Main Line Computer Users Group


June 2004 Issue 265

VILLANOVA UNIVERSITY, ST. AUGUSTINE CENTER, ROOM 110

MEETING STARTS - 09:30 - JUNE 12 th


THIS MONTH'S CONTENTS


UPCOMING MEETING:

As usual, we'll start off the meeting with some announcements and a bit of round-table discussion on news and problems. Come early and stay late!

Having spent the last few meetings on the Linux variant called "Knoppix", we'll have a change of pace for this time round.

As you are all aware, one big change that has taken place in the last few years is the enormous increase in the capacity of hard drives - and an increase in the size of operating systems (and associated applications, too). You may recall that a typical Windows 95 installation took up around 55 MB, whereas a typical Windows XP is more like a gig!!

This big size change has raised issues around preservation - backing up and archiving your information. AS is becoming clear, about the only reasonable way to back up a big hard drive is to use another big hard drive. But, for safety sake, the backup drive ought to be either removable, or external - so, this month's meeting! Some years ago, we installed an demoed the removable hard drive approach - on our older club PC; so we'll not do that now (tho we can certainly entertain questions).

Member John Murphy will - before our very eyes (), assemble and demonstrate a very large capacity external hard drive system. It will be evident that you, too, can do this yourself!!!


Computer Security Strategies

Users of Microsoft Windows operating systems are particularly targeted by a variety of folks who write and distribute (primarily via the internet) a continuing (probably increasing) stream of viruses, worms, Trojan Horses, spyware and other types of malware that adversely impact a computer user's security, privacy and computer operability. Many news items, magazine articles and [continued on p.3]

#######################################
ANNOUNCEMENTS & COMMENTS
#######################################

TIDBIT - The Linux Learners Guide, "I stumbled on to this, a 26 page guide (I never find anything the just runs a page or two!).

Not having enough expertise I don't know how valuable it is, but take a look and see what you think". Find it at www.thejemreport.com [by Marty Caulfield].

WELCOME - to our newest club member, Bill Talley, from West Chester. Hope you'll find the club to be mutually beneficial!

OUR NEW WEBSITE - just a reminder that thru the good offices of Mr. Rich Goldberg, operator of the Bee.net local ISP, the club has been provided with a new website host and a new (we hope, easy-to-remember) domain name - mlcug.org! So, now we can be found on the web at: http://mlcug.org

Remember to check it out regularly. Last minute meeting items may be posted there, in addition to coming to you via the MLCUG listserv.

Oh yes, our faithful webmaster, Pete Whinnery, will be most appreciative of ideas to improve the useability and value of this website; so don't hesitate to suggest (he tells us he is still learning!).

REGULAR REMINDERS:

  1. our email mailing list is run for the member's benefit; so please do not hesitate to post notices or problems to it. If we can't solve the problem remotely, we can be alerted to it ahead of a meeting where hands-on may do the job.

  2. attendees know that we have a very fast internet connection from the VU meeting room (recently we hit 800+ KBps, now that's really moving - tho past performance is no guarantee of the future!). So, if you have a very large download, you can bring along a zip disk (or a CD-R/RW) and get it done there, either before or after the main meeting.

  3. a half dozen or so of the regular attendees usually partake of lunch at the Villanova Diner after the meeting. Why not join us? It is a good time to get a little more help (or give it) and just to have fun talking about our common interests. The food is quite good, too!

***************************************
LAST MONTH'S MEETING

For our May meeting, we had 18 folks turn out, including new member Bill Talley.

To kick things off, Marty Caulfield reminded us that we were embarking on our 22nd year of operation (with the publication of newsletter #264). He thanked your editor for the perseverance to keep the club/newsletter going.

As a memory reminder, he handed out to all attendees a copy of "Newsletter" #0 - with a "Mayo Productions" logo creatively added! If you missed your memorial copy, I'm sure that Marty will be most obliging to provide a copy to anyone who is interested (email him at mart418@ bellatlantic.net). Thanks, Marty!!

Next activity was our regular round-the-table Q&A session. Some of the items covered are reflected elsewhere in this issue, or next.

Following the Q&A, we turned the meeting over to Pete Whinnery, who took us thru the next chapter on using the "Linux-on-a-CD" application, called "Knoppix". The next item is Pete's summary of his May 2004 presentation:

KNOPPIX ON YOUR PC

  1. Demo the floppy disk boot w/ edits to the config file for a more "automatic" boot process.

    First I created a Knoppix boot floppy. On it there is a file called 'syslinux.cfg'. I clicked on it and it opened in K-write. At the top of the file is a DEFAULT section. I added the options home=scan and myconfig=scan after the BOOT_IMAGE=knoppix entry. Rebooted w/the floppy and hit return at the boot prompt - Bingo! My persistent home dir. and config file.were found.

    Feeling confident I then changed vga=791 to vga=788 (value found in an entry later in the file) and Bingo Again! The floppy now boots with 800x600 resolution with my saved config and persistent home directory.

  2. Install the CD to the Hard Drive

    The installation procedure to get Knoppix installed onto your hard drive was shown:

    1. Boot the Knoppix CD.
    2. When the boot prompt comes up, choose your language. Most of us speak English, so we'll type: boot: knoppix lang=en then press ENTER (you don't type the 'boot:' part, of course)
    3. Wait till the system is fully launched, including the KDE desktop
    4. Press CTRL-ALT-F1, to get a root console. You should see a shell prompt -OR-
    5. Open a terminal (Konsole) and isssue the command "su" to become the root (admin) user.
    6. Type: knx-hdinstall
    7. Follow guided installation menus. To include:
      • Create a Linux partition (at least 2.5GB
      • Create a Linux Swap partition (>= 256MB)
      • 'Mounting' the Linux partition as root
      • Initialising the swap partition
      • Copying all the required files (automatically)
      • Setting up networking
      • Setting passwords
      • Creating a boot disk (BootLoader section skipped for now)
      • Rebooting (without the CD)
    8. (Optional) - type apt-get update (followed by ENTER). This will update your list of available packages, and takes about 5-10 minutes.
    9. Presto, you've got a fully installed GNU/Linux desktop >From here on in, you'll probably want to fine-tune a few things, set up themes, backgrounds etc. But most of the hard work is already done for you!

  3. Demo "apt-get" - a very cool software update/install program. As an example, we downloaded and installed the program 'gnome-apt', a GUI front end to the 'apt-get' program.
Command used was: apt-get install gnome-apt

We then ran gnome-apt from the command line and looked at some of the features of apt-get.

Partition Help: Knoppix includes QtParted. Which is a Partition Magic clone for Linux. To find it go to the KMenu->System->QtParted. The program runs fine and displays partition info on the your hard drives. I have not experimented with creating, deleting, or resizing a partition as of this writing, so it is another topic to demo/explore - even for Windows users! [Pete Whinnery]

***************************************
Computer Security Strategies

[continued from p.1] reviews on- and off-line propose all kinds of strategies for going after these problems. Most tend to be a bit disjointed or focus on one problem, rather than a systematic approach that provides some sort of integrated strategy.

For example, Microsoft on their website at: http://www.microsoft.com/protect/ has proposed a three (3) step system, as follows:

  1. Use an Internet firewall
  2. Update your computer (primarily Windows)
  3. Use up-to-date antivirus software
However, this approach misses the privacy aspect in not dealing with spyware, and it leaves out some tactics that can help minimize the potential impact of all malware.

So, after discussing this subject in numerous meetings and across a number of lunch tables, I'd like to suggest several modifications to Microsoft's approach, thusly:

  1. Use a 2-way Internet firewall
  2. Use automatically updated AV software
  3. Practice "Safe Email Attachments"
  4. Update your computer - with caution, preferably waiting until there is feedback on the safety of any specific update
  5. Use anti-spyware applications regularly
Comments on these items and the changes and/or additions that I've made:
  1. a 1-way firewall (such as the Windows XP firewall or the hardware firewalls in network routers and the like) can do an excellent job of keeping stuff from coming in, but do nothing to stop worms and spyware from going out.

  2. because of the frequency of appearance of new malware, the security vendors, like Symantec, have been updating their products on a near daily basis. One needs the AV software to automatically update itself, rather than depend on the user to make daily checks for needed updates.

  3. proper handling of email attachments was not addressed by Microsoft at all, so the addendum on this topic (extracted largely from David Keller of the SWFPCUG) provides a good working strategy.

  4. unfortunately, the Windows update process is not without its own hazards; so updating the instant Microsoft makes a patch available can be hazardous. With the first three items above in place, one can wait a bit - until there is some real-world experience with any patch (or Microsoft has issued a patch for the patch problem).

  5. at this writing, a strategy for fully coping with spyware, adware or other marketware is not yet in place. Using the freeware products: Ad-Aware and Spybot S&D in tandem (possibly with the aid of SpywareBlaster) is probably a current good start. More to come on this topic.....
Now, for that addendum on attachments, namely:

Practicing Safe Email Attachments

The best solution to prevent a virus or Trojan Horse disaster is NOT to place yourself in harm's way in the first place.

So, remember, when you receive an email attachment and BEFORE you open it, ask yourself these four questions:

  1. Do I know who the email is from?
  2. Do I know what the attachment is?
  3. Do I know what the attachment does?
  4. Does the attachment ORIGINATE from the person who is sending it to me?
ONLY, if you can answer "Yes" to ALL four questions, can you be assured that you may open the email attachment with impunity.

And, remember: if an attachment was forwarded to you, it automatically fails #4 !!!

***************************************
Busy Business!!

To reinforce the activity that is taking place on the security front, this quote:

New Viruses Hit 30-Month High

The number of new viruses released on the Internet in May hit a 2-1/2-year high last month, an anti-virus vendor says. Five new viruses released in May made Sophos' Top 10 for the month. Included are Sasser, Netsky-Z, Sober-G, Bagle-AA, and Lovgate-V, the company said Wednesday. Sasser led the pack in the number of infected machines reported.

Sophos found a total of 959 new viruses on the Internet in May, the highest number since December 2001. That number includes new viruses that were variants of older ones.
[By TechWeb News, InformationWeek, 6/3/2004]

***************************************
Deleting Information from Hard Drives

[Some of you had the chance in years past to hear Gene Barlow tell us about the ins and outs of hard drives. Here is a new initiative from him. Please give it a read and let me know if you'd like more].

By Gene Barlow, User Group Relations
Copyrighted May 2004

[This is one of a series of monthly technical articles that I plan to distribute on a regular basis in the coming months. Watch for them and learn more about your computer and its hard drive. User group newsletter editors may print this article in their monthly newsletter as long as the article is printed in its entirety and not cut or edited. Please send me a copy of the newsletter containing the article so that I can see what groups are running the articles.]

"The early hard drives on mainframe computers were not considered very reliable. Information stored on these early devices would often not record properly or may become contaminated easily. Programmers using these drives would write the data in two separate locations on the drive. Then, when the data was needed later, it would be read from both locations and compared in memory to make sure it was still the same. If differences were detected, then the program could not continue until the data was corrected and rewritten to the hard drive.

As technology advanced, special mathematical checking codes were stored with the data that could detect if the information retrieved from a hard drive was still valid. These codes eliminated the need to record the data twice, but did nothing to clean up any errors found. It wasn't long before more sophisticated checking codes were introduced that could not only detect errors, but would also actually correct most single and double character errors. Still, the recording of information on hard drives was not considered real reliable and frequent backup copies of the drives were necessary.

When the IBM PC was introduced with hard drives, the designers of these drives were still very concerned about loosing data on these devices. So, everything was done to make sure the data written to the drive remained on the hard drive and could not be accidentally deleted or lost. Today, it is almost impossible to permanently delete information, once it is written to a hard drive. Who would have thought that this retention of information would become a problem for computer users?

In today's world, privacy and security of information are major concerns. Identity theft is a major problem that we all face. With just a few pieces of information about us, dishonest individuals can steal large sums of money from us and ruin our credit ratings. At the same time, computers and the internet have made information much more widely available not only to us, but to these dishonest individuals. Unless we are careful, our private information can get into the hands of these dishonest individuals and they will certainly take advantage of the situation.

Recent studies have shown that hard drives on PCs contain a wealth of private information that most users thought they had removed from the drive months or years earlier. What these users do not understand is that simply deleting a file from the hard drive does not permanently remove it from the drive. In fact, all that deleting a file does is to flag that file space for future reuse. It may be years before that space is reused with another file or it may never be reused. So, the deleted information remains on the hard drive, hidden from the user, but still there. Dishonest individuals using commonly available software can find and access all of these deleted files.

Users that are knowledgeable enough to know that deleted files remain on the hard drive are often surprised to learn that formatting the hard drive does not get rid of these deleted files either. All the formatting function does is to create a few tables at the beginning of the partition. The deleted information on the hard drive is not removed or changed during a format. Operations such as defragging a hard drive only cause your private information to be copied and spread across the entire hard drive. So, how can you permanently remove private information once it is written to a hard drive?

The only effective way to permanently remove information from a hard drive is to write blanks or zeros over the top of the deleted information. This obliterates the information that was written there earlier. To do this, special hard drive wiping utilities must be used. Two of the best hard drive wiping utilities were developed by WhiteCanyon Software. I have come to know and rely on these excellent products. One or both of them could make your job of keeping your hard drive clean of hidden private or personal information easy to do.

The first of these two products is called WipeDrive. This is the bulldozer of the two products. When you use it to wipe your hard drive, it starts at the beginning of the drive and writes blanks on top of everything on the drive. It continues to wipe the drive until it reaches the end of the hard drive. When it is done, the entire drive is totally clean and empty. Nothing remains on the hard drive that a dishonest person could see or use against you. Everyone should use this utility before they sell or give their old computer or hard drive away. Otherwise, you are giving away all of your private information with your old computer. WipeDrive boots from a diskette or CD and can wipe all PC type hard drives. WipeDrive sells for up to $45 in computer stores, but user group members can obtain a copy from our User Group Store for just $24.

The second of these two products is called SecureClean. This is more like a vacuum cleaner, than a bulldozer. It vacuums the dirt out of the carpet, but does not knock over the furniture or the walls. In other words, it can clean the deleted information off your hard drive, but does not disturb the actively used files on the drive. The selective ability of SecureClean to wipe your hard drive, but not disturbing your current files, makes it the ideal tool to use on your current hard drives to keep them clean of deleted information. I recommend that you run SecureClean about once a month on your computer to permanently wipe over all deleted information on the drive.

Packaged with SecureClean is a bonus utility call SecureScan. This product will scan your hard drive and show you all of the deleted information that is hidden on the drive. You will be surprised at what you'll find still on your hard drive. You may find personal files that you deleted months or years ago that are still on the drive. You may even find some files that were accidentally deleted and you thought they were forever lost. If a deleted file is still complete, SecureScan can even bring this file back to life and make it available again on your hard drive. This un-delete function of SecureScan is not the main purpose of this program, but a nice additional feature that you may want to use. SecureClean and SecureScan install on any Windows operating system. SecureClean sells for $40, but user group members can obtain a copy from our User Group Store for just $24. Buy both WipeDrive and SecureClean/Scan for just $39, a $60 value.

To order either or both of these excellent hard drive wiping utilities, go to the User Group Store at www.usergroupstore.com. (or www.ugr.com/store) You can read more about these two products in the security department of the store. Click on any of the Buy Now buttons to get to our secure web order form. Complete the form including the special code of UGWCM04. You will be given the chance to verify and correct your order before it is submitted. Once you submit it, we will receive it shortly and normally we ship all orders the following morning. You should have your products in just a few days. While you are at the User Group Store, check out the many other products we offer, all at great user group discounts.

Preventing personal and private information from building up on your hard drive is important for all of us to do. Get the tools you need to keep your drive clean today. If you have any questions about these products or this technical newsletter, please contact me at gene@ugr.com. I look forward to helping you.

Gene Barlow, User Group Relations
PO Box 275 gene@ugr.com
Orem, UT 84059-0275 www.ugr.com
801-796-7370

***************************************
MALWARE DEFINITIONS

Spyware
Stand-alone programs that can secretly monitor system activity. These may detect passwords or other confidential information and transmit them to another computer.

Spyware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. A user may unknowingly trigger spyware by accepting an End User License Agreement from a software program linked to the spyware.

Trojan Horse
A program that neither replicates nor copies itself, but causes damage or compromises the security of the computer. Typically, an individual emails a Trojan Horse to you-it does not email itself-and it may arrive in the form of a joke program or software of some sort.

*************************************
Spyware Sneaks Into The Office

Here's a link to a long article, with interesting sidebars, from ComputerWorld on spyware in the corporate arena. Once dismissed as a support nuisance, spyware is emerging as a corporate liability and control issue for IT managers: http://www.computerworld.com/newsletter/0,4902,92784,00.html?nlid=AM