Main Line Computer Users Group

November 2004 Issue 270




We'll have a slightly different schedule this month - starting with an announcements-only round, followed by the program demonstration and lastly a questions/problems round, as long as time permits.

The major topic for this time round is the oft-discussed Service Pack 2 for Windows XP - Home and Pro Editions.

Prior to its much belated release in early August, and right up to the present, XP SP2 has been the subject of much media attention. Altho the MS folks worked long (and longer than planned) on this release, it has been known for some time that many users might be much inconvenienced (or worse) by installing it. So, we've waited for the cutting edge folks to tell us how they've done.

With the passage of 3 months, we have decided that the time has come for the club to have the experience for itself!!!

This issue provides more background. The meeting will provide the experience! We hope you'll all make it. Come see the SHOW!!

You can't even trust e-mail now!

[by Jeff Gelles, Inquirer Columnist] Used to be, you could reliably protect your computer from ugly viruses, worms and similar threats by refusing to open e-mail attachments. For an extra measure of security, experts promised, all you needed was up-to-date antivirus software. [cont'd]


ANOTHER YEAR GONE BY? - yes, it has and we hope that ALL our current members will feel enough value in the group to renew! With the arrival of November, our formal renewal time is here, us as we offer folks who join after October 1st, or any of the remaining months of the year, a membership term that includes all those months plus the next calendar year for the low, low price of $15 (which has not changed for many years).

We've mentioned it before, but, if you know any computer users that could benefit from being a member of MLCUG, bring 'em along!!

OUR WEBSITE - just a reminder that thru the good offices of Mr. Rich Goldberg, operator of the local ISP, the club has been provided with a new website host and a new (we hope, easy-to-remember) domain name -! So, now we can be found on the web at:

Remember to check it out regularly. Last minute meeting items may be posted there, in addition to coming to you via the MLCUG listserv.

Oh yes, our faithful webmaster, Pete Whinnery, will be most appreciative of ideas to improve the useability and value of this website; so don't hesitate to suggest (he says he's still learning!).

REGULAR REMINDERS: 1) our email mailing list is run for the member's benefit; so please do not hesitate to post notices or problems to it. If we can't solve the problem remotely, we can be alerted to it ahead of a meeting where hands-on may do the job.

2) attendees know that we have a very fast internet connection from the VU meeting room (recently we hit 800+ KBps, now that's really moving - tho past performance is no guarantee of the future!). So, if you have a very large download, you can bring along a zip disk (or a CD-R/RW) and get it done there, before or after the main meeting.

3) a half dozen or so of the regular attendees usually partake of lunch at the Villanova Diner after the meeting. Why not join us? It is a good time to get a little more help (or give it) and just to have fun talking about our common interests. The food is quite good, too!

SP 2's Installation CD

Following the demo in November's meeting (or before it, if you please), you may want a copy of the installation CD for Windows XP Service Pack 2 so let us know.

If you do so, we can crank out a copies of either the Microsoft CD or the Emil special, one that he has prepared via downloading from the MS website. You can swap a blank CD-R disk for either of them.

Emil's version runs a bit (to a lot quicker) and contains the latest version of our suggested procedure for prepping to do the installation.

The MS version contains some extras that I have not investigated; so perhaps you may ultimately want both. To order, just pop an email to Emil ( or call him at 610-388-1581, to get on the list for a copy.

If you use XP, you should have a copy of the SP2, even if you do not plan to use it right now. If you install it at some future date, you'll need your own copy to recover from a future disaster, where you need to re-install your XP OS!

See you at the November meeting??? [Emil V]


To provide a preview of upcoming meeting programs, your Steering Committee, by a strange mischance, actually discussed more than a month ahead. Here's what it looks like:

December - annual party, Round Table Panel January - transferring audio (LPs, tapes) to CDs February - a LINUX install on the club's PC

Your input is always sought. [Emil Volcheck]


When the rolls were totalled, we came up with 17 attendees - who engaged in a very lively (and hopefully useful and informative) round table discussion, which ran for the better part of 1.5+ hours!

A key topic, that repeatedly came up for reporting and questions, was the Windows XP Service Pack 2. As the discussion unfolded, it came out that quite a few folks (6 of the attendees) had either installed SP 2, or had knowledge of someone who had. Portions of that subject are summarized in the article immediately following this one.

A question about choosing a digital camera related to the differences amongst the many formats of flash memory cards that they used. Since many folks have such cameras, and have a variety of card types, we got some feedback immediately that indicated no major difficerences or difficulties amongst the card types. However, all other things being equal, a camera that uses the "Compact Flash" type of card was suggested as preferable, as the vendor of these tends to be a leader in improvements and its covered contacts might make it a bit less susceptible to damage.

Another high interest subject was spam! Everybody gets it - nobody likes it! So, there was much heat to the discussion, but not much light - at least towards getting rid of it. Most of the talk revolved around various email services/ISPs and what they do or don't do about stopping spam (and NOT stopping your real email). There was almost no discussion about software for your computer that purports to help the problem. So, perhaps, this could be a future meeting topic, as spyware was a few meetings back.

XP SP 2 Experiences

During the round table discussion at October's meeting, several folks noted they had installed SP2 on their computers.

As far as my notes go, here's what I recorded (If I got it wrong or you have something to add to your reported experience, please let me know!):

Tom Johnson - install OK, minor problems. Ralph Hose - install OK, no problems noticed so far. Rich Tave - has not installed it himself, but a friend did, no serious problems reported. Dick Brunner - got a new computer, which apparently had automatic update turned on; so SP 2 was installed without his knowing it was really occurring. Nelson Schrock - install OK, no problems noted. John Deker - installed some weeks ago, no experience report since then.

If anyone else does the install, let us know how you fare, that's what a USER group is for!!!

Emil Volcheck - since the meeting and thru this writing, I have installed SP 2 on four computers, no real problems seen within this timeframe.

Mozilla Internet Suite - Part 3

Toward the end of September's presentation on installing and setting up the alternate web browser - MOZILLA - we got to one of its several sub-programs, namely; the Email & Newsgroup function. Pete Whinnery had been able to go thru the steps to set up an email account. But, without a REAL account to use, the demo lacked a bit of reality.

In the interval since last time, member John Murphy has been setting up a new emailing system for his work. It being in the initial phases, and there being lots of unused account username capacity, he graciously provided Pete with the basic parameters to allow one of the accounts to be set up and demoed at our meeting. And, that's exactly what Pete did.

The process is pretty straightforward. Pete fired up Mozilla, then clicked the "Window" menu item and clicked on "Mail & Newsgroups". This brought up the email client - which promptly asked if he wanted it to be the default email client (Pete responded "no" as this was a demo, YOU might want to answer "yes").

He opened the "File" menu, clicked "New", then "New Account" and was brought to the "Account Wizard". This wizard is essentially the same one that you'd encounter in, for example, Outlook Express" - not too strange since all email clients need the same input parameters and perform the same basic functions.

John had provided the key bits of info that Pete needed to be able to set up the account. These included: a username, email address format, incoming email server and outgoing email server. The ISP that this particular service was set up on is the "" domain.

It took only a few minutes to get the account set up, before Pete could click on the "Get Messages" option and have Mozilla go out and get some messages that had been pre-mailed to the account (so there would be something there to work with !). They were promptly downloaded to the meeting computer and Pete opened them, read them and responded to them - and the questions that arose from the attendees.

For a current user of Outlook Express (OE), this will all be quite familiar, EXCEPT for one significant difference: the Mozilla client can safely use the "preview" pane (that shows the beginning of the message without its being opened - to help you quickly decide if you want to open it). This feature is present in OE, but it should NOT normally be used! You all should recall that appearing in the OE preview pane is enough for certain viruses and worms to be launched. The security flaws that allow this are not present in the Mozilla product; so, for the time being at least, the improved security of the Mozilla suite is one of the major factors in its current increase in popular interest.

Since this email product can import the key info (address book, messages, etc.) from OE, you may want to give it a whirl. And, you won't lose your OE info (tho it obviously would get a bit out-of-date, if you used Mozilla for a while and then decided to switch back).

Note: as a reminder, Mozilla is an application suite, containing a web browser, an email client, a web page editor, an IRC chat client and an equivalent of the Windows Address Book, you may not want all that all the time. So, the key functions of a web browser are provided by an alternate product called "Firefox" - which has been getting much recent, very favorable publicity. The email function is also separately available in a package called "Thunderbird".

Both are produced by the Mozilla developers and available for download from the Mozilla website ( We're not in a position to comment too much on them. So, anyone with experience with either product is invited to feed back to us, especially for comparison with the Mozilla suite product.

Many thanks to Pete for giving us another good show, to John Murphy for being an excellent enabler and that other Murphy for staying home!!!

A Bit of Relief From Computers!

[Courtesy of Joe Pizzirusso]

You can't even trust e-mail now!

[cont'd from p.1] Then came the threats of spy-ware and phishing, and the warnings expanded.

Go to the wrong Web site, and you could open your computer to spyware or Trojan Horses that can aid identity thieves or run up thousands of dollars in phone calls to South Seas islands.

Click on an URGENT! warning that seems to come from eBay or Citigroup, and you could be reeled into a phisher's Web site that looks like the real thing, but exists only to steal your financial account numbers and paswords.

But just opening an e-mail? That's safe, right?

Not anymore, it seems.

A new, extra-insidious form of phishing was reported this week by MessageLabs, an international e-mail security company in London.

So far, the targets have been limited to customers of three Brazilian banks. But the new attack is triggered simply by opening the e-mail. If it works as MessageLabs warns, it could easily presage more widespread attacks.

Good reason to fear phishing

Phishing itself has gone from zero to 100 almost instantly as a threat. Nearly unheard of a year ago, it now seems routine to many savvy computer users, who have learned two basic elements of self-protection:

Don't trust any e-mail that asks you to click on a link that leads you to a log-on page for a financially sensitive Web site.

Instead, enter its Web address directly into your browser, or call the company if you think Citibank has good reason to contact you.

The reason? Due to basic flaws in the design of Web browsers, and especially in Microsoft's Internet Explorer, the link in that e-mail that seems to take you to a Citibank site will probably take you instead to a fraudulent, or "spoofed," Web address.

Increasingly slick, these spoofed pages look just like the real thing. They're full of real links that take you to other, quite real Citibank pages.

But the crucial page - the one that asks for your Social Security number, bank passwords, even your mother's maiden name - will be 100 percent fake, perhaps hosted on a Web site in one of the more lawless corners of Eastern Europe or Asia.

So what's so insidious about the attack described by MessageLabs?

It means that you could wind up on that fake Web page anyway, even if you dutifully type Citibank's address right into your own browser.

"All they have to do is open an apparently innocent e-mail and their bank details could be silently sabotaged," MessageLab's Alex Shipp says.

How it works, and what to do

Shipp says opening the e-mail triggers an imperceptible process in which a "script" - a small program - executes itself on your computer.

In the Brazilian e-mails, the script rewrites code on the victim's computer that changes how it reads certain Web addresses. When the victim later directs Internet Explorer to his or her bank's Web site, the browser winds up instead on a fraudulent site.

It's not obvious how to guard against this threat. MessageLabs says the new form of phishing doesn't affect computers on which Windows Scripting Host is disabled. A Microsoft spokesman said the company was looking into MessageLabs' report.

In the long run, it's likely that antivirus programs will be updated to recognize these malicious scripts as virus-like, and strip them out. But that usually works only after a new threat has been successful somewhere.

The best defense, as always, is to keep your operating system, antivirus and firewall programs up to date. Just last month, Microsoft released a flurry of fixes for newly identified vulnerabilities, several in Internet Explorer (go to

Until the underlying problems are solved, opening any unfamiliar e-mail may be at your own risk!!!

Contact columnist Jeff Gelles at 215-854-4558 or Read his recent work at [Nov. 06, 2004]


Meetings are in the St. Augustine Center at Villanova University. The regular monthly sessions meet in Room 110.

[Map goes here]

Enter from the ITHAN AVENUE main gate, then proceed to the upper level of the 2-level parking building adjacent to the St. Augustine Center, on the Ithan Avenue side of the building.

NOTE: maps on our webpage -

PC/128/64 Meetings  2004-5  Steering Committee Meetings

			November 13			November 17 **
			December 11 			December 15 **
			January 8  			January 19 **

	* = FOURTH Wednesday	** = THIRD Wednesday at Tom Johnson's home
EDITOR:  Emil J. Volcheck, Jr.   1046 General Allen Lane    West Chester, PA 19382-8030
(Produced on a Powerspec PC: Athlon 2000+, 512 MB RAM, 80 GB hard drive, Brother HL-5170DN
laser printer, HP Scanjet 6300C, CD-RW, DVD-RW and 250 MB Zip drives, using Appleworks 5.0.3)

          MLCUG LISTSERV: for members only...
               PUBLICITY: Position OPEN!
       VILLANOVA SPONSOR: Prof. Frank Maloney, Dept. of Astronomy


PRESIDENT: Emil Volcheck    610-388-1581  SECRETARY: Charles Curran 610-446-5239
TREASURER: Dewitt Stewart   610-623-5145  AMIGASIG: John Deker      610-828-7897
WEBMASTER: Peter Whinnery   610-284-5234  DATABASE: Layton Fireng   610-688-2080
AT LARGE:  Tom Johnson      610-525-3440  AT LARGE: John Murphy     610-935-4398