Main Line Computer Users Group


March 2004 Issue 262

VILLANOVA UNIVERSITY, ST. AUGUSTINE CENTER, ROOM 110

MEETING STARTS - 09:30 - MAR 13 th


THIS MONTH'S CONTENTS
UPCOMING MEETING:

As usual, we'll start off the meeting with some announcements and a bit of round-table talking on news and problems. Come early and stay late!

From last month's part 2 on spyware, we have a bit left over. That's to finish the demo of the Spybot + SpywareBlaster combo. That got stopped by a missing file on the club PC - now corrected. So, presenter, John Deker, will give the finale.

Then, we'll have a real change of scene, with webmaster Pete Whinnery. And, no, his subject is not the web or our website; but LINUX!

This alternate to Windows, around for years, is making slow but steady gains. It's a topic for group questions, articles in the media, even lawsuits!

Since Linux is another OS, it normally requires the installation in either a separate computer or a separate partition on your hard drive, this latter means a dual-boot system and quite a bit of trouble for folks to just get a taste of the environment.

Pete will introduce us to a recent variant of the OS, called: "KNOPPIX" that gets around these startup problems. It does not require the partitioning of your hard drive, nor dual booting. It runs from a separate CD. Come to hear, see and get your chance to play with it!!!..


FEBRUARY'S SPYWARE PROGRAM by John Deker

At our February meeting we spent a few moments recapping and reviewing what we had done in January related to our anti spyware installation of Ad-aware and Pest Patrol, and put some emphasis on recovering from upsets that can be occasionally caused by removing spyware. Remember, spyware is often embedded in the registry or can be required for host software (software like [cont.]

#######################################
ANNOUNCEMENTS & COMMENTS
#######################################

LINUX for March - if you want to get a jump on the March program, you can start reading up on it. Pete posted a notice to the listserv on a newbies type reference. Here's a repeat of the URL:

http://www.knoppix.net/docs/index.php/KnoppixForNewbies

NOTE: be sure that you use the upper- and lower-case characters in the last part of the URL. It is case-sensitive!!!

Pete has also posted some additional intro material on our website (that will be used in his program in March). Just jump to mlcug.org/ and scroll down to the "PC Interests" section. Then click the link called, oddly enough, "Knoppix" - enjoy!

For those who want to give the OS a trial whirl, we will have available for each a personal CD to run.

OUR NEW WEBSITE - just a reminder that thru the good offices of Mr. Rich Goldberg, operator of the Bee.net local ISP, the club has been provided with a new website host and a new (we hope, easy-to-remember) domain name - mlcug.org! So, now we can be found on the web at: http://mlcug.org

Remember to check it out regularly. Last minute meeting items may be posted there, in addition to coming to you via the MLCUG listserv.

Oh yes, our faithful webmaster, Pete Whinnery, will be most appreciative of ideas to improve the useability and value of this website; so don't hesitate to suggest (he tells us he is still learning!).

REGULAR REMINDERS: 1) our email mailing list is run for the member's benefit; so please do not hesitate to post notices or problems to it. If we can't solve the problem remotely, we can be alerted to it ahead of a meeting where hands-on may do the job.

2) attendees know that we have a very fast internet connection from the VU meeting room (last month we hit 800+ KBps, now that's really moving - tho past performance is no guarantee of the future!). So, if you have a very large download, you can bring along a zip disk (or a CD-R/RW) and get it done there, either before or after the main meeting.

3) a half dozen or so of the regular attendees usually partake of lunch at the Villanova Diner after the meeting. Why not join us? It is a good time to get a little more help (or give it) and just to have fun talking about our common interests. The food is quite good, too!

***************************************
WorldWideWoes !!

My editorial comment for the month: did you know that WWW means World Wide Woes with the Truth! Just to remind folks that you can not any longer, take at face value, anything you hear, read or see!!

The barely starting 2004 presidential election race has brought the first incident of a photo, generated from pieces of other photos in Photoshop, being circulated on the net to put a candidate in a bad light.

BE SURE that you check on any such stuff that gets sent your way BEFORE you either BELIEVE it or FORWARD it on, as you're likely to be urged to do. [Emil Volcheck, ed.]

***************************************
YOUR PC - A SPAM MACHINE?

A recent AP article reminded us that the folks who bring you the latest worms and trojans are doing more than bother you. They may also be having you help them with bothering others. Like the recent "MyDoom" infestation, and many predecessors, these bits of malware plant a program on your system that can generate spam. So, when you are on the net, your computer is working in the background to send out spam to all and sundry (or at least all the addresses it can find on your computer)!

If you have a good 2-way firewall (like Zone Alarm, Norton, McAfee etc. - but NOT the current Windows XP firewall), it will sense this activity and ask you if it's OK! That will allow you to say NO and be alerted to the presence of the program, so as to take steps to remove it.

Yet another reason to have up-to-date AV software and, now, anti-spyware, too. As I've noted on more than one occasion, much of your computer's power may be going into security and privacy - pretty sad commentary on life with the internet..... [Emil Volcheck]

***************************************
MLCUG LISTSERV

Unfortunately, last month, the MLCUG list folks received, an unauthorized email message that carried a VIRUS attachment (called body.zip).

You should know that this message should not have appeared here since the apparent sender is not a registered poster (e.g. not an MLCUG member). Note that this problem has been corrected (we hope), as announced at February's meeting.

Also, we expected that the virus filter from our ISP would not have allowed such an attachment to get emailed to its users. We're still exploring this one.

One further point, since this was an email attachment that carried the malicious code, I hope that all recipients treated it by the rules for:

PRACTICING SAFE EMAIL ATTACHMENTS

The best solution to prevent a virus or Trojan Horse disaster is: NOT to place yourself in harm's way in the first place So, remember, when you receive an email attachment and BEFORE you open it, ask yourself these four questions:

  1. Do I know who the email is from?
  2. Do I know what the attachment is?
  3. Do I know what the attachment does?
  4. Does the attachment ORIGINATE from the person who is sending it to me?
ONLY, if you can answer "Yes" to ALL four questions, can you be assured that you may open the email attachment with impunity.

Note: in this incident, that attachment failed questions 1, 2 & 3; so you should not have downloaded or tried to open it, if you did do the download. If your anti-virus software was actively scanning your email downloads, it should have acted and protected you.

***************************************
LAST MONTH'S MEETING

Another lively (and successful?) meeting, with 19 attendees, including a couple of the newer faces. Hopefully, our several newbies will be able to make it to future meetings!

Before going round the table, I summarized a couple of problems suffered by our new listserv for MLCUG members only. At the January meeting, a question had come up about how to be sure that an email message actually DID come from the list, and was not spam or worse. To try to deal with that, webmaster Peter Whinnery arranged for each and every message coming from the listserv to have [MLCUG} automatically prefixed to whatever subject line was entered by the sender. The feeling was that that should insure the origination and validity of a message.

But, only a day after that was done, a message came out from the list that was NOT from a member and, on top of that, carried a virus attachment (a file called "body.zip" that contained a virus called "body.exe"). Any reasonable up-to-date anti-virus software would have caught the virus on download (as several of us experienced). But, it should not have got thru and the original message itself never should have got thru.

We think we have plugged the hole that let the message get out in the first place; so virus or not, it would not have got to our users. Preventing a virus-laden attachment itself is not fully resolved, as we want them to be stopped whether they come from outsiders, or from a list member. We'll keep folks posted on that issue.

Turning to comments, questions etc. that came up as we went around:

For those folks beleaguered by all the variations in the DVD field, Marty Caulfield told us about a couple of websites that may be helpful. So, if you want to delve into the mysteries of DVD technology, he mentioned the "DVD Demystified" website - which promotes a book by that title. But, as part of the website, there is a tremendous wealth of info in the "official" DVD FAQ (Marty says it takes 151 pages to print it!!). The URL is: http://www.dvddemystified.com/dvdfaq.html. And, for those primarily interested in DVD-based movies, there is a lots of info at: http://www.dvdrhelp.com/.

Another interesting and useful site that Marty mentioned is: http://www.techsupportalert.com/ - which has loads of how-to articles (as pdf files) plus a biweekly newsletter. Maybe Marty can show a couple next time???

John Murphy had a neat show-and-tell - aimed at folks using dialup modems for internet access. He had found a couple of external modems that combine a dialup modem, router and ethernet switch. They let more than one computer access the net at the same time and provide an effective hardware firewall, a very attractive security tool!! He had purchased a Best Data 56NET modem (list $99) and mentioned that ActionTec also has a similar product (their "Dual PC" modem, $70 list). Of course, like any other router/firewall product, you'll need to have an ethernet card in your computer (and that will prepare you to effortlessly switch to broadband internet access in the future!). For more info on these new modems, check:

http://www.bestdata.com/product.asp?pid=39&catID=4 and http://www.actiontec.com/products/modems/dual_pcmodem/dpm_overview.html

Webmaster Pete mentioned that a new link had been added to the club webpage. Just go to the home page and scroll down a bit to the "PC Interests" section. The second link there relates to "Computer Health and Security". He is including many of the references coming up at our meetings, like the spyware stuff that John Deker is covering. Give it a look!

In a bit of an aside, Pete also commented on the relative freedom of Linux/Unix computers from the malware invasions.

We did, really, get back to our main topic - SPYWARE! Presenter John Deker gave us a reminder rundown of last month's part 1 on the subject. He mentioned that the latest issue of PC Magazine carries a review of spyware detectors (40+ of them, I believe); so it is a thriving field (unfortunately for all of us who have another invasive technology to contend with!). Elsewhere in this issue is John's summary of the meeting.

One demo left to do was to show off the product called "SpywareBlaster" which watches over your web ramblings and attempts to stop the initial installation of spyware, rather than trying to remove it after the fact. However, while the download of the installer went fine, it would not complete the installation because of a critical missing file on the club computer. Apparently, we are not alone in this problem, as there were aids to correcting the deficiency; but it was too late in the meeting to do so. However, since then, the missing file was installed and SpywareBlaster successfully installed, too. So, John will take a bit of time in March to complete the spyware story for this time around.

As you hopefully noted at the beginning of this issue, we are going to give a whirl at the OS that is getting so much world-wide PR - LINUX! Our webmaster and devoted LInux user, Pete Whinnery, will carry the cudgel. Be prepared to pay close attention! See you then, Emil...

***************************************
Of all things!

Last month, I commented about the move of the eMachines folks into some "higher end" computing (that was a $1300 model T6000). But, hardly had the issue come out when there was an announcement that Gateway bought eMachines !

However, as seems usual in modern mergers, the first word out of Gateway was that they would be cutting their staff from 7,400 down to ~5,500. I guess we should all buy eMachines to help keep a 3rd party in the mass PC market (after #1 Dell and #2 HP, or the other way round)

***************************************
PESTWARE PROGRAM - II

by John Deker, continued from p.1

AOL's Instant Messenger that delivers adware) to function completely. Allowing anti spyware to remove spyware in such cases can possibly, but not likely, cause operating system problems or restrict the functionality of host software.

It's always best to have a backup recovery plan when making changes to your computer software whether you are installing, removing, or reconfiguring software, even if removing offending software with an anti-virus or anti-spyware program.

MURPHY'S VISIT - While reviewing Spybot and attempting to augment its functionality with Spyware Blaster, that proverbial Murphy guy paid us a visit. We could not get Spyware Blaster to run on the club's BTO computer due to a missing OS file. While trying to resolve the issue, we discovered it was not an uncommon problem with Spyware Blaster. We found some references to the problem while searching the Web for more information on the missing file. Additional information can be found here along with the needed file fix info:

http://forums.infoprosjoint.net/showthread.php?t=4496

It's worth noting that I have installed Spyware Blaster on 6 other PC's without running into this problem previously. Of the 6 PC's, 2 were Win98 and 4 were WinXP operating systems.

Rather than try to solve the problem during the meeting, we left it to the executive committee and Emil to discover and define a resolution by the March meeting. I'm happy to be able to say that the problem has been resolved as of this writing. The solution was garnered from the Web link indicated above. There are several discussion messages on that Web page. One message in particular provided the critical information and I published that info on the listserv. Emil used the information to resolve the problem on the BTO and will hopefully discuss it further at our March meeting when we will plan to complete our demo of anti-spyware.

SUMMARY & RECOMMENDATION

Emil has asked that I provide a recommendation to the club on which anti spyware you should use and why. I believe Emil recognizes the burden spyware and viruses place on the user who wants to keep his computer safe and Emil wants us to have as simple a one fix answer as possible. The reality of spyware is that I don't believe there is a best answer for all users as not all users have the same competency level or needs. Nor in this new threat arena is any of the anti spyware programs able to detect and successfully remove ALL spyware.

If I were forced to pick one best answer it would be to install and use Spybot and Spyware Blaster based on bang for the buck. Both programs are donation ware which makes the price one of the best features. Second, PC Magazine recently rated Spybot with an honorary mention right behind its favored Spyware Sweeper program. The big negative downside with Spybot and Spyware Blaster is that you have 2 programs to keep updated on a weekly basis. And that's in addition to your anti virus program that you update weekly. YOU DO UPDATE YOUR ANTI VIRUS PROGRAM, DON'T YOU?

I feel that Spybot and Spyware Blaster require quite a bit more effort from the user than Ad-aware which is freeware. For those of you who think your computer competency is not all you would like it to be and who don't use peer-to-peer file exchange software and don't visit risque Web sites, I think Ad-aware may best serve your needs. Please note that the freeware version of Ad-aware requires you, the user, to manually run it occasionally for it to be of any value you. This is also true of Spybot, but Spybot does offer some realtime protection features

For those of you who want an aggressively updated anti spyware program with the best information about spyware and don't mind paying for it, Pest Patrol is recommended. PC Magazine noted that Pest Patrol has the best research information about spyware. At this time, the information is freely accessible to the public on their website.

Not presented in our review of anti spyware, but highly recommended by PC Magazine is Spyware Sweeper. It is the costliest of this group of anti spyware with an annual renewal charge of just under $30, or you can opt for a 2 year renewal charge of just under $40.

These recommendations will be discussed further at our March meeting. Until then, continue to practice safe computing.

***************************************
Good Pest Reference by John Deker

A repeat reminder of a good reference on the ins and outs of the pestware genre:

http://www.pestpatrol.com/pestinfo/

***************************************
Wiping Out That Hard Drive

I've located a piece of freeware that claims to wipe hard drives clean - to the Department of Defense (DoD) specs, if desired. As yet, I have not tested it as I haven't a hard drive to wipe out!!

But, if someone needs that capability and might like to try it, give me a buzz and we can test it.

The utility (called DBAN - for Darik's Boot And Nuke) is in the form of a bootable floppy disk or a bootable CD. So, it can be used in a computer that boots from either medium. The author warns NOT to make the mistake of putting one of the bootable disks in your machine as you might accidentally boot from it - and you will be toast! A warning not to be taken lightly..... Cheers, Emil ...

***************************************
MALWARE DEFINITIONS

Adware - Programs that secretly gather personal information through the Internet and relay it back to another computer, generally for advertising purposes. It is often accomplished by tracking information related to browser usage or habits.

Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. A user may unknowingly trigger adware by accepting an End User License Agreement from a software program linked to the adware.

DIRECTIONS FOR ST. AUGUSTINE CENTER MEETING ROOM

Meetings are in the St. Augustine Center at Villanova University. The regular monthly sessions meet in Room 110.

[Map goes here]

Enter from the ITHAN AVENUE main gate, then proceed to the upper level of the 2-level parking building adjacent to the St. Augustine Center, on the Ithan Avenue side of the building.

NOTE: maps on our webpage - http://mlcug.org/


PC/128/64 Meetings  2004  Steering Committee Meetings

			March 13			March 17 **
			April 10 			April 21 **
			May 8				May 19 **

	* = FOURTH Wednesday	** = THIRD Wednesday at Tom Johnson's home
*********************************************************************************EDITOR:  Emil J. Volcheck, Jr.   1046 General Allen Lane    West Chester, PA 19382-8030
(Produced on a home-built PC: 233 MHz Pentium, 128 MB RAM, 20 GB hard drive, Epson Stylus Color 740 printer, HP Scanjet 6300C, CD-RW drive, DVD-ROM drive and 250 MB Zip drive, using Appleworks 5.0.3)

          MLCUG LISTSERV: for members only...
                     WWW: http://www.mlcug.org/
               PUBLICITY: Robyn Josephs 610-565-4058
       VILLANOVA SPONSOR: Prof. Frank Maloney, Dept. of Astronomy

MLCUG STEERING COMMITTEE:

PRESIDENT: Emil Volcheck    610-388-1581  SECRETARY: Charles Curran 610-446-5239
TREASURER: Dewitt Stewart   610-623-5145  AMIGASIG: John Deker      610-828-7897
WEBMASTER: Peter Whinnery   610-284-5234  DATABASE: Layton Fireng   610-688-2080
AT LARGE:  Tom Johnson      610-525-3440  AT LARGE: John Murphy     610-935-4398