Main Line Computer Users Group - May 20001 Issue 228

VILLANOVA UNIVERSITY, ST. AUGUSTINE CENTER

MEETING STARTS - 09:30 - MAY 12 th

STARTING YEAR TWENTY !!!


THIS MONTH'S CONTENTS
MAIN LINE PC/128/64 USERS - Room 110

For all attendees, as usual, we will take the opportunity to "go round the table" for announcements and tidbits from everyone. Things that have interested you are likely to interest others, too. And, also a chance to present problems and questions EXCEPT on backing up. Here's why...

We spent the last couple of meetings on demos of and discussion about various hardware and software tools for backing up data, applications and even whole drives (or whole partitions on drives that have been partitioned into more than one section).

We did NOT devote much effort to what the person who has no big hunk of free space on their hard drive, nor an auxilliary drive of any sort, should do! We'll plan to devote some significant discussion time at this meeting to this subject - and solicit input on what attendees are doing or can do to maximize protection with minimal investment. I'm hopeful that we'll generate some good discussion on the subject.

So, how about it? Hopefully, YOU've given some thought to what has transpired in the last few meetings and have your own ideas or questions. This will be the chance to get them out on the table for everyone to get involved in. [see p.5, for starters].

[continued]


HAS DISASTER STRUCK YOU, TOO??

Well, this last couple of weeks has brought a couple of hacker-related disasters to our folks. Peter Whinnery had the following posted to the MLCUG BBS:

Aacckk!!! I've been hacked! I have been too slow to implement the security measures I know should be in place and am now paying for it. My system has been compromised at the root level (the cracker was able to gain root access). The first symptom was flakey terminal behavior. The next: the program 'top' stopped working. The clincher: a strange message at bootup about a program called Energy Mech being started by init. [cont'd.]

########################################
ANNOUNCEMENTS & COMMENTS
########################################

WELCOME! - to our newest member, Ralph Hose. He joined us first at our February meeting.

BLEEDING EDGE? - do you feel like you should be on the cutting edge - or are you already cut - and on the bleeding edge? Do you want to move beyond the piddling capacity of a CD-RW drive? Then, one of the new, under-$1000 ($999?) DVD recorder drives may be for you.

A new Panasonic drive writes to 4.7 GB DVD-R discs (2X), 650 MB CD-R discs (8X) and 550 MB CD-RW discs (4X). Probably reads at about 32X. Go for it!

Demise (hpefully not all)! - I had mentioned briefly about the demise of the winmag.com website. Here's the actual email announcement that I got: ---------- To Winmag.com newsletter subscribers:

Publication of the Broadband Report, MS Office Beat, Power Tools, Power Win2000, Tip of the Week, Windows Insider, Win Letter, and Winmag Preview newsletters has been suspended.

But you can stay on top of developments in desktop technology by subscribing to the PlanetIT Desktop Newsletter. For late-breaking IT news, subscribe to TechWeb News Daily Update. And for the best of the TechWeb sites, try TechWeb This Week. ---------- I got this announcement since I have been a subscriber to the "Power Tools" newsletter, authored by Karen Kenworthy.

So, it is official: "Windows Magazine --> winmag.com --> oblivion" is complete!

I will be following up to see if Karen is going to be able to continue her service as the Power Tool gal.....

WINDOWS STARTUP DISK - just a reminder that we have the "improved" Windows startup disks available at $1 each. And, for those who got the "label-less" disks, I'll again have the pre- printed labels at the next meeting for you.

LUNCH - some of us regularly adjourn after the meeting for lunch at the Villanova diner. Why not come join us - and continue the converse?

****************************************
WIN 98 TIP OF THE MONTH

This month, I'm looking for a tip! Specifically for Win98.

When you click START, then PROGRAMS, you get (if you have a lot of items) a SINGLE scrollable column to choose your program from. However, in Win95 you get multiple columns without scrolling. So, you have 2-3 times as many choices on your screen at one time.

Somewhere I saw a tip on how to change Win98 to do like Win95. If anyone can run this tip down, please let me have a reference. I'd like to use it and pass it on. Thanks to all readers...

****************************************
"SECURITY" ON YOUR SYSTEM - Hah!

[continued from p.1]

After some poking around I found a number of rogue programs running on my system: Energy Mech is an IRC bot; others were found that captured keystrokes, login & password combos, etc.

I isolated the box from the rest of the home network (unplug the ethernet). Now in the process to try and determine when the attack happened and whether my back-up tapes (about a month old) are infected or not.

The only surefire way I know of to recover from such an attack is to re-install the OS. Fortunately RedHat 7.1 was just recently released to good press. I downloaded 3 of the 4 CDs (don't need the Source RPMS just yet) via my DSL connection at work (>8hrs/CD). I will try to keep a good log of my re-install and the security measures that *will* be taken this time around. Fool me once, shame on you. Fool me twice, shame on me!

Wish me luck. Peter

****************************************
SECURITY INCIDENT!

Within a couple of days of the incident that Pete posted, I learned of another:

An acquaintance, who shall remain nameless, is an avid player in the internet-based role playing game called EVERQUEST. Over the course of most of the last year, he has been building a high level, powerful character - with the expenditure of probably a couple thousand hours on-line. It is a custom that folks who build valuable characters and other properties in these games will put them up for sale to other players who want to make a big step forward or get a significant headstart.

So, negotiations were underway for the sale of this particular asset for more than $1,000! Just about the time the deal came to fruition, the account was hacked into and all its key identification information was changed so that the hacker was able to assume possession of the character and use it for his own! All evidence of the prior owner had been obliterated; so it was impossible to prove that a theft had taken place!!!

So much for high tech!

****************************************
John Fried's FAQ Column

John Fried, whose computer columns appear in the Thursday and Sunday issues of the Philadelphia Inquirer, is a great source of tips and test reports and he has been very responsive to emailed comments and queries. When you send an email, you get the automatic response shown in the following paragraphs. I'm showing it because of the helpful reference material contained in it. Usually, John follows with a "live" response in a couple of days.

Here's the auto-reply: ---------- "Dear FAQ Reader, thank you for submitting your question. I will consider it for a future column; if I have an immediate answer to your problem, I'll get back to you when I have a chance. If you need help immediately you may want to check our archives of previous FAQs.

Columns for FAQs from May 4, 2000 to the present can be found at web.philly.com/content/inquirer/columnists/john fried.htm (Please note: If you copy this Web address to your browser, place an underscore mark (like this one U ) between the john and the fried).

Columns from May 4, 2000 back to December 1997 are available at: www.philly.com/volt/faq.asp

Also, a book, FAQ: Sound Answers to Real Computing Questions, containing 270 topics culled from the column, is available by calling 215.854.4444

Here are instructions on how to find an item online:

At the sites, scroll down the page until you find the indices to the columns.

For 1998 columns in 12/31/98 column For 1999 columns in 12/30/99 column For 2000 columns in 1/4/01 column

To find your issue in the online columns, find it in an index and note the date on which it was discussed.

Using the Back button on the browser go back to the FAQ site on which all the columns are listed.

Scroll through the page (you may have to scroll up or down) until you see the date you are seeking.

Click on the headline above the date.

When the page with the column opens, scroll down the page until you find the item you seek.

If you want to keep the material print out the entire page, using the browser's print key; or, highlight just the item you want, go to Edit in the browser's menu bar and choose Copy. Then open a word processor. In its menu bar choose Edit, choose Paste.

Many software and hardware vendors maintain Web support sites with extensive knowledge databases, discussion groups and other help solutions. These sites sometimes leave something to be desired, but they often do come through with a good solution."

John J. Fried

****************************************
LAST MONTH'S PC/128/64 MEETING
****************************************

April's club meeting was attended by fourteen folks, including our newest member - Ralph Hose.

We ran two demos - interspersed with announcements and Q & A during the times when the computer was busy.

Demo #1 - this was the promised complete demo of imaging a drive and restoring it from the image. In March, we had imaged a drive directly to a CD-R, but went no further. That time, it was part of the program that started with installing a new CD-RW drive in the club's PC.

So, this month, we (successfully!) did the whole shebang. First, we booted up into Windows ME, utilizing that OS's partition on the club PC. Then we used Powerquest's Drive Image 4.0 to make an image of that partition (around 600 MB of files) to a single CD-R disk (using the 40% compression setting on the software). This took about 15 minutes for the whole imaging step.

Second, we re-booted with Powerquest's Partition Magic and deleted the Windows ME partition (takes only a few seconds, once the program has loaded).

Third, we attempted to start Windows ME - but Boot Magic reported it could not find that OS, which is reasonable since we had just deleted it! This step was just to confirm for the attendees, that we really had deleted it...

Fourth, we ran Drive Image again and restored from the image - this process took only 5 minutes, once DI was loaded. Quicker because reading the CD-R is much faster than burning to it.

Fifth, we started up the restored Windows ME and confirmed that all was back to normal.

Everything went smoothly - confirming that DI is an excellent tool for rapidly saving and then restoring complete partitions.

I think all present were readily able to appreciate the whole process and the simplicity of it - given that you have access to a CD-R drive.

And, since there was plenty of time after this planned main demo, we tackled another.

Demo #2 - following last month's regular and steering meetings, we acquired a device called the "Mobile Dock" by InClose. This is a shell that fits in a 5.25" drive bay and has removable trays that hold 3.5" form factor IDE devices. You can have a variety of IDE devices that can all use the same drive bay and IDE connection. In the case of the club PC, it is the secondary IDE slave connection. Member Layton Fireng had brought in a spare hard drive. This was installed in one of the IDE trays - it took just a couple of minutes, to connect the IDE and the power cable stubs in the tray to the drive.

Then the PC was powered down and the HD-in-tray inserted, locked in place and the PC powered up. The drive was immediately recognized and took its place in the drive letter array.

To our surprise, however, this HD on the secondary slave took the drive letter (D:) that had been assigned to the primary slave position where our D: drive had been. This caused some fuss, as a couple of programs that are activated during startup, and which expected to find things on the (former) D: drive went begging for them to the new, empty D: drive. After we powered down, pulled the tray and came back up, everything was back to normal.

Lesson - the concept works nicely. But, if you want to install an additional (fixed) hard drive, be prepared for drive letter changes.

I had tested it outside the meeting with a removable ORB cartridge drive and it left the D: drive alone. So, I suspect that swapping cartridge drives, CD-ROM, zip, jaz, etc. drives will not mess up the critical C: and D:) drives.

Again, this looked like a very good & utilitarian addition to your computer for $15-25 for the original and $10-15 for extra trays.

All in all, a very successful meeting with two (yes, 2) demonstrations that WORKED!

****************************************
Backing up for the have-nots

To take a step beyond the bare minimum, Charlie and I did a little brainstorming on options that users could take - that is, improve your backup capability for minimal investment. The list below is a first crack based on the last couple of meetings.

The premise of this list is that a key need for backing up is to have some place to back up to - that place NOT being needed for the everyday use of the system. So, what can one consider and what are the tabs?

So, sort of in order of investment AND desirability here are those thoughts:

1. An IDE Zip drive ($50) plus a 5-pack of 100 MB zip disks ($40). This comes to $90 and needs a spare connector on an IDE buss. Capacity of around 600 MB, or nearly a gig with average compression.

2. A 20 GB IDE hard drive ($90) provides a LOT of backup space for minimum bucks. It, too, needs that IDE buss connector.

- for an extra $20, you can make it removable (if you need it in more than one place, or want to keep it safe somewhere else)

3. A CD burner ($80) and CD-R discs @ 15-30 cents apiece gives pretty inexpensive backup space. This does not need extra buss space since it can take the place of your present CD-ROM drive (I usually make a hard drive image of CDs being backed up; so having both a CD-ROM and CD-R(RW) drive is not really necessary).

4. A 2.2 GB IDE ORB drive ($100), with 2.2 GB cartridges at $30 a pop, looks to be another pretty cost effective option. With average compression, you can backup about 3 GB of files per cartridge. Not as cheap as CD-R discs, but a lot more flexible and very re-useable.

----------
All the above options require something of the order of a $100 initial expense. The others that Charlie and I came up with cost more. So, here's where creativity on your part could be real useful (hint, hint)!
----------

5. A high capacity tape drive - we did not look up prices, but lots of backing up can be done, albeit slooowly. And, equally slooowly to restore.

6. An external hard drive - depending on the interface, you would need to invest the order of $150 up. We think this low end would buy you a parallel port, 20 GB drive setup. Much slower than an internal IDE device, but broadly useful.

- you can now get USB and firewire devices; but, with PCs, it looks like you can not use them with a startup floppy. My feedback from Iomega and Castlewood indicate that they do not have drivers for their USB devices that work in DOS (startup disk) mode. A very severe limitation in my estimation.

7. SCSI devices - in the same price ballpark would be an extra SCSI hard drive. This option also offers the possibility for various other peripherals that could be added to your system without worries of resource conflicts. You will need to have: a) a spare card slot (and the spare IRQ to go with it) and b) the same spare drive bay (if you'd like an internal SCSI hard drive option). From a cost standpoint, a good SCSI card will run you about $50 while a 20 GB SCSI type hard drive will be in the range of $150 (compared to about a $100 for the IDE version, based on a quick scan of catalogs). You will then be able to add another half dozen devices that would be serviced by the same SCSI card.

That's it for a first try. As I said at the beginning, how about comments on these options, or other viable ones?????

****************************************
Confused About Viruses! - II

"I'm confused about the differences between viruses, worms, and Trojan horses. Are they all viruses, or are Trojan horses and worms different than viruses?" - Peter L., San Francisco

ANSWER: Dear Peter L.,

[continued...]

THE TROJAN HORSE

The Trojan horse is often referred to as "the smart virus." Although it's not a virus, it acts in a similar way but can be programmed with the intelligence to stealthily carry out specific instructions from the author. Trojans are becoming increasingly popular in data and password theft, where the aim is not mass disruption (like a virus) but the silent theft of secret information. The attack on Microsoft in October 2000 used a very basic Trojan Horse known as QAZ, and apparently targeted at stealing the source code for Windows 2000. Unlike worms and viruses Trojan Horses don't replicate themselves, but focus on the specific task assigned by their author. Trojan Horses can be particularly destructive. We discussed in another article in this issue how a sacked employee activated a Trojan Horse only six lines long that caused an estimated $12 million in damages to the small firm he worked for, and cost 80 employees their jobs.

Where did it get its name? From the mythical Battle of Troy, where 100 Greek warriors secreted themselves inside a giant wooden horse offered as a gift to the defenders of Troy (The Trojans).

THE WORM

Worms cause harm by replicating themselves so often your overloaded computer simply grinds to a halt or by activating a dangerous payload like their Trojan cousin.

The Anna Kournikova "virus" detected in February 2001 was actually a worm, similar in design to the "I LOVE YOU" worm. I Love You was the costliest and fastest spreading worm, infecting millions of computers and costing an estimated $10 billion in damages in May 2000, according to research firm Computer Economics.

Anna Kournikova was written in Visual Basic language, and was encrypted so the code could not easily be read. "Anna" didn't carry a malicious payload (so far) but clogged email boxes by infecting email programs and sending a copy of itself to every contact listed in the email address book.

A new kind of worm called Sonic discovered in France in October 2000 was one of the early examples of two-part self-updating smart worms; first infecting with a 'slave' that could hide itself in the victim's computer, then using the Internet to dial the creator and download the "master" component.

Once both were installed they could remain hidden for months, quietly stealing information and sending it across the Internet, tracking the user's behavior, and eventually taking over control of the computer.

Where did it get its name? Bad or malicious code in programming created "gaps" in the code that programmers described as looking like "wormholes."

[Extracted from the Zone Labs website]

DIRECTIONS FOR ST. AUGUSTINE CENTER MEETING ROOM

Meetings are in the St. Augustine Center at Villanova University. The 8-bit and PC sessions will be meeting in Room 110.

[Map goes here.....]

Enter from the ITHAN AVENUE main gate, then proceed to the 2-level parking building adjacent to St. Augustine, on the Ithan Avenue side of the building.

NOTE: maps on our webpage - http://astro4.ast.vill.edu/mlcug/

64/128/PC/Amiga Meetings  2001  Steering Committee Meetings

May 12 May 16 June 9 June 20 July 14 July 18

* = first Saturday ** = second Wednesday *************************************************************************************** EDITOR: Emil J. Volcheck, Jr. 1046 General Allen Lane West Chester, PA 19382-8030 (Produced with C-128D/SCPU 128, RAMlink, HD-40/85, 1571, FD-4000, THE WRITE STUFF 128, XETEC Super Grafix, Canon BJ-200ex, Swiftlink and Motorola 288 modem)

MLCUG BBS: 610-828-1359 ( 300 --> 33600 bps ), 24 hr/day WWW: http://astro4.ast.vill.edu/mlcug/ PUBLICITY: Robyn Josephs 610-565-4058 DISK ORDERS: Charlie Curran 610-446-5239 VILLANOVA SPONSOR: Prof. Frank Maloney, Dept. of Astronomy

MLCUG STEERING COMMITTEE:

PRESIDENT: Emil Volcheck 610-388-1581 SECRETARY: Charles Curran 610-446-5239 TREAS/MEMBERS: Dewitt Stewart 610-623-5145 SYSOP/AMIGA SIG: John Deker 610-828-7897 INTERNET/Linux:Peter Whinnery 610-284-5234 DATABASE: Layton Fireng 610-688-2080 AT LARGE: Tom Johnson 610-525-3440 AT LARGE: John Murphy 610-935-4398