How To Subscribe and Unsubscribe is at the end of this note. Mailing List Trouble? See http://www.langa.com/help.htm
Questions about the advertisers? See the end of this note. Please also see legal notices at the end of this note. LangaList: ISSN 1533-1156

Please recommend the LangaList to a friend! (And maybe win $10,000 !)

An easier-to read formatted HTML version of this newsletter is available on line at
http://www.langa.com/newsletters/2001/2001-07-19.htm

The LangaList
Standard Edition

2001-07-19

A Free Email Newsletter from Fred Langa
That Helps You Get More From Your Hardware, 
Software, and Time Online

Please visit our sponsors and help keep the LangaList S.E. free!

1) Pros/Cons Re: Email Antivirus Protection

I get a steady stream of mail from readers having trouble with various email antivirus protection schemes. In most cases, I think it's because commonly used  antivirus schemes are too complex for the task at hand--- the equivalent of using a howitzer to swat a mosquito.

For example, in order to screen your inbound email, Norton's Antivirus (and some similar tools) actually sets up a small secondary mail server on your system, duplicating what's already done at your ISP, web site or corporate mail center. Then it changes your email client so that instead of talking to your real mail server (at your ISP, web site or corporate mail center), your mail client only can talk to the secondary mail server set up on your system.

There's nothing wrong with the concept: It's quite clever, in fact: As the mail flows through the local server, the antivirus tools (which "own" that server) can scan the mail for malicious attached or embedded code.

But setting up a whole new local mail server isn't a simple thing. Add in forced changes to your email client, and well, there's a lot of room for error, as reader David Orr found out. His specific problem involves Eudora and Norton Antivirus, but the principles hold for other mail clients and AV tools, too:

Fred: I'm trying to use the "Email Protection" option and Norton Anti Virus doesn't automatically detect Eudora as my client so I turned on the "Manual configuration" option and went to the Eudora and Norton site where I found instructions to configure my email client. It worked fine on incoming mail but the outgoing can't seem to find it's host. I'm trying to enable this because I don't usually turn on the Norton Anti Virus protection unless I'm suspect of something I'm doing or somewhere I'm surfing where it's needed. I happily practice safe computing whenever possible.

I'm a firm believer in email safety, but I'm also a believer in not making things more complicated than they have to be. As such, I've never been a fan of this "local mail server" approach to screening email because it adds a *ton* of complexity, and I find it more hassle than it's worth. I think there's a better way:

Most of the email nasties I get are in the form of hostile scripts, which are caught and disabled by Zone Alarm before they ever make it to my hard drive. Next, and unlike David, I do enable standard Norton antivirus auto-protection, and tell it to look at *all* files when "run, opened, created or downloaded." This protection runs all the time, and covers my entire hard drive--- including my email directories--- and thus catches most of the remaining hostile email attachments as they're being downloaded and written to the hard drive.

What's more, I use Eudora (instead of Outlook), so I'm largely immune to most common hostile email exploits (which usually target Outlook and Outlook Express). Further, I use Eudora's simple, built-in HTML viewer for HTML email, which helps shield me from malicious HTML email exploits.

Throw in a little common sense--- such as not opening or running any files from anyone unless you know what they are and have proved them safe with a manual antivirus scan; and having intrinsically safe security settings on your PC and browser--- and you're about as safe as need be *without* the complexity and hassle of running a local mail server on your PC.

Click to email this item to a friend
  http://www.langa.com/sendit2.htm

return to top of page

2) More Info Re: NewNet and WebHancer "Foistware"

Some readers were unhappy with ""Foistware Nasties" (see http://www.langa.com/newsletters/2001/2001-07-12.htm#9 ), in which a reader reported his unpleasant experiences with commercial software that installed unrequested extra software on your system:

Hi Fred, I just finished reading the article on "foistware" (7-12-01 issue) and there's a few things that need clarifying.   First, Webhancer isn't bundled with Bearshare. Bearshare does however include NewDotNet as an option during installation. I think the article got the 2 apps mixed up. Secondly, NewDotNet, if you choose to install it, can safely be uninstalled using the Add/Remove program applet. There have been reports of problems when using Ad-aware to remove the application. Last but definitely not least, Bearshare informs you during the install process with on a screen devoted to NewDotNet exactly what it is and does. Then before actually installing anything, shows you a screen where you can either check or uncheck to install this 3rd party application. It's not hidden in the EULA or Privacy statement or some other 'fine print'. Bearshares functionality is in no way limited if you choose not to install it. I would hardly call this 'foistware' since it's in no way forced upon you at all! The cexx.org link posted in the article also contains inaccurate information as it states there is no "uninstall option". This is totally incorrect.I've used Bearshare for several months now and find it to be an excellent application. I hate when misinformation is spread around since the creator actually listened to the community about the best way to inform users of the 3rd party adware. I've never seen an ad supported program so up front about these 3rd party apps. And as I said, even if you choose not to install any of them, Bearshare's functionality is in no way limited. You're still free to use and enjoy the program. That's almost unheard of in ad-supported software!! --- Kathy

Thanks, Kathy. The readers who originally reported the "foistware" problem obviously missed those warning/informational screens (for whatever reason), but I'm glad to hear they're there.

In the original foistware article, and as Kathy alludes to, the reader also reported that his version on Ad-Aware didn't correctly uninstall the foistware:

Mr. Langa: After seeing your current issue of the LangaList newsletter on your website, I became concerned about the 9th topic on the list concerning New.Net and Ad-Aware. I'm one of the moderators for the Lavasoft Ad-Aware support forum, and have been here since the release of version 5. In the beginning, it's true that Ad-Aware 5 did not remove New.Net properly. After we began receiving messages from users that this was occurring, we began working on a solution to the problem. We shut down all downloads to Ad-Aware 5 until this could be corrected.  The latest version of Ad-Aware 5, and its updated reflist (or signature file which tells Ad-Aware what to scan for and how to remove it) not only removes New.Net properly, but can also correct the majority of users' machines that had New.Net removed incorrectly by previous versions.  While not directly affiliated with Lavasoft, myself, along with many others at the support forum, are here to provide support for one of the best programs to come along in the fight against spyware. To see incorrect information about it distributed not only hurts Ad-Aware's reputation, but also me personally, as I believe in this little app and what it can do for the millions of Internet users out there that are secretly being watched. Thank you for your help in this matter. If you have any questions about this or any other matter with Ad-Aware, visit the support forum at
http://www.voiceofthepublic.com/cgi-bin/ikonboard/ikonboard.cgi --- Aaron Hulett, Moderator, VoiceOfThePublic Message Board

Thanks, Aaron. I'm actually running Ad-Aware 5.5 here, and have recommended it many times in the past. 8-)
(See http://search.atomz.com/search/?sp-q=ad%3Daware&sp-a=0008002a-sp00000000 ) It's an excellent tool.

And we'll continue to need tools like Ad-Aware, because the foistware problem isn't going away:

Hi Fred: Just read your latest edition and noticed the article on "foistware" especially the  part concerning Webhancer. This particularly nasty piece of "foistware" also comes with Webcelerator. Webcelerator itself can cause problems with your Internet connections. My experience with Webhancer was similar to John Alvey's. Fortunately I didn't have to reinstall Windows... because I am running WinME and all I had to do was run a system restore. Webcelerator as the name implies is supposed to speed up your frequently accessed web sites, but it can stop you from accessing any of them. Unfortunately you don't find these things out until you install the program. ---Colin W. Anetts

Thanks to all for the additional information!

Click to email this item to a friend
  http://www.langa.com/sendit2.htm

return to top of page

3) A Real Security Issue...

Microsoft released a Security Bulletin called "Outlook View Control Exposes Unsafe Functionality." It details a problem with the Outlook "View" ActiveX control  that could allow a malicious hacker "... to delete mail, change calendar information, or take virtually any other action through Outlook including running arbitrary code on the user's machine."

More info, and a soon-to-be-released patch:
http://www.microsoft.com/technet/security/bulletin/MS01-038.asp

Click to email this item to a friend
  http://www.langa.com/sendit2.htm

return to top of page

4) ...And A Stupidly Faked One

Microsoft uses "Security Bulletins" like the one referenced above to alert users of potential security problems in Microsoft software, and to make available patches to correct those problems. This week, a malicious hacker thought it'd be cool to send out a fake Security Bulletin announcing the availability of a supposed security patch, except that the patch in this case is actually a malicious program that the sender was trying to fool people into downloading.

The faked Bulletin looks (at first glance) to be real: The email has forged headers so that it appears to come from Microsoft's security announcement mailing list, and the email follows the format of a real Microsoft Security Bulletin. It even contains some of Microsoft's boilerplate legal language that always accompanies the real announcements.

It could have been a clever hoax, except that the sender wasn't very bright. For example, the body text of the security bulletin is ungrammatical and barely literate:

"Yesterday the internet has seen one of the first of it's downfalls. A virus (no name assigned yet) has been released. One with the complexity to destroy data like none seen before...."

Say what you will about Microsoft, but at least most of their official email communications are in grammatical English.

Further, the alleged security problem makes no sense technically: This hideous virus supposedly affects all version of Windows ever made from Windows 95 through Win2K Advanced Server, but the bulletin doesn't say how the virus pulls off this amazing feat. Although the bulletin then says that more information is available from a security page at Microsoft.com, when you click it, guess what? The page doesn't exist.

The bogus "bulletin" then offers a patch to correct the virus problem, but--- surprise!--- the  patch must be downloaded from an obfuscated URL instead of a plainly readable URL at Microsoft's security site. Gee, I wonder why they'd disguise the download URL?

The rest of the ruse unintentionally devolves into technical slapstick: For example, the faked email's "x-mailer" header shows it originated on a system running Netscape's browser and mail client: "Mozilla 4.75 [en] (Win95; U)." The chances of an official Microsoft security bulletin originating on a personal copy of Netscape's mail client running on six-year-old copy of a consumer Windows operating system are, well, slim.

I suppose it's still possible that someone might somehow miss all these warning signs, if only Microsoft were in the antivirus business. However, it's not; Microsoft doesn't release antivirus patches in the first place. Virus patches come from antivirus companies. Doh!

To whomever sent this item to me: Go back to school. You still have a lot of growing up to do, and a lot more to learn about not only technology, but also basic grammar and syntax.

To everyone else: Keep your BS detectors engaged, and always, always, always double-check the validity of any email that urges you to download something. There are a lot of malicious people out there who will fool you, if you let them. And some of them aren't as unskilled and unschooled as the hoaxer who tried to pull this one off.

Click to email this item to a friend
  http://www.langa.com/sendit2.htm

return to top of page

5) Reader Question Re: Outlook Folders

In response to "Ouch! Large Outlook Folders Can Become Unreadable" ( http://www.langa.com/newsletters/2001/2001-07-09.htm#5 ): I also save emails and found that messages from years ago often come in handy. Since I switched to Outlook 2000 a while ago, I have had a problem getting old messages without a lot of work. I back up my messages to a backupxxxx.pst file (xxxx denoting date) and then write the file to a CD for safe keeping.

When I need a message that is archived in this backup file, Outlook won't open the file from the CD. Apparently it needs to write to the file. I copy the backup file to the hard drive and change the setting from read-only. When I "file / open / personal files (*.pst), it imports the entire file back into Outlook. After finding the needed message, I have to find a way to delete all of the imported and old messages.

Do you have some trick or know of a way that makes it easy to read old messages without all of this work? --- Hewie Poplock

As mentioned in an earlier item, I don't use Outlook, and haven't for several years (since I left corporate life). But when I used, like Hewie, I also sometimes needed to dig something out of an archived PST file. I'd keep the old, archived PST file from contaminating the current one this way: I'd exit Outlook and rename the current PST file to something like *.PXX (changing the file extension so Outlook won't recognize it). Then, I'd copy the archive file to the mail folder, and give it what had been the current PST folder's name. In effect, this simply lets Outlook temporarily use the archived PST file as if it were the current PST. I'd then open Outlook and search for whatever email I needed, but without sending or receiving any new emails. When I found what I needed from the archive, I'd close Outlook, and put the PST files back the way they were..

That worked, but it certainly can't be called elegant. 8-) Perhaps other readers have a better idea: If so, please share your suggestions via this special mailbox: outlook@langa.com. TIA!

Click to email this item to a friend
  http://www.langa.com/sendit2.htm

return to top of page

6) Recommend It!

If you think the LangaList is a worthwhile read, just use the following link to recommend the LangaList to a friend. Your friend just may find a new source of useful information; I just may gain a new subscriber; and you just may win $10,000 for your trouble (full details also available via this link):
http://www.recommend-it.com/l.z.e?s=143182

Or, win a no-strings $30 Gift Certificate for any item at Amazon.Com--- books, software, hardware, kitchenware, toys... and more. To have a shot at winning, just use the following link to recommend the LangaList to a friend. Your friend just may find a new source of useful information; I just may gain a new subscriber; and you just may win a $30 Gift Certificate! (Full details also available via this link):
http://www.langa.com/recommend.htm

Either way, thank you again, and good luck!

Click to email this item to a friend
  http://www.langa.com/sendit2.htm

return to top of page

7) Domain Name Search Trick

Thanks, Joseph!

Click to email this item to a friend
  http://www.langa.com/sendit2.htm

return to top of page

8) They Loaded The Code

Do you have a home page or website? (It doesn't matter what size.) Please click over to http://www.langa.com/code.htm , and maybe you can join the hundreds and hundreds of LangaList readers who have "Loaded the Code!" (If you've already "Loaded The Code" and are wondering if your site will appear here or on the Langa.Com web site, please see http://www.langa.com/link.txt )

Speaking of which: Here's another eclectic sample of reader sites--- some professional, some very personal:

View A Randomly-Chosen Reader Site
http://www.langa.com/randomlink.htm

Manually Browse All Posted-to-Date Sites Starting At
http://www.langa.com/readersites.htm

Interesting And Unusual Site Navigation
http://www.crosswinds.net/~lifenstuff/

Training - Consultation/Development/Facilitation
http://www.jpsalestraining.com/

Folk Art Dolls
http://hometown.aol.com/preydolls/myhomepage/index.html

Auseasy Internet Services
http://www.auseasy.com/index.html

Karen805's Page
http://members.delphi.com/karen805/index.html

Pianist-singer JAN STEVENS
http://www.janstevens.net/

"what you see is what you download" (GIF animations)
http://ricksgif.homestead.com/entrypage.html

Hand made necklaces and bracelets
http://people.ne.mediaone.net/rocketscientist/

In Touch Solutions Group
http://intouchsolutions.ca/index.htm

New Zealand  culture and environment
http://www.electricity.net.nz/

Click to email this item to a friend
  http://www.langa.com/sendit2.htm

return to top of page

9) Unattended Win98 Backups

Thanks,  Michael!

Click to email this item to a friend
  http://www.langa.com/sendit2.htm

return to top of page

10) Just For Grins

Readers are still finding amazing--- and funny--- problems with the machine translations produced by the "Lost In Translation" site mentioned several issues ago ( http://www.langa.com/newsletters/2001/2001-06-28.htm#10 ). Here are some of the very best:

I am a brazilian subscriber of your great "virtual magazine", and I always read the "just for grins" section for it is very good. I tested the babelization site with the following sentence "Windows is the best software ever" and the result I got was "The Window never is logical software more better possible." As we can see, even the lousy online translators know Windows very well and are aware of its functionality. Grins, Francisco Adilson.

With regards to Lost In Translation, "Microsoft sucks" translates to "Microsoft aspires." By far the worst transcombobulation of all. --- Michael Ligas

Apart from fouling up translations (you should see how insulting it inadvertently gets when you feed it the phrase "God save the Queen"), its also not very good at numbers. I experimentally fed it the following "one, two, three, four, five, six, seven, eight, nine, ten, twenty, fifty, one-hundred, one thousand" and got back the following: "two, three, four, five, seises, sieve, eight, nine, 10, twenty, cinq5u4enta one, hundreds, migliaia." Hmmmm. Looks like the system still needs some work :-) --- GC

Because of my work, I need to work in multiple langauges and have used and tried various automatic translation tools. Without exception, these tools do not live up to their promise and I have come across a very simple "acid" test to test them: The simple phrase "I love you" is very rarely translated correctly despite having a simple subject-active verb-object structure and being one of the few phrases that most people would know how to say in at least one other language. So, after reading your article I had to put "I love you" through the babelizing web-site and it came up with "I, tracks in the water" <grin>. --- Ben Kooijman.

Click to email this item to a friend
  http://www.langa.com/sendit2.htm

return to top of page

11) Your Own Copy Of All The LangaLists Ever Published!

Today's LangaList Plus! Edition contains all ten items above, plus full download information for the Plus!-subscriber-only downloads of the Full LangaList Archives in Windows Help File Format, and in two alternate formats. Any way you download them, it gives you all the LangaLists ever published right at your fingertips, on your local hard drive. It takes only seconds to find whatever you're looking for, no matter how long ago it was published in the LangaList!

All Plus! subscribers automatically get access to these personal archives. Sign up today for yours!  http://www.langa.com/plus.htm 

Click to email this item to a friend
  http://www.langa.com/sendit2.htm

return to top of page

See you next issue!

Best,

Fred
(fred@langa.com)

Please recommend the LangaList to a friend! (And maybe win $10,000!I)

An easier-to read formatted HTML version is available in the "Current Issue" section of http://www.langa.com.  (The HTML version of each issue normally is available by 9AM EST [UT-5] of the issue date.) All past LangaList issues are also available at the Langa.Com site.

return to top of page

Administrivia:

UNSUBSCRIBE: From the same email account you used to sign up with), send an email to
unsubscribe-langalist@lyris.dundee.net

SUBSCRIBE (it's free!): Create and send a new email to
subscribe-langalist@lyris.dundee.net

CHANGE ADDRESS? LIST TROUBLE? HAVE QUESTIONS? OTHER PROBLEM? NEED HELP? See http://www.langa.com/help.htm

This is a 100% OPT-IN newsletter: See http://www.langa.com/info.htm

About the advertisers: http://www.langa.com/privacy.htm#ads

Disclaimer: http://www.langa.com/legal.htm  In brief: All information herein is offered as-is and without warranty of any kind. Neither Langa Consulting LLC, nor its employees nor contributors are responsible for any loss, injury, or damage, direct or consequential, resulting from your choosing to use of any information presented here.

This newsletter is a free service of Langa Consulting LLC and is Copyright © 1997-2005 Fred Langa/ Langa Consulting LLC. All worldwide rights reserved. LangaList: ISSN 1533-1156

return to top of page