by [TC]²
A monthly column of technology rambling, rumination and reality
By: Jud Early, Corporate Vice President, Research, [TC]²
August 2005
Hello, faithful readers,
After such a lengthy column for July, I'll try to keep this one to a more controlled length. This month, we'll cover mostly computer and Internet issues. Also, another guest column by Walt McKinney that I think you'll find informative and may spark some ideas.
Oil Prices and Computing
Last week the price of gasoline pushed past the $2.50 mark for the first time in history for the Raleigh Durham Research Triangle area. On Saturday, as I fueled my car, stopping at $67.75, I thought to myself, with crude oil at $67 per barrel, a tank of gas costs $67.75; will the cost be linear as crude approaches the $100 per barrel mark? The subject also triggered thoughts about how oil prices will affect your computers, and that the expense should only be a one time expense, where gasoline will impact tank after tank of fuel.
We do live in a connected world. We are connected in the sense that we now have instantaneous communication through a backbone of networks that reach around the world, and connected in the sense that there is usually an affect for every cause. The cause in this case is the rising cost of crude oil. The affected computer is yours. How? Last week, August 8th, President Bush signed into law changes that affect daylight savings time. Reacting to higher and higher prices for energy, driven by crude and natural gas increases, Congress wrote legislation that will require daylight savings to begin earlier, the second Sunday of each March, and to extend beyond the cutoff of the last Sunday in October to the First Sunday in November. The cause, and the affect.
From there another affect, caused by the law, the programmed handling of daylight savings time that exists now in millions of computers is no longer correct. The last change in DST was in 1986, before we knew how big the personal computer would become. Back then, we were setting the clock and date each time we booted from that 5-1/4” floppy disk. It could be worse. Remember Y2K? The big non-event that was handled with hardly a fuss, but which garnered truckloads of ink in the press and much excitement from the media. The DST changes can be accommodated by just changing the time on your computer manually. I'll venture that there will be a lot of push by the atomic clock applet vendors to push out automatic resets to the computer, just as my system now does each time it boots. I'll also venture that Microsoft will come to the rescue with a clock-setting patch that will just replace the relevant files with updates at the click of a button. No, I don't really know how the time setting is coded, but I'll bet that it can be changed, and done so in a simple manner. Don't rush to buy that atomic application just yet.
For more than you may really want to know about time, and the automated time servers that are maintained by the US government, just visit http://tf.nist.gov/service/pdf/win2000xp.pdf . Those who are running MS Windows 2000 or XP within a domain will not have to do anything. The time service is free, so again, don't worry about responding to offers from the vendors that will be popping up.
It pays to run that old iron
August 9th, Microsoft issued Security Bulletin MS05-039 regarding a new critical vulnerability that could expose your computer to remote code execution and elevation of privilege. Those who are running Windows 2000 with Service pack 4 and Windows XP with service pack 1 are at risk. So too are server 2003, and the 64 bit editions. Rating is critical , and should be patched immediately. Those running Windows 98 and 98 Second Edition and ME are not at risk. Who says the latest is the greatest?
The Worms Turn
Three days after Microsoft announced the security patch for the systems mentioned above, groups of hackers were testing new worms on the Internet that exploits the vulnerability. A specially crafted message is sent to your computer and does not require any action by you to infect the machine. It is called the plug-and-play bug. Symantec, ISS and eEye have all found the worm in honeypots set to catch these malevolent worms. It is also expected that the deployment of this worm will occur rapidly after the bugs are worked out of the hacker's code, since no action will be required to infect your machine. Experts advise applying the security patch immediately. Waiting too long may compromise your personal information and security. Read more at the web sites of each of the security vendors listed.
To learn more about honeypots visit http://www.honeypots.net . You may be surprised at what the security firms are doing to catch viruses, worms and Trojans before most people ever hear about them.
Protected Storage
Protected storage is a section of the Windows registry that is used to store memorized names, and passwords. Internet Explorer uses this information, which is encrypted, (although not too tough to break) each time a form or web page calls for a name or password, and Autocomplete is turned on. Many people do not understand the danger in using Autocomplete, but I have it turned off, and never allow any application or browser to remember my information. Knowing where the names and passwords are is like knowing that a bank stores money. A new keylogger called Srv.SSA-KeyLogger steals data from user sessions while surfing, and goes to the Secure Storage part of the registry to steal any other information that it finds interesting. It also takes anything found in the Windows clipboard, and turns off the Windows firewall and any other from third party vendors, and is usually undetectable by firewalls. While you are surfing, it sits happily on your machine, sending back to its creator, your bank account numbers, passwords and user names. Mozilla's Firefox browser doesn't use Protected Storage so is therefore safer.
About My Firewall
Readers of past columns are probably tired of my constant prattle about installing and using a firewall. The firewall that is part of Windows XP is intended to keep out intruders, but you have installed on your system, a number of intruders that you put there. They are called applications, and today, many applications routinely go out to the Internet, and send information about who-knows-what to who-knows-who. To stop this behavior, a firewall should be installed that stops all outgoing traffic until you have a chance to review and approve or not permit it to go out. A well functioning firewall will pester you to no end after installation, but after learning your habits, and following the instructions you give to it, will allow those that are OK with you without asking every time. The firewall that I installed is Zone Alarm Pro. Zone Labs offers a free firewall, but I wanted the most robust and configurable firewall. This is not a recommendation; it is just the one I selected for my personal use. It has been great since the day it was installed. I do not use the virus protection that is included. Instead I use Trend Micro's PcCillin for virus protection and it, too works great. So what is the big deal?
Around the first of August, Zone Labs notified me of an upgrade to the Pro version of Zone Alarm, and because of my warm fuzzy feelings about the product, I did not do as I normally do. I failed to check the forums for any news of bad happenings with upgrades or patches. Instead, I installed the upgrade, it appeared to install flawlessly, and I went to bed a happier and more secure person than when I had first sat down to work. I make it a practice to check my bank accounts daily, usually around four thirty to five o'clock in the morning. The next day, I did my usual clicks, and the bank web site could not be found. A second try and still the bank was hiding from me. The next attempt resulted in an error message, that the server could not be found. At that time of day, time is too precious to squander on fixing computer problems, so it waited until that night. To no avail, the server could not be found. I discovered that by disabling the firewall, and setting up a new Internet connection, the server could be found and the bank, with all my loot, was still there. Now, what has happened? Repeated tries to start the firewall all resulted in the connection being cut and the "server not found" message. By preventing the firewall from starting up when the system does, I could set up a new connection to the Internet, and it would work for as long as I wanted the session to last. Starting the firewall stopped all traffic. For the next few days, the firewall was started when I was not on the Internet, and was prevented from starting during the time I was on. This is not a good practice, and I wanted to get the problem resolved.
I then went to Zone Alarms' web site, and clicked on support, and wended my way through several radio buttons and typed descriptions of the problem. Still not fixed, I did not have time to keep at it, so no resolution to the technical problem. I am not impressed with the tech support system, automated and faceless, so hopefully, tonight, I will find the way to a real person. It's a great product, one that I really like, but why did it need fixing, when it wasn't broke? I'll report on what I find, and will tell it like it is. I expect to report good news, but we'll have to wait to see. Wish me luck.
Firewall Epilog
Determined not to get trapped in the automated support system, I decided to look first in the Zone Alarm Forum to see if another user had experience my problem and had posted a cure. There I found some very unhappy Zone Alarm customers, some threatening to attack with letters to major shareholders. To the credit of Zone Alarms, they allowed the bad and the ugly to be posted, and didn't try to moderate the rants from people with problems. Aha! At the top of the forum page was a note from Zone Alarms, expressing concern for those with problems, and asking forbearance until they can develop a fix. It also said that the problem seemed to be in the installation, where the upgrade was installed over the previous version, and that a clean install was recommended.
Taking the information to be the truth, I uninstalled Zone Alarm Pro. Before installing the upgrade, I checked the registry and found three entries, artifacts that were not removed with the uninstall. No values were set for the entries, so should pose no problem. I didn't remove them, as registry deletions are sometimes a pain. Clicking on the ZLP upgrade icon, the installation program started, asking if this was an upgrade or a clean install. After answering, the installation went without a hitch, and Zone Alarm Pro was now working, and after a re-start of the machine, loaded at startup, and didn't kill the Internet connection. Problem solved. It did require going back in to set some of the filters and security levels, but was not a big deal. Using it reminded how much it does work in the background after it has learned your habits and accepted your directions for applications that want to access the Internet. With a clean install, ZLP has to learn which programs you will allow to access the Internet, and which ones you wish to block. After a day of use, those are now pretty much set, and with both a hardware and a software firewall, my security is at an acceptable level.
Are you inviting Spam?
Hopefully, by now everybody knows that sending a reply to a spammer, such as trying to unsubscribe will result in more spam, as they now have validated that your e-mail address is a working mailbox. The answer to this problem is to delete all spam without opening, and never answer for any purpose. Is this enough? No. If you are among the 89% of Internet voyagers who use Microsoft's Internet Explorer, you may be inviting spam without even knowing it.
First, do you know what a web bug is? It is a tiny graphic file that is embedded into e-mail. Usually one pixel high and one pixel wide, it can be transparent, so will be unseen by the human reader. The web bug is an HTML component, and is indistinguishable from spacers used to position items on a page, making them indiscernible from normal text. In fact, any graphic on a page can be used as a bug.
Most of us appreciate a nice looking e-mail that is nicely formatted, as opposed to just plain text. If your e-mail client is set to allow HTML mail, it will allow a web bug to report on your IP address among other things, and you will never know it. It is thought that for the web bug to report, the e-mail must be opened. Not so. If your mail client is set to allow viewing e-mails in a preview pane, the web bug will do its work even if you delete the mail without opening it. To eliminate that possibility, you can set the e-mail client to not display a preview window. If you insist on having the preview window, you can block cookies, but will give up a lot of functionality for web browsing at sites that you visit regularly. It also should be noted that once a cookie is set on your machine, it will continue to send info back to the sender, even if you disable the preview pane.
To do away with the possibility that you are inviting spam, disable the preview pane, delete e-mails from strangers, and never ask to be removed from a spammer's mailing list. Legitimate businesses that you wish not to receive mail from will honor the request. It is the unwanted mailers who ignore the law, and use your own computer to report on you.
The Old Nigerian Scam and Its Cousin, Phishing
The national news recently reported that the unsuspecting public is still being fleeced by scams that are variants of the Nigerian one, where someone offers to share great wealth with you if you will act as a conduit for their transfer of an even larger sum of money. I am certain that if you are reading this column, you will not be one to fall for such a ploy. However, there are other scams that are being sent every day that may appear to be more legitimate.
Almost daily, I receive an e-mail from PayPal or eBay, threatening to close my account if I don't update it immediately. With less frequency, other e-mails are received, with bank or other institutional logos, requesting that the recipient contact the company at its secure web site, and provide information that is needed. These are scams, and although quite real looking, are for the purpose of identity theft. If you open one of these e-mails, by hovering your mouse over the link that is listed as the secure web site, you should be able to see the actual IP address or the URL that is behind the scam. Read the URL carefully. It may contain the name of the company purporting to need the information, but will be a variant of its spelling, or will have a sub address to which the response will be sent. I mention this only to reinforce the need to not respond to any of these requests. Pass along the warning to any people you know who are not as web savvy as you, and insist that anyone using your computer never respond to any such request. Legitimate requests will be made by other means. As I get older, I hesitate to refer to age, but the most susceptible are either kids, or those who are older. In one of the stories reported in the media, the life savings of several who fell for this ploy were lost. Greed, and perhaps a naïve belief that you will not be harmed are behind the losses.
Well, faithful readers, I hope that the information in this month's column will be of interest and use to you. Be safe in computing, and in everything you do.
Jud
Now, all you ever wanted to know…
Walt Mckinney, our system administrator, web master, and support guru extraordinaire, has written the following article. I know you will enjoy.