Google Toolbar; recovery Windows
11-02-05 - Computer disaster planning
11-30-05 - New Firefox; IRS phish; Sober worm; Sony DRM mess
12-02-05 - Critical Internet Explorer vulnerability
12-08-05 - Evil screensavers; email management

Back to top
Home

2006

01-02-06 - Windows MetaFile (WMF) vulnerability - severe
01-26-06 - New Thunderbird; End of Life for Win98/ME; Stopbadware.org
01-30-06 - Winamp vulnerability; Kama Sutra/Blackworm
02-01-06 - Online music sites; Safer surfing with SiteAdvisor
03-27-06 - IE vulnerabilities; Smitfraud variants; Starforce DRM issues; free stuff from Microsoft
04-28-06 - Update about the Windows Update KB908531; Common computer mistakes made by small business owners
05-27-06 - Vulnerabilitiy in Symantec AV; vulnerability in MS Word; privacy breach at Veterans Affairs; Java update; Yahoo IM worm
06-13-06 - Yahoo webmail vulnerability; Windows Vista beta; passwords and other important things
06-15-06 - Microsoft End of Life information; Patch Tuesday
07-12-06 - Patch Tuesday; Image Shack warning; Microsoft End of Support reminder; computers and heat
08-09-06 - Google antiphishing; Patch Tuesday; RIAA tactics
09-16-06 - Wireless networking; MS Office updates; September 19th
10-12-06 - Spam scam; Eudora; Patch Tuesday; IE7
11-01-06 - IE7; Firefox 2.0; Windows Defender
11-03-06 - Vista - should you upgrade; Linux offer; online music store
12-11-06 - Various program updates; MS Word vulnerabilities; Patch Tuesday; Seasonal warning; good Internet safety site

08-27-02 - As you probably know, I live and breathe tech information. The rest of you have Real Lives, and sensibly pay little attention to the latest computer-related news. However, occasionally things come up that I think would be of use or interest to my clients. I've spoken to some of you and have found that quite a few people wouldn't mind getting an email from me every once in a while alerting them to security fixes, small tips/tricks, etc. So I thought I'd try doing something along those lines. Now, I hate spam. I think that spammers should have horrible, terrible, torturing things done to them. And then they should be killed. So if you don't want to get any of these Elephant Boy Reports, please email me and I'll immediately take you off the list. Conversely, if you know someone who might be interested, have them email me and I'll add them. All that said, here's the first bit of information:

In the last week or so there have been quite a number of security-related issues with Microsoft Internet Explorer (your browser, the software that enables you to view the web graphically). Even if you don't use IE directly, it is tightly integrated into the Microsoft Windows operating system (Windows 98, ME, and Windows XP). There's no need to panic, but you should update your system as soon as possible. This is easily and painlessly done. Updating requires that you are connected to the Internet, so if you use a dial-up connection, log on. Cable and DSL users are already online. Somewhere in your Start menu, usually at the top, is an entry for Windows Update. Left-click it. (You can also find Windows Update from within Internet Explorer under the Tools menu.) This will bring you to Microsoft's Welcome To Windows Update site. Click on the Product Updates link. You'll get a notice that Microsoft is checking your computer to see what updates you need. (You may need to click "I Agree" in a pop-up window first if you haven't done this before, and that's OK - do it.) Windows XP users get a slightly different message ("scanning for updates"), but the process is the same.

You'll then get a webpage showing all the critical updates available for your system. You can click "Show Installed Updates" if you want to see more clearly what you need. Be sure all the critical/security updates are checked and click the "Download" button. Just follow the directions. The updates will be downloaded and automagically installed on your computer. You will probably need to reboot (restart) the computer. You should check for Windows updates on a regular basis to keep your operating system up to date.

Back to top

09-04-02 - Just a note to remind you all to be sure your antivirus definitions are up to date. Most of you will have this set to update automatically. In the past week, I've removed the W32Klez virus from four people's computers. This nasty piece of malware continues to be Number One world-wide. Remember, Don't Panic - just keep your antivirus running and don't open attachments. And for those of you who like to Live On The Edge and open absolutely everything (you know who you are), at least scan suspicious-looking email first, OK?

**Windows XP Service Pack 1**

Microsoft is releasing the first Service Pack for Windows XP (SP1), available for download on September 9th. It will include all the security fixes to date, as well as other enhancements. You'll undoubtedly be able to get it at Windows Update, and if you have a slow Internet connection (dial-up), can order the CD from Microsoft for $10. Windows Update will be the easiest way to install it, but if a) your connection is too slow; or b) you don't want to deal with it, I'll be downloading it and burning it to a CD. If you want me to install it for you I can, or if you'd like me to burn a copy for you I will. If you come here with your own CD-R blank, I won't charge for the burning (unless you want to schedule something extra like training time, of course). Naturally, if I come to your house I have to charge. My son needs new glasses. ;-)

It is always good to apply Service Packs, but it isn't anything you have to rush to get, either. Microsoft's download servers will be very busy on Sept. 9 and for the next few days afterwards, so it might be hard to get in. Not to worry, it can wait until the traffic gets lighter.

**Windows Trick**

If you are using Internet Explorer as your browser (the program used to view the Internet), to quickly enter the name of a site whose address starts with "www." and ends with ".com", type just the middle part in the Address Bar and hold down Control as you press Enter. IE will fill in the "www." and the ".com" for you and take you there. Example: To enter "www.elephantboycomputers.com", just type "elephantboycomputers" in the Address Bar and then press Control + Enter.

Back to top

09-09-02 - A major security flaw has been uncovered in Windows XP. IF YOU DO NOT USE WINDOWS XP, THIS DOES NOT APPLY TO YOU. Windows XP SP1 (Service Pack 1) is available through the Windows Update site now. You can choose the Express Install, which will examine your system and only
download and install the fixes you need. Otherwise, it is a 133MB download for the whole enchilada.

SP1 will patch this new major security flaw (along with a lot of other fixes). However, if you cannot get through to the Windows Update site (it will be busy) or have a dial-up connection, IMMEDIATELY DO THE FOLLOWING TO PROTECT YOUR SYSTEM:

Do a search for the file "uplddrvinfo.htm". It should be in your C:\Windows\PCHealth\Helpctr\System\DFS. The easiest way to get it is to do a search for "uplddrvinfo.htm" (enter the file name without the quote marks, obviously). When you have found the file, right-click on it and choose "Rename". Change the file extension (the three letters after the ".") to uplddrvinfo.old or .bil or .xxx, whatever three letters you like. I think it would be better to not use ".old" but some other odd combination of letters. DO THIS IMMEDIATELY. Then apply SP1.

REPEAT: IF YOU DO NOT HAVE WINDOWS XP, THIS DOES NOT APPLY TO YOU. Those of you running Windows 95, 98, or ME still should go to Windows Update and apply all necessary security fixes because it isn't like you're running a secure operating system and they're not.

Back to top

09-23-02 - Contents:
1. Viruses and hoaxes

I just got two emails and a phone call regarding a well-known virus hoax (jdbgmgr.exe, if you're interested), so I thought I'd remind you all about some great sources of information for all things related to viruses, hoaxes, email jokes, etc.: http://www.sarc.com/ - Symantec Antivirus Research Center - excellent searchable database of viruses, hoaxes, and jokes. The first place I look for virus information. A good antidote to virus/hoax scares.

Back to top

10-03-02 - Contents:
1. Security reminder
2. Virus news
3. Useful Newsletters

1. Be sure to update your operating systems by going to Windows Update. There have been some new vulnerabilities reported this week which affect all versions of Microsoft operating systems. Frankly, if I sent you a report about every security bulletin from Microsoft, most of you would go hide in the closet, which isn't necessary (at least regarding your computing life - I don't know about the rest of your activities!). Of course, some of you would stand up and roar, "Bring it on!!! and you know who you are, but that isn't sensible either, Tony ;-). If you actually want more technical information about Microsoft, including security, the best place to start is at:

http://www.microsoft.com/technet/default.asp

You can sign up for security bulletins there if you're interested. Or you can just wait for Elephant Boy Computers to send you an alert when necessary.

2. In virus news this week, the ever popular W32.Klez has been pushed out of First Place by a new version of the old favorite, W32.Bugbear. Bugbear is a mass-mailing worm with keystroke logging (to capture passwords) and backdoor capabilities. It will attempt to stop antivirus and firewall programs. It will come as an email attachment. If you have been to Windows Update and updated the operating system and are running a good antivirus with updated definitions, you are protected against Bugbear. Of course, you should always practice Safe Computing and not open email attachments. For more information about Bugbear, you can look at this page at Symantec's website:

http://www.sarc.com/avcenter/venc/data/w32.bugbear@mm.html

3. Some of you want to know more about computers and technology. The rest of you are excused now, and can go play. One great resource is Fred Langa's LangaList. This is an email newsletter sent out twice a week, packed with tips, information, and humor. There are two versions of the LangaList, a free one and a subscription one. I've been a LangaList subscriber for years. Go to http://www.langa.com/ for more information. On the lighter side, another email newsletter that is always interesting is Mike's List, from Mike Elgan. Mike includes technology-related news, but his focus is more on things like "Proof You Can Buy Anything On The Web" and "Mystery Pic O' The Week". To check it out, go to http://www.mikeslist.com/ .

Back to top

10-16-02 - Contents:
1. Internet Explorer versions 5.5 and higher security flaw
2. Windows XP security flaw
3. Alternate browser information (advanced tip)

1. Another IE 5.5/6.0 security flaw has been uncovered. Here is the information and fix, taken from The ScreenSavers website at http://www.techtv.com/screensavers

"A security hole has been found in Windows Internet Explorer that allows attackers to execute scripts on a user. The vulnerability appears when visiting websites that use the <frame> and <iframe> HTML tags. To fix the hole, follow these steps in Internet Explorer:

In Internet Explorer, open Internet Options.
Click on the Security tab.
Click on the Custom Level button.
In the Settings window, scroll down until you find, "Navigate sub-frames across different domains."
Select either Prompt or Disable."

2. This is for Windows XP/Windows 2000 users only. There is a security hole in the Messenger service. This service does not have anything to do with MSN Messenger, but rather is designed for corporate environments where the IT Administrator might need to send a message to all computers on the network, such as announcing a shutdown for example. Home users do not need this service, nor do business people not using this feature. To fix this hole, turn off the Messenger service by going to:

Start>Control Panel>Administrative Tools>Services. Under "Name", you will see the Messenger service. It is probably set to start automatically. Double-click on the Messenger service entry, which will give you its Properties box. Click the Stop button. Just above the Stop button, you will see a drop-down box for Startup Type. Click on the little down arrow and change the Startup Type to Disabled. Click Apply and OK, and close out of Services.

3. Your browser is the program that allows you to "see" the Internet graphically. Internet Explorer is the Microsoft browser that comes built into Windows. For those of you who are *not* using proprietary Internet software like AOL, you can try other browsers just for fun. One of the best commercial browsers is Opera. Opera comes in an ad-supported version for free, or no ads for $39. I personally think Netscape is dreadful, but that is another free browser. In the free browser category, Mozilla is terrific. Each of these browsers has its advantages and disadvantages. If you want to check them out, here are urls:

Opera http://www.opera.com/
Netscape http://www.netscape.com/ (click on Browser Central under Tools)
Mozilla http://www.mozilla.org/

For more information about all the different browsers out there (and there are tons of them), check out http://browsers.evolt.org/ just for fun.

Back to top

10-19-02 - Contents:
1. Browser pop-up ads
a. How to use Ad-aware
b. Killing pop-ups

I had a request to cover ways to get rid of those dreadful pop-up ads (or pop-under, which can be even worse since you don't see them until you close out of the browser) you get in your browser while surfing the Internet. The first thing you should do is be sure your computer is free of spyware (I'm assuming that you are all running a recent antivirus program with updated definitions and that you know your computer is clean). Rather than waste bandwidth with a long explanation of spyware in this email, I'll direct you to the Spyware section of this website here.

a. The best way to clean up your system is to use Ad-aware by Lavasoft. Ad-aware searches your computer for adware/spyware and gets rid of it for you. Here's the url: http://www.lavasoftusa.com/ . You should definitely read the FAQ and other information there, but here's a simple explanation of how to use Ad-aware. First, download Ad-aware. Second, download Refupdate (from the same place). Ad-aware works on the same principle as antivirus software, by using definitions to teach the main program about new forms of spyware. It uses a "referencefile" to do this. After you've downloaded and installed both Ad-aware and Refupdate, start Refupdate. It will give you a drop-down choice of servers. Choose one (or stick with the default), and click the "Connect" button. Refupdate will check for a new referencefile, download it, and install it for you. If there isn't one, it will tell you. Exit Refupdate.

Start Ad-aware and put a check mark in all the drives except A:\ (the floppy) to be scanned. Click the Scan button. Ad-aware will scan your computer - it may take a while depending on how much stuff you have on your drives. When done, it will tell you. You can then look at all the spyware it has found. Put check marks in all the boxes and click "Clean". You have the option to back up the files marked for removal if you are unsure. Ad-aware will get rid of all that nasty stuff, and then you can close the program. The Ad-aware wizard is pretty easy to follow. Ad-aware and Refupdate are free.

b. OK, now that you've gotten rid of any spyware, you can address killing pop-up ads. You'll either need to run third-party software (means it isn't built into Internet Explorer) or use a different browser. Note that if you are using AOL, I have no idea if any of the third-party software will work for you since AOL plays by its own rules, and if your AOL access is by dial-up modem (not Bring Your Own Access Broadband), I don't think you can use a different browser. All I can say is that you can try it and see if it works.

1. POW! is one of the oldest programs to kill pop-ups. You have to train it, although it isn't hard to use. POW! is free. Get it here: http://www.analogx.com/contents/download/network/pow.htm

2. Pop-Up Stopper has also been around for quite a while. It has a free version and a more full-featured version, along with other programs of that type. Here is their site:
http://www.panicware.com/

3. WebWasher is a free (for personal use) browser add-on. WebWasher also makes more comprehensive commercial software for companies. Here's the url:
http://www.webwasher.com/en/products/wwash/index.htm

4. For those of you who don't mind doing a bit of tweaking (and you can always call Elephant Boy Computers if you break something >heehee<), there is Proxomitron. Here is their website: http://www.spamblocked.com/proxomitron/

One thing to note: programs like Proxomitron run as a proxy server on your machine. In other words, they sit between your web browser and the Internet to act as a filter. Some pages like online banking sites won't work well with a proxy. If you find you like Proxomitron (or others) but run into problems on some sites, turning off the filtering software may be necessary for those sites. As in all cases, be sure to read Help files and FAQ's (Frequently Asked Questions) about any software you install.

If all that is too much trouble, you can always use a browser like Opera or Mozilla instead of Microsoft's Internet Explorer. Both Opera and Mozilla enable you to quickly set a preference of not permitting unsolicited new web pages to open. For instance, I use Opera for most of my web surfing and one of my favorite wallpaper sites (http://www.wallpapershq.com/accueil.php if you're interested) has intrusive pop-up ads on every page (well, they have to pay for the website somehow). When I go there, I go to File>Quick Preferences> and check "Refuse Pop-Up Windows". When I'm done and want the ability to open new windows from within a website again, I just go to the same place and check "Accept Pop-Up Windows". Very easy. I believe Mozilla offers something along the same lines. Opera has a free ad-supported version and a registered version for $39. Here is the url: http://www.opera.com/ . Mozilla is free and you can check it out here: http://www.mozilla.org/ .

Back to top

10-20-02 -
Sorry for sending another report so soon, but I got some relevant news from the Lockergnome Tech Report when I opened my email this morning.

"Bogus Ad-aware Circulating

"Lavasoft has posted an announcement to their forums warning of a possible trojan application being hawked as a valid download of AdAware, a popular spyware removal tool. Information is still being gathered about the fake, but the download file is named aware.exe or perhaps other variations. Lavasoft has posted a list of authorized mirror sites from which you should be obtaining AdAware."

Here is the url with the exact information: http://www.lavasoftsupport.com/

And here is the information from Lavasoft:

" WARNING!

It has come to our attention that there may be a new virus and/or Trojan masquerading as a legitimate Ad-aware download. This file or software is called aware.exe or some variation of this. We have also been informed that there may be someone out there who is actively using pop ups that seem as though they are from LavaSoft. Please be sure to only download our products from the official mirror sites listed on our downloads page: http://www.lavasoft.de/downloads.html

This includes ONLY the following sites:

Mirror Sites:

http://www.majorgeeks.com/article.php?sid=506
http://www.pcworld.com/downloads/file_desc...fid,7423,00.asp
http://download.com.com/3000-2094-10115988.html
http://www.winsite.com/bin/Info?5000000038314
http://www.wyvernworks.com
http://www.networkingfiles.com
http://fileforum.betanews.com
http://www.cheetaa.com
http://www.ExaltedHosting.com
http://www.mentaldimensions.com
http://www.bagpipes.net

In the interim, we are aggressively investigating these reports and are looking at every example of them we can locate. If you suspect that you have been infected with a virus of this name or are experiencing pop ups that look as though they came from LavaSoft or seem to advertise any of our products, please contact a Moderator or Administrator immediately and we will investigate this. You can also send information to the following address: urizen@lavasoft.de "

So if you got Ad-aware from a site listed on their webpages, you're fine. As always, download from known reputable sources, run a current antivirus program, and keep those virus definitions up to date. Back to our regularly scheduled Sunday morning.

Back to top

10-25-02 - Contents:
1. Windows (and other) Updates
2. Beware of e-greeting cards
3. Make your own TeleZapper

1. Updates - We've had quite a few new people join this mailing list, so I thought I'd repeat the information about how to use Windows Update from the very first EBC Report back in August. For those of you who have been getting the Report for awhile, perhaps it can be a refresher, or you can just skip this bit.

It is vitally important that you keep your operating system and main applications up to date so you have all pertinent security patches. An easy way to keep Windows operating systems current is to use Microsoft's Windows Update. Here's how you do it: Updating requires that you are connected to the Internet, so if you use a dial-up connection, log on. Cable and DSL users are already online. Somewhere in your Start menu, usually at the top, is an entry for Windows Update. Left-click it. (You can also find Windows Update from within Internet Explorer under the Tools menu.) This will bring you to Microsoft's Welcome To Windows Update site. Click on the Product Updates link. You'll get a notice that Microsoft is checking your computer to see what updates you need. (You may need to click "I Agree" in a pop-up window first if you haven't done this before, and that's OK - do it.) Windows XP users get a slightly different message ("scanning for updates"), but the process is the same.
You'll then get a webpage showing all the critical updates available for your system. You can click "Show Installed Updates" if you want to see more clearly what you need. Be sure all the critical/security updates are checked and click the "Download" button. Just follow the directions. The updates will be downloaded and automagically installed on your computer. You will probably need to reboot (restart) the computer.

You can also download security patches for Internet Explorer (your browser) and for Microsoft Office. Here is the url for Internet Explorer downloads (there is no automatic scanning): http://www.microsoft.com/windows/ie/downloads/default.asp . Pay particular attention to the Critical Updates, because these are the most important. If you are unsure what version of IE you have, click on Help>About and you will see the version number.

For Microsoft Office, go to http://office.microsoft.com/productupdates/ and at the top you will see a section called "Check for Office Updates". Click the "Go" button next to "Scan my computer to find Office updates I need". Just like the Windows Update site, you can choose what you'd like to download.

For other programs that are important to you (by Microsoft or by other companies), go to their websites and look around for information about patches and/or upgrades. "Support" is usually a good place to start looking.

2. For those of you who like to send those e-greeting cards, be sure that you are doing this from a reputable site. I personally include e-greeting cards in the category of "things that get an automatic Delete" along with never opening attachments, but a lot of people like them. Here are links to two stories posted on The Register by the very talented people at Security Focus. If you send (or receive) e-greeting cards, you should definitely read these:
http://www.theregister.co.uk/content/55/27782.html
http://www.theregister.co.uk/content/6/27794.html

3. I read this bit in the current issue of Wired Magazine and thought some of you more adventurous types would enjoy it. Apparently you can make your own TeleZapper, which is a device that you buy to attach to your phone to fool telemarketers. Right up front, you should know that I have not tried either the "real" TeleZapper or the digital one detailed below, so YMMV ("Your Mileage May Vary") and yer takes yer chances, although I don't see how it could hurt anything to try. But anyway, according to Wired (I've paraphrased their instructions), here's how to do it:

a. The TeleZapper fools telemarketers' auto-dialing equipment by emitting the ascending 3-note special-information tone you hear before, "We're sorry, the number you have reached has been disconnected." You can download this tone from the Web. Do a Google search for "sit.wav" to find one of these audio files.

b. Open sit.wav in an audio-editing program like Microsoft Sound Recorder. Edit out the second and third notes. Save the .wav file.

c. Play that one note on your computer and record it as the first sound on your answering machine's outgoing message. Follow with a clever greeting explaining to puzzled friends what you're doing.

d. According to Wired, telemarketers will get the "zapping" tone and take you off their lists.

Back to top

11-07-02 - Contents:
1. New Worm Sighted
2. Alternate Email Clients

1. A new mass-mailing worm has appeared and is struggling to take away the top honors from W32.Klez and BugBear. It is known as W32.Brid, but has aliases of W32/Braid-A and Win32.Braid.A, among others. It comes as an attachment in an email called "Readme.exe". Like so many other worms, it has its own smtp engine so it can send out emails when you are online even if you don't open your own email client. It will send itself to everyone in your addressbook. You are not at risk if 1) you are listening to the Elephant Boy telling you not to open email attachments; 2) you are running a current antivirus program with updated virus definitions; 3) you have gone to Windows Update and Internet Explorer Update and applied all security patches. You can learn more about W32.Brid at this url:

http://www.sarc.com/avcenter/venc/data/w32.brid.a@mm.html

2. Your email client is the program you use to get your email. Most people running a Windows operating system use either Outlook Express or Outlook. Outlook Express comes with Windows and is a basic email and newsreader (I'll cover newsgroups and newsreaders in another report). Outlook is part of Microsoft Office, which may have come preinstalled on your computer if you bought it from a major manufacturer like Dell or HP. Microsoft Office is not part of the operating system, but is a separate program.

If you use AOL, you use AOL's proprietary online email reader. Here, we'll take a quick detour to talk about the difference between online email clients and offline clients. Those of you who already know this can just skip this bit. ;-) When I send this email to you, it goes to your mailbox, which lives on one of your Internet Service Provider's ("ISP") computers (called a "server"). When you want to get mail, you either log on to your ISP and read the mail online (like with AOL, Yahoo Mail, Hotmail, or the Earthlink email client) OR you download the mail using an email program like Outlook Express ("OE") or Outlook. If you are reading the mail online, unless you save the email, it doesn't come and live on your computer. It stays on the ISP's server until you delete it (or they empty your mailbox after some specified amount of time). This means that you can log in from any computer anywhere with an Internet connection and read your mail. If you download the mail with OE or Outlook, it now lives on your computer and is gone from the server. Most regular ISP's, like Earthlink, AT&T Global, Compuserve, etc., have a place to log in and read your mail online, which is convenient for when you're not home. The advantage to using an email client to download your email is if a) you're using dial-up and don't want to stay online to read mail; b) you can apply spam/content filters to email that are available in the email client; c) you can use whatever email client you like.*

*Unless you use AOL exclusively, in which case you might as well skip the next bit about other email clients because you can't use another email program to get your mail. Sorry.

Why use another email program? 1) Malware writers know that most home/small office computer users run Windows and therefore are probably using OE or Outlook to get mail and often target those particular email clients. A different email program might have less vulnerabilities to certain viruses/worms. This DOES NOT MEAN YOU CAN GET CARELESS AND OPEN ATTACHMENTS IN OTHER EMAIL PROGRAMS BECAUSE YOU ARE STILL RUNNING A WINDOWS OPERATING SYSTEM. 2) A different email program might have capabilities that you particularly like. 3) Just for fun.

Fred Langa just did an article on other email programs. You can find it here: http://www.informationweek.com/LP/columnists/langa/2001/04.htm

The Mozilla browser also has an email component.

If you decide to try another email program, you don't have to uninstall OE or Outlook. You can have more than one email program on your computer at the same time. Just download and install the new one. In order to set up the new program, you'll need to know two pieces of information:

1. Address of your ISP's incoming mail server, usually something like pop3.myISP.com

2. Address of your ISP's outgoing mail server, usually something like smtp.myISP.com

Your email address stays the same, of course. That doesn't change because you are using a different email program - the email is still living on your ISP's server; you're just using a different piece of software to get it. You can get the pop and smtp addresses from somewhere in your ISP's webpages or look at the account settings in OE or Outlook and copy them down.

Back to top

12-09-02 - Contents:
1. Making address labels
2. Newsgroups - what are they?

1. My brother saw my return address labels (they have the ever-cute picture of The Elephant Boy on them with my address) and wanted to know how to do it. He also thought The List might be interested, so here you go:

You can easily add Avery label extensions to Microsoft Word, as well as a Wizard to help you create simple labels. If that is enough for you, go to http://www.avery.com/us/software/index.jsp and download the Avery Wizard (free). There are also free templates and clip art for download. If you want to be a little fancier, then get the Avery DesignPro program from the same page. I believe Avery used to charge for this, but it is now free and very easy to use. When you install
DesignPro, there is a point where the installation program cautions you that you have to have a database for certain functions. Truthfully, I'm not sure what they mean and it hasn't caused me any problems. Just click "OK" (or "yes", whichever it is) and continue.

Once DesignPro is installed, check out its Help file for instructions. It is very easy and I created Elephant Boy and home return address labels within minutes. The nice thing about the DesignPro program is that you create a Master label, and then can add however many variations of that label you want. For instance, I put the Elephant Boy's picture and my address on the Master label, leaving the first line blank. Then I created two sub-labels - one with my name in the first line for personal labels and one with Elephant Boy Computers there instead for business labels. DesignPro may even have more capabilities that I didn't explore because I just wanted to get the job at hand done quickly. Have fun!

2. Newsgroups - Some of you may have heard the terms "newsgroups" and/or "Usenet" and wondered what they mean. As you probably know, the World Wide Web (www.) is not the entire Internet. There are email and other servers, and there is Usenet. Basically, there are thousands of newsgroups where people post text messages (although there are newsgroups dedicated to posting binary files) regarding a particular area of interest. Although Usenet has been around for a really long time, it is a thriving area of the Internet. Rather than take up your time here in this email with all the details, I suggest you go to:

http://groups.google.com/ and http://groups.google.com/googlegroups/help.html for a comprehensive discussion of what Usenet is and How You Do It. You can look into various newsgroups that might interest you by using Google Groups' web-based interface. If you decide you'd like to really get into Usenet deeper, you'll be far better off using a dedicated newsreader. I know you are all using Microsoft operating systems, so you already have a newsreader built in - Outlook Express. OE isn't generally considered a very good newsreader by Usenet veterans, and there are alternatives. Netscape Communicator (http://channels.netscape.com/ns/browsers/default.jsp) includes a newsreader, as does the Mozilla browser (http://www.mozilla.org/). Another good free newsreader is Gravity. Gravity is old and is no longer supported, but it does the job admirably. It can be a bit hard to find, but I found it here, along with some good information on how to use it: http://cws.internet.com/news-gravity.html

Another popular Windows newsreader is Forte's Agent. Agent is $29, I believe, but there is a free version. Here is a link to Forte's home page:
http://www.forteinc.com/main/homepage.php

Although there are free news servers on the Internet, generally your ISP will provide free access to newsgroup servers as part of your Internet service. You should go to your ISP's webpage for instructions on how to set up a newsreader for their newsserver. Some companies, such as Microsoft, provide their own news servers.

You should be aware that Usenet is often extremely "wild and wooly" and most newsgroups are not moderated. So if your sensibilities are tender, be warned up front. Like any society, Usenet has behavioral conventions. The best way to participate in a newsgroup is to subscribe, read the group for quite a while, read its FAQ (Frequently Asked Questions, which are normally posted in each group on a regular basis), and get a generally sense of the culture of the group before posting. This is called "lurking" and is a sensible thing to do. A great compendium of links about Usenet is here: http://www.faqs.org/usenet/index.html

Basically, if you don't want to be flamed:

1. Don't top post
2. Quote sensibly
3. Don't attach binary files in non-binary newsgroups
4. Set your line wrap to 72 characters
5. Don't use html to post - plain text is what is needed
6. Read the FAQ's.

In case you're interested, here are the newsgroups to which I currently subscribe:

(from my ISP's newsserver)
alt.humor.best-of-usenet
alt.os.linux
alt.os.linux.suse
rec.arts.sf.written
rec.humor.oracle

(from Microsoft - msnews.microsoft.com)
microsoft.public.windowsxp.general

Back to top

12-14-02 - Contents:
1. New Windows vulnerabilities

Paul Thurrott (one of the best sources for Windows information), had this to say in today's WinInfo Update Newsletter (since I couldn't have said it better, I'm quoting him directly):

"MICROSOFT VULNERABILITY OF THE WEEK

So many Microsoft security vulnerabilities pass by me each week that I hardly pay attention anymore, but a series of vulnerabilities this week, including a particularly virulent one based on the company's Java Virtual Machine (JVM), is worth noting. You're already protected if you're using Auto Update (and you ARE using Auto Update, right?) but the JVM vulnerability affects all Windows versions since Windows 98 and could let hackers infiltrate a PC and take it over. Microsoft says that no users have been compromised to date, but we know this sort of thing is only fun until someone gets hurt. Head on over to Windows Update and grab the latest critical updates if you aren't sure whether you're already protected."

If you're interested in subscribing to WinInfo Update, go to http://www.winnetmag.net/ and click on WinInfo News. It's listed under Resources. There are lots of other excellent resources on the Windows & .Net Magazine site, too.

Back to top

12-22-02 - Contents:
1. Major security flaw in Windows XP
2. Outlook Express 6 doesn't allow you to open attachments
3. End of the line for Windows 3xx, Windows 95, and NT 3.5x
4. Web amusements - online comics

1. A few days ago, Microsoft issued a report regarding a major security flaw in Windows XP. Earlier operating systems (Windows 9x and ME) are not affected. Briefly, the vulnerability is in the Windows shell - the part of the operating system that not only provides your familiar Windows Desktop, but also creates your working environment. An attacker could host a specially created .mp3 or .wma file on a website; if the user hovered his mouse over the icon for the file or opened the shared folder where the file was stored, the vulnerable code could be invoked. The .mp3 files are extremely popular music formats, and .wma files are played on the Windows Media Player. Microsoft considers this a critical flaw. You can find the technical explanation on Microsoft's Tech Web here:   http://www.microsoft.com/technet/security/bulletin/MS02-072.asp

A patch is available through Windows Update, and if you are keeping your system updated regularly, then you are protected. It seems like there are security announcements for Windows every day, but because so many of you have teenagers who love to download music, I thought this one was worth a "heads up".

2. Even though the Elephant Boy has constantly warned you of the dangers of opening attachments, (Don't Do It!) some of you feel you must or like playing with fire. By default and as a security precaution to avoid saving a virus to your computer, OE 6 doesn't let you save files locally. To enable file saving within OE, perform the following steps:

a. Start Outlook Express.
    b. From the Tools menu, select Options.
    c. Select the Security tab.
    d. Clear the "Do not allow attachments to be saved or opened that could potentially be a virus" check box, then click OK.

3. It's now official - as of December 31, 2002, all Windows 3.xx, Windows 95, and NT 3.5xx operating systems have come to the end of their supported life cycle. This doesn't mean that if you are still running one of these older systems that they will go *poof* and disappear on January 1st, but it does mean that there will be no official support (which includes patches) for them from Microsoft. Here is the link to Microsoft's support lifecycle page:
http://www.microsoft.com/windows/lifecycle/desktop/consumer/default.mspx
They're dead, Jim.

Back to top
EBC Current Reports
Home

01-02-03 - Contents:
1. New Ad-aware information
2. Update reminder

1. There is some updated information for those of you who are using Ad-aware from Lavasoft to rid your computer of spyware. Although Ad-aware has been recommended for a long time, the current version (5.83) is no longer being updated. Lavasoft has stated that they are doing a complete rewrite of the program, and will make it available to paying customers in January, with the free version available sometime in February. The general consensus among security folk is that you'd do best to uninstall Ad-aware, and I'm going to concur. Remember, you do this from within the Control panel applet Add/Remove Programs.

From everything I've seen, Spybot S&D is the best choice to remove spyware/scumware. You can get it from their website here: http://security.kolla.de/ .

A great resource for information about spyware is the SpywareInfo website here: http://www.spywareinfo.com/ . They put out a weekly email report which is extremely useful.

2. Since it is a new year, I'm going to remind you all to keep your systems safe and up-to-date by:

a. Going to Windows Update for operating system patches
b. Getting updates for Internet Explorer and Outlook Express
c. Be sure you have a current antivirus program and keep its virus definitions up-to-date.

Back to top

01-16-03 - Contents:
1. Nasty new worm - Lirva

I've been very busy lately (hurray - the children can eat!), mostly with disinfecting and repairing computers that have contracted viruses, worms, Trojan horses, and various kinds of malware. The latest beauty making the rounds is the Lirva worm, named after the pop singer Avril Lavigne. The worm infects users of Microsoft Outlook. It can disable antivirus and firewall software, and overwrite (this means "seriously ruin" in non-technical language) Microsoft Word, Excel, and PowerPoint files, leaving the file sizes at 0 kb. This means those files are unrecoverable, so the victim had better have clean backups.

Lirva spreads through the KaZaA file sharing network, Internet Relay Chat (IRC), Instant Messenging programs, and email. Once infected, Lirva sends a copy of itself to everyone in the user's address book, using its own email server. Lirva also collects address information from other files on the user's system. Lirva also collects passwords from the infected system and emails them to an address presumed to be located in Russia. On the 7th, 11th, and 24th day of each month, Lirva automatically opens a Web browser on infected machines to Ms. Lavigne's website.

The worm can arrive with various subjects, message body content, and file attachments, including one that pretends to be a message from Network Associates (the makers of McAfee Antivirus) regarding a security problem with Microsoft IIS. You should know that Microsoft never distributes its security patches through email to end users, and Network Associates doesn't email Microsoft patches either.

So:

a. Be sure you have a current antivirus program installed.
b. Be sure that program's virus definitions are kept updated.
c. Be sure you are backing up your data on a regular basis.

Back to top

01-20-03 - Contents:
1. APC product recall
2. Computer cleanliness

1. I know some of you are using an Uninterruptable Power Supply. American Power Conversion (APC) has recalled some 2.1 million units produced under the Back-UPS CS line, specifically the CS 350 and CS 500 models in both 120-volt and 230-volt varieties. Eight units have been reported to seriously overheat. Symptoms included a melted outer casing and probable failure of the units. Compare the first six characters of your UPS's serial number to see if your model qualifies for replacement:

AB0048	through	AB0251
BB0104	through	BB0251
JB0125	through	JB0251

Units with an "R" at the end of the serial number are not included in the recall. Here is a link to the article on the manufacturer's website:

http://www.apc.com/rely/pressrel.cfm

If you don't know what I'm talking about, you don't have a UPS and shouldn't worry about it!

2. In all our talk about keeping our computers fit and happy, I've neglected to mention one very important factor - cleanliness. It is a truism that a computer's most dangerous enemies are dirt and heat. We often talk about heat-related problems and that is why there are fans inside a computer case. The processor, RAM, and video card (especially modern ones) are the biggest producers of heat and that heat has to be dissipated so components don't suffer. However, dirt is a culprit in hardware failures, too. Computers attract dust, no matter how good a housekeeper you are. Dust can form a blanket over fan openings, keeping heat inside. Dirt can damage delicate electronic components, and/or prevent them from making proper contact with the motherboard (the main circuit board that everything inside your computer plugs into). I've been in some very dirty environments, and when I've opened the computer cases have found literally drifts of dirt inside. Not good!

Keep your computers in a clean environment. Don't smoke around them. I don't allow eating in my computer room because sooner or later someone is going to spill soda where it shouldn't go. Don't let your cats sleep on the monitors. I'm guilty of letting my cats into the computer room because I love to do my morning surfing with Sonny the 16-lb. tabbycat on my lap, but it definitely adds to the cat hair buildup. Look at your computers, particular the back parts. Is there a lot of dust on the case fan? The best way to clean a computer is to unplug everything, open the case, and *carefully* blow away the grime using a can of compressed air. I usually take a computer outside to do this. Using a vacuum cleaner is not a good idea, because vacuums can create static electricity, which can be fatal to computer components. For this reason, using those fluffy dusters that use static to attract dust is not a good idea. I have used one around the monitors, printers, and keyboards, but keep it away from the computers themselves.

Back to top

02-12-03 - Contents:
1. Reminder
2. Ad-Aware 6.0
3. Back-up refresher
4. Spam tip

1. This is a reminder for all of you to update your operating systems by going to Windows Update. There have been quite a few new vulnerabilities found in Internet Explorer and Windows operating systems for which Microsoft has issued patches. Remember, you can get to Windows Update from a shortcut on the top of your Start menu or from within Internet Explorer (Tools>Windows Update). Those of you running Windows XP will have been prompted by the automatic Windows Updater, which appears as a small blue globe in your system tray. Also, don't forget to update your virus definitions by running Live Update (or the equivalent for your specific software) from within your antivirus program. In most cases, automatic updating should be turned on, but it doesn't hurt to check it manually.

2. Lavasoft's new version of Ad-Aware - 6.0 - is now out. There is a free version and a paid version. I haven't tried it yet, but preliminary reviews indicate that Spybot Search & Destroy still finds and removes more instances of spyware/adware than Ad-Aware. However, Spybot does have a "geekier" interface and may be more difficult to use. You can download them both and use them both for complete coverage if you like. I plan to use both on my Windows boxen since I have a "belt-and-suspenders" attitude about computer security. Download these programs here:

http://www.lavasoftusa.com/ for Ad-Aware
http://security.kolla.de/ for Spybot

3. Back up your data! The best way is to burn your data on a CD-R disk. Remember, you do not need to copy programs which you can reinstall from the original CD's. You want to save your data - things *you* have created like documents, spreadsheets, financial information. I recommend saving files in one place - the My Documents folder is an excellent choice - so backup is quick and easy. To keep things neat, you can make new folders in My Documents and name them something useful (eg.,Schoolwork; Church; Recipes; Great American Novel, Plans For World Domination, etc.), just as if you were labelling file folders in a filing cabinet

Microsoft programs like Office and Money use the My Documents folder as the default saving location. Other programs, such as Quicken or QuickBooks, may not. You need to explore these other programs and know where your data is being saved. If you use industry-specific software in your business, you should call their tech support and find out what part of their program needs to be backed up. You can also save your Internet Explorer Favorites (bookmarks in Netscape) from within your browser by exporting them and saving in My Documents. Save programs you've downloaded from the Internet by keeping the installer.

On a regular schedule, back up everything you've saved by burning to a CD-R disk, copying to a Zip disk, or (worst choice but better than nothing) to a floppy disk. After you've made your backup, you can delete the downloaded program installers and any documents you don't need from your hard drive. I wouldn't get rid of any vital files (like financial ones) just in case the backup isn't good. It's a smart idea to test your backup regularly, too. Keep your backup in a safe place, not sitting next to your computer! Especially, don't store floppy disks next to a monitor. Monitors have a magnetic field and data is stored on floppies on magnetic tape, just like the old tape cassettes. Leaving floppies next to a monitor will destroy the data and make blank disks unusable.

If you don't know how to backup or need help, call Elephant Boy Computers for some training. You will not be happy if your hard drive dies or a virus destroys Windows and all your important files are gone.

4. The Register has an interesting article this morning about how spammers are inserting tracking codes into their email messages and how to deal with this. Basically, don't open spam but simply delete it. Spammers should die horribly! Read the article here: http://www.theregister.co.uk/content/55/29289.html

Back to top

02-23-03 - Contents:
1. Update on Ad-aware, NewDotNet
2. Patches and updates
3. Bulwer-Lytton 2002 Contest Winners

1. The latest SpywareInfo newsletter has additional information about the new version of Ad-aware. As you know, Elephant Boy Computers recommended that you uninstall any version of Ad-aware that was lower than 6.0. According to SpywareInfo, the new Ad-aware 6.0 Build 160 still had problems removing NewDotNet, CommonName Toolbar, and Webhancer. Reportedly, these issues have been fixed in Ad-aware 6.0 Build 162. If you are using Ad-aware 6.0, you can find the Build number by starting Ad-aware and looking at the very lower right-hand corner of its interface. Mine says "Ad-aware 6 Personal, Build 162". If you are using Ad-aware 6.0, be sure to update. Do this from within Ad-aware by clicking on "Check for updates now" in the lower right-hand corner of the interface above the "Start" button. SpywareInfo also has a very good article about the NewDotNet software often found on systems. SpywareInfo is an excellent source of information about spyware/adware and privacy rights. The website is here: http://www.spywareinfo.com/newsletter/archives/feb-2003/22.php

2. You know that you should regularly visit Windows Update to get patches for your operating system and Internet Explorer, but you should also check for patches on other software you use. Patches and updates fix problems with programs such as security vulnerabilities and/or hardware issues, and sometimes provide new features. Patches and updates are free. Upgrades are more extensive and give a "new and improved" product. Depending on the software manufacturer, upgrades may or may not be free. Usually you will have to pay for a new version, although there may be an upgrade discount. In most software for Windows, you can see the version of a program by going to its Help menu and clicking "About".

Games in particular get patches almost as soon as they are released. It is very expensive to develop a new game, and the publishers regularly push the product out the door before it is really "cooked" in order to get to market. Also, to be fair, there are so many possible combinations of hardware and software on Windows systems that, even with extensive beta testing, the game manufacturers cannot anticipate everything that might go wrong with their program on every computer. Whenever you get a new program, you should always go to the manufacturer's website and check for updates and patches. This includes drivers for hardware you might buy, too. The cd-rom that you get in the box was usually made months before you bought that new sound card or program. Almost every patch and/or update will have a "readme" file with important information about it. Read it!

3. The Bulwer-Lytton 2002 Contest winners have been announced. For those of you who don't know, Edward George Bulwer-Lytton was the author who wrote the immortal book, "Paul Clifford" (1830). It is generally agreed that this book has the worst opening sentence of all time:

"It was a dark and stormy night; the rain fell in torrents-- except at occasional intervals, when it was checked by a violent gust of wind which swept up the streets (for it is in London that our scene lies), rattling along the housetops, and fiercely agitating the scanty flame of the lamps that struggled against the darkness."

Contestants submit a sentence in the same vein. Those of you with a literary sense of humor can find the website here:

http://www.bulwer-lytton.com/

Back to top

03-18-03 - Contents:
1. Domain Names, Websites - How They Work
2. Virus Warning/New Vulnerabilities

1. It occurred to me that some of you might be interested in knowing about how to get domain names and websites. For those of you who couldn't care less, skip this part!

There is a great non-technical explanation of the Domain Name System by InternNIC, the Internet Corporation for Assigned Names and Numbers, on their website. Here's an excerpt, but if you want to know more, go here: http://www.internic.net/faqs/authoritative-dns.html

"What is the Domain Name System?

"The Domain Name System (DNS) helps users to find their way around the Internet. Every computer on the Internet has a unique address just like a telephone number which is a rather complicated string of numbers. It is called its "IP address" (IP stands for "Internet Protocol"). But it is hard to remember everyone's IP address. The DNS makes it easier by allowing a familiar string of letters (the "domain name") to be used instead of the arcane IP address. So instead of typing 192.0.34.65, you can type www.icann.org. It is a "mnemonic" device that makes addresses easier to remember.

"Translating the name into the IP address is called "resolving the domain name." The goal of the DNS is for any Internet user any place in the world to reach a specific website IP address by entering its domain name. Domain names are also used for reaching e-mail addresses and for other Internet applications."

There's a lot more, but you can check it out yourself. Your Internet Service Provider probably offers you space on one of their computers to make a Homepage website. Because you are using their domain (like "aol.com"), your address will be something like "www.aol.com/~myusername/homepage.htm". But you can have your own domain. Here's an analogy that I think will help make the whole process clear: think about getting a domain name and setting up a website as if you were starting a business. I'll use my domain, "elephantboycomputers.com", as an example. You register a domain name with an company that is accredited by ICANN. There are quite a few and rates vary. This action is like when you form a company and file papers with State and Local governments so you are "official" and your name is unique (for instance, you can't call yourself "Macy's" because that's already taken). I have my domains registered with my hosting company, HostingMatters, which is an excellent hosting service.

OK, so now I own "elephantboycomputers.com". What do I want to do with it? I need a public presence, or it's like being in business without a storefront. No one knows you exist. So you find a company that will host a website for you. This is like renting a storefront, and HostingMatters is my landlord. The DNS for my site is set to Hosting Matters' servers so when you type "www.elephantboycomputers.com" into your web browser, you'll be able to find my website.

Now I have to fill my "store" with something, so I create webpages and save them as files on my hard drive. Because I'm not a website designer, I use a simple program to make the webpages - Mozilla Composer. Now I copy the files to the folder HostingMatters has for me on their computer by uploading them. And that's all there is to it! Well, not really, but this gives you an idea of what's involved in getting your own domain name.

2. Over the last few weeks, people have been getting bitten by an email with a virus attachment that is masquerading as a security update from Microsoft. Microsoft never sends out patches in email. There have been new vulnerabilities found in various Windows operating systems (most recently one for Windows 2000). You should patch your operating system by going to Windows Update. And you know not to open attachments. But I just thought I'd warn you about this latest trick by the bad guys. Remember, for virus and hoax information go to www.sarc.com .

Back to top

03-30-03 - Contents:
1. Online music sites
2. Spam

1. I've had a lot of clients needing major clean-up of their machines lately, mostly due to viruses and/or spyware-adware infestations. In most of those cases, KaZaA Media Desktop, WinMX, or some other kind of file-sharing software was installed. Now, all of you have heard my standard "don't do this" lecture; if you haven't or strangely want to experience it again, just go to the spyware and file-swapping sections.

I thought I'd do a bit of research on how to download music legally. Of course, if the artist has his/her own website and offers songs for download that's one way, but going to multiple websites for all the music you'd want to get would be tiresome. There are online music subscription services which might be a good way to go. CAVEAT AND DISCLOSURE: I don't use any of these and I can't vouch for them one way or the other. You'll have to do your own research. That would include
reading the website's FAQ's (Frequently Asked Questions), Privacy Policy, and ALL the fine print. You can check out if the website in question has been rated by other users at sites like: www.rateitall.com and www.epinions.com and/or just do some research by talking to friends, reading reviews, search the web with Google, etc. Using Google, I entered the search term: "music subscription site reviews" and came up with these articles which might be useful:

http://www.cnet.com/software/0-3227898-8-20061541-1.html
http://www.pcworld.com/news/article/0,aid,80564,00.asp

That said, here are links to some online music subscription services, listed in no particular order:

http://www.emusic.com/pitch.html
http://www.mp3grandcentral.net/new/index.html?srcid=music
http://www.mp3.com/
http://www.pressplay.com/
http://www.musicnet.com/
http://www.listen.com/

Update: As of 1/14/04, I believe eMusic is no more. However, iTunes and Rhapsody are the biggest players in the online music market right now.

2. I have a small section on junk mail - spam - on the website here:

http://www.elephantboycomputers.com/page4.html#Junk_Mail:

but I'd just like to remind you to NEVER RESPOND TO SPAMMERS. Many spam mails include a link for you to click on to "unsubscribe" to future mailings. THIS IS A LIE. When you click on that link, all you've done is to confirm to the spammer that he/she has a live email address and you'll get more spam, not less. DON'T EVER BUY ANYTHING FROM A SPAMMER. Here are some interesting links in addition to the ones on my website:

http://www.scambusters.com/stopspam/index.html
http://www.elsop.com/wrc/complain.htm
http://spam.abuse.net/
http://www.howtofightspam.com/
http://www.wired.com/news/infostructure/0,1377,57613,00.html (this is an article from WiredNews about what happens when you buy from or otherwise contact spammers)

Back to top

04-21-03 - Contents:
1. Windows Update reminder
2. Backing up
3. Messenger spam problem

1. This is a reminder for you all to visit the Windows Update site to get patches for your operating system. There have been quite a few Windows vulnerabilities alerts over the past week or so (how strange and unusual - NOT!). If you need a refresher on how to use Windows Update, here is a link to a previous EBC Report with details.

2. I've got information about backing up in another section on this website and also in a previous EBC Report.

However, I recently had a call from someone who wanted to know of a backup solution that would require no work from him. While there are many backup programs that run in the background ONCE THEY ARE PROPERLY SET UP, there is no Computer Brownie who will automagically copy all your data and back it up to a CD-R or tape without any user input. With a tape backup system, SOMEONE still has to put in a fresh tape and verify the backup. If backing up to CD-R's, an actual human has to put in a disk and start the burning program.

For most home users, simply backing up the data files in My Documents might be enough, but you should sit down and think about what you would miss if all your stuff was gone tomorrow. Browser favorites/bookmarks? Outlook contacts, calendar, and email files? Outlook Express addressbook? Quicken or QuickBooks data? Cards you've created in a greeting card program? You get the drift. If you have a business and don't have the time or inclination to do backups, then designate one of your employees to do this, or hire an in-house IT person. Remember, only someone intimately familiar with your business will know what programs your company uses and how to back up the data created.

If you want a program that will run in the background and copy files to a specified folder, I highly recommend SecondCopy. This program is very flexible and can be configured to do simple or complex backups as you prefer. I've used it for home computing backups and yet its feature set is rich enough to be used to back up server/client configurations. SecondCopy is shareware, which means you can "try before you buy". It is very reasonably priced at $29.95, especially considering that major backup programs from companies like Veritas and NovaStor can cost anywhere from $75 to $800 on up. Of course, if you need extremely fault-tolerant server backups for your business, you will want a heavy-duty backup system. However, in that case you have your own IT Department and aren't reading this newsletter!

3. Windows 2000 and Windows XP users (Win9x and ME are not affected) have been experiencing a new kind of spam. When connected to the Internet (like with an always-on connection such as cable), but not necessarily browsing, ads will suddenly pop up on the desktop. Spammers discovered they can take advantage of the Messenger service to send ads. The Messenger service has nothing to do with an instant messaging client; rather it is there so that a Systems Administrator in a large network can send a message to everyone connected, perhaps to tell everyone to shut down now or let them know something important about system performance. If you aren't doing this (and it is unlikely that anyone reading this Report is), you don't need to have this service running. To disable it, go to your Control Panel and open the Administrative Tools applet. Then double-click on Services. This will open the Services (Local) window. Scroll down to Messenger and double-click it to get the Messenger properties. On the General tab, you'll see the Service Status. If it is started, click Stop. Then change the Startup type to Disabled by using the drop-down arrow to the right. Click Apply and OK. You should also think about getting a firewall. Sygate makes a good one that is free for personal use.

An excellent place to learn about Windows 2000 and Windows XP services is Black Viper's website.

Back to top

05-19-03 - Contents:

1. Warning - new email spoof - caution regarding patches
2. Kid safety on the Internet

1. This is just a reminder that no legitimate company will send you an email with an attachment purporting to fix their product. Another email trick has surfaced wherein the email pretends to come from Microsoft with a patch* but the patch is really the Palyh (aka Mankx) virus. Here is a quote from The Register's article this morning:

"Windows users everywhere are urged to update their anti-virus definitions following the discovery of a new worm, which poses as one of a series of odd messages from Microsoft.

"The pest is an email and network attack worm that includes a downloaded Trojan horse component, according to a preliminary analysis of the virus by security outfit iDefense. After a computer is infected with the worm it attempts to create copies of itself in remotely shared startup locations on a network.

"The virus also attempts to update itself by linking to a Web site. Hopefully this avenue of mischief will soon be closed.

"The virus normally arrives via email with one of the following subject names: Re: My application, Re: Movie, Cool screensaver, Screensavers, Re: My details, Your password, Re: Approved (Red. 3394-65467), Approved (Ref. 38446-263), Your details.

"Within this emails is an infectious attachment of filetype .pif, .pi or .uue. Again selection of these filetypes is random. Double click of the attachment and you get infected, natch. Palyh scans files (with .dbx, .eml, .htm, .html, .txt, and .wab) for fresh prospects for infection."

As always, your best defense is 1) always run a current antivirus program and be sure its virus definitions are up-to-date; 2) never open email attachments; 3) if you must open an attachment, scan it first with your antivirus program; 4) when in doubt, check the antivirus information sites for where to look.

*A patch is a small (usually) program that will correct problems and/or add enhancements to an application such as an operating system, game, or other software.

2. I had a question from one of my favorite clients as to how he can insure a kid-friendly Internet experience for his grandchild. The very best solution is three-part: 1) adult supervision and oversight; 2) discuss Internet safety with your child if the child is old enough; 3) keep the computer in a public room (not the child's bedroom). That said, there are software strategies such as filtering programs or modified browsers. Notice that I say "strategies" and not "solutions". No filtering program is perfect, each has its own quirks and can cause its own problems, and an older computer-savvy child can probably get around the filters.

The best-known filtering programs are CyberPatrol and NetNanny . Symantec's Norton Internet Security suite also has a Parental Controls feature, along with its antivirus program and firewall.

Internet Explorer also has a Content Advisor function. Go to Tools>Internet Options>Content (Enable and Settings). Be careful here, though - enabling Content Advisor can cause problems in getting to sites you want and if you forget the password, you'll need to call Elephant Boy Computers!

All of these programs require you to set them up, so you will need to read the manual and help files. Caveat - I have never used any of these programs so I can't give more details on them. I did set up Norton Internet Security for a client and he found that he had trouble getting to sites he needed, but that was a while ago. In any case, relying solely on filtering programs will give you a false sense of security. You still need the 3-part solution.

Another thing to do if you are running Windows XP is to make a Limited User Account for the child. The child will not be able to install programs and otherwise mess up your computer. This is actually good security practice for everyone - make yourself a Limited User Account and use that to surf around instead of running as Administrator. Unfortunately, in the Microsoft world it is difficult to do many day-to-day tasks if you are not Administrator and many Windows programs will not run under a Limited account since they were not designed for a true multi-user operating system. Still, this is something that will work for a younger child.

Another idea is to run a modified browser just for the child. Earthlink has its Earthlink Kids service which is an inexpensive add-on to your monthly bill. For those of you who don't use Earthlink as your ISP, you can use SurfMonkey's service directly.

Here are some links to a few kid-friendly websites:

Yahooligans!-http://www.yahooligans.com/
Bonus.com - http://www.bonus.com/
Neopets - http://www.neopets.com/

I'm sure MSN, Earthlink, and AOL all have sites for kids, too.

Back to top

05-22-03 - Contents:

1. Quick virus warning
2. File extensions (related to 1. above)

1. A few days ago I sent out an Elephant Boy Computers Report warning you about various fake email messages purporting to come from Microsoft with an attachment of a supposed patch - which is really a virus. Another similar, but more insidious email is making the rounds. This one comes with the subject of "Undelivered Mail Returned to Sender" with a From address of MAILER-DAEMON@yahoo.com . Attached is a file called "error.hta", which is an executable script. Here is a link to an earlier iteration of it - Downloader-BO.dr - at McAfee's site: http://vil.nai.com/vil/content/v_99806.htm . Usually returned mail does not come with an attachment, but will include the bounced message inline.

If you're using a current antivirus with updated definitions, you're covered, but you should still not open attachments or at the very least, be cautious and scan them first. Also, in order to protect yourself by being aware of the nature of an attachment, see 2. below.

2. File extensions are the three letters after the dot in a Windows file name - like "myletter.doc" or "winword.exe". Windows uses the file extension to know what program is associated with the file and thereby what to use to open the file. Certain files are executable, meaning they are programs or scripts and will do something active on your computer. All Windows operating systems when freshly installed default to hiding known file extensions. So when you look at files on your hard drive, you may not see the dot and the three letters after most files. Virus writers know this and take advantage of this fact. You should turn on viewing file extensions. Under Windows 9x, double-click My Computer and then go to View>Folder Options. Click on the View tab at the top, and in the first section find "Hide file extensions for known file types". Uncheck the box, then click Apply and OK. Windows XP users will find Folder Options as a separate applet in Control Panel. For a good list of file extensions, go to Whatis.com and look up the extension in question. When in doubt, don't open the attachment!

Back to top

07-09-03 - Contents:

1. Update reminder
2. Scams and hijackings
3. Register to disallow telemarketing (a little off-topic)

1. It's been a while since the last EBC Report. I'm assuming you are all having a lovely summer and remembering to visit Windows Update on a regular basis. There have been the usual Windows vulnerabilities and the usual patches issued by Microsoft. I don't send you an email every time a Windows security hole is discovered because then you'd be getting an email from me nearly every day. Keep your computer (and your data) safe by keeping your operating system, antivirus software program, and other important programs updated.

2. There have been a rash of scams trying to lure people into entering their financial information, passwords, etc. into forms on supposedly legitimate web pages. One of the latest scams - potentially very dangerous - is aimed at Paypal users. Here's the link on SpywareInfo's website to the information:

http://www.spywareinfo.com/newsletter/archives/july-2003/9.php#scam

SpywareInfo is an extremely useful site. Their weekly newsletter is free (although you can donate if you're feeling generous) and absolutely a goldmine of information about spyware, spam, and similar scams. I highly recommend it.

3. This is off-topic for a computer-related email, but may be of interest to you. There is now a Federal law that has created a national "do not call" list and which will require telemarketers to check before calling you. There was something similar for California, but the State has joined with the Federal government to consolidate both lists. You can sign up for the National Do Not Call Registry here: http://donotcall.gov/

Back to top

08-12-03 - Contents:

1. Windows DCOM RPC Interface Buffer Overrun Vulnerability

1. Last month Microsoft issued a warning about a vulnerability that would affect Windows 2000, NT, and XP systems that would allow an attacker to run code on a compromised machine. They issued a patch for the problem which could be downloaded from various sites, as well as applied via Windows Update. Here is a link to a Microsoft article about the vulnerability:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

As fully expected by the tech community, a worm exploiting this vulnerability is now rapidly making the rounds. Out of the 1,000 new posts in the microsoft.public.windowsxp.general newsgroup yesterday, approximately 700+ of them referred to problems with the RPC Buffer Overrun. Here is a link to the Symantec page regarding the W32.Blaster.Worm:

http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html

Machines running Win9x and ME are not affected.

Avoiding problems like this is simple:

a) Take advantage of XP's automatic update feature. If you are on a dial-up Internet connection, be sure to visit Windows Update on a regular basis. Download and apply critical security patches.

b) Have a current antivirus program installed and be sure the virus definitions are kept updated. Most antivirus programs will check for updates automatically, but you need to be sure your particular program is doing this.

c) Use a firewall, especially if you have a broadband connection to the Internet. There are many firewall programs available, with two of the best ones (ZoneAlarm and Sygate) having free versions. XP comes with a built-in firewall. It isn't a particularly good one, but it is better than nothing.

d) Do not open email attachments. If you must open an attachment, scan it with your antivirus software first and know that you are still taking a risk. Be sure you back up important data regularly so if disaster strikes, you can (relatively) quickly restore your files if you do get an infection.

But you knew all that, right? ;-)

Back to top

08-27-03 - Contents:

1. Postmaster bounces for email you didn't send

1. I've had at least 3 clients ask me why they are receiving notices from Postmasters about bounced emails they didn't send. This is because of the Sobig.f virus epidemic. Here's a brief explanation of what happens:

a. Someone you know (we'll call him "Bill") opens an attachment infected with Sobig (or another virus du jour) which burrows itself in Bill's computer.

b. The virus sends emails with copies of itself attached to everyone in Bill's addressbook. You're his friend, so your address is on Bill's computer.

c. The virus also "spoofs" the return address of many of the emails it sends in order to foil virus hunters, using addresses it finds in Bill's addressbook as the return address instead of his. Since you are in Bill's addressbook, sometimes the return address will be yours.

d. Clueless ISP's start refusing and bouncing emails with infected attachments in an attempt to stem the tide of viral emails. Of course, the bounced emails only add to the amount of email being sent because of the virus. The ISP bounces the mail back to where it thinks it originated based on the spoofed return address. So even though your computer didn't send that email out, you get the "return to sender" notice.

So just delete those emails immediately, keep your antivirus program current, apply all security patches from Windows Update, and don't open attachments. And if you think it's time to consider running a less virus-prone email client and/or a more secure operating system like Linux, call Elephant Boy Computers for more information.

Back to top

09-10-03 - Contents:

1. More Microsoft vulnerabilities, problems with patches

2. What's a person to do? (see #1 above)
2a. More of what's a person to do (because of #1 above)

1. The last two weeks brought us around 5 new vulnerabilities in all Microsoft Office products, and this week sees 3 more operating system holes. I say "around" because truthfully, who can keep accurate count of all Microsoft's holes? Not me. Also, apparently a recent patch for Internet Explorer isn't effective and opens a different and horrible hole.

2. Everyone running a Microsoft operating system needs to go to the Windows Update site and apply all critical security patches. Windows XP allows you to set Automatic Updates (see the Automatic Updates tab in the System applet in Control Panel). I highly suggest you do this. Those of you who don't use Windows XP should make weekly visits to Windows Update part of your regular schedule. Although Elephant Boy Computers occasionally will send out reminders (like the Report you're reading), you are responsible for keeping your own systems patched and safe.

In addition to Windows Update for their operating systems, Microsoft offers an Office Products Update which will scan your system and see what updates your installation of Office needs. Open Word and go to the Help menu. You'll find an entry for "Office on the Web". Click on it to be taken to the Office website (obviously you'll need to be on line first). Here's a link to Microsoft's front page which has loads of useful information: http://www.microsoft.com/

If you feel you need an email reminder for updates, you can subscribe to Microsoft's free security alert newsletter here: http://www.microsoft.com/security/security_bulletins/decision.asp

Here's a link to where you can sign up for free Office newsletters: http://www.microsoft.com/office/using/newsletter.asp

2a. Aside from keeping your operating system and applications patched, running a good antivirus (also kept up-to-date), not opening attachments (or being extremely cautious if you must), and scanning to remove spyware regularly, if you're going to use a Microsoft operating system, Internet Explorer browser, and Outlook Express and/or Outlook for email, you're pretty much stuck with being at risk from viruses and other malware. As I've said in other Elephant Boy Computers Reports, you can use a different browser like Mozilla or Opera. You can use an alternate email client like the ones that come with Mozilla and Opera (Mozilla also has standalone browser and email components) or Eudora Mail. You will still have some risk, but it will be lessened.

You might even think about not using a Microsoft operating system. I use Linux, and my friend The Mac King swears by Apple's OSX. A lot depends on what you want to do with your computer. My own personal opinion (and this is my newsletter, so that's what you get!) is that Windows is a toy operating system best suited for playing games, and people with serious computing needs should use Linux, Unix, FreeBSD, or OSX. That aside, if you choose Microsoft, you need to practice safe computing.

Back to top

10-06-03- Contents:

1. New cumulative Internet Explorer patch
2. Why Microsoft operating systems are so vulnerable compared to Linux and Mac OSX

1. Microsoft has issued another cumulative security patch for basically every version of Internet Explorer that has ever existed. Everyone should go to Windows Update and apply any security patches that show up as needed for your system. Because Internet Explorer (your browser) is so integrated into the operating system, security vulnerabilities in this software are serious and need to be addressed immediately.

2. There has been a lot of information in the regular press (as opposed to the technical press which has known about this forever) about the problem of security and viruses relating to Microsoft operating systems. The Register has an excellent article from Security Focus that clearly explains why Windows is inherently more insecure than Linux and Mac OSX. The link is here: http://www.theregister.co.uk/content/56/33226.html

If you want to stay with a Microsoft operating system, then you really should consider using a different browser and email program. Mozilla is very nice and is free. Elephant Boy Computers can set it up for you if you need help. And there's always Linux. Let us know if you'd like to try it!

Back to top

10-16-03 - Contents:

1. Five new Microsoft critical security patches and a rollup for XP
2. iTunes for Windows
3. Searching with Google

1. Good news, everyone! Five more critical Microsoft patches to apply! Hurry over to Windows Update. For those of you using Windows XP, there is a handy all-in-one security roll-up here:

http://www.microsoft.com/downloads/details.aspx?FamilyID= d531bf00-d7be-48e3-abcc-961602bd72c2&DisplayLang=en

Or just go to the Microsoft Download Center Home, where it appears in the list of top five most popular downloads here:

http://www.microsoft.com/downloads/search.aspx?displaylang=en

2. Lots of my clients have asked about good sites where they can download music legally. Until recently, eMusic.com was considered one of the best sites for PC's. Now eMusic.com has been bought out and is no longer offering unlimited downloads, which makes it unattractive all around. Look for eMusic to tank real soon.
1/14/03 update - eMusic has tanked.
It is almost universally agreed that Apple's iTunes music store is the best place to download music. Since its inception, it has left PC-oriented music download sites in the dust. Unfortunately, only people running Macs could use the service because the iTunes software would not work on Windows. Now, there really is good news for everyone - Apple has ported iTunes to Windows. Why worry that the RIAA Gestapo is going to come knocking at your door when you can legally get your music fix with the very cool and easy to use iTunes. Check it out.

3. Everyone knows that Google is a fantastic search engine. Using Google has become so much a part of our lives that a verb has been born: "to google". Want to know the lifespan of the blue whale? Google it.

However, there are many refinements to the art of using Google. There is even a book about it, "Google Hacks" by Tara Calishain and Rael Dornfest. And here is a useful article with tips for using Google from PC Magazine (oddly enough, it is dated October 28, 2003 which has caused me to look at the date I've got showing on my computer twice - nope, it's still October 16th in my world. Should I worry?)

Back to top

10-30-03 - Contents:

1. Updates to 5 Microsoft patches
2. Outlook Express stationery and html mail

1. Good news everyone! More Windows vulnerabilities! Actually, Microsoft has updated five earlier patches, so go to Windows Update as soon as possible to get the new ones. A good explanation of the patches is here:

http://www.microsoft.com/security/security_bulletins/20031015_windows.asp

2. There has been a rash (and I use that word on purpose) of people asking about using Outlook Express stationery and fancy fonts in their email lately. The short answer is, "Don't do it". The longer answer is that stationery is created by using html. Html is the programming language used in making webpages. Sending html email instead of plain text (ASCII) is not desirable. First, an html email message will be much larger than a plain text message and that is a burden for people who have dial-up Internet connections. Second, because html is code, it can carry a virus. Third, if you send a "beautiful" message created in Outlook Express to someone who doesn't use OE or even a Microsoft operating system (Linux, Mac, Unix), it will not look the way it does to you to the person who gets it. The same thing applies to the fancy fonts. If you use a special fancy font to create your message, the recipient must have that exact same font on their system also. Probably they won't and their system will just use something plain instead. Here is a link to an excellent explanation of email basics, very well done, clear and simple but complete:

http://www.expita.com/nomime.html

Back to top

11-18-03 - Contents:

1. Phishing and virus alert
2. Windows Update reminder

1. There have been several well-publicized scams to steal credit card information lately. Over the last few months, people have received emails purporting to be from legitimate companies such as PayPal, AOL, and Citibank. The emails can look quite official, although many contain spelling and grammatical errors. The recipient is told that they need to update their records or something like that and directed to click on a link to the "company" website. This type of scam is called "phishing". In some cases, the website is a clever fake and not the legitimate company site at all. In the latest Citibank scam, the website truly belongs to Citibank but a popup window for the victim to enter their account information goes to the Bad Guys. Here is a very detailed and interesting account of the Citibank scheme from SecurityFocus:

http://www.securityfocus.com/infocus/1745

Now another phishing scheme has surfaced, this time with PayPal as the legitimate company bait and a as an attachment to an email with a subject line of "IMPORTANT" and an viral worm as part of the package. Mimail-J arrives as an attachment named either www.paypal.com.pif or infoupdate.exe. There is a good explanation of this latest threat at The Register here:

http://www.theregister.co.uk/content/56/34050.html

Of course, I'm sure that none of EBC's clients are stupid enough to 1) open attachments; 2) run an executable attachment; and 3) not have a current (post-2002 version with updated definitions) antivirus program. However, Better Safe Than Sorry, eh?

2. Windows Update reminder, everyone. If I sent an email to you every time there was another patch available for another Windows vulnerability, you'd be getting too many emails from me. The Elephant Boy hates to be intrusive. As you all know, Windows XP includes an automatic update feature that periodically checks the Windows Update site for new security patches. However, lots of people are still running Windows 98 and ME machines, and those people need to manually go to the Windows Update site. If you've unaccountably forgotten how to use Windows Update, refer to the very first EBC Report I sent way back in August, 2002.

Also, remember that you need to update your Microsoft Office software, too. There have been some nasty vulnerabilities in Office programs lately. The easiest way to do this is to open an Office program like Word and go to the Help menu. You'll see an entry for "Office on the Web". Click on it and you'll get taken to the Office home page. There is a link to "Check For Updates" at the upper right, which will bring you to the Downloads page where you can "Check For Updates" again. This will scan your computer for what you need, just like Windows Update does. Here is the URL for the Microsoft Office home page:

http://office.microsoft.com/home/default.aspx

Remember, with both Windows Update and Office Update, you need to check multiple times until you get the message that there are no more critical patches for your system. For instance, if you don't have SR1 installed, the Office Update won't show that you need to download SR2 or any of the other more recent patches.

Back to top

12-12-03 - Contents:
1. Phishing continued
2. Shopping spots

1. Heads up, everyone! In last month's EBC Report, I wrote about the scam called "phishing". Now another vulnerability in Microsoft's Internet Explorer allows phishing scammers to trick people by disguising the true location of a webpage in the addressbar. The security firm Secunia has an explanation of the vulnerability here: http://www.secunia.com/advisories/10395

I know that all of the EBC Reports readers are clever, but just remember that no reputable firm (eBay, PayPal, your bank, your ISP) will ask for your username, password, credit card number, Social Security number, mother's maiden name, waist size, etc. in an email.

Microsoft has not announced whether they will release a patch for this latest vulnerability or not. They are very proud that there were no patches for the month of December (they've gone to a monthly patch issuance scheme). Good for them - unfortunately that doesn't mean there were no holes to patch in December. Mozilla is such a great browser! :-)

2. Although the Elephant Boy has an obsessive-compulsive personality and therefore all the Christmas shopping is done, some of you may still be looking for last-minute presents. It's not too late to squeak in an order from some online merchants so you can miss being trampled at Target. Here are some of our favorite shopping spots:

http://www.thinkgeek.com/ for your favorite geek (hint, hint)
http://www.x-tremegeek.com/ more geeky toys
http://www.amazon.com
http://www.thelibraryshop.org/index.html NY Public Library Gift Shop
http://www.tfaw.com/ Things From Another World
http://www.magnetbox.com/riaa/ RIAA Radar for those of us boycotting RIAA member-produced albums
http://www.karate-mart.com/index.html for the ninja in your life
http://www.jlist.com/PG/ wonderful fun things from Japan (some adult content, but clearly set up so you don't have to go there)
http://froogle.google.com/froogle Search tool for shopping from Google
http://www.ups.com/tracking/tracking.html And of course, where to track your UPS shipment!

From all of us here at Elephant Boy Computers (me and thousands of imaginary minions), have a wonderful Holiday Of Your Choice and a Happy New Year!

Back to top
Home

01-13-04 - Contents:
1. Microsoft extends Windows 98 support
2. Happy New Year - another great Windows virus

1. Although Microsoft's official support for Windows 98 was supposed to end on January 15th of this year, the company made the surprise announcement that they would extend the older operating system's end-of-life date to June 30, 2006. Users will be able to receive paid phone support (from Microsoft) and critical security updates until then. Apparently Microsoft realized that not enough of its customers had switched to Windows XP (or even Windows 2000). This is good news, because there are many computers in service that do not have hefty enough hardware to successfully run Windows XP but that do quite well with the less demanding Windows 98. Although Microsoft would like everyone to be on a constant upgrade cycle, in reality if your older computer running Win98 meets your needs, then there is no reason to upgrade. Users of Windows 98 should just remember to visit Windows Update on a regular basis to get security patches for their machines. You must do this manually because there is no automatic update feature in Win98. Remember, once you are connected to the Internet, get to Windows Update either from the top of your Start Menu or from the Tools menu in Internet Explorer.

2. Although there are new viruses every day, Trojan.Xombe is particularly tricksy because it arrives as an attachment (remember how we told you not to open that?) in an email purporting to be a security alert from Microsoft. You can read Symantec's write-up on Xombe here:

http://www.sarc.com/avcenter/venc/data/trojan.xombe.html

Remember, legitimate companies like Microsoft, Symantec (Norton Antivirus), Mcafee, etc. never send out security patches as attachments in emails. Simply delete the evil email and always have a current (no older than 2002) antivirus installed using updated definitions.

Back to top
Home

01-28-04 - Contents:
1. W32/Mydoom, W32.Novarg, Mimail_Worm

A new version of the Mimail worm is out in the wild causing a great deal of damage. Don't be one of the ones caught by this! Here is information from Trendmicro (a well-known antivirus company) about the worm:

"A new variant of the MIMAIL worm has been found in the wild. As of January 26, 2004 1:47 PM (US Pacific Time), TrendLabs has declared a yellow alert to control the spread of WORM_MIMAIL.R. Also known as W32/Mydoom@MM, Mydoom, Win32.Mydoom.A, W32.Novarg. This mass-mailing worm selects from a list of e-mail subjects, message bodies, and attachment file names. It can also propagate using the Kazaa peer-to-peer file sharing network.

"It performs a denial of service (DoS) attack against the software business site www.sco.com. It attacks the site if the system date is February 1, 2004 or later. It ceases attacking the site and running most of its routines on February 12, 2004. It runs on Windows 98, ME, NT, 2000 and XP. It sends e-mail with the following details:

"Subject (any of the following):

    Error
    Status
    Server Report
    Mail Transaction Failed
    Mail Delivery System
    hello
    hi

"Message Body (any of the following):

    The message contains Unicode characters and has been sent as a binary attachment.
    The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
    Mail transaction failed. Partial message is available.
    test
    Attachment: <Random name>.zip"

(end of quote)

In addition to preparing the infected machine to perform the DoS on the SCO website, the backdoor trojan installed by the worm can download and execute arbitrary files from unspecified locations on the Internet, including keystroke loggers. Like many other viruses, this one can also spoof email addresses, so if you start getting mail from people you know with viral attachments, do not automatically assume they are infected. Their email address may just be in an addressbook on someone else's infected computer. So before you shoot them off an angry email, stop to think. They may be infected, but they may not. If the mail is from a good friend, it would be better to call them on the phone. Otherwise you are just adding to the Internet traffic load.

So practice safe computing. Do not open attachments. If you or your children are using peer-to-peer sharing software like Kazaa, LimeWire, WinMX, etc. then control yourselves for a while and abstain. Of course, only Windows machines are vulnerable, but the huge numbers of these infected machines will have a severe impact on everyone else as the Internet becomes clogged with traffic generated by the worm. Most responsible Internet Service Providers are stripping all attachments of the following types: .exe, .scr, and .pif. So if you are trying to send or receive an attachment of this type and not getting it, this is probably why. Although you shouldn't be opening attachments or encouraging others to do so, especially executable files like that! Here's the link to Symantec's write-up:

http://www.sarc.com/avcenter/venc/data/w32.novarg.a@mm.html

Stay safe out there.

Back to top

02-02-04 - Contents:
1. Microsoft February updates
2. Foil phishers

1. Microsoft has issued updates for February. Those of you who do not have automatic updates set (or who are using Windows 98 and don't have that option), should be sure to visit Windows Update and get the latest security patches.

2. Included in the above patches is an update to Internet Explorer meant to help foil phishers. The patch may change how certain websites work for you. Here is a link to the Microsoft article:

http://support.microsoft.com/?kbid=834489

Staying out of phishers' nets is not hard if you use good common sense. Remember, unless you've specifically subscribed to a security newsletter, Microsoft and other legitimate companies such as antivirus firms do not send individual emails directing you to download patches. These companies never send attachments in emails. If you receive an email requesting personal information such as passwords, account numbers, credit card numbers, etc. from anyone, treat it as highly suspicious. Real companies and banks don't do this. Email is not a secure medium - sending an email is the digital equivalent of sending a postcard; anyone can read the contents. Delete questionable emails like that. Do not click on any links in them!

Stay safe by being smart.

Back to top
Home

02-26-04 - Contents:
1. Warning about Win Antivirus 2004

Heads up everyone. I was at a client's yesterday and they told me that when their Norton Antivirus 2003 subscription renewal notice opened and they opted to renew, another window opened and they actually sent their credit card information ($39.95 worth, I believe) to this Win Antivirus 2004 company instead. So they got tricked into downloading and installing Win Antivirus 2004 instead of renewing their Norton. Win Antivirus promptly broke Norton and insinuated itself into the operating system. It was very hard to remove.

Now, their computer was absolutely loaded with spyware. They had all the biggies and some I hadn't even seen before, but which the normal spyware removal tools (Spybot Search & Destroy and Ad-aware) caught. A quick Google on WinAntivirus 2004 - which I had never heard of before - brought me to this interesting page:

http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/21/pid/760/qid/744567

where apparently another tech had the same experience with this scummy program that I did.

So it looks like this piece of scumware floated on in with some other spyware and just waited for Norton to request renewal. Pigs. I have extremely uncharitable thoughts about creeps like this. The moral of the story is that you should always be careful where you click, keep your legitimate antivirus program updated, and removal spyware regularly.

Back to top

03-23-04 - Contents:
1. Witty worm wrecks computers
2. Visit Windows Update to protect against the Phatbot worm (and other nasties)

1. Just a quick heads-up for those of you running either BlackIce Firewall (or other security software from Internet Security Systems). The Witty Worm does not require you to open an attachment, but rather scans for vulnerable systems and infects through an open port. The Worm is extremely destructive. Users of BlackIce should immediately 1) disable the firewall; 2) go to ISS's website and download the patch. Here is a link to the ISS home page, as well as links to other sites detailing the vulnerability:

http://www.iss.net/index.php
http://www.lurhq.com/witty.html
http://www.securityfocus.com/news/8291
http://www.sarc.com/avcenter/venc/data/w32.witty.worm.html

This brings up the point that you should always be aware of the software you have installed on your computer and periodically visit the program manufacturer's website to check for updates.

2. You probably have read about the Phatbot worm in the mainstream media lately. Of course, Phatbot is just one of the many, many worms and viruses out there. Here is a link to Symantec's write-up:

http://www.sarc.com/avcenter/venc/data/w32.hllw.polybot.html

The main point about Phatbot is that you are protected against it if you have gone to Windows Update, downloaded and installed all security patches. Those of you running XP probably have done so because automatic updating is in place. Those of you still running Windows 98 and ME (if automatic updating is not turned on in your ME system) should immediately go to Windows Update.

Back to top

05-01-04 - Contents:
1. W32.Sasser.Worm
2. W32.Gaobot variants
3. Legal music downloads article

1. W32.Sasser Worm - There's another MS-Blaster type of worm spreading across the Internet by exploiting the LSASS Buffer Overrun Vulnerability. If you have Windows 9x or ME, your computer is not affected. If you have Windows NT, 2000, XP, or any of the server operating systems, your computer is vulnerable. Please immediately download and install the critical update. Here is a link to the Microsoft Security Bulletin, which includes download links:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Signs of infection are that you keep receiving the following error messages:

1. "LSA Shell (Export Version) has encountered a problem and needs to close. We are sorry for the inconvenience."
2. Your system reboots due to the LSASS.exe error ).

Here is a link to Symantec's information about the Sasser worm:

http://www.sarc.com/avcenter/venc/data/w32.sasser.worm.html

To stop the shutdowns long enough to install the patch and scan with your updated antivirus:

a. Click Start, click Run and type "shutdown -a" (without quotations), then click OK.

b. Press Ctrl + Alt + Delete to bring up the Task Manager and terminate the "avserve.exe" process, then delete the avserve.exe from C:\Windows and restart your computer.

2. W32.Gaobot - We've been seeing quite a few infections by the many variants of the W32.Gaobot worm lately. Go to the Symantec Antivirus Research Center's front page for information about this, and other latest threats.

This is just a reminder that you should have a current (post-2002 version) antivirus program installed and be keeping its definitions updated. All modern antivirus programs will download and install virus definitions automatically, but in some cases (dial-up, AOL dial-up, etc.) you will need to connect to the Internet before updating.

3. There is an interesting article on Cnet about the state of legal music downloading since it is now a year since iTunes opened its virtual doors. Here's the link to the article: http://news.com.com/2100-1027_3-5199227.html

The article includes a little chart comparing revenues between the major competing companies, which is handy if you wanted to check out music download services besides iTunes but weren't sure where to look.

Back to top
Home

05-07-04 - Contents:
1. Update on Sasser

1. After spending the last week fighting outbreaks of the Sasser worm, I thought it would be good to share some findings with you. If you were one of the "lucky" ones to have gotten Sasser the very first day it came out and then had your machine cleaned immediately, you are probably in the clear. After the first few hours that Sasser was in the wild, variants started appearing.

Additionally, it seems that once Sasser is in a computer, that machine is vulnerable to one of the many forms of the Gaobot worm. Gaobot was not picked up by either version of AVG (free or subscription) until today, a rather dismal showing by Grisoft. McAfee's Stinger tool still does not catch Gaobot, although the full-featured antivirus does. The Sasser removal tools offered by Microsoft and antivirus companies will not remove Gaobot. Patching the operating system after the fact will not remove Gaobot and will not protect you from that worm once Gaobot (or any of its many variants) is on your computer.

If you are not using a full-featured antivirus such as Norton 2003 or 2004 (earlier versions are no longer recommended), McAfee Antivirus, eTrust, or the like, your computer may still be infected. If you are not using a true stateful firewall like Sygate, eTrust Firewall, or ZoneAlarm but are only using the firewall that comes built-into Windows XP, you are not adequately protected if your computer is still infected with a worm and/or trojan.

Some symptoms of viral infection are:

a. You cannot run Task Manager, msconfig, regedit, or the cmd prompt, or those programs appear for a second and then immediately disappear.

b. You cannot update any of your virus definitions, get to online virus scanning sites, or get to any antivirus software manufacturers' websites. You may not be able to install an antivirus if you did not have one on the computer already.

c. Your computer is still slow, unresponsive, or otherwise just not acting "right". If you do have a full firewall, it is constantly asking you to permit Internet access to programs that you do not recognize.

Disinfecting computers harboring multiple viruses and worms is rather complicated and requires more than simply running one or two antivirus tools. The best solution is to take the computer to a professional for repair. Of course Elephant Boy Computers would like your business, but the most important thing is to get an infected machine off the Internet, any local area networks, and get it cleaned up.

Back to top

05-14-04 - Contents:
1. Critical vulnerability in Symantec firewall products
2. Microsoft updates - May

1. A critical vulnerability has been found in the firewall of these Symantec products:

Consumer:
Symantec Norton Internet Security and Professional 2002, 2003, 2004
Symantec Norton Personal Firewall 2002, 2003, 2004
Symantec Norton AntiSpam 2004

Corporate:
Symantec Client Firewall 5.01, 5.1.1
Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1)

Here is the link to Symantec's write-up of the problem:

http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html

All users of these products should use Live Update immediately, which will patch the program. As an aside, it would be smart to be running Live Update more than once a week these days, since new viruses and definitions for those viruses have been coming out daily.

2. It's that time again - Microsoft has issued the May patches for their supported operating systems. If your computer is not set to automatically visit Windows Update (as it should be in Windows XP), then be sure to do this manually.

Back to top

05-29-04 - Contents:
1. A note about passwords
2. More about preventing spyware

1. There is a very good article in this morning's The Register about the need to create good passwords and why. Here's a link to the article:

http://www.theregister.co.uk/2004/05/28/password_advice/

Of course, we're not really going to send a copy of the "letter" written by Scott Granneman of SecurityFocus to everyone we know because that would be Wrong And Irritating To All. But you should read what Mr. Granneman has to say. Yes, even you over there in the corner.

As an aside, I'd just like to remind you that you do have a password originally assigned to you by your Internet Service Provider (ISP) to get on line and to get your email. I can't tell you how many people think they don't have one, so when Internet access or their email has to be set up again for one reason or another, they wind up having to talk to their ISP's tech support. We all know how fun that is. What usually happens is that Internet access gets set up when the user signs up with Earthlink or SBC/Yahoo, or whoever - including setting a password for logging on to the service and possibly a different one for email - and then years go by during which the original password is forgotten. Maybe it was never written down or maybe that tiny little scrap of paper that had all the important information has disappeared. Probably your Significant Other threw it out.

Then the day comes when you get a new computer or Windows has to be reinstalled and Elephant Boy Computers personnel (that's just me, of course, but "personnel" sounds so much more impressive) - anyway, the EBC Minion turns to you cheerfully and says, "OK, what's your username and password?" and you look at the Minion with hate and say, "I haven't got one". When the Minion (me again!) says, "Yes you have" then you hate me even more. So - yes, you have got a username and password for your Internet access and email; keep track of them.

2. The battle against spyware goes on, and frankly it doesn't look like Windows users are winning. I suppose I should be glad because all this malware infecting your computers helps Elephant Boy Computers personnel live in the Lap Of Luxury (hahahahah - that is so Not Funny), but really Spyware is Evil. However, I'm going to tell the children that they can't have those shiny new shoes because all the EBC clients are going to be smart and try a different browser!

Seriously, you can remove spyware on a regular basis and be really careful where you click, but a good way to avoid popups and the like is just to do an end run around them and use a different browser. For those of you who weren't paying attention during the Previous Lesson, a browser is the program that allows you to "see" the Internet. The browser that comes built into Windows is Internet Explorer. There are other browsers like Netscape and Opera and Mozilla. I haven't looked at Netscape in years because it really got awful. Opera is quite good, but the free version has ads and the ad-free version costs. However, if you try Opera and love it, the small price to pay all those starving coders programming their little hearts out to make you happy is worth it. Mozilla is wonderful and free and has lots of very neat features, like tabbed browsing. Best of all, Mozilla has excellent popup and cookie control. I believe that Opera has those features, too - I'm just most familiar with Mozilla since that is what I use both in Windows and in Linux.

Here are links to where you can download all three browsers to try them out if you like. Or call us and the EBC Minion (me again!) will come and install them for you.

Netscape
http://channels.netscape.com/ns/browsers/default.jsp

Opera
http://www.opera.com/

Mozilla
http://www.mozilla.org/

Back to top
Home

06-26-04 - Contents:
1. New vulnerability in Internet Explorer
2. HP recalls notebook RAM (memory)

1. From an article in The Register yesterday:

http://www.theregister.co.uk/2004/06/25/virus_hits_websites/

Although I certainly wouldn't panic, it would be really smart to:

a) Set Internet Explorer's security options as described in this article by Mike Healan on SpywareInfo:

http://www.spywareinfo.com/articles/hijacked/prevent.php

b) Use an alternate browser. My preference is for Mozilla. You can get the latest version of Mozilla here:

http://www.mozilla.org/products/

2. HP recalls notebook RAM

From an article in The Register this morning:

http://www.theregister.co.uk/2004/06/26/hp_ram_recall/

"Hewlett Packard has said it will replace memory in over a dozen series of its notebook PCs, affecting almost a million users, because of a design flaw. HP characterizes this as an "industry wide" design flaw not restricted to one memory supplier. Other PC manufacturers will be affected, said HP. Symptoms include more BSODs (Blue Screens of Death) than normal.

"The company says that it hasn't received a complaint yet, but is "pre-emptively" introducing a repair program. Owners will receive a kit including a screwdriver, and after mailing in the current stick, receive a replacement. The models affected include the Compaq Evo Notebook N610c, N610v, N620c, N800c, N800v, N800w, N1000c, and N1000v; Compaq Presario 1500, 2800, x1000, and x1200; and the HP Compaq nx7000 and HP Pavilion zt3000."

If you have an HP notebook that is affected, here is a link to HP's instructions: http://h30090.www3.hp.com/mmrp/

Back to top

8-01-04 - Contents:

1. New Microsoft patch for Download.Ject vulnerability

Everyone should go to Windows Update to apply the new patch. Microsoft considers this critical enough to issue the patch outside of their normal patch cycle. Microsoft issues new patches on the second Tuesday of each month.

Those of you using the automatic update feature of Windows XP, 2000, and ME should make sure to install downloaded updates. People using Windows 98 will have to manually go to the Windows Update site and scan for updates. Close open programs such as Word or Internet Explorer and disable your antivirus when installing.

8-7-04 - Contents:

1. Windows XP Service Pack 2

Windows XP Service Pack 2 ("SP2") is finally finished. A Service Pack is a collection of operating system patches and, in this case, improvements bundled into one installation. Everyone running Windows XP should upgrade to SP2. If Windows XP is not your operating system, this information does not apply to you.

According to Microsoft, SP2 should be available on Windows Update within the next two weeks. If you have your computer set to automatically download updates, you will get it. In the meantime, here is some further information to help you with this important upgrade:

1. SP2 will be available from Windows Update. Choose Express Install. If you are on dialup, you can order the CD for free or have Elephant Boy Computers install it for you. Even using Express Install, SP2 will be very large.

2. Your computer must be 100% virus and spyware-free before you install SP2. If you are unsure of whether your computer is clean, have Elephant Boy Computers take care of it.

3. Back up all your data to removable media such as CD-R, DVD-R, or external hard drives. If you don't know how to back up your data, Elephant Boy Computers is happy to teach you, although we cannot take responsibility for your data. Only you know what is important to you.

4. Turn off or disable all antivirus software and firewalls. Have no other programs running in the background. This means close any programs you have started, such as Outlook/Outlook Express, Office, etc. Obviously, if you are getting SP2 from Windows Update, you cannot close your browser and any Internet connection software.

Links to some Microsoft sites about SP2:

Main page for SP2 information:
http://www.microsoft.com/windowsxp/sp2/default.mspx

Feature list:
http://www.microsoft.com/windowsxp/sp2/features.mspx

Overview of changes:
http://www.microsoft.com/windowsxp/sp2/technologiesoverview.mspx

Changes in Internet Explorer:
http://www.microsoft.com/windowsxp/using/web/sp2_ie.mspx

Changes in Outlook Express:
http://www.microsoft.com/windowsxp/using/web/sp2_oe.mspx

Changes in Windows Update:
http://www.microsoft.com/windowsxp/sp2/whatsnewforwu.mspx

SP2 FAQs (Frequently Asked Questions):
http://support.microsoft.com/default.aspx?pr=windowsxpsp2

SP2 How-to:
http://www.microsoft.com/windowsxp/sp2/howto/default.mspx

Where to order the CD:
http://www.microsoft.com/office/ork/xp/journ/Oxpsp2cd.html

Back to top
Home

9-14-04 - Contents:

1. Windows XP Service Pack 2 Report

Service Pack 2 (SP2) has been out for a while now. I have updated many computers with little or no problems. The instances where we are seeing problems are usually when the computer was not 100% virus and spyware-free and when other normal precautions were not taken. As a reminder, here are some preparatory steps you should do before installing SP2:

1. Back up your data. This means copying your files - not your programs - to some sort of removable media, preferrably a cd-r or dvd-r. If you use specialized software and you are not sure how to back up data created in it, contact the program's tech support and find out. Go to the program's website and look for Frequently Asked Questions (FAQ's) or a support database. If some of your programs need to have data exported to a file - like QuickBooks or Outlook for instance - know how to do it and do it. You should be backing up your data regularly anyway. With proper preparation, your installation of SP2 will go smoothly, but you must always be prepared for the worst.

2. Make sure your computer is 100% virus and spyware-free. This means you need a full-featured antivirus program installed. The version should be no earlier than 2003 and your virus definitions must be up-to-date. Remove spyware with free tools such as Ad-aware and Spybot Search & Destroy . It is best to run antivirus and spyware scans in Safe Mode.

3. Do routine maintenance on your computer. Use Disk Cleanup (Start>All Programs>Accessories>System Tools>Disk Cleanup) to get rid of all temporary and Temporary Internet Files. Go into Safe Mode and run Defrag (Start>All Programs>Accessories>System Tools>Defrag).

4. If you have a computer made by an Original Equipment Manufacturer ("OEM") like Dell, HP, Sony, Compaq, etc. go to the OEM's website and look for instructions how to update those systems to SP2. There may be proprietary drivers or software that needs to be patched before you install SP2. Laptops in particular use proprietary drivers and software.

5. Review the programs you use on your computer. Go to their websites and see if there are upgrades you will need to do to make the programs compatible with SP2. For instance, Nero 6 needs several patches. If you have any specialized hardware, including peripherals such as printers, do the same thing. Go to the device manufacturer's website and search for information about how their product interacts with SP2.

6. Now you know that your computer is clean and you have all necessary patches on hand, preferably burned to cd-r. When you install SP2, shut down all running programs and disable any antivirus. If your computer is not behind a router firewall and you have an always-on broadband connection, disconnect from the Internet by unplugging the ethernet cable from your computer's network card. A Windows computer that is not protected by a firewall and goes on the Internet will get infected by a virus in 20 minutes or less. That is the average infection time; it can take as little as a few seconds.

Some people are suggesting that you also disconnect all peripherals such as printers, pda's, etc. I did not disconnect the local printers on two XP machines here and had no problems, but it wouldn't hurt to be proactive and do this anyway. This is a major operating system upgrade and you want things to go as smoothly as possible.

Now you should be ready to install Service Pack 2. Here are some links to additional information to help you:

Main page for SP2 information: http://www.microsoft.com/windowsxp/sp2/default.mspx

Are You Ready for WinXP SP2?: http://support.microsoft.com/default.aspx?pr=windowsxpsp2

Feature list: http://www.microsoft.com/windowsxp/sp2/features.mspx

Overview of changes: http://www.microsoft.com/windowsxp/sp2/technologiesoverview.mspx

Changes in Internet Explorer: http://www.microsoft.com/windowsxp/using/web/sp2_ie.mspx

Changes in Outlook Express: http://www.microsoft.com/windowsxp/using/web/sp2_oe.mspx

Changes in Windows Update: http://www.microsoft.com/windowsxp/sp2/whatsnewforwu.mspx

SP2 How-to: http://www.microsoft.com/windowsxp/sp2/howto/default.mspx

Where to order the CD: http://www.microsoft.com/office/ork/xp/journ/Oxpsp2cd.html
Most computer and office supply stores have SP2 cd's available also.

And some other useful sites:

http://www.michna.com/kb/WxSP2.htm
http://www.michna.com/kb/WxSP2.htm#General
http://forum.aumha.org/index.php -See SP2 forums

Back to top

9-19-04 - Contents:

1. Arrrr, Matey!
2. Windows Update reminder
3. Antivirus subscriptions reminder

1. Lest we forget - today, September 19th, is Talk Like A Pirate Day:

http://www.talklikeapirate.com/piratehome.html

Shiver me timbers! Arrrrrrr!

2. This is just a reminder: all of you using older Windows operating systems need to go to Windows Update on a regular basis. New, severe vulnerabilities have been discovered and there are patches for them. Those of you with Windows XP with Automatic Updating turned on should already be getting notices that updates are available and/or ready to install. Don't forget to do this. If you have already applied Service Pack 2, this does not mean there will be no more updates!

3. Remember, an antivirus program is useless if the virus definitions are not updated. Make sure the program version you are using is not earlier than 2003 and that your subscription is current. You are not protected if your virus definitions have not been updated since 2002! Your antivirus program should be updating the definitions at least once a day.

To find out the version, subscription, and virus definitions information, open the antivirus program and look at its status. The information will be displayed differently depending on your program, but it will be there. Look for it and take action to update if needed.

Yo ho!

Back to top

9-25-04 - Contents:

1. Update for JPEG vulnerability

1. This is a quick reminder that there is a rather serious vulnerability in the way that Windows handles JPEG image files. Naturally, there is now a toolkit for the bad guys to exploit the vulnerability. Here is a link to an article at The Register that describes the issue:

http://www.theregister.co.uk/2004/09/24/jpeg_exploit_toolkit/

Even if you have Windows XP with Service Pack 2 applied and automatic updates enabled, you should go to Windows Update yourself. The easiest way is to open Internet Explorer and use the Windows Update entry found under the Tools menu. Anyone running an older Windows operating system needs to manually update their computer at Windows Update.

On each of our XP systems here, all of which have SP2, I had to go to Windows Update, which scanned and then downloaded a tool to see if the system was vulnerable to the GDI+ buffer overrun. Then I got a prompt that the system was vulnerable because MS Office products are installed, and following the "wizard" took me to the Office homepage. There, I clicked on Check For Updates, which does the same thing for Office as Windows Update does for the operating system. I was then prompted to download and install the patches. You may need your Office installation cd, so have it handy.

Remember, you need to be proactive with your computers. Regularly check for updates for your operating system and important programs.

Back to top

10-31-04 - Contents:

1. Betrayalware
2. Malware removal steps

1. Betrayalware - As most of you know, spyware has become a huge problem for Windows users. At its most benign, spyware is responsible for giving you all those horrible popups when you surf. More evil spyware can hijack your homepage, change your hosts file so you can't get to anti-spyware websites, and open your computer to all sorts of pornography and trojan horse viruses. The situation has gotten so bad that most of us techs have started referring to spyware and the like as "malware". If you need a refresher on what spyware is, here's a link to information on my website and some other useful sites:

http://www.elephantboycomputers.com/page2.html#Security
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.doxdesk.com/parasite/
http://mvps.org/winhelp2002/unwanted.htm
http://forum.aumha.org - look under "Security" for various forums
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://rgharper.mvps.org/cleanit.htm
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/

In their desperation to rid themselves of these vile parasites, users will download and install programs that they are trusting to remove the spyware but which in reality put even more spyware on the system. We techs have taken to calling these rogue programs "betrayalware".

Just today it has come to my attention (thanks to the efforts of MS-MVP's Randy Knobloch and Eric L. Howes) that a formerly trustworthy program, Aluria, has apparently gone over to The Dark Side. Here is a link to the discussion that took place on the BroadbandReports.com forum (another great resource, by the way):

http://www.broadbandreports.com/forum/remark,11723816~mode=flat~days=9999

It provides a very clear description of what Aluria has done and the danger this poses for the anti-spyware industry and end users. It is well worth taking the time to read through this. You need to know how to protect your computer and your data.

Here are some links to sites where you can find good information about what programs are really betrayalware:

http://www.spywareguide.com/index.php
http://www.spywarewarrior.com/rogue_anti-spyware.htm - Eric L. Howes' fine work

2. General malware removal steps:

1) Scan in Safe Mode with current version (not earlier than 2003) antivirus using updated definitions;

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These programs are free, so use them both since they complement each other. There is a new version of CWShredder from http://www.intermute.com/spysubtract/cwshredder_download.html. I would not install the other Intermute programs, however. Alternately, there are CoolWebSearch malware removal steps at http://www.silentrunners.org/sr_cwsremoval.html. A combination of HijackThis and About:Buster (http://www.majorgeeks.com) works well in removing homepage hijackers. Always read the instructions before running a spyware removal tool. Be sure to update these programs before running, and it is a good idea to do virus/spyware scans in Safe Mode. Make sure you are able to see all hidden files and extensions (View tab in Folder Options);

3) If you are running Windows ME or XP, you should disable/enable System Restore because malware will be in the Restore Points. With ME, you must disable System Restore completely. With XP, you can delete all but the most recent (presumably clean) System Restore point from the More Options section of Disk Cleanup (Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security patches. Do not install driver updates from Windows Update;

5) Run a firewall.

1-01-05 - Contents:

1. Happy New Year!
2. Security and maintenance comments

1. Happy New Year everybody! I hope you all had a wonderful (insert name of holiday here) and that 2005 brings you much joy and good things.

2. I was going to write a summary of all the things you should do to keep your computers safe in 2005, but I see that Scott Granneman of Security Focus has
written a perfect article for The Register that does everything I wanted to and more. Here's the link:

http://www.theregister.co.uk/2004/12/31/trojan_horse_christmas/

In addition to Mr. Granneman's excellent suggestions, here are a few more:

a. Keep your operating system patched. If you have Windows XP or ME, you should have Automatic Updates turned on. If you are still running Windows 98 (not that
there's anything wrong with that!), make sure you visit Windows Update on a regular basis.

b. You should also regularly check for updates to other software you use by going to the product's website and looking. Applications that are actively maintained will often have security updates available for free. Examples are MS Office, Adobe Reader, Java, alternate browsers (Mozilla, Firefox, Opera), and alternate email clients (Eudora, Thunderbird).

c. Keep your computers well maintained, physically and from within the operating system. Heat and dust are the great enemies of computers. When cleaning a computer, always have it unplugged (not just turned off) and use compressed air to blow the dust out. Use short puffs of the air rather than sustained ones to avoid creating moisture. Make sure the insides are completely dry before turning the computer on again! Electricity and moisture don't play nicely together. Don't touch the delicate components inside, and if you must touch anything make sure you've discharged any static electricity by grounding yourself first. Static electricity shocks that don't bother us humans will fry computer components.

For Windows maintenance, refer to the Maintenance section of this website.

d. Always have a full-featured antivirus installed. Make sure it is a current version, preferrably at least 2004 and that your virus definition subscription is up-to-date. Anyone running an antivirus from 2003 (or older) with a current subscription should replace the program when the subscription expires.

e. Always run a firewall. Windows XP comes with a firewall, and the version in Service Pack 2 is superior to the original one. However, the built-in Windows Firewall is not as good as third-party firewalls. ZoneAlarm and Sygate make excellent firewalls and the free personal versions they offer are all you need. If you run a third-party firewall, disable XP's - you only want one software firewall running.

Of course, Elephant Boy Computers is always happy to take care of your silicon-based lifeforms, so don't hesitate to call for service.

Happy New Year!

Back to top
Home

1-16-05 - Contents:

1. Security updates support timeline for Windows XP
1a. Support Life Cycle information for Microsoft operating system
2. Support for Grisoft's AVG antivirus software
3. Support for Computer Associates' EZ-AV software
4. Microsoft's Windows AntiSpyware Tool (Beta)

1. Security Hot Fix support for XP RTM (Release to Manufacturing; i.e., no Service Packs installed) from Windows Update ended on September 30, 2004. To get continuing security updates from Windows Update, you will need to apply at least Service Pack 1. Security fixes for XP (both Pro and Home) with Service Pack 1 will be discontinued on September 17, 2006. If you have no Service Packs applied, it would be far better to apply Service Pack 2.

You must prepare your computer properly to install Service Pack 2 (SP2). Difficulties arise when a) the computer is not 100% spyware and virus-free; b) you have an OEM computer (HP, Sony, Compaq etc.) and have not applied manufacturer-supplied patches; c) you have programs installed that are incompatible with SP2 such as virtual drive software like Alcohol 120%. Here are links to help you with SP2:

Are You Ready for WinXP SP2?
http://support.microsoft.com/default.aspx?pr=windowsxpsp2

Order XPSP2 cd
http://tinyurl.com/6g675

Visiting a Service Center to Get SP2
http://tinyurl.com/53xz4

SP2 links to OEM's
http://www.microsoft.com/windowsxp/sp2/oemlinks.mspx

http://forum.aumha.org/index.php - See SP2 forums

Of course, Elephant Boy Computers is happy to install SP2 for you. Just give us a call.

1a. For your convenience, here are links showing Microsoft products Life Cycle:

http://support.microsoft.com/lifecycle/
http://www.microsoft.com/windows/lifecycle/default.mspx

2. Support for AVG 6 free antivirus is ending February 15th. Everyone one using AVG 6 should upgrade to AVG 7.

http://www.grisoft.com/us/us_avg6_termination.php

3. Those people using Computer Associates EZ-AV should also check to see what version they are running and upgrade to the newest version if applicable. Here is a link to their website:

http://www.my-etrust.com

Remember, in order to be effective your antivirus must be a current version (not earlier than 2003) using updated definitions. This means that your subscription must be up-to-date. I can't tell you how many infected computers come in where the client is running the antivirus software that came preinstalled on his/her computer years ago. In those cases, the program was never upgraded and the subscription expired long ago. Those computers are most definitely not protected!

4. As you may know, Microsoft has recently purchased antispyware technology from Giant Software. The program, now known as "Microsoft Windows AntiSpyware" (MAS) is available for download. HOWEVER, please note that this program is still in beta. In non-technical terms, that means it isn't cooked yet. It is extremely unwise to install beta software on production machines. If you feel you would like to try MAS, make a System Restore point before installing it. Older Microsoft operating systems - Windows 9x/ME - are not supported. Here is a download link:

http://tinyurl.com/6fuq4

Information and support for MAS Beta can be found through the following Microsoft newsgroups:

- microsoft.private.security.spyware.announcements
- microsoft.private.security.spyware.appcompat
- microsoft.private.security.spyware.general
- microsoft.private.security.spyware.install
- microsoft.private.security.spyware.networking
- microsoft.private.security.spyware.signatures
- microsoft.private.security.spyware.onlinecommunity

These newsgroups can be accessed via NNTP or HTTP. To access these newsgroups using HTTP, please go to the following location:

http://communities.microsoft.com/newsgroups/default.asp?ICP=spyware&sLCID=us

To access these newsgroups using NNTP, please use the following information for your NNTP client (such as Microsoft Outlook Express):

- NNTP Server: privatenews.microsoft.com
- Account name: privatenews\spyware
- Password: spyware

NOTE: No password will be required via the HTTP link.

When removing spyware, more than one antispyware program is required. All tools should be current with updated reference files, and all scans should be done in Safe Mode. Should your computer become infested, remember that we here at Elephant Boy Computers are extremely skilled at removing malware. Simply call for an appointment.

1-24-05 - Contents:

1. Reminder that NT 4.0 has reached its End of Life
2. How to tell what Service Pack level you have
3. Recovery cd's on OEM machines, etc.

1. In the last EBC Report, I wrote about the End of Life timetables for various Microsoft products. This information was posted by Microsoft for their NT 4.0 Server operating systems. If any of you are still using NT 4.0 Server at work, it is time to think about upgrading to one of the many varieties of Windows Server 2003. You will probably need to upgrade the hardware in order to do this. Here is the Microsoft post:

"This update provides important information about end of publicly available support for Windows NT 4.0 Server and Windows NT 4.0 Terminal Server.

"As Windows NT 4.0 is now out of support, security fixes for Windows NT 4.0 Server and Terminal Server will no longer be produced after January, 2005. Any security fixes that were in the process of being fixed during December for Windows NT 4.0 Server and Terminal Server will be available during the January, 2005 regular security update release. However January represents the last month security fixes will be available for Windows NT 4.0 Server, Windows NT 4.0 Terminal Server and Windows NT 4.0 Workstation without
Customer Support Agreements in place.

"Custom Support Agreements for Windows NT 4.0 line of products are still available to customers that need them. Please contact your Technical Account Manager or Account Manager is you are interested in pursuing this option."

Just thought you should know.

2. I had a call from a client who, after reading the last EBC Report, wanted me to install Service Pack 2 for her. I asked her to please check to make sure she didn't already have it, and sure enough she did. So for those of you who don't already know how to find your operating system and Service Pack level:

a. Find the My Computer icon on the desktop, right-click it and then left-click on Properties

OR

b. Go to Start>Settings>Control Panel and find the System applet. Double-click it to open it. On the first tab - the General tab - you will see your System information and Service Pack level. It will say something like:

Microsoft Windows XP
Professional (or Home)
Version 2002
Service Pack 2 (if no Service Packs are listed, you need to get updated!)

3. Once again, one of my good clients has gotten bitten by HP's cheap tactics. HP does not care to spend the pennies to provide their customers with a physical Recovery cd. Instead, there is a special recovery partition on the hard drive. My client's hard drive died, so she naturally called HP to replace it. I installed the new drive, and much to our surprise, HP had shipped her a completely blank hard drive without the recovery program. I called HP tech support and was told, "Didn't she (the client) make Recovery cd's?" Of course she hadn't; she hadn't even known she could. Naturally she had to order the Recovery cd's so she would have an operating system to install. HP banged her for an additional $25.00 to do this.

So this is a heads-up for all of you with HP computers: some of the recent HP computers will allow you to create physical Recovery cd's. You should definitely do this. Refer to the manual that came with your computer for how to do this. If you have one of the older models that do not allow you to create the Recovery cd, it would make good sense to call HP tech support and spend the $25.00 to have the disks on hand. You don't want to have to get a new hard drive and pay $100.00 for a retail copy of Windows XP.

To be fair, HP isn't the only OEM that doesn't provide a physical cd. My IBM laptop did not come with any physical media (boo! hiss!). Be aware of what is included when you are buying a computer. An OEM (Original Equipment Manufacturer) who is selling a computer with a preinstalled Microsoft operating system legally must provide the customer with a way to reinstall Windows. That can take the form of:

1. Physical operating system cd's (Dell is the only big OEM that still does this as far as I know, and that's why I recommend them);

2. Physical Recovery cd's which will take the system back to factory-condition;

3. Hidden or special partition on the hard drive which will take the system back to factory-condition.

If you buy a computer with a Microsoft operating system, you must have one of the above ways of reinstalling Windows. In all cases, you will be provided with a Product Key. This is usually on a sticker on the back or side of an OEM desktop case and on the bottom of a laptop. Do not lose this key! You cannot reinstall Windows without it. If a private party sells you a computer with Windows preinstalled, he must give you the Product Key and operating system software or you have an illegal copy of Windows.

2-10-05 - Contents:

1. Microsoft Patch Tuesday
2. Vulnerabilities in alternate browsers
3. Vulnerability in Symantec's products

1. This past Tuesday was the Monthly Microsoft Patch day for their operating systems. As always, people with Windows 2000 and XP should have Automatic Updates set. People running Win9x/ME should go to Windows Update and patch their systems. Windows Update might be slow because of heavy demand, so if you have trouble getting through just try again later or the next day. Don't forget to do it, though!

2. A rather serious vulnerability in alternate browsers such as Mozilla, Firefox, and Opera was recently discovered where an url could be spoofed using international characters. Here is the write-up from Secunia: http://secunia.com/multiple_browsers_idn_spoofing_test/

As far as I know, patches are being written for Mozilla and Firefox although www.mozilla.org doesn't have anything for download that I can see yet. Opera has said their browser is not affected and does not plan to issue patches; however, it has been proved that their browser is susceptible. In the meantime, users of those browsers should be careful and can follow the workarounds outlined on Secunia's website when going to sites that might be spoofing targets, like PayPal, eBay, or online banks.

While Microsoft's Internet Explorer is not vulnerable to this particular spoofing exploit because it doesn't handle international characters in a standard way, this isn't a reason to use IE. IE still has enough holes in it that it should only be used for those sites where no other browser will work, such as Windows Update. Friends don't let friends use IE.

3. There is a highly critical vulnerability in many Symantec products such as Norton Antivirus and Symantec corporate security software. Here is the write-up from Secunia:

http://secunia.com/advisories/14179/

Go to Symantec's website here:

http://www.sarc.com/avcenter/security/Content/2005.02.08.html or http://www.symantec.com/techsupp/

or use Live Update to patch any vulnerable Symantec software on your systems.

The lesson in all this is that even if you are not an IT professional, you need to know what software you have installed on your computer and occasionally go to the manufacturer's website to check for product patches and upgrades.

Back to top
Home

2-27-05 - Contents:

1. Program updates to plug vulnerabilities - Firefox and TrendMicro
2. New email scam purporting to be from FBI
3. Explanation of beta software
4. Windows XP System Restore

1. Just to let you know that Firefox has a new version available for download to plug various security holes. Firefox users should update. See the announcement
here: http://www.mozilla.org/press/mozilla-2005-02-24.html

TrendMicro has also announced that it has updates to close vulnerabilities in many of its antivirus/security products. Here is information about the vulnerability from SecurityFocus: http://www.securityfocus.com/bid/12643

This information is pretty technical, so if you don't care about the details, just make sure you update your TrendMicro products.

2. We remind you fairly frequently that Microsoft never sends out emails with attachments purporting to be a security patch. If you forgot, consider yourself reminded again. A new twist on this old favorite has arisen whereby the email will appear to come from the FBI. The email tells the recipients that their Internet use has been monitored by the FBI’s Internet Fraud Complaint Center and that they have accessed illegal web sites. The recipient is told to open the attached "questionnaire" which of course contains a virus. Here's the FBI press release: http://www.fbi.gov/pressrel/pressrel05/022205.htm

3. As you probably know, spyware infestation is a huge problem for Windows users. Microsoft recently bought Giant Antispyware and has been busy fine-tuning the program for Windows 2000 and XP (it will not run on Win9x/ME). The application, known as Microsoft AntiSpyware (you'd think with all those billions of dollars the company could come up with a catchier name!), which is still in beta is available for free download. I want to explain very clearly to all of you that beta software means "software that isn't cooked yet". Application development goes through a series of phases before it is ready for public consumption. Roughly, they are:

a. Kicking around the idea before writing the code.

b. Alpha - a very "rough draft" of the program.

c. Beta - a less "rough draft" of the program. There may be several betas. A beta may be offered to private beta testers or public beta testers. The purpose of beta testing is to see what the program breaks when used on a wide variety of computers. The beta testers report problems back to the company so bugs can be fixed.

d. RC1 - Release Candidate 1 is after beta but before the program is absolutely finished. Again, the program is being tested for bugs. There may be an RC2 if a lot of bugs are still found in RC1.

e. RTM - Release to Manufacturing is the finished product. If a serious bug is found when the program is out in the real world - being used in "the wild" - or if a vulnerability is found, the company will write patches.

Here's the thing to really remember - never install beta software on a production machine. I can guarantee you there will be tears before bedtime. I think MSAS will be quite a good product; it looks promising. But I've seen it break Outlook's ability to get email, disable the Windows Firewall, and various other showstoppers. I'll definitely get MSAS for my Windows machines, but not until it's out of beta.

4. I was at a client's the other day (hi, Phil!) and it came out that he didn't know about XP's System Restore. Maybe some of you also don't know about this useful XP tool. Windows ME had a rudimentary System Restore whereby if you messed up your computer but weren't really sure what you did wrong (maybe you left your kindergartner alone with the computer), you could restore the system to an earlier date when things worked. The ME version wasn't that reliable.

XP's System Restore is more sophisticated and implemented better. It isn't perfect, but most of the time it does exactly what it should - helps you unwind from a mistake and go back a few days. You can create a Restore Point before installing a program and if things don't work out, go back to that Restore Point. Doing a System Restore is not a substitute for backing up your data.

To run System Restore, go to Start>All Programs>Accessories>System Tools and click on System Restore. To learn more about System Restore, start XP's Help &
Support and you will see the topic under "Pick A Task".

Back to top

3-20-05 - Contents:

1. Vulnerability/patch for Limewire
2. New anti-phishing consortium
3. Nasty file-sharing/MSN Messenger worm
4. Darwin Awards

1. Although I strongly suggest not using file-swapping programs, anyone using LimeWire should UPDATE YOUR CLIENT to 4.8.0 or above! There is a new serious vulnerability in the program as follows:

Logo-image port vulnerability (Affects versions 4.1.2 - 4.5.6, inclusive). Magnet port vulnerability (Affects versions 3.9.6 - 4.6.0, inclusive). The vulnerabilities allow anyone on the network to read any file on a machine that is connected to the Gnutella network with the LimeWire client. The first vulnerability can be exploited even if the host is behind a firewall. A simple telnet client is sufficient to take advantage of these vulnerabilities.

2. There is a new and interesting consortium that has been formed to fight phishing. "The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types." The group is sponsored by companies such as Microsoft, Visa, and Symantec to name just a few. There is a lot of excellent information at the site, including reports on the latest phishing schemes and a way to report phishing attempts.

http://www.antiphishing.org/

3. There is a very nasty worm that spreads through file-sharing networks and MSN Messenger. It immediately breaks all antivirus software, disables Administrative tools, and sends copies of itself to all your MSN Messenger contacts. Here is information on the worm from Symantec (Norton Antivirus):

"Sky Devil" MSN Messenger/File Sharing worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.c.html

In order to protect yourself, make sure:

a. You have a current version antivirus - not earlier than 2004* - installed on your computer. Make sure that your subscription to the virus definitions has not expired and that the virus definitions are up-to-date.

* If you have antivirus that is version 2003 with a current subscription, when the subscription runs out do not just renew the subscription. Replace the older antivirus with a current version one. Elephant Boy Computers can suggest a good replacement.

b. You know you aren't supposed to open attachments that come in email unless you are absolutely sure you are expecting them and you have antivirus protection in place. You are also not supposed to accept files via your instant messaging program. Running a program you got from an instant messaging contact isn't any different than running a program you get in an email attachment.

Stay Safe - Practice Safe Hex

4. For those of you with a twisted sense of humor (like me), we have a new Darwin Award to enjoy:

http://www.darwinawards.com/

Darwin Awards celebrate those individuals whose amazing acts of stupidity have removed them from the gene pool.

Back to top
Home

4-28-05 - Contents:

1. Multiple vulnerabilities in Firefox browser
2. Microsoft April Windows Updates
3. Transferring data from an older computer to a new one

1. If you are using the Firefox browser, you should upgrade it to the latest version. Here is a brief description of the vulnerability from Secunia:

"A vulnerability has been discovered in Mozilla Firefox, which can be exploited by malicious people to gain knowledge of potentially sensitive
information. The vulnerability is caused due to an error in the JavaScript engine, as a "lambda" replace exposes arbitrary amounts of heap memory after the end of a JavaScript string. Successful exploitation may disclose sensitive information in memory."

Read more here: http://secunia.com/advisories/14820/

Get the latest version of Firefox here: http://www.mozilla.org/products/

2. Make sure your operating system is patched with April's security updates from Windows Update. Those of you running XP with Automatic Updates turned on are already covered. If you have your system set to manually update or you have a computer running an older supported operating system (Windows 98/ME), go to Windows Update. Important things to remember about updating Windows:

a. Never get patches for Microsoft operating systems from anywhere except the official Windows Update site. Do not use non-Microsoft web sources for updates.

b. Look at the updates that are being offered to you. With Automatic Updates, you will be presented with a dialog box that gives you two choices: Express Install and Custom Install. Always take the Custom Install to be sure you are only installing security updates and the monthly Malicious Software Removal Tool. Do not install driver updates from Windows Updates.

c. Microsoft never sends emails with attachments. If you receive an email purporting to be from Microsoft with an attached "security patch", delete it. The "patch" is a virus and the email is from The Bad Guys.

3. I am seeing a lot of clients with older machines running Windows 98/ME who are ready to replace their computers with new ones running
Windows XP. The question of how to transfer their data from the old computer to the new one comes up a lot. There are various ways to do this.

First, understand that except for very old DOS programs (which may or may not work with XP), you cannot just copy a program's folder from one computer to another. Programs need to be installed on the new system with data created in the program transferred. You install the program from whatever installation media you have - either cd's or the executable file if this is a program you downloaded from the Internet. What you want to transfer (and what you should be backing up on a regular basis) is your data; i.e., your documents, pictures, music, Quicken or QuickBooks data, addressbooks, emails you wish to save, your Great American Novel.

Remember, in order to open your data on the new computer, you will need to install the program in which you created the data (or a different program that is capable of reading the data). In other words, if you have documents that you created in Microsoft Word, you will need Microsoft Word installed on the new computer or another word processor that can read the MS Word file format such as Corel WordPerfect or
OpenOffice.

a. Files and Settings Transfer Wizard (F.A.S.T.) - Windows XP has this function which is supposed to do exactly what its name implies - transfer your data and settings from programs like Outlook Express to the new computer. Sometimes it works. Here is a very detailed and
excellent article about F.A.S.T. by MVP Gary Woodruff. The article also briefly discusses the issue of transferring settings from Outlook Express and links to MVP Tom Koch's OE site for more information on that: http://aumha.org/win5/a/fast.htm

b. Copy your data onto removable media and then paste it where desired on the new computer. Removable media includes floppy disks (worst choice), cd-r's or an USB thumb drive. Be aware that since floppies are rapidly becoming obsolete, most new computers do not come with a floppy drive as standard. You can buy a USB floppy drive in this case. If your old computer doesn't have a cd burner, then the USB thumb drive will be your best bet.

c. If the old computer doesn't support USB, like Windows 95 or older (could you still have an old Windows 3.1 computer around?!), then the
hard drive from the old computer can be removed and slaved in the new computer so that the data can be copied off from within Windows XP. If desired, the old drive can be left as slave and formatted to be used as extra storage.

Back to top

5-02-05 - Contents:

1. Instant Messaging viruses

1. Although you may be careful about not opening attachments in email, don't forget that good security practices also apply to using Instant Messaging ("IM") software. Some examples of IM programs are AOL Instant Messenger ("AIM"), MSN Instant Messenger and Yahoo Messenger. You can get a virus through IM by accepting files or by clicking on a link that takes you to a website that immediately downloads an infected file. Accepting files in IM is just as risky as opening an email attachment. If your antivirus is a current version (not earlier than 2004) and its virus definitions are up-to-date, it should flag and block the infected file immediately. But remember, your antivirus can only catch those viruses which it already knows about - if the virus is a new one and no virus definitions exist yet, your computer will be infected.

Here are some tips on using your IM program safely:

a. Make sure you have the latest version of your IM software. Go to the program's home webpage and check for updates, then download and install any.

b. Make sure your Windows operating system is patched via Windows Update.

c. Set your IM program's preferences to not automatically download files. You may decide to not allow any file transfers at all. Examine the options carefully and then set up your IM software the way you feel is best for you. Don't just accept the defaults without looking at what they are.

d. Use a strong account password and change it occasionally. Don't tell anyone your password.

e. Don't send credit card numbers, Social Security Numbers, or any other vital information over IM.

f. Don't open attachments or click on Web links sent by someone you don't know. Be cautious even if the link is from someone you do know. Just because your buddy thinks "this is a cool site" doesn't mean it is cool or safe. You don't know where he heard about it. If you decide to go to that site, hover over the link with your cursor before clicking it to check whether the Web address seems legitimate. If you have any doubts at all, don't go there!

g. Don't send files over IM unless you have no other alternative, and never send files containing information you want to keep private.

h. Be wary of odd behavior from people contacting you over IM, just as you would in person. If someone on your allowed list is sending strange messages, end your IM session and contact them over the phone or on email. All IM programs have the ability to block certain people and to provide you some protection from contact from strangers. Again, look at the program's options/preferences.

i. Make sure your antivirus is a recent version and your subscription is current.

Even if you don't use IM, if your children are older than toddlers they do. Talk openly with your children about IM. Teach them how to stay safe just like you taught them not to talk to strangers in Real Life(tm). Share the information above with your children to help them practice "Safe Hex" with IM and also:

a. Talk to your children about IM safety, warning them specifically about the dangers of talking with strangers over IM. Teach them the old Internet adage - "On the Internet, nobody knows you're a dog".

b. Make sure your family's IM profiles do not contain personal information - especially phone numbers, addresses, photos, or anything that could connect your children with their IM identities. Make sure your children's IM programs preferences are set for safety.

c. Show interest in your children's online life. Get to know their online friends the same way you'd get to know their local friends. Be aware of what your kids are doing and saying.

d. Know your children's IM member names and the names of their online buddies.

There are ways of knowing exactly what your children are doing on a computer, but the best way is to have open communication with them.

Back to top
Home

5-14-05 - Contents:

1. Patch for new Firefox vulnerabilities
2. Patch for new iTunes vulnerabilities
3. How you got the spyware

1. Three new critical vulnerabilities in the Firefox browser have come to light. Here is an article by Robert Lemos of Security Focus: http://securityfocus.com/news/11155

All Firefox users should upgrade the browser to the latest version: http://www.mozilla.org/products/firefox/

2. A serious flaw that could allow a classic buffer overflow attack was discovered in Apple's iTunes program. Here is an article by John Leyden: http://securityfocus.com/news/11153

All iTunes users should update to version 4.8: http://www.apple.com/itunes/

3. I had just finished removing malware from a client's computer. Reasonably, she asked, "How did we get this? I thought we were being so careful!" In her case, I was able to pinpoint a download by her son or daughter from Smiley Central, a known supplier of spyware along with their cutesy icons. Spyware "vendors" definitely target children. There have been articles about this in the popular press - here's one from MSNBC News: http://www.msnbc.msn.com/id/7735192/

The article quotes Ben Edelman, a highly-respected member of the anti-spyware forces. If you really want to have your eyes opened to the miserable state of things in our War Against Malware, spend some time on Mr. Edelman's site: http://www.benedelman.org/

You will be amazed and appalled. It will also help you stay safe by knowing some of the dirty tricks the Bad Guys will try to play on you.

Back to top

6-2-05 - Contents:

1. MYTOB worm (and others) use social engineering
2. New versions of Spybot Search & Destroy (1.4) and Ad-aware (1.06)
3. Very interesting article SpywareInfo article today

1. There is a new worm out that uses social engineering to get a user to run the virus executable. Like many other viruses, it comes as an attachment to an email. Once the computer is infected, as is common with these types of worms the virus will use its own email engine to send messages with an attached copy of itself to all email addresses on the hard drive. There are always new viruses, but the main reason I wanted to write you about this is the social engineering aspect. "Social engineering" means in effect tricking the victim into doing something harmful to them - in this case opening the attachment and running the infected executable. Here is a link to Symantec's writeup on this particular worm:

http://www.sarc.com/avcenter/venc/data/w32.mytob.cy@mm.html

If you scroll down, you will see that the virus comes attached to an email saying something about your email account having a problem. The email looks and sounds "official" and a busy or less-aware user might become alarmed and fall for the trick. This technique of social engineering is used a lot by The Bad Guys, and some of the recent (and quite destructive) malware that is coming from Instant Messaging programs uses it also. A "buddy" will send you (or your teenager!) a link to something "cool". The victim will click on the link and automatically download and execute something really nasty. Remember, you can protect yourself by:

a. Above all, practice Safe Hex. Do not open email attachments. Do not click links or download a program from within an Instant Messaging program. Do not be seduced by The Dark Side into clicking on those flashing banners on websites.

b. Always have a current version (not earlier than 2004 and with an active virus definition subscription) antivirus program installed. Remember that you still need to practice Safe Hex because if you run an infected executable for which a virus definition has not yet been written, your computer will be infected.

c. Be wary of messages purporting to be from "official" sources such as Microsoft, your bank, and your Internet Service Provider. Remember that those companies will never send you an email with an attachment or ask for your password and/or other personal information in an email.

2. There are new versions of Spybot Search & Destroy and Ad-aware ready. You should uninstall previous versions of Spybot before installing the new version. If you have customized your version of Spybot by using Internet Explorer protection, Hosts protection, and/or TeaTimer turn off those features before uninstalling. Then use Add/Remove Programs to uninstall the program. Afterwards you may need to delete the Spybot folder in Program Files. Then you are ready to install the new version 1.4.

The Ad-aware installation will automatically uninstall the older version.

Spybot - http://www.safer-networking.org/en/download/index.html
Ad-aware - http://www.lavasoftusa.com/

3. The June 2nd edition of the SpywareInfo newsletter is particularly interesting. Mike Healan (the author) describes what can happen when the user clicks "Yes" and allows one ActiveX Control to install from a dodgy website. Mike goes through what he had to do to clean up his computer, and this will give you some idea of what I do for my clients. It takes less time for me and I'm more efficient than Mike was in this instance because I do this kind of work all the time, but if Elephant Boy (or any other tech) has cleaned up your machine you will now get a taste of what we have to do. I don't charge $70/hour like the techs in Mike's area, though. Hmmm.... ;-)

http://www.spywareinfo.com/newsletter/archives/2005/june2.php#diespywarediediedie

Back to top
Home

7-10-05 - Contents:

1. Microsoft reportedly in talks to buy Claria and the resultant fuss
2. London Bombing Trojan
3. Warning over unpatched IE bug
4. Reminder about free viewers, pr0n sites and betrayalware - how to tell how you got the crud

1. The big news in antispyware-warrior circles is that Microsoft is reportedly in talks to purchase Claria, the company responsible for the infamous Gator and for suing antispyware sites for saying that Gator is spyware. No one is really sure why Microsoft would want to do this, but it has been noticed that the beta MS Antispyware tool ("MSAS") has downgraded Claria/Gator infestations to "ignore". Here is an article by the always-excellent Benjamin Edelman about it:

http://www.benedelman.org/news/063005-1.html

and another from the sometimes inflammatory but always-interesting The Register:

http://www.theregister.co.uk/2005/07/07/ms_downgrades_claria_detection/

I don't recommend putting beta software on production computers. "Beta" means software that isn't finished yet and is still in the bug-checking phase. Even though Microsoft has offered MSAS as a free download (and it looked like a promising antispyware tool), I don't put it on my customer's machines. Downgrading the Claria threat (which is not a rumor - this has really been done) makes this tool suspect in my mind. It will be interesting to see how this whole thing plays out, but if MS really does buy Claria the value of MSAS is questionable. Companies producing antispyware software have to be very careful about their ethics and connections; it's the old "fox in the henhouse" thing.

2. As an illustration of just how low some people can go, there is a virus-laden email circulating purporting to be about the tragic bombings in London. The email poses as a CNN newsletter with an attached "news video". Of course the attachment is nothing of the sort but is rather a trojan horse that will turn the victim's computer into a spam-spewing zombie. Here's an article about this:

http://www.theregister.co.uk/2005/07/08/london_bombing_spambot/

Remember, I've always told you not to open attachments that come in email unless you are absolutely sure it is something you've requested from the sender. Even then, you take a chance. Keep your antivirus software updated and be wise about what you allow to run on your computer.

3. Here's another entry in the "friends don't let friends use Internet Explorer" category:

http://www.theregister.co.uk/2005/07/04/ie_vuln/

I would expect Microsoft to patch this IE vulnerability soon (the next series of Windows Update patches is scheduled for this coming Tuesday, July 12), but it would be wise to use a different browser instead. We use Firefox and Mozilla on the Windows machines here. Using an alternate browser doesn't make you bullet-proof - other browsers can have their own vulnerabilities and you have to check for updates on their home sites regularly. However, I still believe Internet Explorer is not a Good Choice and should only be used if a website you absolutely need to visit only works with IE (stupid webmasters, but it happens). Remember, those of you not running Windows XP, Windows 2000, or Windows ME (or if Automatic Updates are not on) should regularly visit the Windows Update site for patches and manually update.

4. I recently cleaned up a client's machine that was badly infested with the Aurora-Nail malware (and other crud). My client was beside herself because we had just gone through an intensive cleaning a few months ago. She only visits "good" websites, uses Firefox instead of IE, and has current antivirus software. "How did this happen?" she wailed. Well, it was a lovely Sherlock Holmes exercise to look at the browsing history in both Firefox and IE. There we found that someone in her household had gone to Google and searched for pr0n* sites. It was completely clear that the person then went to those sites and downloaded a "free viewer" with which to view the movies offered. Of course the "free viewer" came with a trojan horse and now the computer was infested. The resultant crud downloaded more crud, which downloaded more crud, and so on. The person now panicked and clicked on an ad for SpySpotter to remove the malware. SpySpotter is malware itself, and falls into the "betrayalware" category; i.e., it is one of those ugly programs that pretends to be a malware-remover but is itself malware. You can research rogue antispyware on MVP Eric Howes' excellent site here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

You can look at your browser's history like this:

In Internet Explorer, you may have a History icon or on the menu bar go to View>Explorer Bar and click History. To clear the History, go to Tools>Internet Options and on the General tab you'll see a History section with a button to Clear History. The default is to keep the History links for 20 days. You can change this if you like.

In Firefox, to see the History on the menu bar go to View>Sidebar and click History. To clear the History, go to Tools>Options and click on the Privacy icon on the left. There is a Clear button, and the default is also to keep files for 20 days, which you can change.

Of course, a computer-savvy surfer will know about this and clean up after him/herself. There are still ways to find out where someone has been surfing, but we'll leave that for the computer forensics specialists. Most young children and many teens will not know about clearing the History so it is a good place to start looking if you suspect there is an issue you need to address.

*You will often seen "pr0n" used as a substitute for "substitute the zero with the letter o and switch the position of the letters r and o and you'll get the word. This is done because many people have mail servers (particularly schools and businesses) that will bounce emails with naughty words in them. So because I want you to have this information, we have to allow for that possibility in the email version of EBC Reports.

Back to top
Home

7-13-05 - Contents:

1. New version of Firefox, watch for updates to Thunderbird.
2. Microsoft-Claria deal is dead.
3. Patch Tuesday yesterday.
4. Apple updates to Tiger

Just a quick update for you all:

1. There is a new version of the Firefox browser which takes care of some recently discovered vulnerabilities. Here is a link:

http://www.mozilla.org/products/firefox/releases/1.0.5.html

If you use the Thunderbird mail client, visit Mozilla.org occasionally and check for updates to that program. None are available as of this writing, but the T-bird coders are apparently working on a new version.

As for the new Firefox, if you use Roboform with the Firefox plug-in, you might want to hold off on updating. There was a report that after updating to Firefox 1.05, Roboform and then Foxfire crash on pages where Roboform is active. Reverting to 1.04 solved the problem for the person reporting the issue. Check on Roboform's website for news and updates to their program.

2. Good news, everyone - the Microsoft-Claria deal is dead. Apparently somebody at Microsoft woke up and realized that buying Claria would not make for a Happy Public Relations Event.

3. It was Patch Tuesday yesterday, so if you need to manually visit Windows Update you should. Patches were applied to all my Windows machines with no ill effects. Remember, do a Custom Install and don't install drivers from Windows Update.

http://www.theregister.co.uk/2005/07/13/ms_july_patch_batch/

4. I know we usually ignore the Mac users, but if there are any of you who use Tiger, Apple has just released some updates to their operating system.

http://www.theregister.co.uk/2005/07/13/apple_posts_tiger_10-4-2/

Stay cool, stay safe, have fun.

Back to top
Home

8-12-05 - Contents:

1. Very serious identity theft ring discovered
2. Patch Tuesday
3. On the lighter side, the results of the 2005 Bulwer-Lytton Fiction Contest are in

1. Over the last week, a very serious identify theft ring was discovered by the researchers at Sunbelt. I hesitated to send out general information about this because I didn't want to panic anyone, but you really need to know about this. If your antivirus is a current version and your subscription is up-to-date and you routinely run antispyware software like Ad-aware and Spybot Search & Destroy, and use a firewall you are probably just fine. So please don't panic. The FBI is working with antispyware forces, and there is of course no information about their investigation as yet. Here are links about the identity theft exploit and how to tell if you are infected with the malware that opens your computer to the Bad Guys.

http://sunbeltblog.blogspot.com/
http://www.lavasoftresearch.com/blog/?p=53
http://www.spywareinfo.com/newsletter/archives/2005/aug12.php

2. This past Tuesday (8/9) was Patch Tuesday for Microsoft operating systems. As always, if you have Automatic Updates on you should have received the patches. You should always install critical security patches from Microsoft. If you have an obsolete operating system like Windows 98 which is no longer supported, you should still visit Windows Update to see if there are any patches for Internet Explorer.

3. On the lighter side, the winners of the 2005 Bulwer-Lytton Fiction Contest have been announced:

http://www2.sjsu.edu/depts/english/2005.htm

Stay safe, people.

Back to top

9-11-05 - Contents:

1. No Microsoft Windows security updates this month
2. Vulnerability in Firefox/Mozilla
3. Be careful out there - sleazy spyware
4. Sept. 19 - Talk Like A Pirate Day and more

1. Posted on Microsoft TechNet: "No new security updates on September 13th as part of the September monthly bulletin release cycle. This represents a change in the information found in the Advance Notification on Thursday, September 8, 2005. Late in the testing process, Microsoft encountered a quality issue that necessitated the update to go through additional testing and development before it is released. Microsoft is committed to only releasing high quality updates that fix the issue(s) in question, and therefore we feel it is in the best interest of our customers to not release this update until it undergoes further testing.

"Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center."

This is a Good Thing. We don't want them to release any patches until they are ready!

2. Security researchers have discovered an Internet Explorer-like vulnerability in Firefox and Mozilla. You can read about it and see the workaround here: http://www.mozilla.org/security

Firefox 1.5 is in Beta now. Remember, "beta" software is not finished and is still in the bug-checking phase. Do not run beta software on a production machine.

3. Sunbelt calls this company's tactics the "sleazy install of the week". It is pretty bad. Do not be tempted to click on the Sleazy Company's website link if you are running any version of the Windows operating system!

http://sunbeltblog.blogspot.com/2005/09/sleazy-install-of-week.html

Here's Spyware Warrior's take on it: http://www.netrn.net/spywareblog/

4. Warning - The following item is based on what I think is amusing. If you know me then you know that although I am not a politically correct person and have a quirky sense of humor, I do not go out of my way to offend people. You have been warned.

How quickly a year goes by! September is half over already and we are coming up to one of our favorite holidays, Talk Like A Pirate Day.

http://www.talklikeapirate.com/piratehome.html

TLAPD is on Monday, September 19th and is the start of Holy Week for those of us who are Pastafarians*.

*See Wikipedia entry here: http://en.wikipedia.org/wiki/Flying_Spaghetti_Monster
and the original site that started it all here: http://venganza.org/index.htm

Back to top
Home

9-20-05 Contents:

1. New malware that spoofs Google.
2. The Opera browser is now completely free.
3. New Microsoft Shared Computer Tookit
4. Brief notes on what you should be looking for when you buy a new computer

1. Virus writers have developed a worm that spoofs the behaviour of internet search engine Google, varying the results displayed to suit the requirements of hackers. Since the worm spreads via file-sharing networks like Shareaza, this is just another good reason to stay away from pirating (unless you plan to sacrifice your PC). Here's the article from The Register:

http://www.theregister.co.uk/2005/09/19/google_spoof_worm/

2. Opera is an interesting, well-made browser that has been around for a long time. It used to be available in two versions - free and ad-supported. Now Opera has dropped the for-pay version and the ads and is offering it ad-free at no charge. I'm not sure how well this marketing strategy will work for them, but if you would like to try a good alternate browser, you can download Opera here:

http://www.opera.com/

Here's the article about it from The Register:
http://www.theregister.co.uk/2005/09/20/opera_goes_ad-free/

3. Microsoft has developed a new tool to help limit access on Workgroup computers. The Shared Computer Toolkit might be useful for parents trying to control their children's computers or for small businesses. It looks like you'll need some amount of computer-savvyness to set it up although the tool doesn't appear to be aimed at IT professionals. The Shared Computer Toolkit is free for licensed users of Windows XP. Here's Microsoft's webpage about it:

http://www.microsoft.com/windowsxp/sharedaccess/default.mspx

4. A lot of my clients are in the position of having older machines that are starting to fail. At this point with new computers so affordable, it doesn't make sense to try and repair a Windows 98/ME machine if the problems are with hardware. Here are some essentials you should look for when you are considering buying a new computer:

a. Get a minimum of 256MB of RAM (memory). Personally, I'd always go with 512MB instead.

b. Make sure the computer has a CD-RW drive (CD burner). If you have a lot of music files and/or pictures, consider getting a DVD-RW instead since DVD's hold much more data than CD's. Many of the big computer companies like Dell are now offering a DVD-RW drive as an option.

c. Almost every computer will come with an 80GB hard drive now. For people moving up from Win98/ME, this will be fine. If you have a lot of music, video and image files, then a larger drive will be better.

d. If you are still using an old 15 or 17" CRT monitor, considering getting a flat panel LCD instead. Often a flat panel will be offered as a "deal", and they are really nice and easy on the eyes.

e. Examine the software "bundle" that comes preinstalled. The Windows XP operating system does not come with word processors and DVD video players, etc. built in. When you buy a computer from a big company like Dell or HP, they will provide some combination of preinstalled software. Compare what the different companies are offering to help decide what is the best deal for you.

Another thing to be aware of when purchasing a computer is what, if any, physical media comes with it. A computer builder selling a machine with Windows preinstalled has a legal obligation to Microsoft to provide the buyer with a way of restoring the computer to factory-condition. The computer builder can do this in one of three ways:

1) With a physical CD containing the operating system.
2) With a physical CD containing an image of the machine as it came from the factory, called a "Restore" or "Recovery" disk.
3) With a Restore/Recovery image on a special partition on the hard drive.

For future repair purposes, obviously having 1) above is preferable but you don't always have a choice. Just be aware that if your computer only has option 3), if the hard drive fails you will need to have an operating system to reinstall. Most of the computers from big OEM's (Original Equipment Manufacturers) now come with a way to create backup physical media of the operating system. The end user has to make these CD's so if you buy one of these computers, make sure you find out how to do this and that you do it.

Back to top
Home

10-12-05 - Contents:

1. Patch Tuesday for Microsoft operating systems
2. Fake Google Toolbar is malware
3. Tip - Recovering Windows

1. Yesterday was Patch Tuesday for Microsoft operating systems from Windows Update. Since there were no patches last month, there are quite a few this month. A good practice to follow when applying MS updates, especially when there are so many of them, is to first set a Restore Point and then apply the patches one at a time, testing after each patch installation. If you are unsure whether a patch will negatively impact your Windows installation, there is nothing to prevent you from setting multiple Restore Points between patch installations. If a patch interferes with your installed programs (there were some reports in the MS newsgroups about a problem with MS ActiveSync after one of the patches), you can uninstall it or use System Restore to go back to before you installed the patch.

To select individual patches in XP, don't use the Express Install but instead choose "Custom". Now you can examine the patches and install them one by one. Never install driver updates from Windows Update; however, you definitely want security patches.

To set a Restore Point:

Start>Programs>Accessories>System Tools>System Restore
"Create a Restore Point"

System Restore is not available in Windows 98 or Windows 2000. Windows ME and XP have the System Restore feature.

2. There is currently a browser hijacker in circulation which installs a fake Google Toolbar, hijacking the HOSTS file to redirect most Google domains and placing a homepage hijacker in the Temporary Internet Files folder, from which an Internet Explorer based search engine claims to be powered by Google. The bundle also includes a rogue antispyware tool, called "World Antispy". Here is a report on the malware by the excellent SpywareGuide.com:

http://www.spywareguide.com/articles/the_rogue_google_toolbar_histo_88.html

Some of the installs are coming from instant messaging and IRC links. As always, practicing "Safe Hex" means not clicking on links or running programs received in your instant messaging/IRC program. SpywareGuide.com has a lot of good information about malware and how to
keep safe:

Staying safe - http://www.claymania.com/safe-hex.html
If you didn't practice Safe Hex

3. Over the last few years, many computer manufacturers have stopped providing physical operating system CD's or Restore Disks. Even Dell, which used to be the exception to this cheapskate practice, no longer provides the XP installation CD unless you specify physical media when you order the machine. Many of the large OEM's (Dell, HP, Acer) allow you to create a physical CD to restore your operating system. When you buy a new computer, be aware of what process will be used should you need to reinstall Windows and/or take it back to factory condition. At some point there is a very good chance you will need to do this, so it is a good idea to make the CD if your OEM has provided that ability.

If a computer builder sells you a machine with a Microsoft operating system installed, the builder has the legal obligation to provide a way for you to restore the computer to factory condition. This obligation can be fulfilled in any of these ways:

a. With a physical CD of the actual operating system;

b. with a "Recovery Disk" containing an image of the factory installation;

c. with a Restore Image on a (sometimes hidden) partition on the hard drive that is accessed by a specific key press at computer startup (F10 for HP's for example).

There are more details about what you will need if you have to reinstall Windows at the bottom of this section on the website here.

Back to top
Home

11-2-05 - Contents:

Computer disaster planning

Here's a common scenario: you turn on your computer and hear a loud clicking and/or grinding noise. Then you see an error message something like, "Operating system not found" or "No boot device". This means your hard drive has failed. Or you have a power outage that fries your computer since you didn't have it plugged into an Uninterruptible Power Supply. What do you do? How do you get back up and running with minimal loss of data and time? If you are a home user, you may have precious pictures, legal documents, or your Great American Novel stored on your computer. If you are a business owner, your computer may be integral to your livelihood. Computers are just machines and they break. Are you ready for when this happens to you?

Here are some suggestions for computer disaster planning. You may think of other things, too and you should spend the time preparing for recovery. A professional (like Elephant Boy Computers) can help you with planning and implementation, but only you know what is important to you. Only you know your business and what you need to have in order to continue. For business owners, even if you delegate the day-to-day backups to a staff member, you cannot allow yourself to be ignorant of the process. What if the staff member doesn't do the job properly or leaves? The Boy Scout motto is a good one, "Be Prepared".

A. Hardware replacement - If your entire computer needs to be replaced (and not just the hard drive), how will you quickly get another one? Can you wait and order a good machine or do you need to run up to the local BestBuy? What should you buy? Is your computer still under warranty? What are the terms of the warranty? If you have an older computer, start thinking about replacing it. If you have a newer computer, have all the paperwork handy so you can call Dell (or whoever) and get a new machine out immediately. If you have a business relationship with your computer supplier (like Dell), you can get a new machine shipped out on an emergency basis. Small business owners should know whether or not you have this option.

B. Now you've gotten the new computer (or new hard drive). If you just needed a new hard drive, now you need to install the operating system (Windows), all the programs you use, and restore your data from backups. You did make backups, didn't you?

C. Operating system - Your operating system is the software that enables you to run programs. Examples of Microsoft operating systems are:

1. DOS/Windows 3.1
2. Windows 95/98/ME
3. Windows 2000/XP

You must have the installation media to reinstall Windows. You must have the product key. I addressed this in the last EBC Report. You can read it on the website here:

http://www.elephantboycomputers.com/page3.html#10-12-05

Make sure you know where your operating system or Restore Disk CD is.

D. Drivers - Every piece of hardware in a computer has software that tells the operating system how to use that hardware. That software is called a "driver". If you have a soundcard but no drivers, Windows may know you have a soundcard but you will not have any sound. If you bought a computer from an OEM ("Original Equipment Manufacturer") like Dell or HP, the computer will have come with driver CD's. If you bought a computer from a local supplier, it will also have come with driver CD's. Make sure you know where those CD's are.

E. Programs - Programs are the software that enable you to do things. Examples of programs are:

1. Microsoft Office (Word, Excel, Outlook, Access, PowerPoint)
2. QuickBooks/Quicken/TurboTax
3. Roxio or Nero to let you create CD/DVD's (burning software)
4. Specialized programs for your business

You must have CD's to install programs. You cannot copy the Microsoft Office program folder (for instance) from C:\Windows\Program Files for reinstallation purposes. Know where your installation CD's are.

F. Specialized or "niche" programs

1. Upgrade - If you use specialized software, it would be wise to make sure you have a recent version. Many people run into trouble because they use a database designed for DOS which will not run on a modern operating system like XP. If you replace your computer, the new one will come with Microsoft's current operating system which is Windows XP. You will be scrambling to find a new program that will meet your needs and then have to figure out how to get your data from the old program into the new one.

Another problem that can occur when using obsolete programs recently happened to one of my clients; the programs she was using for her business required activation after being installed, but the software company no longer makes the programs. The activation servers had been shut down long ago. How will you activate a program when the software manufacturer is out of business or the program is no longer being supported?

2. Many programs require a license code and/or product key. Make sure you can find all the necessary paperwork.

3. Many industry-specific programs require a yearly support contract with the software company. Make sure you have kept your support contract current. Know how to contact the software manufacturer's tech support.

G. Backups - Now you've got your new operating system, drivers, and programs installed. Where's your data? Data is what you made with the programs, such as:

1. Word documents or Excel spreadsheets
2. Pictures/music
3. Client records
4. Mailing lists/contacts/calendar/emails
5. Niche software data
6. Browser Favorites/Bookmarks

The only way to restore data is from backups you made. That data has to be put onto the new hard drive either by copy/paste or by placing the data where (and in a format) a program expects to find it. You need to think about what programs you use and then learn about them. You need to know how to reinstall the programs and where the programs keep the data so you can do regular backups. You need to know how to restore the data. Obviously, the backups cannot have been kept only on the computer. You must have the data backed up somewhere external. Here is some general information about backing up:

http://www.elephantboycomputers.com/page2.html#Backing_Up

Understanding your programs is particularly important if you use specialized software that has its own backup/restore method. If you don't know how your niche software gets backed up, reinstalled, and your data restored, you need to find out. Either read the manual or call the software's tech support. Document your findings if necessary. A tech like me coming into your home or office to do the restoration work will most likely have no idea how to reinstall/restore your particular niche software.

H. User names and passwords - You have a user name and password for your Internet access and/or your email. Your main account name might not be the same as the email address you regularly use. You may need a user name and password for online banking and other websites. Have user names and passwords written down somewhere safe. You will need them eventually.

I hope this information is useful to you. Remember, only you are responsible for your disaster plan and backups. You might have a tech like me come in to do backups, but you must be in charge. The tech might forget or be busy or leave town. If you close your eyes and wave your hands around and say, "I know nothing!" when the computer disaster strikes - and the operative word is "when" and not "if" - there will definitely be Tears Before Bedtime. Trust me on this and Be Prepared.

Back to top
Home

11-30-05 - Contents:

1. Firefox 1.5 available
2. Beware of fake IRS phishing email
3. Sober worm warning
4. Does anyone *not* know about the Evil Sony and its DRM?

1. For those of you using the Firefox alternate browser (most of you, I hope), there is a new version now available. Get it from http://www.mozilla.com/firefox/

2. I'm sure all of you are too smart to be caught by this phishing email that pretends to be a refund notice from the IRS. Here's the article about it from The Register: http://www.theregister.co.uk/2005/11/30/irs_phishing_scam/

3. The big virus outbreak this past month was caused by variants of the ever-popular Sober worm. Since all of you are practicing "Safe Hex" and not opening email attachments I suppose we don't have to worry, but here is an article about it anyway: http://www.theregister.co.uk/2005/11/30/november_virus_chart/

4. For those of you who haven't been following the antics of Sony and its evil copy protection software, here is a link with the explanation and history of this fiasco: http://www.boingboing.net/2005/11/14/sony_anticustomer_te.html

Back to top
Home

12-2-05 - Contents:

1. Warning re Internet Explorer dangerous vulnerability

As you probably know, Microsoft's normal Windows Upgrade schedule is that patches are issued on the first Tuesday of every month - "Patch Tuesday". A serious vulnerability in Internet Explorer (your browser) has been reported that can cause a malicious website to download a trojan, even on a fully-patched XP Service Pack 2 system. Microsoft considers the vulnerability to be so critical that they are considering issuing a patch before the next scheduled Patch Tuesday on December 13th. Here is an article detailing the threat.

http://www.informationweek.com/story/showArticle.jhtml?sssdmh=dm4.159616&articleID=174403423

In my last EBC Report, I told you that a new version of the Firefox browser is available. Although Firefox - like all software - is not perfect, I strongly suggest that you use Firefox (or another browser such as Opera) instead of Internet Explorer. I installed the new version of Firefox on my Windows machines and the upgrade went very smoothly. At this point, you should only use Internet Explorer to go to a Microsoft website or only if absolutely necessary (like if your online banking website is so poorly coded it will only work with IE - in this case, complain to your bank's webmaster).

Note the new home for Firefox and Thunderbird (email client) - http://www.mozilla.com/
Opera is now free - http://www.opera.com/

Back to top
Home

12-8-05 - Contents:

1. Evil Christmas screensavers and desktop wallpaper
2. How to lose data from Outlook and Outlook Express

1. Now that Christmas is upon us, people often go looking for holiday desktop pictures and screensavers. Please be very careful when you do this, since many of the sites where these so-called "free" screensavers and themes are hosted will also give your computer a nasty case of spyware. Personally, I never use screensavers. Screensavers were useful a long time ago (in computer-years) when monitors would get burn-in; leave an image on the screen for too long and a faint trace of it would remain on your monitor. A screensaver provided a constantly moving image to prevent the burn-in. Modern monitors don't have this problem, although I have heard that some plasma screens are susceptible. So now screensavers are really just toys. If you want a screensaver for privacy, you can always choose a blank one.

However, if you have your heart set on using screensavers, be aware that you need to be particularly careful about what you install. A screensaver - which will have the file extension *.scr - is actually a program. So if the screensaver you've downloaded and run is a virus (and your antivirus isn't up-to-date or up to par), your computer will get infected. Also you need to actually read any End User License Agreement ("EULA") that appears when you install anything so you don't agree to install spyware along with that Santa-Dancin' Screensaver. One of my favorite clients got a quite ugly malware infestation recently when she downloaded what she thought was a religious picture. She was most outraged that the picture was of Jesus. My dears, the people who are pushing this malware are Not Nice and don't care about things you consider holy. They are scum.

So how do you get pretty things for your computer? Microsoft has downloads of themes, games, and other great ideas. Start here and look around: http://www.microsoft.com/athome/default.mspx

National Geographic has lovely photographs you can use for desktop wallpaper. Look here: http://www.nationalgeographic.com/photography/

WinCustomize has themes, wallpapers, etc. You don't have to use the WindowBlinds theming application for many of them, either. You can also use Google Images Search, but again - be careful where you go. I suggest doing your searching with Firefox instead of Internet Explorer.

2. How many of you have made loads of folders in your email program where you are now keeping 5,000 emails? Those of you who don't do this can leave now; the rest of you had better listen. One of these days, sooner rather than later, you are going to have an unpleasant surprise. Both Outlook and Outlook Express keep all the emails and other information in databases. Databases are prone to corruption and OE is particularly fragile in this regard. Here are two sites which discuss why keeping all these emails in your email program are a recipe for disaster.

This first link is MS-MVP Tom Koch's website about Outlook Express and it has everything you should know about using OE: http://www.insideoe.com/

Here's an article by Tom written for one of Microsoft's Communities websites that addresses this problem directly:
http://www.microsoft.com/windows/IE/community/columns/filecorruption.mspx#EEAA

And here's another article he wrote covering the Top Ten Outlook Express issues:
http://www.microsoft.com/windows/IE/community/columns/OEtopten.mspx

What InsideOE.com is to OE, Slipstick.com is to Outlook. Also created by MS-MVP's, Slipstick.com is the premier source for information about Outlook: http://www.slipstick.com/

Here's a direct link to the page which discusses message management and how to keep Outlook healthy:
http://www.slipstick.com/addins/housekeeping.htm

So what do you do instead? You make folders - usually in My Documents - for all your different projects and save the emails and any attachments in there instead. Then delete the emails from Outlook or Outlook Express. Not only does this prevent OE/Outlook corruption, it will facilitate backing up your data. You are backing up, right? Protect your precious data by saving it properly and backing up regularly.

Back to top
Home

1-2-06 - Contents:

Windows MetaFile (WMF) vulnerability

The old year ended and the new year began with one of the most serious vulnerabilities in Windows operating systems ever. At this writing, Microsoft has not issued a patch for the problem. If they stick to their normal update schedule, we will not have an official patch until January 9th at the earliest. This is not A Good Thing.

A temporary patch has been created by Ilfak Guilfanov. Normally, I would never suggest that you install a patch from anyone but Microsoft. Never, ever, ever. But because of the seriousness of the vulnerability, I'm going to suggest that you install Mr. Guilfanov's patch coupled with one other easy step.

The SANS Internet Storm Center has the best explanation of the vulnerability with instructions on what to do and a link to the download.

http://isc.sans.org/diary.php?storyid=994

I highly recommend you go to the SANS site and read the information about the WMF vulnerability. To make things even easier for you, here are paraphrased highlights and what you need to do:

WHAT THE VULNERABILITY DOES AND HOW YOU GET HURT BY IT:

The WMF vulnerability uses images (WMF images) to execute code. This means it can run programs like trojans, which can download more trojans. It will execute just by viewing the image on a webpage. In most cases, you don't have click anything.

Internet Explorer will view the image and trigger the exploit without warning. New versions of Firefox will prompt you before opening the image. However, this offers little protection since most people will consider images to be safe and say "yes".

The Bad Guys are already sending spam email with attachments carrying a new version of the WMF exploit resulting in the installation of a various trojans. This spam email may look like this:

Subject: Happy New Year
Message Body: picture of 2006
Attachment: HappyNewYear.jpg (actually a WMF file with a .JPG extension)

SOURCES OF ATTACK:

Email attachments, malicious web sites, and instant messaging are the most likely sources as well as P2P (file-swapping) like with Kazaa, Limewire, etc.

WHAT VERSIONS OF WINDOWS OPERATING SYSTEMS ARE AFFECTED:

All. Windows 2000, Windows XP, (SP1 and SP2), Windows 2003. All are affected to some extent. And to quote the good people at SANS:

"If you're still running on Win98/ME, this is a watershed moment: we believe (untested) that your system is vulnerable and there will be no patch from MS. Your mitigation options are very limited. You really need to upgrade."

HOW TO PROTECT YOURSELF:

1. Install the patch from either the link on the SANS site above or here is a direct download link (TinyURL'd):http://tinyurl.com/8stt5

Note that you will need to uninstall the patch before you install an official Microsoft one. So you need to pay attention during the next Windows Update. Set your Automatic Updates (in Control Panel) to download updates automatically but notify you before installing them. Then instead of taking the "Express" install option for the updates, take the "Custom" install option. Now you can see if there is a patch for the WMF vulnerability and if there is, go to Add/Remove Programs and uninstall Mr. Guilfanov's patch first.

2. Unregister the affected Windows system file. Do this by:

Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

3. Make sure you have a current version antivirus program installed with an active subscription and that your virus definitions are up-to-the-minute. Most antivirus companies have said their very latest definitions will catch trojans coming from the WMF vulnerability, but new variants are being created every day. Do not be complacent.

4. Don't open email attachments unless you absolutely must and/or you are absolutely sure of the source (not just "someone you know") and that the attachment is a crucial piece of information you must have.

WHAT CAN YOU DO IF YOU GET CAUGHT:

Per the SANS article:

"Not much :-(. It very much depends on the exact exploit you are hit with. Most of them will download additional components. It can be very hard, or even impossible, to find all the pieces. Microsoft offers free support for issues like that at 866-727-2389 (866-PC-SAFETY)."

If you are a local client, you can call Elephant Boy Computers and we will try to clean your machine. Make sure you have current backups of all your important data because a format/clean-install of Windows may be necessary.

Back to top
Home

1-26-06 - "On two occasions I have been asked [by members of Parliament!], `Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." -- Charles Babbage

Contents:

1. New version of Thunderbird
2. End of the line for Win98/ME
3. Stopbadware.org

1. For those of you using Thunderbird as an email client, there is a new version available now. Get it from http://www.mozilla.com/thunderbird/

For those of you not using Thunderbird as an email client, you may want to give it a try. It has excellent Junk Mail filtering capabilities, and like the Firefox browser many people have written some extremely useful extensions for it. Extensions are small code snippets that extend the functionality of a program. To learn about and see some extensions for Firefox and Thunderbird, visit:

https://addons.mozilla.org/?application=firefox
https://addons.mozilla.org/?application=thunderbird

2. It is finally the end of the line for Win98/ME. From my TechNet mailing this morning:

"Important Notice for Windows 98 and Windows ME Users - On June 30, 2006, assisted support will end for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition (Windows Me) operating systems and their related components.

"After this date, Microsoft will no longer provide any incident support options or security updates. Online support will be available through the Microsoft Support Product Solution Center Web sites.

"Find additional information on the support lifecycle of Windows 98, Windows 98 Second Edition, and Windows Me on the Help and Support Web site. And you can find more information about Windows XP and migrating to this platform at the Windows Resource Center."

Here are the links referenced in the TechNet notice above:

Announcement - http://www.microsoft.com/presspass/features/2006/jan06/01-10Support.mspx
MS Support Product solution Center - http://support.microsoft.com/select/Default.aspx?target=hub
Win98/ME Support website - http://support.microsoft.com/gp/lifean1
Installation/Migration from Resource Center - http://tinyurl.com/at9kx

What does this mean to you if you're still running these older operating systems? It means that if your computer is connected to the Internet at all - or is connected to a network where there are other computers with Internet access and file sharing is enabled - it's time to think about upgrading to Windows XP. If your computer has no Internet access, then by all means stay with Win98/ME. Your computer will not magically stop working because Microsoft no longer provides support.

In most cases, a computer happily running Win98/ME will not upgrade well to XP. Windows XP requires much beefier hardware than the older operating systems and it is rarely cost-effective to try and upgrade an old machine. With new computer prices relatively inexpensive, it is almost always a better solution to just buy a new machine. Naturally, Elephant Boy Computers will be pleased to help you with your decision.

3. We have a new resource for fighting malware with StopBadware.org. From their "About Us" page:

"StopBadware.org is a "Neighborhood Watch" campaign aimed at fighting badware. We will seek to provide reliable, objective information about downloadable applications in order to help consumers to make better choices about what they download on to their computers. We aim to become a central clearinghouse for research on badware and the bad actors who spread it, and to become a focal point for developing collaborative, community-minded approaches to stopping badware.

"Harvard Law School's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute are leading this initiative with the support of several prominent tech companies, including Google, Lenovo, and Sun Microsystems. Consumer Reports WebWatch is serving as an unpaid special advisor.

"John Palfrey, Executive Director of the Berkman Center and Harvard Clinical Professor of Law, and Jonathan Zittrain, Harvard Law Visiting Professor and Professor of Internet Governance and Regulation at Oxford University, are StopBadware.org co-directors. Supporting them are an advisory board and working group made up of some of the top experts in the field, including Internet pioneers Esther Dyson and Vint Cerf."

It will be interesting to see what they can do. http://www.stopbadware.org/

Back to top
Home

1-30-06 - "A black cat crossing your path signifies that the animal is going somewhere." -- Groucho Marx

Contents:

1. Winamp vulnerability
2. Kama Sutra/Blackworm

1. If you use Winamp, please note that there is a vulnerability that has already been exploited. Some security experts have already rated this vulnerability as "critical". Here is information about the vulnerability and the exploit:

http://msmvps.com/blogs/harrywaldron/archive/2006/01/30/82080.aspx

It is expected that Nullsoft will issue a patch but in the meantime use Winamp only at highly trusted sites or for offline media. Check with Nullsoft for a patch and when available, download and install it - http://www.winamp.com/

2. Now, I don't want to get all Chicken Little about this newish worm, but I thought I'd mention it since the worm is quite destructive and the payload is scheduled to be delivered in just a few days (February 3rd). Naturally, all of you know that you need to have a current version (not earlier than 2004) full-featured antivirus installed, with an active subscription and updated virus definitions. If you don't - you know what to do. Here are a few articles about the Kama Sutra worm.

http://isc.sans.org/diary.php?storyid=1067
http://www.theregister.co.uk/2006/01/27/blackworm_warning/

Back to top
Home

2-1-06 - "Writing about music is like dancing about architecture." -- Frank Zappa

Contents:

1. Online music - legal and available
2. Safer web surfing with SiteAdvisor

1. In my work cleaning up people's computers, I find that a large majority of the machines have become infected because their owners (or their owners' kids) have been pirating music (Kazaa, Limewire, etc.). My clients then ask me what they should use instead. Since I'm not a big music listener/buyer, I've said either iTunes or Rhapsody. While those services are excellent, they also have DRM restrictions. Also, what if you can't find what you want on those sites? I've done a little research and have come up with a couple of online companies which may be of interest:

A. Magnatune - http://www.magnatune.com/

Here's what the owner of Magnatune has to say:

"We're a record label. But we're not evil. We call it "try before you buy." It's the shareware model applied to music. Listen to 427 complete MP3 albums from musicians we work with (not 30 second snippets). We let the music sell itself, because we think that's the best way to get you excited by it. We pick the best submissions from independent musicians so you don't have to. If you like what you hear, download an album for as little as $5 (you pick the price), or buy a real CD, or license our music for commercial use. And no copy protection (DRM), ever. Artists keep half of every purchase. And unlike most record labels, they keep all the rights to their music. No major label connections. We are not evil."

They don't have a huge playlist, but what they do have looks interesting. My only criticism of the site is that the instructions for use and payment aren't completely clear immediately. Basically you click on an artist you like, listen to the music, and if you want to buy it click on the "Buy" button. You are then taken to a page where you're given the choice to download the music or have a CD sent to you. They take Visa, Mastercard, or Paypal.

B. Mindawn - http://www.mindawn.com/index.php

Mindawn looks quite a bit bigger and slicker than Magnatune and has a much larger catalog. Their Customer FAQ (Frequently Asked Questions) covers who they are and how they do it very well - http://www.mindawn.com/customers.php

Mindawn seems to be aimed not only at those of us who hate DRM, but at musically-savvy people who want to download great quality music. Apparently you can browse and buy music from their main website, but to hear the music you need to download a player. I can't imagine why you would buy music unheard. From a quick perusal, I would say that first downloading the Help file (in .pdf format so it will open with Acrobat Reader) would be a good idea. You can right-click on the Help file and Save As. I think that Mindawn is aimed at fairly sophisticated users so I'm not sure your teens would do well there.

C. If you don't want to download music but just want to listen to some tunes on your computer while you're working, there's always Internet radio. Here are a few links I find interesting:

Radio DavidByrne.com - from the amazing creator of Talking Heads - http://davidbyrne.com/radio/index.php
BBC Radio 1 - http://www.bbc.co.uk/radio1/listen/index.shtml?hp_lhn
KEXP - http://kexp.org/home.asp?noflash=false
Public Radio Fan - hundreds of links to public radio stations around the world - http://publicradiofan.com/
You can listen to the new "Venue Songs" from the fabulous They Might Be Giants - http://www.tmbg.com/
Soma FM - listener-supported, commercial-free, underground/alternative radio broadcasting - http://www.somafm.com/
WFMU from Jersey City - http://www.wfmu.org/ssaudionet.shtml

2. Safer surfing with SiteAdvisor - I just heard about this website/application to help make your surfing experiences safer and it looks very interesting. Here's their homepage - http://www.siteadvisor.com/preview/

Since Ben Edelman - a most highly-respected spyware researcher - is one of their technical advisors, I think this is definitely worth a try. I'm going to download the browser plugins for Internet Explorer and Firefox and you might want to check this out for yourselves, too. The SiteAdvisor blog is also extremely interesting - http://blog.siteadvisor.com/

Back to top
Home

3-27-06 - "Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke

Contents:

1. Warning - Internet Explorer, etc. vulnerabilities
2. Warning - new variants of Smitfraud (Spyaxe, Spyfalcon, SpywareQuake)
3. Beware the DRM, the jaws that bite, the claws that catch! (Starforce)
4. Free stuff from Microsoft

1. There are always vulnerabilities in operating systems and programs and you are supposed to be practicing Safe Hex and keeping your systems/programs patched. But just in case you've forgotten this, I thought I'd remind you. There are some particularly nasty vulnerabilities in Internet Explorer right now and there are exploits to take advantage of this. This doesn't mean that alternate browsers are bullet-proof, but using one instead of Internet Explorer is a good idea. Remember, if you use an alternate browser to make sure you have the latest version of it.

http://www.theregister.co.uk/2006/03/27/another_ie_security_flaw/
http://isc.sans.org/
http://isc.sans.org/diary.php
http://isc.sans.org/diary.php?date=2006-03-26

Also make sure you have the latest version of Java. Uninstall older versions before installing the newest one.
http://www.java.com/en/

And for your convenience, here are some links to help you stay safe:

http://www.wilderssecurity.com/showthread.php?t=27971 - So How Did I Get Infected Anyway?
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx - MVP Harry Waldron - The Family PC - How to stay safe on the Internet
http://www.microsoft.com/security/protect/default.asp - Protect Your PC
http://www.cert.org/homeusers/HomeComputerSecurity/ - Home Computer Security

Another way to stay safe is to use an operating system other than Windows. While Apple's OSX, Unix, and Linux have their own vulnerabilities, they tend to give you safer surfing. If you'd like to know more about using Linux, feel free to contact Elephant Boy Computers.

2. It seems like almost every day there is a new variant of the Smitfraud malware. To add to SpyAxe and SpyFalcon, we now have SpywareQuake. For more information see information here, which includes the link to the BleepingComputer.com removal steps:

http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan

I've mentioned it before, but MVP and security expert Eric Howes' site is an invaluable resource to help you determine if a program is "rogue" or not. It is well worth visiting Eric's site regularly to see what new programs have been added to the list.

http://www.spywarewarrior.com/rogue_anti-spyware.htm

3. Beware the DRM, the jaws that bite, the claws that catch! Late last year we had the huge fiasco with some Sony music CD's installing copy protection software on users' computers that caused all sorts of problems. See:

http://www.elephantboycomputers.com/page3.html#11-30-05
http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html
http://cp.sonybmg.com/xcp/

You should know that this is not the only instance of software being installed on users' computers that can have extremely adverse effects. If you are a gamer or have gamers in your household, you should know about the Starforce copy protection malware - and I use the term "malware" on purpose. The Starforce software can seriously damage your Windows installation and possibly the hardware itself. Here is a link to a site explaining the issues and listing games that currently include the Starforce program if you would like to boycott them. At the very least, be aware of the issue.

http://www.glop.org/starforce/

While Elephant Boy Computers would never suggest that you do anything illegal, the April issue of MaximumPC has some very interesting articles
about copying movies and music. The content is not on their website yet since the magazine is still in stores. If this is a subject in which you are interested, it would be well worth picking up a copy of the magazine.

http://www.maximumpc.com/

4. Free stuff from Microsoft - After taking some calls last week from people looking for training on Microsoft Office programs (no, I don't do this), it occurred to me that you may not realize how much free content and help is available from Microsoft for their products. For instance, there are many training sessions for Office programs on the MS Office website. I learned how to do a mail merge for my Christmas card labels using Excel and Word by watching a training movie.

While many people already know about Office clipart, there are also a lot of templates which you can download and use. For instance, why spend hours creating a personal budget template for Excel when someone else has already created one?

Microsoft wants you to use their products and to use them successfully. If you use Microsoft products, it is very much worthwhile to spend some time exploring the excellent and vast resources the company provides you. Start at their homepage: http://www.microsoft.com/ and go from there.

Back to top
Home

4-28-06 - "You will remember, Watson, how the dreadful business of the Abernetty family was first brought to my notice by the depth which the parsley had sunk into the butter upon a hot day." -- Sherlock Holmes

Contents:

1. Update about the Windows Update KB908531
2. Common computer mistakes made by small business owners

1. Microsoft issued a reworked patch for the vulnerabilities covered in KB908531 last Tuesday, April 25th. Windows Update took care of this for you if your computer needed it. Based on reports, it looks like the new patch took care of the problems caused with the first update. If you weren't one of the many people affected by the first patch's problems, don't worry about this!

2. Common mistakes made by small business owners - My client base consists of home users and small business owners. Although my comments in this section are aimed at small business owners, some of the information may be useful for home users also. Here are some of the mistakes that small business owners make that I see all the time, not in any particular order.

A. Mistake - Buying cheap equipment. Those $399 machines are aimed at the home user who does light computing. They are not meant to be on 24/7 and act as a "server". You might get lucky and get good use out of those machines, but then again you might not. Most of the computers for the home market are running Windows XP Home or Media Center Edition which are not designed for business use.

Solution - Buy quality business-class computers. It is preferable to have workstations that are all the same make/model for ease of maintenance and repair. If you want your workstations to run a Microsoft operating system (as opposed to Linux), then it should be Windows XP Pro. Buy business-class printers, preferably laser printers that are connected to the network and not locally to a computer.

B. Mistake - Using a workstation computer as a server - known as a "pseudo-server". Companies with more than 7 computers using a pseudo-server, all running Microsoft operating systems, will start to run into the inbound concurrent connections limitation. The limitation is on inbound concurrent connections, not computers or number of users. Each workstation can make more than one connection to a machine acting as a server. Here is a link to Microsoft's information about this: http://support.microsoft.com/?id=314882

Inbound concurrent connections limitations:

5 for XP Home
10 for XP Pro/Tablet/Media Center Edition
49 for SBS 2000
74 for SBS 2003
Unlimited for full Server operating systems

Solution - Get a real server running a real server operating system. Server computers also have hardware designed to handle the the job. Buy a server that is powerful enough to meet your needs. If you must run Windows programs on the server, you will need to buy a Microsoft server operating system such as Small Business Server or Windows Server 2003. If the server will only act as a file server, you can use Linux instead - or even a Mac server.

With a server, you should set up a domain instead of keeping the peer-to-peer Workgroup network structure. Among other advantages, a domain permits centralized security, control, and maintenance.

C. Mistake - Lack of proper security and maintenance. The type of security needed depends on your particular business, but here are some things that all computers need to have:

1. Current version (not earlier than 2005) antivirus with an active subscription and updated virus definitions.

2. A firewall - this can be a software firewall running on each Workgroup or Domain member (and the server) and/or a hardware firewall solution at the perimeter of your network.

3. Operating system and major applications used kept patched and current with Service Packs and