archive

Elephant Boy Computers Reports - Archives

Current EBC Reports are here.

2002 2003 2004 2005

2002

08-27-02 - Windows security issues; Windows Update
09-04-02 - Virus reminder; Windows XP Service Pack 1; browser trick
09-09-02 - Windows XP security flaw
09-23-02 - Viruses and hoaxes
10-03-02 - Security reminder; virus news; useful newsletters
10-16-02 - Internet Explorer security flaw; Windows XP security flaw; alternate browsers
10-19-02 - Browser pop-up ads; how to use Ad-aware; killing pop-ups
10-20-02 - Bogus Ad-aware information
10-25-02 - Windows (and other) Updates; beware of e-greeting cards; make your own TeleZapper
11-07-02 - New worm; alternate email clients
12-09-02 - Making address labels; newsgroups
12-14-02 - New Windows vulnerabilities
12-22-02 - Windows XP security flaw; OE 6 & attachments; support lifecycle; web amusements

Back to top
Home

2003

01-02-03 - Ad-aware information; update reminder
01-16-03 - Nasty Lirva worm
01-20-03 - APC product recall; computer cleanliness
02-12-03 - Reminder, Ad-aware 6.0, backup, spam
02-23-03 - Update on Ad-aware; patches and upgrades; Bulwer-Lytton Contest
03-18-03 - Domain Names & websites; virus and vulnerability warning
03-30-03 - Online music sites; spam
04-21-03 - Update reminder, backing up, Messenger spam
05-19-03 - Email warning; kid safety on the Internet
05-22-03 - Quick virus warning; file extensions
07-09-03 - Update reminder, scam warning, telemarketers
08-12-03 - Windows DCOM RPC Interface Buffer Overrun Vulnerability
08-27-03 - Postmaster bounces for email you didn't send
09-10-03 - More Microsoft vulnerabilities; what's a person to do?
10-06-03 - New cumulative Internet Explorer patch; why MS os's are vulnerable
10-16-03 - Microsoft security patches; iTunes for Windows; Google
10-30-03 - Updated Microsoft security patches; html in email
11-18-03 - Phishing and virus alert; Windows Update reminder
12-12-03 - Phishing continued; shopping spots

2004

01-13-04 - Windows 98 life extended; Trojan.Xombe
01-28-04 - W32/Mydoom
02-02-04 - Microsoft February updates; foil phishers
02-26-04 - Warning about Win Antivirus 2004
03-23-04 - Witty worm, Phatbot worm
05-01-04 - W32.Sasser, W32.Gaobot, legal music downloads article
05-07-04 - Sasser update
05-14-04 - Symantec vulnerabilities; May updates
05-29-04 - Passwords, end run around spyware
06-26-04 - New vulnerability in IE; HP recalls notebook memory
08-01-04 - Patch for Download.Ject vulnerability
08-07-04 - Windows XP Service Pack 2
09-14-04 - Windows XP Service Pack 2 - further information
09-19-04 - Arrrr, Matey! and general updating
09-25-04 - Updates for JPEG vulnerability
10-31-04 - Betrayalware; malware removal

2005

01-01-05 - Happy New Year; Security comments
01-16-05 - Security updates support; antivirus programs support; MS AntiSpyware Tool
01-24-05 - NT 4.0 Server End of Life; Service Pack level; Recovery cd's
02-10-05 - Microsoft Patches; browser vulnerabilities; Symantec vulnerabilities
02-27-05 - Program updates; email scam; beta software; XP's System Restore
03-20-05 - LimeWire vulnerability; Anti-Phishing consortium; MSN Messenger worm; Darwin Awards
04-28-05 - Firefox vulnerabilities; April Windows Updates; transferring data from old computer to new one
05-02-05 - Instant Messaging viruses
05-14-05 - Firefox and iTunes vulnerabilities; how you got the spyware
06-02-05 - MTOB worm; new Spybot and Ad-aware; SpywareInfo article
07-10-05 - MS and Claria; London Bombing Trojan; IE vulnerability; more on getting malware
07-13-05 - New version of Firefox; Microsoft-Claria deal is dead; Patch Tuesday; Apple updates to Tiger
08-12-05 - Serious identity theft ring; Patch Tuesday, Bulwer-Lytton awards
09-11-05 - No Microsoft Windows security updates this month; vulnerability in Firefox/Mozilla; sleazy spyware; Talk Like A Pirate Day
09-20-05 - Malware that spoofs Google; Opera browser is now free; Microsoft Shared Computer Tookit; buying a new computer
10-12-05 - Patch Tuesday; fake Google Toolbar; recovery Windows
11-02-05 - Computer disaster planning
11-30-05 - New Firefox; IRS phish; Sober worm; Sony DRM mess
12-02-05 - Critical Internet Explorer vulnerability
12-08-05 - Evil screensavers; email management

Back to top
Home

08-27-02 - As you probably know, I live and breathe tech information. The rest of you have Real Lives, and sensibly pay little attention to the latest computer-related news. However, occasionally things come up that I think would be of use or interest to my clients. I've spoken to some of you and have found that quite a few people wouldn't mind getting an email from me every once in a while alerting them to security fixes, small tips/tricks, etc. So I thought I'd try doing something along those lines. Now, I hate spam. I think that spammers should have horrible, terrible, torturing things done to them. And then they should be killed. So if you don't want to get any of these Elephant Boy Reports, please email me and I'll immediately take you off the list. Conversely, if you know someone who might be interested, have them email me and I'll add them. All that said, here's the first bit of information:

In the last week or so there have been quite a number of security-related issues with Microsoft Internet Explorer (your browser, the software that enables you to view the web graphically). Even if you don't use IE directly, it is tightly integrated into the Microsoft Windows operating system (Windows 98, ME, and Windows XP). There's no need to panic, but you should update your system as soon as possible. This is easily and painlessly done. Updating requires that you are connected to the Internet, so if you use a dial-up connection, log on. Cable and DSL users are already online. Somewhere in your Start menu, usually at the top, is an entry for Windows Update. Left-click it. (You can also find Windows Update from within Internet Explorer under the Tools menu.) This will bring you to Microsoft's Welcome To Windows Update site. Click on the Product Updates link. You'll get a notice that Microsoft is checking your computer to see what updates you need. (You may need to click "I Agree" in a pop-up window first if you haven't done this before, and that's OK - do it.) Windows XP users get a slightly different message ("scanning for updates"), but the process is the same.

You'll then get a webpage showing all the critical updates available for your system. You can click "Show Installed Updates" if you want to see more clearly what you need. Be sure all the critical/security updates are checked and click the "Download" button. Just follow the directions. The updates will be downloaded and automagically installed on your computer. You will probably need to reboot (restart) the computer. You should check for Windows updates on a regular basis to keep your operating system up to date.

Back to top

09-04-02 - Just a note to remind you all to be sure your antivirus definitions are up to date. Most of you will have this set to update automatically. In the past week, I've removed the W32Klez virus from four people's computers. This nasty piece of malware continues to be Number One world-wide. Remember, Don't Panic - just keep your antivirus running and don't open attachments. And for those of you who like to Live On The Edge and open absolutely everything (you know who you are), at least scan suspicious-looking email first, OK?

**Windows XP Service Pack 1**

Microsoft is releasing the first Service Pack for Windows XP (SP1), available for download on September 9th. It will include all the security fixes to date, as well as other enhancements. You'll undoubtedly be able to get it at Windows Update, and if you have a slow Internet connection (dial-up), can order the CD from Microsoft for $10. Windows Update will be the easiest way to install it, but if a) your connection is too slow; or b) you don't want to deal with it, I'll be downloading it and burning it to a CD. If you want me to install it for you I can, or if you'd like me to burn a copy for you I will. If you come here with your own CD-R blank, I won't charge for the burning (unless you want to schedule something extra like training time, of course). Naturally, if I come to your house I have to charge. My son needs new glasses. ;-)

It is always good to apply Service Packs, but it isn't anything you have to rush to get, either. Microsoft's download servers will be very busy on Sept. 9 and for the next few days afterwards, so it might be hard to get in. Not to worry, it can wait until the traffic gets lighter.

**Windows Trick**

If you are using Internet Explorer as your browser (the program used to view the Internet), to quickly enter the name of a site whose address starts with "www." and ends with ".com", type just the middle part in the Address Bar and hold down Control as you press Enter. IE will fill in the "www." and the ".com" for you and take you there. Example: To enter "www.elephantboycomputers.com", just type "elephantboycomputers" in the Address Bar and then press Control + Enter.

Back to top

09-09-02 - A major security flaw has been uncovered in Windows XP. IF YOU DO NOT USE WINDOWS XP, THIS DOES NOT APPLY TO YOU. Windows XP SP1 (Service Pack 1) is available through the Windows Update site now. You can choose the Express Install, which will examine your system and only
download and install the fixes you need. Otherwise, it is a 133MB download for the whole enchilada.

SP1 will patch this new major security flaw (along with a lot of other fixes). However, if you cannot get through to the Windows Update site (it will be busy) or have a dial-up connection, IMMEDIATELY DO THE FOLLOWING TO PROTECT YOUR SYSTEM:

Do a search for the file "uplddrvinfo.htm". It should be in your C:\Windows\PCHealth\Helpctr\System\DFS. The easiest way to get it is to do a search for "uplddrvinfo.htm" (enter the file name without the quote marks, obviously). When you have found the file, right-click on it and choose "Rename". Change the file extension (the three letters after the ".") to uplddrvinfo.old or .bil or .xxx, whatever three letters you like. I think it would be better to not use ".old" but some other odd combination of letters. DO THIS IMMEDIATELY. Then apply SP1.

REPEAT: IF YOU DO NOT HAVE WINDOWS XP, THIS DOES NOT APPLY TO YOU. Those of you running Windows 95, 98, or ME still should go to Windows Update and apply all necessary security fixes because it isn't like you're running a secure operating system and they're not.

Back to top

09-23-02 - Contents:
1. Viruses and hoaxes

I just got two emails and a phone call regarding a well-known virus hoax (jdbgmgr.exe, if you're interested), so I thought I'd remind you all about some great sources of information for all things related to viruses, hoaxes, email jokes, etc.: http://www.sarc.com/ - Symantec Antivirus Research Center - excellent searchable database of viruses, hoaxes, and jokes. The first place I look for virus information. A good antidote to virus/hoax scares.

Back to top

10-03-02 - Contents:
1. Security reminder
2. Virus news
3. Useful Newsletters

1. Be sure to update your operating systems by going to Windows Update. There have been some new vulnerabilities reported this week which affect all versions of Microsoft operating systems. Frankly, if I sent you a report about every security bulletin from Microsoft, most of you would go hide in the closet, which isn't necessary (at least regarding your computing life - I don't know about the rest of your activities!). Of course, some of you would stand up and roar, "Bring it on!!! and you know who you are, but that isn't sensible either, Tony ;-). If you actually want more technical information about Microsoft, including security, the best place to start is at:

http://www.microsoft.com/technet/default.asp

You can sign up for security bulletins there if you're interested. Or you can just wait for Elephant Boy Computers to send you an alert when necessary.

2. In virus news this week, the ever popular W32.Klez has been pushed out of First Place by a new version of the old favorite, W32.Bugbear. Bugbear is a mass-mailing worm with keystroke logging (to capture passwords) and backdoor capabilities. It will attempt to stop antivirus and firewall programs. It will come as an email attachment. If you have been to Windows Update and updated the operating system and are running a good antivirus with updated definitions, you are protected against Bugbear. Of course, you should always practice Safe Computing and not open email attachments. For more information about Bugbear, you can look at this page at Symantec's website:

http://www.sarc.com/avcenter/venc/data/w32.bugbear@mm.html

3. Some of you want to know more about computers and technology. The rest of you are excused now, and can go play. One great resource is Fred Langa's LangaList. This is an email newsletter sent out twice a week, packed with tips, information, and humor. There are two versions of the LangaList, a free one and a subscription one. I've been a LangaList subscriber for years. Go to http://www.langa.com/ for more information. On the lighter side, another email newsletter that is always interesting is Mike's List, from Mike Elgan. Mike includes technology-related news, but his focus is more on things like "Proof You Can Buy Anything On The Web" and "Mystery Pic O' The Week". To check it out, go to http://www.mikeslist.com/ .

Back to top

10-16-02 - Contents:
1. Internet Explorer versions 5.5 and higher security flaw
2. Windows XP security flaw
3. Alternate browser information (advanced tip)

1. Another IE 5.5/6.0 security flaw has been uncovered. Here is the information and fix, taken from The ScreenSavers website at http://www.techtv.com/screensavers

"A security hole has been found in Windows Internet Explorer that allows attackers to execute scripts on a user. The vulnerability appears when visiting websites that use the <frame> and <iframe> HTML tags. To fix the hole, follow these steps in Internet Explorer:

In Internet Explorer, open Internet Options.
Click on the Security tab.
Click on the Custom Level button.
In the Settings window, scroll down until you find, "Navigate sub-frames across different domains."
Select either Prompt or Disable."

2. This is for Windows XP/Windows 2000 users only. There is a security hole in the Messenger service. This service does not have anything to do with MSN Messenger, but rather is designed for corporate environments where the IT Administrator might need to send a message to all computers on the network, such as announcing a shutdown for example. Home users do not need this service, nor do business people not using this feature. To fix this hole, turn off the Messenger service by going to:

Start>Control Panel>Administrative Tools>Services. Under "Name", you will see the Messenger service. It is probably set to start automatically. Double-click on the Messenger service entry, which will give you its Properties box. Click the Stop button. Just above the Stop button, you will see a drop-down box for Startup Type. Click on the little down arrow and change the Startup Type to Disabled. Click Apply and OK, and close out of Services.

3. Your browser is the program that allows you to "see" the Internet graphically. Internet Explorer is the Microsoft browser that comes built into Windows. For those of you who are *not* using proprietary Internet software like AOL, you can try other browsers just for fun. One of the best commercial browsers is Opera. Opera comes in an ad-supported version for free, or no ads for $39. I personally think Netscape is dreadful, but that is another free browser. In the free browser category, Mozilla is terrific. Each of these browsers has its advantages and disadvantages. If you want to check them out, here are urls:

Opera http://www.opera.com/
Netscape http://www.netscape.com/ (click on Browser Central under Tools)
Mozilla http://www.mozilla.org/

For more information about all the different browsers out there (and there are tons of them), check out http://browsers.evolt.org/ just for fun.

Back to top

10-19-02 - Contents:
1. Browser pop-up ads
a. How to use Ad-aware
b. Killing pop-ups

I had a request to cover ways to get rid of those dreadful pop-up ads (or pop-under, which can be even worse since you don't see them until you close out of the browser) you get in your browser while surfing the Internet. The first thing you should do is be sure your computer is free of spyware (I'm assuming that you are all running a recent antivirus program with updated definitions and that you know your computer is clean). Rather than waste bandwidth with a long explanation of spyware in this email, I'll direct you to the Spyware section of this website here.

a. The best way to clean up your system is to use Ad-aware by Lavasoft. Ad-aware searches your computer for adware/spyware and gets rid of it for you. Here's the url: http://www.lavasoftusa.com/ . You should definitely read the FAQ and other information there, but here's a simple explanation of how to use Ad-aware. First, download Ad-aware. Second, download Refupdate (from the same place). Ad-aware works on the same principle as antivirus software, by using definitions to teach the main program about new forms of spyware. It uses a "referencefile" to do this. After you've downloaded and installed both Ad-aware and Refupdate, start Refupdate. It will give you a drop-down choice of servers. Choose one (or stick with the default), and click the "Connect" button. Refupdate will check for a new referencefile, download it, and install it for you. If there isn't one, it will tell you. Exit Refupdate.

Start Ad-aware and put a check mark in all the drives except A:\ (the floppy) to be scanned. Click the Scan button. Ad-aware will scan your computer - it may take a while depending on how much stuff you have on your drives. When done, it will tell you. You can then look at all the spyware it has found. Put check marks in all the boxes and click "Clean". You have the option to back up the files marked for removal if you are unsure. Ad-aware will get rid of all that nasty stuff, and then you can close the program. The Ad-aware wizard is pretty easy to follow. Ad-aware and Refupdate are free.

b. OK, now that you've gotten rid of any spyware, you can address killing pop-up ads. You'll either need to run third-party software (means it isn't built into Internet Explorer) or use a different browser. Note that if you are using AOL, I have no idea if any of the third-party software will work for you since AOL plays by its own rules, and if your AOL access is by dial-up modem (not Bring Your Own Access Broadband), I don't think you can use a different browser. All I can say is that you can try it and see if it works.

1. POW! is one of the oldest programs to kill pop-ups. You have to train it, although it isn't hard to use. POW! is free. Get it here: http://www.analogx.com/contents/download/network/pow.htm

2. Pop-Up Stopper has also been around for quite a while. It has a free version and a more full-featured version, along with other programs of that type. Here is their site:
http://www.panicware.com/

3. WebWasher is a free (for personal use) browser add-on. WebWasher also makes more comprehensive commercial software for companies. Here's the url:
http://www.webwasher.com/en/products/wwash/index.htm

4. For those of you who don't mind doing a bit of tweaking (and you can always call Elephant Boy Computers if you break something >heehee<), there is Proxomitron. Here is their website: http://www.spamblocked.com/proxomitron/

One thing to note: programs like Proxomitron run as a proxy server on your machine. In other words, they sit between your web browser and the Internet to act as a filter. Some pages like online banking sites won't work well with a proxy. If you find you like Proxomitron (or others) but run into problems on some sites, turning off the filtering software may be necessary for those sites. As in all cases, be sure to read Help files and FAQ's (Frequently Asked Questions) about any software you install.

If all that is too much trouble, you can always use a browser like Opera or Mozilla instead of Microsoft's Internet Explorer. Both Opera and Mozilla enable you to quickly set a preference of not permitting unsolicited new web pages to open. For instance, I use Opera for most of my web surfing and one of my favorite wallpaper sites (http://www.wallpapershq.com/accueil.php if you're interested) has intrusive pop-up ads on every page (well, they have to pay for the website somehow). When I go there, I go to File>Quick Preferences> and check "Refuse Pop-Up Windows". When I'm done and want the ability to open new windows from within a website again, I just go to the same place and check "Accept Pop-Up Windows". Very easy. I believe Mozilla offers something along the same lines. Opera has a free ad-supported version and a registered version for $39. Here is the url: http://www.opera.com/ . Mozilla is free and you can check it out here: http://www.mozilla.org/ .

Back to top

10-20-02 -
Sorry for sending another report so soon, but I got some relevant news from the Lockergnome Tech Report when I opened my email this morning.

"Bogus Ad-aware Circulating

"Lavasoft has posted an announcement to their forums warning of a possible trojan application being hawked as a valid download of AdAware, a popular spyware removal tool. Information is still being gathered about the fake, but the download file is named aware.exe or perhaps other variations. Lavasoft has posted a list of authorized mirror sites from which you should be obtaining AdAware."

Here is the url with the exact information: http://www.lavasoftsupport.com/

And here is the information from Lavasoft:

" WARNING!

It has come to our attention that there may be a new virus and/or Trojan masquerading as a legitimate Ad-aware download. This file or software is called aware.exe or some variation of this. We have also been informed that there may be someone out there who is actively using pop ups that seem as though they are from LavaSoft. Please be sure to only download our products from the official mirror sites listed on our downloads page: http://www.lavasoft.de/downloads.html

This includes ONLY the following sites:

Mirror Sites:

http://www.majorgeeks.com/article.php?sid=506
http://www.pcworld.com/downloads/file_desc...fid,7423,00.asp
http://download.com.com/3000-2094-10115988.html
http://www.winsite.com/bin/Info?5000000038314
http://www.wyvernworks.com
http://www.networkingfiles.com
http://fileforum.betanews.com
http://www.cheetaa.com
http://www.ExaltedHosting.com
http://www.mentaldimensions.com
http://www.bagpipes.net

In the interim, we are aggressively investigating these reports and are looking at every example of them we can locate. If you suspect that you have been infected with a virus of this name or are experiencing pop ups that look as though they came from LavaSoft or seem to advertise any of our products, please contact a Moderator or Administrator immediately and we will investigate this. You can also send information to the following address: urizen@lavasoft.de "

So if you got Ad-aware from a site listed on their webpages, you're fine. As always, download from known reputable sources, run a current antivirus program, and keep those virus definitions up to date. Back to our regularly scheduled Sunday morning.

Back to top

10-25-02 - Contents:
1. Windows (and other) Updates
2. Beware of e-greeting cards
3. Make your own TeleZapper

1. Updates - We've had quite a few new people join this mailing list, so I thought I'd repeat the information about how to use Windows Update from the very first EBC Report back in August. For those of you who have been getting the Report for awhile, perhaps it can be a refresher, or you can just skip this bit.

It is vitally important that you keep your operating system and main applications up to date so you have all pertinent security patches. An easy way to keep Windows operating systems current is to use Microsoft's Windows Update. Here's how you do it: Updating requires that you are connected to the Internet, so if you use a dial-up connection, log on. Cable and DSL users are already online. Somewhere in your Start menu, usually at the top, is an entry for Windows Update. Left-click it. (You can also find Windows Update from within Internet Explorer under the Tools menu.) This will bring you to Microsoft's Welcome To Windows Update site. Click on the Product Updates link. You'll get a notice that Microsoft is checking your computer to see what updates you need. (You may need to click "I Agree" in a pop-up window first if you haven't done this before, and that's OK - do it.) Windows XP users get a slightly different message ("scanning for updates"), but the process is the same.
You'll then get a webpage showing all the critical updates available for your system. You can click "Show Installed Updates" if you want to see more clearly what you need. Be sure all the critical/security updates are checked and click the "Download" button. Just follow the directions. The updates will be downloaded and automagically installed on your computer. You will probably need to reboot (restart) the computer.

You can also download security patches for Internet Explorer (your browser) and for Microsoft Office. Here is the url for Internet Explorer downloads (there is no automatic scanning): http://www.microsoft.com/windows/ie/downloads/default.asp . Pay particular attention to the Critical Updates, because these are the most important. If you are unsure what version of IE you have, click on Help>About and you will see the version number.

For Microsoft Office, go to http://office.microsoft.com/productupdates/ and at the top you will see a section called "Check for Office Updates". Click the "Go" button next to "Scan my computer to find Office updates I need". Just like the Windows Update site, you can choose what you'd like to download.

For other programs that are important to you (by Microsoft or by other companies), go to their websites and look around for information about patches and/or upgrades. "Support" is usually a good place to start looking.

2. For those of you who like to send those e-greeting cards, be sure that you are doing this from a reputable site. I personally include e-greeting cards in the category of "things that get an automatic Delete" along with never opening attachments, but a lot of people like them. Here are links to two stories posted on The Register by the very talented people at Security Focus. If you send (or receive) e-greeting cards, you should definitely read these:
http://www.theregister.co.uk/content/55/27782.html
http://www.theregister.co.uk/content/6/27794.html

3. I read this bit in the current issue of Wired Magazine and thought some of you more adventurous types would enjoy it. Apparently you can make your own TeleZapper, which is a device that you buy to attach to your phone to fool telemarketers. Right up front, you should know that I have not tried either the "real" TeleZapper or the digital one detailed below, so YMMV ("Your Mileage May Vary") and yer takes yer chances, although I don't see how it could hurt anything to try. But anyway, according to Wired (I've paraphrased their instructions), here's how to do it:

a. The TeleZapper fools telemarketers' auto-dialing equipment by emitting the ascending 3-note special-information tone you hear before, "We're sorry, the number you have reached has been disconnected." You can download this tone from the Web. Do a Google search for "sit.wav" to find one of these audio files.

b. Open sit.wav in an audio-editing program like Microsoft Sound Recorder. Edit out the second and third notes. Save the .wav file.

c. Play that one note on your computer and record it as the first sound on your answering machine's outgoing message. Follow with a clever greeting explaining to puzzled friends what you're doing.

d. According to Wired, telemarketers will get the "zapping" tone and take you off their lists.

Back to top

11-07-02 - Contents:
1. New Worm Sighted
2. Alternate Email Clients

1. A new mass-mailing worm has appeared and is struggling to take away the top honors from W32.Klez and BugBear. It is known as W32.Brid, but has aliases of W32/Braid-A and Win32.Braid.A, among others. It comes as an attachment in an email called "Readme.exe". Like so many other worms, it has its own smtp engine so it can send out emails when you are online even if you don't open your own email client. It will send itself to everyone in your addressbook. You are not at risk if 1) you are listening to the Elephant Boy telling you not to open email attachments; 2) you are running a current antivirus program with updated virus definitions; 3) you have gone to Windows Update and Internet Explorer Update and applied all security patches. You can learn more about W32.Brid at this url:

http://www.sarc.com/avcenter/venc/data/w32.brid.a@mm.html

2. Your email client is the program you use to get your email. Most people running a Windows operating system use either Outlook Express or Outlook. Outlook Express comes with Windows and is a basic email and newsreader (I'll cover newsgroups and newsreaders in another report). Outlook is part of Microsoft Office, which may have come preinstalled on your computer if you bought it from a major manufacturer like Dell or HP. Microsoft Office is not part of the operating system, but is a separate program.

If you use AOL, you use AOL's proprietary online email reader. Here, we'll take a quick detour to talk about the difference between online email clients and offline clients. Those of you who already know this can just skip this bit. ;-) When I send this email to you, it goes to your mailbox, which lives on one of your Internet Service Provider's ("ISP") computers (called a "server"). When you want to get mail, you either log on to your ISP and read the mail online (like with AOL, Yahoo Mail, Hotmail, or the Earthlink email client) OR you download the mail using an email program like Outlook Express ("OE") or Outlook. If you are reading the mail online, unless you save the email, it doesn't come and live on your computer. It stays on the ISP's server until you delete it (or they empty your mailbox after some specified amount of time). This means that you can log in from any computer anywhere with an Internet connection and read your mail. If you download the mail with OE or Outlook, it now lives on your computer and is gone from the server. Most regular ISP's, like Earthlink, AT&T Global, Compuserve, etc., have a place to log in and read your mail online, which is convenient for when you're not home. The advantage to using an email client to download your email is if a) you're using dial-up and don't want to stay online to read mail; b) you can apply spam/content filters to email that are available in the email client; c) you can use whatever email client you like.*

*Unless you use AOL exclusively, in which case you might as well skip the next bit about other email clients because you can't use another email program to get your mail. Sorry.

Why use another email program? 1) Malware writers know that most home/small office computer users run Windows and therefore are probably using OE or Outlook to get mail and often target those particular email clients. A different email program might have less vulnerabilities to certain viruses/worms. This DOES NOT MEAN YOU CAN GET CARELESS AND OPEN ATTACHMENTS IN OTHER EMAIL PROGRAMS BECAUSE YOU ARE STILL RUNNING A WINDOWS OPERATING SYSTEM. 2) A different email program might have capabilities that you particularly like. 3) Just for fun.

Fred Langa just did an article on other email programs. You can find it here: http://www.informationweek.com/LP/columnists/langa/2001/04.htm

The Mozilla browser also has an email component.

If you decide to try another email program, you don't have to uninstall OE or Outlook. You can have more than one email program on your computer at the same time. Just download and install the new one. In order to set up the new program, you'll need to know two pieces of information:

1. Address of your ISP's incoming mail server, usually something like pop3.myISP.com

2. Address of your ISP's outgoing mail server, usually something like smtp.myISP.com

Your email address stays the same, of course. That doesn't change because you are using a different email program - the email is still living on your ISP's server; you're just using a different piece of software to get it. You can get the pop and smtp addresses from somewhere in your ISP's webpages or look at the account settings in OE or Outlook and copy them down.

Back to top

12-09-02 - Contents:
1. Making address labels
2. Newsgroups - what are they?

1. My brother saw my return address labels (they have the ever-cute picture of The Elephant Boy on them with my address) and wanted to know how to do it. He also thought The List might be interested, so here you go:

You can easily add Avery label extensions to Microsoft Word, as well as a Wizard to help you create simple labels. If that is enough for you, go to http://www.avery.com/us/software/index.jsp and download the Avery Wizard (free). There are also free templates and clip art for download. If you want to be a little fancier, then get the Avery DesignPro program from the same page. I believe Avery used to charge for this, but it is now free and very easy to use. When you install
DesignPro, there is a point where the installation program cautions you that you have to have a database for certain functions. Truthfully, I'm not sure what they mean and it hasn't caused me any problems. Just click "OK" (or "yes", whichever it is) and continue.

Once DesignPro is installed, check out its Help file for instructions. It is very easy and I created Elephant Boy and home return address labels within minutes. The nice thing about the DesignPro program is that you create a Master label, and then can add however many variations of that label you want. For instance, I put the Elephant Boy's picture and my address on the Master label, leaving the first line blank. Then I created two sub-labels - one with my name in the first line for personal labels and one with Elephant Boy Computers there instead for business labels. DesignPro may even have more capabilities that I didn't explore because I just wanted to get the job at hand done quickly. Have fun!

2. Newsgroups - Some of you may have heard the terms "newsgroups" and/or "Usenet" and wondered what they mean. As you probably know, the World Wide Web (www.) is not the entire Internet. There are email and other servers, and there is Usenet. Basically, there are thousands of newsgroups where people post text messages (although there are newsgroups dedicated to posting binary files) regarding a particular area of interest. Although Usenet has been around for a really long time, it is a thriving area of the Internet. Rather than take up your time here in this email with all the details, I suggest you go to:

http://groups.google.com/ and http://groups.google.com/googlegroups/help.html for a comprehensive discussion of what Usenet is and How You Do It. You can look into various newsgroups that might interest you by using Google Groups' web-based interface. If you decide you'd like to really get into Usenet deeper, you'll be far better off using a dedicated newsreader. I know you are all using Microsoft operating systems, so you already have a newsreader built in - Outlook Express. OE isn't generally considered a very good newsreader by Usenet veterans, and there are alternatives. Netscape Communicator (http://channels.netscape.com/ns/browsers/default.jsp) includes a newsreader, as does the Mozilla browser (http://www.mozilla.org/). Another good free newsreader is Gravity. Gravity is old and is no longer supported, but it does the job admirably. It can be a bit hard to find, but I found it here, along with some good information on how to use it: http://cws.internet.com/news-gravity.html

Another popular Windows newsreader is Forte's Agent. Agent is $29, I believe, but there is a free version. Here is a link to Forte's home page:
http://www.forteinc.com/main/homepage.php

Although there are free news servers on the Internet, generally your ISP will provide free access to newsgroup servers as part of your Internet service. You should go to your ISP's webpage for instructions on how to set up a newsreader for their newsserver. Some companies, such as Microsoft, provide their own news servers.

You should be aware that Usenet is often extremely "wild and wooly" and most newsgroups are not moderated. So if your sensibilities are tender, be warned up front. Like any society, Usenet has behavioral conventions. The best way to participate in a newsgroup is to subscribe, read the group for quite a while, read its FAQ (Frequently Asked Questions, which are normally posted in each group on a regular basis), and get a generally sense of the culture of the group before posting. This is called "lurking" and is a sensible thing to do. A great compendium of links about Usenet is here: http://www.faqs.org/usenet/index.html

Basically, if you don't want to be flamed:

1. Don't top post
2. Quote sensibly
3. Don't attach binary files in non-binary newsgroups
4. Set your line wrap to 72 characters
5. Don't use html to post - plain text is what is needed
6. Read the FAQ's.

In case you're interested, here are the newsgroups to which I currently subscribe:

(from my ISP's newsserver)
alt.humor.best-of-usenet
alt.os.linux
alt.os.linux.suse
rec.arts.sf.written
rec.humor.oracle

(from Microsoft - msnews.microsoft.com)
microsoft.public.windowsxp.general

Back to top

12-14-02 - Contents:
1. New Windows vulnerabilities

Paul Thurrott (one of the best sources for Windows information), had this to say in today's WinInfo Update Newsletter (since I couldn't have said it better, I'm quoting him directly):

"MICROSOFT VULNERABILITY OF THE WEEK

So many Microsoft security vulnerabilities pass by me each week that I hardly pay attention anymore, but a series of vulnerabilities this week, including a particularly virulent one based on the company's Java Virtual Machine (JVM), is worth noting. You're already protected if you're using Auto Update (and you ARE using Auto Update, right?) but the JVM vulnerability affects all Windows versions since Windows 98 and could let hackers infiltrate a PC and take it over. Microsoft says that no users have been compromised to date, but we know this sort of thing is only fun until someone gets hurt. Head on over to Windows Update and grab the latest critical updates if you aren't sure whether you're already protected."

If you're interested in subscribing to WinInfo Update, go to http://www.winnetmag.net/ and click on WinInfo News. It's listed under Resources. There are lots of other excellent resources on the Windows & .Net Magazine site, too.

Back to top

12-22-02 - Contents:
1. Major security flaw in Windows XP
2. Outlook Express 6 doesn't allow you to open attachments
3. End of the line for Windows 3xx, Windows 95, and NT 3.5x
4. Web amusements - online comics

1. A few days ago, Microsoft issued a report regarding a major security flaw in Windows XP. Earlier operating systems (Windows 9x and ME) are not affected. Briefly, the vulnerability is in the Windows shell - the part of the operating system that not only provides your familiar Windows Desktop, but also creates your working environment. An attacker could host a specially created .mp3 or .wma file on a website; if the user hovered his mouse over the icon for the file or opened the shared folder where the file was stored, the vulnerable code could be invoked. The .mp3 files are extremely popular music formats, and .wma files are played on the Windows Media Player. Microsoft considers this a critical flaw. You can find the technical explanation on Microsoft's Tech Web here:   http://www.microsoft.com/technet/security/bulletin/MS02-072.asp

A patch is available through Windows Update, and if you are keeping your system updated regularly, then you are protected. It seems like there are security announcements for Windows every day, but because so many of you have teenagers who love to download music, I thought this one was worth a "heads up".

2. Even though the Elephant Boy has constantly warned you of the dangers of opening attachments, (Don't Do It!) some of you feel you must or like playing with fire. By default and as a security precaution to avoid saving a virus to your computer, OE 6 doesn't let you save files locally. To enable file saving within OE, perform the following steps:

a. Start Outlook Express.
    b. From the Tools menu, select Options.
    c. Select the Security tab.
    d. Clear the "Do not allow attachments to be saved or opened that could potentially be a virus" check box, then click OK.

3. It's now official - as of December 31, 2002, all Windows 3.xx, Windows 95, and NT 3.5xx operating systems have come to the end of their supported life cycle. This doesn't mean that if you are still running one of these older systems that they will go *poof* and disappear on January 1st, but it does mean that there will be no official support (which includes patches) for them from Microsoft. Here is the link to Microsoft's support lifecycle page:
http://www.microsoft.com/windows/lifecycle/desktop/consumer/default.mspx
They're dead, Jim.

Back to top
EBC Current Reports
Home

01-02-03 - Contents:
1. New Ad-aware information
2. Update reminder

1. There is some updated information for those of you who are using Ad-aware from Lavasoft to rid your computer of spyware. Although Ad-aware has been recommended for a long time, the current version (5.83) is no longer being updated. Lavasoft has stated that they are doing a complete rewrite of the program, and will make it available to paying customers in January, with the free version available sometime in February. The general consensus among security folk is that you'd do best to uninstall Ad-aware, and I'm going to concur. Remember, you do this from within the Control panel applet Add/Remove Programs.

From everything I've seen, Spybot S&D is the best choice to remove spyware/scumware. You can get it from their website here: http://security.kolla.de/ .

A great resource for information about spyware is the SpywareInfo website here: http://www.spywareinfo.com/ . They put out a weekly email report which is extremely useful.

2. Since it is a new year, I'm going to remind you all to keep your systems safe and up-to-date by:

a. Going to Windows Update for operating system patches
b. Getting updates for Internet Explorer and Outlook Express
c. Be sure you have a current antivirus program and keep its virus definitions up-to-date.

Back to top

01-16-03 - Contents:
1. Nasty new worm - Lirva

I've been very busy lately (hurray - the children can eat!), mostly with disinfecting and repairing computers that have contracted viruses, worms, Trojan horses, and various kinds of malware. The latest beauty making the rounds is the Lirva worm, named after the pop singer Avril Lavigne. The worm infects users of Microsoft Outlook. It can disable antivirus and firewall software, and overwrite (this means "seriously ruin" in non-technical language) Microsoft Word, Excel, and PowerPoint files, leaving the file sizes at 0 kb. This means those files are unrecoverable, so the victim had better have clean backups.

Lirva spreads through the KaZaA file sharing network, Internet Relay Chat (IRC), Instant Messenging programs, and email. Once infected, Lirva sends a copy of itself to everyone in the user's address book, using its own email server. Lirva also collects address information from other files on the user's system. Lirva also collects passwords from the infected system and emails them to an address presumed to be located in Russia. On the 7th, 11th, and 24th day of each month, Lirva automatically opens a Web browser on infected machines to Ms. Lavigne's website.

The worm can arrive with various subjects, message body content, and file attachments, including one that pretends to be a message from Network Associates (the makers of McAfee Antivirus) regarding a security problem with Microsoft IIS. You should know that Microsoft never distributes its security patches through email to end users, and Network Associates doesn't email Microsoft patches either.

So:

a. Be sure you have a current antivirus program installed.
b. Be sure that program's virus definitions are kept updated.
c. Be sure you are backing up your data on a regular basis.

Back to top

01-20-03 - Contents:
1. APC product recall
2. Computer cleanliness

1. I know some of you are using an Uninterruptable Power Supply. American Power Conversion (APC) has recalled some 2.1 million units produced under the Back-UPS CS line, specifically the CS 350 and CS 500 models in both 120-volt and 230-volt varieties. Eight units have been reported to seriously overheat. Symptoms included a melted outer casing and probable failure of the units. Compare the first six characters of your UPS's serial number to see if your model qualifies for replacement:

AB0048	through	AB0251
BB0104	through	BB0251
JB0125	through	JB0251

Units with an "R" at the end of the serial number are not included in the recall. Here is a link to the article on the manufacturer's website:

http://www.apc.com/rely/pressrel.cfm

If you don't know what I'm talking about, you don't have a UPS and shouldn't worry about it!

2. In all our talk about keeping our computers fit and happy, I've neglected to mention one very important factor - cleanliness. It is a truism that a computer's most dangerous enemies are dirt and heat. We often talk about heat-related problems and that is why there are fans inside a computer case. The processor, RAM, and video card (especially modern ones) are the biggest producers of heat and that heat has to be dissipated so components don't suffer. However, dirt is a culprit in hardware failures, too. Computers attract dust, no matter how good a housekeeper you are. Dust can form a blanket over fan openings, keeping heat inside. Dirt can damage delicate electronic components, and/or prevent them from making proper contact with the motherboard (the main circuit board that everything inside your computer plugs into). I've been in some very dirty environments, and when I've opened the computer cases have found literally drifts of dirt inside. Not good!

Keep your computers in a clean environment. Don't smoke around them. I don't allow eating in my computer room because sooner or later someone is going to spill soda where it shouldn't go. Don't let your cats sleep on the monitors. I'm guilty of letting my cats into the computer room because I love to do my morning surfing with Sonny the 16-lb. tabbycat on my lap, but it definitely adds to the cat hair buildup. Look at your computers, particular the back parts. Is there a lot of dust on the case fan? The best way to clean a computer is to unplug everything, open the case, and *carefully* blow away the grime using a can of compressed air. I usually take a computer outside to do this. Using a vacuum cleaner is not a good idea, because vacuums can create static electricity, which can be fatal to computer components. For this reason, using those fluffy dusters that use static to attract dust is not a good idea. I have used one around the monitors, printers, and keyboards, but keep it away from the computers themselves.

Back to top

02-12-03 - Contents:
1. Reminder
2. Ad-Aware 6.0
3. Back-up refresher
4. Spam tip

1. This is a reminder for all of you to update your operating systems by going to Windows Update. There have been quite a few new vulnerabilities found in Internet Explorer and Windows operating systems for which Microsoft has issued patches. Remember, you can get to Windows Update from a shortcut on the top of your Start menu or from within Internet Explorer (Tools>Windows Update). Those of you running Windows XP will have been prompted by the automatic Windows Updater, which appears as a small blue globe in your system tray. Also, don't forget to update your virus definitions by running Live Update (or the equivalent for your specific software) from within your antivirus program. In most cases, automatic updating should be turned on, but it doesn't hurt to check it manually.

2. Lavasoft's new version of Ad-Aware - 6.0 - is now out. There is a free version and a paid version. I haven't tried it yet, but preliminary reviews indicate that Spybot Search & Destroy still finds and removes more instances of spyware/adware than Ad-Aware. However, Spybot does have a "geekier" interface and may be more difficult to use. You can download them both and use them both for complete coverage if you like. I plan to use both on my Windows boxen since I have a "belt-and-suspenders" attitude about computer security. Download these programs here:

http://www.lavasoftusa.com/ for Ad-Aware
http://security.kolla.de/ for Spybot

3. Back up your data! The best way is to burn your data on a CD-R disk. Remember, you do not need to copy programs which you can reinstall from the original CD's. You want to save your data - things *you* have created like documents, spreadsheets, financial information. I recommend saving files in one place - the My Documents folder is an excellent choice - so backup is quick and easy. To keep things neat, you can make new folders in My Documents and name them something useful (eg.,Schoolwork; Church; Recipes; Great American Novel, Plans For World Domination, etc.), just as if you were labelling file folders in a filing cabinet

Microsoft programs like Office and Money use the My Documents folder as the default saving location. Other programs, such as Quicken or QuickBooks, may not. You need to explore these other programs and know where your data is being saved. If you use industry-specific software in your business, you should call their tech support and find out what part of their program needs to be backed up. You can also save your Internet Explorer Favorites (bookmarks in Netscape) from within your browser by exporting them and saving in My Documents. Save programs you've downloaded from the Internet by keeping the installer.

On a regular schedule, back up everything you've saved by burning to a CD-R disk, copying to a Zip disk, or (worst choice but better than nothing) to a floppy disk. After you've made your backup, you can delete the downloaded program installers and any documents you don't need from your hard drive. I wouldn't get rid of any vital files (like financial ones) just in case the backup isn't good. It's a smart idea to test your backup regularly, too. Keep your backup in a safe place, not sitting next to your computer! Especially, don't store floppy disks next to a monitor. Monitors have a magnetic field and data is stored on floppies on magnetic tape, just like the old tape cassettes. Leaving floppies next to a monitor will destroy the data and make blank disks unusable.

If you don't know how to backup or need help, call Elephant Boy Computers for some training. You will not be happy if your hard drive dies or a virus destroys Windows and all your important files are gone.

4. The Register has an interesting article this morning about how spammers are inserting tracking codes into their email messages and how to deal with this. Basically, don't open spam but simply delete it. Spammers should die horribly! Read the article here: http://www.theregister.co.uk/content/55/29289.html

Back to top

02-23-03 - Contents:
1. Update on Ad-aware, NewDotNet
2. Patches and updates
3. Bulwer-Lytton 2002 Contest Winners

1. The latest SpywareInfo newsletter has additional information about the new version of Ad-aware. As you know, Elephant Boy Computers recommended that you uninstall any version of Ad-aware that was lower than 6.0. According to SpywareInfo, the new Ad-aware 6.0 Build 160 still had problems removing NewDotNet, CommonName Toolbar, and Webhancer. Reportedly, these issues have been fixed in Ad-aware 6.0 Build 162. If you are using Ad-aware 6.0, you can find the Build number by starting Ad-aware and looking at the very lower right-hand corner of its interface. Mine says "Ad-aware 6 Personal, Build 162". If you are using Ad-aware 6.0, be sure to update. Do this from within Ad-aware by clicking on "Check for updates now" in the lower right-hand corner of the interface above the "Start" button. SpywareInfo also has a very good article about the NewDotNet software often found on systems. SpywareInfo is an excellent source of information about spyware/adware and privacy rights. The website is here: http://www.spywareinfo.com/newsletter/archives/feb-2003/22.php

2. You know that you should regularly visit Windows Update to get patches for your operating system and Internet Explorer, but you should also check for patches on other software you use. Patches and updates fix problems with programs such as security vulnerabilities and/or hardware issues, and sometimes provide new features. Patches and updates are free. Upgrades are more extensive and give a "new and improved" product. Depending on the software manufacturer, upgrades may or may not be free. Usually you will have to pay for a new version, although there may be an upgrade discount. In most software for Windows, you can see the version of a program by going to its Help menu and clicking "About".

Games in particular get patches almost as soon as they are released. It is very expensive to develop a new game, and the publishers regularly push the product out the door before it is really "cooked" in order to get to market. Also, to be fair, there are so many possible combinations of hardware and software on Windows systems that, even with extensive beta testing, the game manufacturers cannot anticipate everything that might go wrong with their program on every computer. Whenever you get a new program, you should always go to the manufacturer's website and check for updates and patches. This includes drivers for hardware you might buy, too. The cd-rom that you get in the box was usually made months before you bought that new sound card or program. Almost every patch and/or update will have a "readme" file with important information about it. Read it!

3. The Bulwer-Lytton 2002 Contest winners have been announced. For those of you who don't know, Edward George Bulwer-Lytton was the author who wrote the immortal book, "Paul Clifford" (1830). It is generally agreed that this book has the worst opening sentence of all time:

"It was a dark and stormy night; the rain fell in torrents-- except at occasional intervals, when it was checked by a violent gust of wind which swept up the streets (for it is in London that our scene lies), rattling along the housetops, and fiercely agitating the scanty flame of the lamps that struggled against the darkness."

Contestants submit a sentence in the same vein. Those of you with a literary sense of humor can find the website here:

http://www.bulwer-lytton.com/

Back to top

03-18-03 - Contents:
1. Domain Names, Websites - How They Work
2. Virus Warning/New Vulnerabilities

1. It occurred to me that some of you might be interested in knowing about how to get domain names and websites. For those of you who couldn't care less, skip this part!

There is a great non-technical explanation of the Domain Name System by InternNIC, the Internet Corporation for Assigned Names and Numbers, on their website. Here's an excerpt, but if you want to know more, go here: http://www.internic.net/faqs/authoritative-dns.html

"What is the Domain Name System?

"The Domain Name System (DNS) helps users to find their way around the Internet. Every computer on the Internet has a unique address just like a telephone number which is a rather complicated string of numbers. It is called its "IP address" (IP stands for "Internet Protocol"). But it is hard to remember everyone's IP address. The DNS makes it easier by allowing a familiar string of letters (the "domain name") to be used instead of the arcane IP address. So instead of typing 192.0.34.65, you can type www.icann.org. It is a "mnemonic" device that makes addresses easier to remember.

"Translating the name into the IP address is called "resolving the domain name." The goal of the DNS is for any Internet user any place in the world to reach a specific website IP address by entering its domain name. Domain names are also used for reaching e-mail addresses and for other Internet applications."

There's a lot more, but you can check it out yourself. Your Internet Service Provider probably offers you space on one of their computers to make a Homepage website. Because you are using their domain (like "aol.com"), your address will be something like "www.aol.com/~myusername/homepage.htm". But you can have your own domain. Here's an analogy that I think will help make the whole process clear: think about getting a domain name and setting up a website as if you were starting a business. I'll use my domain, "elephantboycomputers.com", as an example. You register a domain name with an company that is accredited by ICANN. There are quite a few and rates vary. This action is like when you form a company and file papers with State and Local governments so you are "official" and your name is unique (for instance, you can't call yourself "Macy's" because that's already taken). I have my domains registered with my hosting company, HostingMatters, which is an excellent hosting service.

OK, so now I own "elephantboycomputers.com". What do I want to do with it? I need a public presence, or it's like being in business without a storefront. No one knows you exist. So you find a company that will host a website for you. This is like renting a storefront, and HostingMatters is my landlord. The DNS for my site is set to Hosting Matters' servers so when you type "www.elephantboycomputers.com" into your web browser, you'll be able to find my website.

Now I have to fill my "store" with something, so I create webpages and save them as files on my hard drive. Because I'm not a website designer, I use a simple program to make the webpages - Mozilla Composer. Now I copy the files to the folder HostingMatters has for me on their computer by uploading them. And that's all there is to it! Well, not really, but this gives you an idea of what's involved in getting your own domain name.

2. Over the last few weeks, people have been getting bitten by an email with a virus attachment that is masquerading as a security update from Microsoft. Microsoft never sends out patches in email. There have been new vulnerabilities found in various Windows operating systems (most recently one for Windows 2000). You should patch your operating system by going to Windows Update. And you know not to open attachments. But I just thought I'd warn you about this latest trick by the bad guys. Remember, for virus and hoax information go to www.sarc.com .

Back to top

03-30-03 - Contents:
1. Online music sites
2. Spam

1. I've had a lot of clients needing major clean-up of their machines lately, mostly due to viruses and/or spyware-adware infestations. In most of those cases, KaZaA Media Desktop, WinMX, or some other kind of file-sharing software was installed. Now, all of you have heard my standard "don't do this" lecture; if you haven't or strangely want to experience it again, just go to the spyware and file-swapping sections.

I thought I'd do a bit of research on how to download music legally. Of course, if the artist has his/her own website and offers songs for download that's one way, but going to multiple websites for all the music you'd want to get would be tiresome. There are online music subscription services which might be a good way to go. CAVEAT AND DISCLOSURE: I don't use any of these and I can't vouch for them one way or the other. You'll have to do your own research. That would include
reading the website's FAQ's (Frequently Asked Questions), Privacy Policy, and ALL the fine print. You can check out if the website in question has been rated by other users at sites like: www.rateitall.com and www.epinions.com and/or just do some research by talking to friends, reading reviews, search the web with Google, etc. Using Google, I entered the search term: "music subscription site reviews" and came up with these articles which might be useful:

http://www.cnet.com/software/0-3227898-8-20061541-1.html
http://www.pcworld.com/news/article/0,aid,80564,00.asp

That said, here are links to some online music subscription services, listed in no particular order:

http://www.emusic.com/pitch.html
http://www.mp3grandcentral.net/new/index.html?srcid=music
http://www.mp3.com/
http://www.pressplay.com/
http://www.musicnet.com/
http://www.listen.com/

Update: As of 1/14/04, I believe eMusic is no more. However, iTunes and Rhapsody are the biggest players in the online music market right now.

2. I have a small section on junk mail - spam - on the website here:

http://www.elephantboycomputers.com/page4.html#Junk_Mail:

but I'd just like to remind you to NEVER RESPOND TO SPAMMERS. Many spam mails include a link for you to click on to "unsubscribe" to future mailings. THIS IS A LIE. When you click on that link, all you've done is to confirm to the spammer that he/she has a live email address and you'll get more spam, not less. DON'T EVER BUY ANYTHING FROM A SPAMMER. Here are some interesting links in addition to the ones on my website:

http://www.scambusters.com/stopspam/index.html
http://www.elsop.com/wrc/complain.htm
http://spam.abuse.net/
http://www.howtofightspam.com/
http://www.wired.com/news/infostructure/0,1377,57613,00.html (this is an article from WiredNews about what happens when you buy from or otherwise contact spammers)

Back to top

04-21-03 - Contents:
1. Windows Update reminder
2. Backing up
3. Messenger spam problem

1. This is a reminder for you all to visit the Windows Update site to get patches for your operating system. There have been quite a few Windows vulnerabilities alerts over the past week or so (how strange and unusual - NOT!). If you need a refresher on how to use Windows Update, here is a link to a previous EBC Report with details.

2. I've got information about backing up in another section on this website and also in a previous EBC Report.

However, I recently had a call from someone who wanted to know of a backup solution that would require no work from him. While there are many backup programs that run in the background ONCE THEY ARE PROPERLY SET UP, there is no Computer Brownie who will automagically copy all your data and back it up to a CD-R or tape without any user input. With a tape backup system, SOMEONE still has to put in a fresh tape and verify the backup. If backing up to CD-R's, an actual human has to put in a disk and start the burning program.

For most home users, simply backing up the data files in My Documents might be enough, but you should sit down and think about what you would miss if all your stuff was gone tomorrow. Browser favorites/bookmarks? Outlook contacts, calendar, and email files? Outlook Express addressbook? Quicken or QuickBooks data? Cards you've created in a greeting card program? You get the drift. If you have a business and don't have the time or inclination to do backups, then designate one of your employees to do this, or hire an in-house IT person. Remember, only someone intimately familiar with your business will know what programs your company uses and how to back up the data created.

If you want a program that will run in the background and copy files to a specified folder, I highly recommend SecondCopy. This program is very flexible and can be configured to do simple or complex backups as you prefer. I've used it for home computing backups and yet its feature set is rich enough to be used to back up server/client configurations. SecondCopy is shareware, which means you can "try before you buy". It is very reasonably priced at $29.95, especially considering that major backup programs from companies like Veritas and NovaStor can cost anywhere from $75 to $800 on up. Of course, if you need extremely fault-tolerant server backups for your business, you will want a heavy-duty backup system. However, in that case you have your own IT Department and aren't reading this newsletter!

3. Windows 2000 and Windows XP users (Win9x and ME are not affected) have been experiencing a new kind of spam. When connected to the Internet (like with an always-on connection such as cable), but not necessarily browsing, ads will suddenly pop up on the desktop. Spammers discovered they can take advantage of the Messenger service to send ads. The Messenger service has nothing to do with an instant messaging client; rather it is there so that a Systems Administrator in a large network can send a message to everyone connected, perhaps to tell everyone to shut down now or let them know something important about system performance. If you aren't doing this (and it is unlikely that anyone reading this Report is), you don't need to have this service running. To disable it, go to your Control Panel and open the Administrative Tools applet. Then double-click on Services. This will open the Services (Local) window. Scroll down to Messenger and double-click it to get the Messenger properties. On the General tab, you'll see the Service Status. If it is started, click Stop. Then change the Startup type to Disabled by using the drop-down arrow to the right. Click Apply and OK. You should also think about getting a firewall. Sygate makes a good one that is free for personal use.

An excellent place to learn about Windows 2000 and Windows XP services is Black Viper's website.

Back to top

05-19-03 - Contents:

1. Warning - new email spoof - caution regarding patches
2. Kid safety on the Internet

1. This is just a reminder that no legitimate company will send you an email with an attachment purporting to fix their product. Another email trick has surfaced wherein the email pretends to come from Microsoft with a patch* but the patch is really the Palyh (aka Mankx) virus. Here is a quote from The Register's article this morning:

"Windows users everywhere are urged to update their anti-virus definitions following the discovery of a new worm, which poses as one of a series of odd messages from Microsoft.

"The pest is an email and network attack worm that includes a downloaded Trojan horse component, according to a preliminary analysis of the virus by security outfit iDefense. After a computer is infected with the worm it attempts to create copies of itself in remotely shared startup locations on a network.

"The virus also attempts to update itself by linking to a Web site. Hopefully this avenue of mischief will soon be closed.