| February 2004 | Issue 261 |
MEETING STARTS - 09:30 - FEB 14 th
As usual, we'll start off the meeting with some announcements and a bit of round-table talking on news and problems. Come early and stay late!
From presenter, John Deker: for February we'll continue our look at anti-pestware. Specifically, we'll finish up on SpyBot and its associated program, Spyware Blaster. Spyware Blaster prevents the installation of ActiveX programs, which are considered to be pestware, or worse.
ActiveX programs are programs imported by your browser to execute certain functions on your computer. Microsoft created an authentication process for such programs, but the authentication process does not guarantee that the program is not malicious in some way. For further information about ActiveX problems and risk, please refer to an article from Byte magazine at:
http://www.byte.com/art/9611/sec3/art8.htm
We'll finish the formal presentation on the anti-pestware software with a review of the three programs presented last month, namely; PestPatrol, SpyBot, and Ad-Aware, and make a general recommendation as to which is best and why we think so.
To end the presentation, we'll discuss the potential risks of using these programs and how you might handle those risks, if you decide to use them. To be honest, I consider the risks relatively minimal, but since these programs sometimes mess with the registry when trying to remove pestware, there is still some risk...
During our January meeting presentation we pretty much stuck to our agenda by reviewing what pestware is and then looking at 3 anti-pestware programs - PestPatrol, SpyBot, and Ad-Aware. [cont.]
#######################################
WELCOME - to our most recent new members: Robert & Heidi Bulitta of
Downingtown, David Raines of Birchleaf VA (yes, Virginia!), Bill &
Heather Uster of West Chester and Frank Walder of Upper Darby!! With
all these additions, we can now boast of some 39 members. For the
first time in many years, we have had an increase in members from the
previous year!! So, we hope that all of these new, members will find
value in the group, will hang in there for the future and try to find
other users who could also benefit from being a part of the MLCUG!
OUR NEW WEBSITE - just a reminder that thru the good offices of
Mr. Rich Goldberg, operator of the Bee.net local ISP, the club has
been provided with a new website host and a new (we hope,
easy-to-remember) domain name - mlcug.org! So, now we can be found on
the web at: http://mlcug.org
Remember to check it out regularly. Last minute meeting items may be
posted there, in addition to coming to you via the MLCUG listserv.
Oh yes, our faithful webmaster, Pete Whinnery, will be most
appreciative of ideas to improve the useability and value of this
website; so don't hesitate to suggest (he tells us he is still
learning!).
REGULAR REMINDERS:
1) our email mailing list is run for the member's benefit; so please
do not hesitate to post notices or problems to it. If we can't solve
the problem remotely, we can be alerted to it ahead of a meeting where
hands-on may do the job.
2) attendees know that we have a very fast internet connection from
the VU meeting room (last month we hit 800+ KBps, now that's really
moving - tho past performance is no guarantee of the future!). So, if
you have a very large download, you can bring along a zip disk (or a
CD-R/RW) and get it done there, either before or after the main
meeting.
3) a half dozen or so of the regular attendees usually partake of
lunch at the Villanova Diner after the meeting. Why not join us? It
is a good time to get a little more help (or give it) and just to have
fun talking about our common interests. The food is quite good, too!
***************************************
Last time we mentioned the bug in Internet Explorer that allows for
URLs that invisibly take you to a website that is not what you see on
your screen - making for lots of folks giving out private info while
believing they are contacting a reputable and trusted website!
Remember last August where we had a couple of potent bits of malware a
week apart? Well, last week did that one better(?) with a new worm
(Beagle.A) appearing on Monday, followed by another (MyDoom.A) a day
or so later, then a third (MyDoom.B) on Thursday. Symantec had to
update their virus definitions three times in four days, rather than
once in a week!!
Both Beagle and MyDoom are mass-mailing worms which means that, once
they are activated on your computer, they search thru your files
seeking email addresses and mailing copies of themselves to those
addresses. MyDoom.A is now the record-holder as the "most successful"
worm yet! Some success!!
MyDoom.B was apparently sent out to reduce folks ability to stop the
worms by preventing computers from accessing websites that can provide
updated virus signatures for anti-virus software (like Symantec,
McAfee, F-Secure). It apparently did not propagate as quickly as the
A variant, but nevertheless added to the net mess.
An extra "feature" of the MyDoom worm is that it plants a little
utility on your computer so that on February 1st, your computer will
connect to the net and start sending attention requests to the web
server of SCO (the Unix folks). This technique, called a
denial-of-service (DoS) attack, is designed to completely overwhelm a
web server with so many requests for attention that it will crash and
go out of service. Since the worm circulated world-wide, it planted
these little time bombs all over the planet - but how many was not
known.
And, sure enough, starting late on the 31st, the requests began to
roll in to the SCO website (www.sco.com) and increased in volume as
the hours rolled by. The SCO website was brought down by these
requests early on the 1st, as the hacker had hoped and planned for!
So, it's clear that he succeeeded in planting his time bombs pretty
extensively. As most of you know, there is no really good, quick way
of stopping a DoS attack (one of which brought down some Microsoft
servers last year!); so SCO is out of commission for some unknown
amount of time...
The point of all this story - make sure that YOU: 1) have your
anti-virus software installed, 2) keep it up-to-date and 3) have
installed and running a good 2-way firewall and 4) better, if feasible
have a hardware firewall in place. This way, you'll be protected and
will not be a partner to DoS attacks!
We can delve further into these guidelines at our next meeting
discussion. Watch the listserv, too.
***************************************
A recent column by Reid Goldsborough, in the Inquirer, carries
another trouble message re the 2004 versions of Norton Anti-virus 2004
and Norton Internet Security 2004.
On the off-chance that folks might be interested, I took a flyer and
made a bulk order of: Norton Anti-Virus 2003. These were OEM CDs and
I sold them at my cost of $10 each. This was cheaper than extending
one's AV subscription for Norton - which is now around $20 (actually,
one person told me it cost them $25!).
Because Inquirer columnists, John Fried and Reid Goldsborough, have
reported problems with the 2004 versions of the Norton products, AV
and internet security suite. It look like a good idea to refrain from
them, until we get evidence that the problems have been corrected. If
anyone hears news on the products, please let us know. [Emil]
***************************************
MLCUGers: note the format of the "Subject:" header of this message.
All messages from this list will now include "[MLCUG]" automatically
in the subject header to make it easier to identify. This should
provide assurance to our members that the messages are safe to open.
Your humble list keeper. [Peter Whinnery]
***************************************
We had quite a crowd at the January meeting, with 21 attendees,
including some first time members - new faces! Hopefully, the latter
found the meeting interesting enough to return!!
More info on the meeting will follow, but for those who did not make
it, the program was Part I on "Pestware". Our presenter, John Deker,
discussed pestware (adware, spyware and such-like).
In the course of the demo, he downloaded and installed three products:
Next time, we'll spend more time on Spy-Bot and a companion program
Spy Blaster. We hope that you'll all be able to make it.
***************************************
The eMachines folks, not exactly noted for bleeding edge computers
have announced a $1300 (at Best Buy), high end system (model T6000).
Here are the stats: Athlon 64-bit CPU, at 2 GHz, 512 MB of RAM, 160 GB
hard drive, 128 MB video card, 8-in-1 media card reader, CD burner,
DVD drive, ethernet, USB 2 and Firewire ports!
I guess they must be doing something right. Just a few days ago,
Gateway computers announced that they were merging with eMachines, in
a straight buyout. This move will nearly double Gateway's sales - but
still leave them in a fairly distant #3 position, after #1 Dell and #2
HP. Gateway has not been making money, tho eMachines has. Hopefully
for them both, the merged company will survive and make a decent
profit. A two-company duopoly is not a heck of a lot better than the
oneopoly we have with Microsoft; so 3 may be!
***************************************
by John Deker, continued from p.1
Most of information about pestware came from the PestPatrol research
center websites at:
http://www.pestpatrol.com/downloads/eval/
download.asp
With the download completed, we installed the software, ran an update
check, and then performed a scan for pestware. When the scan was
complete, we looked at some of the detected pests and showed how one
can get additional information about those pests. We also spent a bit
of time on some of the features of the software.
With PestPatrol behind us, we then turned our focus on Lavasoft's
Ad-aware. Since Ad-aware is freeware we were able to download and
install the full functional version from:
http://www.lavasoftusa.com/support/download/
The download links to several download sites can be found at the
bottom of the web page. In a fashion similar to PestPatrol, we
updated the software and ran it thru its paces.
The last part of our January presentation was spent downloading and
installing Spybot. Spybot is donationware and can be downloaded from
a link at the bottom of this web page:
http://www.safer-networking.org/index.php?page=download
We only spent a few moments looking at Spybot. So, we'll finish our
review of this program and an associated program, Spyware Blaster, in
February. See the agenda for February elsewhere.
***************************************
Reminder of a good reference on the ins and outs of the pestware genre:
http://www.pestpatrol.com/pestinfo/
[by John Deker]
***************************************
Following the January meeting, I re-ran the three pestware utilities
on the club computer and got the following results:
During the next session, we'll aim for a way for folks to evaluate the
results of a such a scan to help them decide what to do. Here, of
course, I did nothing, just ran them, as a benchmark prior to the part
2 meeting. [Emil Volcheck]
NOTE: in the program planned for February, John Deker will give his
take on this subject - with some recommendations on how to deal with
such results.
***************************************
Gad! Talk about being upstaged! Last month, I had an article about
the impending doom of Microsoft's support for Windows 98/98 SE - on
January 16th. But, the issue barely got to press before Microsoft
relented and announced that the support would be extended for an
additional 2.5 years - to June 2006. They also noted that support for
Windows Me would end at the same time, tho it is a year younger than
Windows 98 SE.
I confirmed, at a computer meeting on the 15th that the word had been
posted on the Microsoft website. The following article is a nice
summation of the situation, and an assessment of potential motives for
the change:
Microsoft extends Win98 support to June '06
Doing an about-face at the 11th hour, Microsoft, on Monday, decided to
extend its support of Windows 98, Windows 98 SE and Windows Millennium
until June 30, 2006 -- support that was scheduled to be phased out
starting this Friday.
According to a company spokesman, the company rethought its position
on Windows 98 late last week in response to "customer need," and
because the company wanted to bring Windows 98 SE into compliance with
the company's current life cycle policy for new products, which
provides support for seven years instead of the original four,
according to the company.
"The first [reason] was in response to customer needs. Microsoft made
this decision to accommodate customers worldwide who are still
dependent upon these operating systems and to provide Microsoft more
time to communicate its product life cycle support guidelines in a
handful of markets - particularly smaller and emerging markets," said
Frank Kane, an MS spokesman.
The decision to lengthen support for Win 98 and Win Me customers
through the same date provides a "clear and consistent date for
support conclusion for all of these older products," Kane said.
During this time, Microsoft will continue to offer paid phone support
and will continue to review critical security issues, taking
appropriate steps.
According to recent numbers from IDC, as of year end 2003, there were
still 58 million Windows 98 users, 21 million Windows 95 users, and 25
million Windows Millennium users. The company said the installed base
of desktop operating systems users now totals 380 million. [ejv note:
the article does not say if this is the Windows installed base, or
includes other OSes].
Besides doing a better job of listening to the financial and technical
needs of their customers, the move may also have to do with Microsoft
protecting its mammoth installed base against the surging tide of
Linux-based distributors led by Red Hat and SuSE Linux.
"Some reasons have to do with users needing continued support and not
being able to move for one reason or another. The other is if they
left people orphaned, the open source community would swoop in to say,
'hey, we can help you'. Considering the competitive nature of the
market in general, some very big companies could end up walking into
the arms of Red Hat and SuSE," said Dan Kusnetzky, vice president in
charge of operating system research at IDC.
Kusnetzky added, however, that in the context of other operating
systems suppliers Microsoft is actually more generous than other
providers that often discontinue support of older systems about a year
after its replacement comes out.
"In terms of support [Microsoft] is already generous. Most OS
suppliers support their product for no more than a year after the
replacement has come out. So there are both sides to that," said
Kusnetzky.
Updated details about the new extended support period for these
products will be posted Jan. 15 at
http://support.microsoft.com/lifecycle, Microsoft said. [Note: ejv
confirmed it on January 15th]
ANNOUNCEMENTS & COMMENTS
#######################################
WELL ANOTHER ONE !!!
SYMANTEC/NORTON PRODUCTS
MLCUG LISTSERV
LAST MONTH'S MEETING
Each was used to scan the club computer for pestware and the results
of each were compared. As John had previously noted, these programs
interpret stuff differently and the results of the scan confirmed
that, as each gave a different report of the "potentially bad stuff".
Of all things!
PESTWARE PROGRAM - I
Since we were getting our pestware overview from the PestPatrol
website, we also did our first anti-pestware download from that site.
In this case, the download was demoware, since PestPatrol is
commercial software. The PestPatrol demoware will detect pestware,
but not remove it. The evaluation version of PestPatrol can be found
here:
Good Pest Overview Reference
Pestware Test Report
Ad-Aware found 2
Pest Patrol found 1
(same as 1 from Ad-Aware)
SpyBot found 9
(incl the 2 of Ad-Aware)
Of these, only 1 - a non-cookie, which all three programs found -
appears interesting or possibly worrisome. No way to tell for an
amateur like me.
Old Windows to get a little older!!
[By Ed Scannell January 12, 2004]