|
Please note: Older issues may contain information that is now out of date. How To Subscribe
and Unsubscribe is at the end of this note. Mailing List Trouble? See http://www.langa.com/help.htm Please recommend the LangaList to a friend! (And maybe win $10,000 !) An easier-to
read formatted HTML version of this newsletter is available on line at The
LangaList 2000-12-11 A Free Email
Newsletter from Fred
Langa --- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------(
the above is an advertisement )--------------
I've written about Steve Gibson many
times: He's the guy behind the free and excellent "Shields Up" online
security checker (at http://grc.com
), among other things. Today (Dec 11), Steve is scheduled
to release an all-new freeware testing tool that HARMLESSLY simulates the
actions of a Trojan/Virus/Spyware program by attempting to "phone
home" from your computer in a safe and controlled way. This lets you see if
your firewall or other security tools can detect and block such actions. Steve
calls the new program "LeakTest." It's tiny--- just 27k. Steve and his beta testers have
tried the LeakTest on a wide variety of firewalls and similar tools with
eye-opening results. For example, in the beta tests, the personal firewalls from
Symantec/Norton and Sygate should have been able to prevent LeakTest from making
an outbound connection--- but did not! On the other hand, ZoneAlarm ( http://www.zonealarm.com
) detected and stopped LeakTest every time, even when the Leaktest program
was renamed to make it appear to be a trusted app to which you'd already given
outbound-connection permission! Steve isn't 100% certain when
LeakTest will be officially released, although today is the target date.
Try the main page first ( http://grc.com
) and look for LeakTest. If it's not there, then the pages developed during the
beta phase probably will still be available. They include the general
information pages at http://grc.com/su-firewalls.htm#leaktest
and the download page at http://grc.com/files/leaktest.exe
. There's also a firewall/LeakTest
discussion group available at http://grc.com/x/talk.exe?cmd=xover&group=freeware.Leaktest&utag= If you use a firewall or ANY OTHER
KIND of connection-security tool, add LeakTest to your arsenal to make sure
you're protected from invisible "back-channel" attacks. (For
"front end" attacks, use the security testing tools at ShieldsUp ( http://grc.com
) and http://www.dslreports.com
.) Once you've tested your firewall or other security tool from the front *and*
the back, you'll then know, for sure, whether you're protected or not! Click to
email this item to a friend --- ( Your
Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------(
the above is an advertisement )--------------
I hope you noticed two things about
today's issue. <g> First, it's the same LangaList you've come to know,
with its full, normal content covering all the things the LangaList usually
covers: security threats, OS and applications issues, free tools and tips,
reader interaction, maybe a small grin or two, and more. Second, this newsletter
is now called "The LangaList Standard Edition." That's because, next month, I'll be
launching additional versions of this newsletter and some new services, all
under the heading of "LangaList Plus!" Nothing--- except adding
"Standard Edition" to the name--- is changing with this version of the
newsletter. If you're happy with things just the way they are, rest easy:
Nothing's changing here. But if you *do* like what's here,
you may *really* like what's in the Plus! offerings, which give you *more* of
what you've come to expect, plus new options, new formats, and new services. In fact, I can think of half a dozen
reasons why you might want to switch to LangaList Plus! Please
click over to http://www.langa.com/plus.htm
and check 'em out! Click to
email this item to a friend In a recent issue (see http://www.langa.com/newsletters/2000/2000-12-04.htm#4
), we discussed a new email "Worm" and also mentioned that: The December/January
holidays are a fertile time for hackers and crackers: Keep your anti-virus
definitions up to date, and be careful with any attachments you get in email. About the time I was posting that
note, another new, multimedia-based Worm made its debut. Reader Chris
Rogers was the first to sound the alarm in email to me: Thanks for the warning
about N*vid*d. There's another one which caused an email storm at the weekend,
called W32/Prolin by McAfee. Other AV vendors call it Shockwave or Creative. It
pretends to be a Shockwave movie clip called Creative, but in fact moves all of
your JPG and ZIP files to the root of C:\ and sends itself to all of your
Outlook address book contacts. Thanks, Chris. For more info on this
new threat, please see either or both of these sites: http://www.mcafee.com/anti-virus/viruses/prolin/default.asp http://www.symantec.com/avcenter/venc/data/w32.prolin.worm.html And keep your AV definitions
current--- I expect we'll see a flood of Virus/Worm/Etc threats in the
next month or so. Click to
email this item to a friend --- ( Your
Clicks On Ad Links Help Keep The LangaList Free! ) --- Tap into
the LangaList's explosive growth <a
href="http://www.langa.com/ratecard.htm">AOL
Users: Click here!</a> --------------(
the above is an advertisement )--------------
In the current "Explorer"
column (at http://content.techweb.com/winmag//columns/explorer/2000/25.htm
) I examined the many changes that AOL6 effects when it's installed, and (among
other things) speculated on why AOL *requires* the use of an unusual,
complex and potentially-insecure Virtual Private Networking setup. I had to
speculate because AOL's support areas and live human help couldn't or wouldn't
offer any explanation. Then, in the last issue, I presented
the educated guesses of some readers as to why AOL used so complex a networking
setup. But it appears all our guesses are wrong: I heard from the Corporate
Communications people at AOL; they set up a conference call featuring a
half-dozen AOL execs and software engineers so they could explain why AOL6 does
things the way it does. Their explanations: --->VPN: The VPN
networking lies dormant for the vast majority of users. The VPN setup is active
only for people who are using AOL's own broadband services (AOL/Time Warner).
For everyone else--- everyone using dial-up, and everyone connecting via other,
non-AOL broadband media (non-AOL cable, DSL, etc), the VPN stuff is installed,
but not used. --->The AOL Adapters:
Similarly, all the added AOL-specific adapters normally lie dormant. They're
used only in cases where other means of connection fail; and then they're used
as a fall-back means to connect. -->Complexity: There are
two issues here. We'll deal with the philosophic one (should unneeded networking
components be installed in the first place?) later. But there's also a practical
issue: In AOL5, the software was already so complex that some setups exceeded
the ability of Windows to provide the needed number of connections, causing some
people simply to lose connectivity. (See http://support.microsoft.com/support/kb/articles/Q230/2/33.ASP
)The AOL execs explained that although AOL6 installs a far more complex
networking setup than did AOL5, AOL6 correctly modifies system software and
NETTRANS.INF to ensure that there's an adequate number of available TCP
connections. (See http://support.microsoft.com/support/kb/articles/q217/7/44.asp
) --->Security: AOL doesn't
alter or guide the Windows networking setup process at all, mainly for fear of
breaking things. Instead, AOL6 allows Windows to use its defaults when the AOL
software requests that the OS install additional networking components, and
that's how non-Internet protocols (such as IPX) and potentially dangerous
bindings (such as Print and File Sharing) can end up attached to the AOL
networking additions. AOL knows that IPX and Print and File Sharing don't belong
on their connections, so they filter out those packets with a server-side
firewall. --->Lack of Documentation:
AOL strives for "black box" operation: "Just plug it in and
go." AOL felt that adding installation options about VPN and such would
interfere with the ultra-simple user experience they're trying to achieve. --->The Rationale: AOL
assumes that their users are probably non-technical; that their users are with
AOL for the long haul; and that everything should be optimized to make AOL work
properly regardless of what connection type the user has now or may have in the
future. That's why AOL6 installs everything for everyone. Although you may not
need *any* of AOL's additional networking components, you may someday sign up
with AOL/Time Warner broadband, so therefore you get VPN; because DUN may not
work correctly at some point in the future, you get the AOL5-style "AOL
Adapters" installed now; because AOL assumes you don't know about or don't
want to be bothered with security, AOL allows potentially-insecure connections
to be created, but then supplies security filters on their end of the
connection. OK, that's all internally
consistent: As long as you agree with AOL's assumptions, it all makes a kind of
sense. You'll have to decide for yourself
if it makes sense for *you.* As for me: I told you my biases. In
the column cited above, I state that "The key to system stability and
security often lies in avoiding needless complexity." Layering in all this
networking stuff because some of it might someday be needed by some users seems
rather, er, heavy-handed. --> My Take: But that's me. What's your take? Now
that you've heard AOL's side of the story, does it make you more likely to try
the software? Less so? Why? Please click over to http://content.techweb.com/winmag//columns/explorer/2000/25.htm
and join the discussion! Click to
email this item to a friend You won't find it via "Office
Update" or at the http://download.microsoft.com
, or via any of the most obvious public channels yet, but if you click to http://download.microsoft.com/download/office2000pro/sp/sp2/w98nt42kme/en-us/sp2upd.exe Microsoft has a spotty history with
these Service Packs. They're nobly intentioned: They're free aggregate patches
that correct a slew of bugs and security holes and sometimes add new features.
But the Service Packs are large (SP2 weighs in at 9MB), and sometimes end up
creating a whole new set of problems. SP2 is meant to work on all versions
and most components of the Office 2000 family: the Standard, Professional,
Premium and Small Business suites; plus the individual versions of Word 2000,
Access 2000, Outlook 2000, Excel 2000, Frontpage 2000 and Powerpoint 2000. You'll need to have SP1 installed
already, and will need your original CDs on hand to complete the update process. I've installed SP2 on my system
here, and everything went smoothly, without a hitch. But I work hard to keep my
system stable, so in my case SP2 was installed on top of a solid base. I can't
say what might might happen if it were layered onto a system that had serious,
pre-existing problems, but it probably wouldn't be pretty. <g> If you need to deploy SP2 across
many systems, there's a 30MB administrator's version available at http://download.microsoft.com/download/office2000prem/SP2/SP2/W98NT42KMe/EN-US/Sp2admin.exe You also can order SP2 via CD at http://www.microsoft.com/office/ork/2000/appndx/785_Office_2000_SP2.htm Finally, for more info or to answer
other questions, click to http://www.microsoft.com/office/ork/2000/journ/OffSP2.htm Click to
email this item to a friend If you think the LangaList is a
worthwhile read, just use the following link to recommend the LangaList to a
friend. Your friend just may find a new source of useful information; I just may
gain a new subscriber; and you just may win $10,000 for your trouble (full
details also available via this link): http://www.langa.com/recommend.htm#1 Or, win a no-strings $30 Gift
Certificate for any item at Amazon.Com for books, software, hardware,
kitchenware, toys... and more! (Full details also available via this link): http://www.langa.com/recommend.htm#2 Either way, thank you, and good
luck! Click to
email this item to a friend Hundreds and hundreds
of your fellow readers have "Loaded the code." Please click over to http://www.langa.com/code.htm
, and maybe you can join them! (If you've already "Loaded The Code"
and are wondering if your site will appear here or on the Langa.Com web site,
please see http://www.langa.com/link.txt
) Speaking of which:
Here's another eclectic sample of reader sites--- some professional, some very
personal: View A
Randomly-Chosen Reader Site Manually
Browse All Posted-to-Date Sites Starting At Software CEO
(*Tons* Of Links!) BananaBanana "Spammed
To Death" ComputerGuy
Central (books) The IRS dance
page! Palm Beach
County, Fl Revised Ballot for Re-Voting "Lalkar
The Great Gambler" Ink Cartidges Nvidia Glue Click to
email this item to a friend --- ( Your
Clicks On Ad Links Help Keep The LangaList Free! ) --- Fred's
Reference Shelf--- At Up To 20% Discounts! AOL Users
<a href="http://www.langa.com/books.htm">Click
Here!</a> --------------(
the above is an advertisement )--------------
Thousands and thousands of you took
the time to complete the simple 20-question survey at http://www.langa.com/poll_one.htm
. Thank you! (And if you haven't had a chance yet, please click on over: It's
100% anonymous, and only takes a minute!) This was a "ground zero"
reader poll, and focused on some very basic data-gathering. There'll be
additional polls in the future that will allow for more detail. Meanwhile, I'll start crunching the
numbers soon. It should be ve-e-e-e-ry interesting to explore. Again: Thank you! Click to
email this item to a friend A recent issue's real-life tech
support marvel ( http://www.langa.com/newsletters/2000/2000-12-04.htm#9
) was one thing; reader Al Girard's fictitious (and expurgated) item is another: YOUR DELETE KEY Thank you for using the
Delete Key. The Delete Key is an amazing new technology available to all
computer users. It is simple, effective, and very user-friendly. If this is your
first time using the Delete Key, we urge you to read the entire contents of this
manual. Please do not delete this manual. This may cause you to use the delete
key in a reckless or insufficient manner. INTRODUCTION The Delete Key provides a
keyboard based, fully manual method for the removal of information. Furthermore,
use of the Delete Key in conjunction with the small amount of brain matter you
have left may induce a tingling sensation of pleasure. Failure to use the Delete
Key may result in aggravation, humiliation, and knee-jerk reactionism. This
manual will help you locate and implement a full Delete Key pressing method to
ensure your peace of mind remains unaltered. LOCATING THE DELETE KEY 1. Lift your hands off the
key board. 2. Scan the keys for a key
labeled "Delete" 3. Make note of this
location as it will come in handy later. USING THE DELETE KEY 1. Locate something on your
computer you wish to delete. Files, text, e-mail messages, and vital operating
system components are all "delete-enabled" items. 2. Select the item using
your mouse or other selection device. 3. Lift you hands off the
keyboard and using one of you fingers, depress the key labeled Delete. 4. The offending material
has now been removed from your sight. WARNING Some systems may
require confirmation of your Delete-based system. If this is the case, make sure
to agree to the deletion. Otherwise you may become reburdened with the offensive
or unwanted material. WHAT SHOULD I DELETE Anything that might bring
you unhappiness. In this New Economy, semi-lucid hyper-cyber-superhighway world,
you need the unending power of a Delete key. Not only is is easy to implement,
it offers tremendous Return On Investment (ROI). Consider this scenario: Helga Gumpwetter has three
text files. In the first file are instructions for making a nuclear bomb. The
other two contain funny jokes about pumpkins. Because Helga deleted the nuclear
bomb message and read the pumpkin jokes, she lacked the ability to nuke her
ex-boyfriend, thus saving all of King County Washington. Talk about some serious
ROI! Click to
email this item to a friend --- ( Your
Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------(
the above is an advertisement )--------------
See you next issue! Best, Please recommend
the LangaList to a friend! (And maybe win $10,000!I) An easier-to read formatted
HTML version is available in the "Current Issue" section of http://www.langa.com.
(The HTML version of each issue normally is available by 9AM EST [UT-5] of the
issue date.) All past LangaList issues are also available at the Langa.Com site. Why are you getting this
newsletter? This is a 100% OPT-IN newsletter: There are only three ways to get
on the list--- signup via direct email request from you, or signup via the
WinMag newsletter page or signup via BrowserTune's email-notification service.
If you're getting this newsletter; your name came to me through one of those
signup channels. At signup, you also received a confirmation email from my list
software---no one is signed up secretly or against their will. SUBSCRIBE (it's free!):
Create and send a new email address it to subscribe-langalist@lyris.dundee.net UNSUBSCRIBE: From the same
address you used to sign up with (it's shown on the first line in the body of
each email issue you receive), create and send a new email address to unsubscribe-langalist@lyris.dundee.net
. CHANGE ADDRESS? LIST
TROUBLE? HAVE QUESTIONS? NEED HELP? See http://www.langa.com/help.htm About
the advertisers: Langa Consulting LLC will never knowingly accept
advertising for a fraudulent product, company or service. However, Langa Consulting LLC makes no implied or explicit warranty, recommendation or endorsement
of or for the products, companies or services mentioned in the ads. Disclaimer:
(Please see full disclaimer here: http://www.langa.com/legal.htm.)
Abbreviated version: The tips and other information given in the newsletter are
researched and are believed to be accurate, but we cannot and do not guarantee
that all the information here will work on all systems, for all users, all the
time. All information herein is offered as-is and without warranty of any kind.
Neither Langa Consulting LLC, nor its employees nor contributors are responsible for
any loss, injury, or damage, direct or consequential, resulting from application
of any information presented here. This newsletter is a free
service of Langa Consulting LLC and is Copyright © 2000 Langa Consulting LLC. All
rights reserved. |
|
|