|
Please visit the LangaList Home Page Please note: Older issues may contain information that is now out of date How To
Subscribe and Unsubscribe is at the end of this
note. Mailing List Trouble? See
http://www.langa.com/help.htm Please recommend the LangaList to a friend! (And maybe win a prize!) An easier-to read formatted
HTML version of this newsletter is available The
LangaList 2003-10-02 Please visit our sponsors and help keep the LangaList S.E. free!
--- ( Your Clicks On Ad Links Help Keep The LangaList S.E. Free! ) --- "Mr. Langa, Your 'Plus' is the ONLY
newsletter that I have found to be Thank you, Michael! --------------( the above is an advertisement )--------------
1) Who's Responsible For Security Problems?The current InformationWeek article at http://www.informationweek.com/story/showArticle.jhtml?articleID=15200416 is generating some, ahem, heated email. Some readers thought I was being too easy on Microsoft, others too hard. I was trying for balance, so maybe I succeeded. 8-) But I think there's no question that Microsoft isn't doing all it could: Many security issues in Microsoft software are discovered by small companies and one-person shops. Somehow, these small companies and individuals manage to do what Microsoft itself cannot--or rather, will not, do. Surely, a flaw that can be discovered by some lone programmer working in his basement ought to be able to be discovered by the world's largest desktop-software company. And it's not that these problems are impossible to fix: In fact, they're fixed regularly, after the fact, in Windows Update items. If they can be patched after the fact, why can't they be found and fixed before the code goes out the door? Clearly, there are very real problems with the way Microsoft builds and tests software. But I disagree with those who say it's *all* Microsoft's fault because there also are factors involving human nature and market forces--which is to say, involving you and me-- that factor into the equation. For example, the recent "Blaster" worm infected tens of millions of PCs, but Microsoft had already released a patch for the security hole that Blaster exploited. Because many millions of users ignored the patch, Blaster ran wild. And it wasn't just the patch: ALL those infected PCs were running without ANY of the most basic security measures--- the OSes weren't properly patched, didn't have a decent desktop firewall, and were running without a good antivirus tool. Any one of those three precautions would have stopped the Blaster worm in its tracks, but clearly, huge numbers of users still are running their PCs wide open and unprotected. To me, running an unpatched, unprotected PC is a form of negligence analogous to driving a car with bad brakes or broken headlights: You're going to get yourself into trouble, and also make things worse for everyone around you. Just as drivers who share the road must also share responsibility for safety, we all now share the same global network, and thus must regard computer security as a necessary social responsibility. To me, anyone unwilling to take simple security precautions is a major, active part of the problem that transcends whatever brand of operating system happens to be in use. There's lots more to this discussion, and it's all online, free, at http://www.informationweek.com/story/showArticle.jhtml?articleID=15200416 . There, I'll show you where I think the problems lie, and what we could do about it. I'll also discuss how even the most-security-conscious among us may unwittingly contribute to security problems; and I'll detail steps you can take to make yourself quite acceptably secure now, but more importantly, also to remain secure in the future, as attacks get even more common and more hostile. But what's your take? Is responsibility for security shared between vendors and end users, as I suggest, or is it mainly a vendor problem? If someone said, "I can give you virtually hacker-proof software, but it will require that you toss all your current software," would you do it? Would your company? Do you prefer an incremental approach to improving security, even if that takes longer? What steps do you currently take to keep your own PC safe? Join in the discussion at http://www.informationweek.com/story/showArticle.jhtml?articleID=15200416 ! Click to email this item to a
friend --- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )-------------- 2) Interesting IdeaThis reader's note got me thinking anew about a topic I'd long-ago placed on a back burner:
RAM drives are sections of RAM--- system memory--- set aside and controlled by special software so that your operating system thinks the RAM area is a normal hard drive: A RAM drive gets assigned a drive letter and can be used and accessed like any other drive. But RAM drives are much, much faster than mechanical drives: RAM operates at nanosecond speeds (billionths of a second), six orders of magnitude faster than the millisecond speeds (thousandths of a second) of mechanical drives. This makes RAM drives great for scratchpads, swapfiles, and such, where data gets written and read very frequently. RAM drives also are transient. A real hard drive magnetically "remembers" data even when it's turned off, but a RAM drive gets erased completely. That makes RAM drives lousy for permanent storage, but great for data you *want* to forget: Some users put swap files, browser Cookie and History files, etc. in a RAM drive where it can be accessed at high speed during use, but which will totally go away when the PC is turned off. All the above is fairly standard. What's new to this is the increasing popularity of systems with huge amounts of RAM--- 512MB, 1GB or even more. The experiment I'd love to try, but haven't yet, is this: On a system with, say, 1GB of RAM, set up a large RAM drive, and install Windows to the RAM drive so the entire OS operates at RAM speeds, with essentially zero accesses to the mechanical hard drive. Of course, working out the installation details would be tricky because Windows wants to reboot during setup, and rebooting would wipe out the RAM drive.... Getting a RAM-based Windows setup running would be a fun experiment in itself, but not terribly useful. To make it practical, you'd have to find a way to use a boot manager and imaging tool with the RAM drive: You'd make an image of the RAM-drive installation, and store that on the mechanical hard drive. At reboot, you'd "restore" the image from the hard drive to the RAM drive, and go from there. Easy concept; difficult execution. I've seen web sites where various persons have tackled one or more parts of this challenge, but to my knowledge, no one has a complete, step-by-step process worked out from start to finish. The devil, as they say, would be in the details.... Any experimenters out there? <g> Now, to get back to Mahmud's question: Sure, there are RAM drives available for XP, and these can be used for all the normal things such as swap file storage, Cookie/History storage, scratch pads, etc. Some of the RAM drives are free, but require a little tweaking: http://www.hardwareanalysis.com/content/topic/7663/ http://pub29.ezboard.com/fcyberwizardfrm20.showMessage?topicID=16.topic http://www.google.com/search?q=ramdrive+xp My guess is that a *lot* of you are going to be playing with RAM drives very soon! 8-) Click to email this item to a
friend 3) Better SearchingMike Elgan, now at http://www.mikeslist.com/ and http://www.elgan.com/, and formerly the editor of Windows Magazine, writes:
Thanks, Mike. I also avoid using Search when I can. I use Advanced Find and Replace ( http://www.abacre.com/afr/index. htm ) as both a find and find/replace utility; and Wilbur ( http://wilbur.redtree.com/ ) for indexed searching.XP's built in Search is better than nothing, but indeed there are far better alternatives out there! 8-) Click to email this item to a
friend 4) Moving/Merging Folders For Easy Sharing
Changing the location of the My Documents folder http://support.microsoft.com/default.aspx?scid=kb;en-us;221837 How to Establish a Common Favorites Folder with Windows NT http://support.microsoft.com/default.aspx?scid=kb;en-us;158787 "How to Change the Location of the Windows Address Book" in Outlook Express http://support.microsoft.com/default.aspx?scid=kb;en-us;156828 I enjoy the newsletter.--- Jim Painter Thanks, Jim. Those links are a real help. The issue I most often encounter isn't permanently sharing whole folders, but sharing files and folders on a temporary or ad-hoc basis. Because my whole LAN is behind a network-address-translator (something like a proxy; see next item, and http://www.techweb.com/encyclopedia/defineterm?term=NAT&x=24&y=9 ), and because I also use desktop firewalls that isolate my LAN addresses from the internet at large, I simply place these files and folders in the "Shared Documents" folder. They're accessible from any other PC on the LAN--- but still not accessible from the outside world. For limited file-sharing, the built-in "Shared Documents" folder is all that I need. Click to email this item to a
friend --- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )-------------- 5) Internet Connection Sharing LimitationsICS, the "Internet Connection Sharing" facility built into Windows starting with Win98, has several major limitations. For example, XP Home edition is artificially limited to five peer-to-peer network connections at once. You can't simultaneously connect six or more PCs to each other with XP Home; and you also can't use ICS on a XP Home box to share an internet connection with more than five PCs, even if there's no other peer-to-peer activity going on, or if the other systems aren't running XP Home. And ICS, per se, isn't available at all to older boxes:
The answer to all these problems is to use a third-party sharing tool. One that I've recommended repeatedly is Sygate Network, which comes in both Home and Office flavors. The "Home" designation is a little misleading because you can buy various licensing levels to allow 3, 6, 10, 25, or an unlimited number of simultaneous connections--- well beyond what you'd find in any normal "home." The "Office" version has more features, but both versions let you connect many PCs; and in fact I use the "Home" version just fine here in my office to allow a wide range of Windows and Linux boxes to share a single internet connection. In any case, because these connections happen inside the Sygate software, the OS doesn't "see" them, and you're thus not bound by artificial limits that may be built into your OS version. Sygate Network also will run on older hardware--- a 486 with 32MB or RAM will do it--- and on any OS all the way back to Win95b. The other PCs connecting through Sygate Network can be anything that uses normal TCP/IP technology--- Windows, Macs, Linux boxes, palmtops, etc. Best of all, even though Sygate Network is itself quite good as a kind of stealthing/network-address-translating firewall for all the machines that connect behind it, it also coexists well with the free Sygate Personal Firewall, so you can have double protection without the software stepping on each other's toes. It's not free, but it starts at just $40--- which is a whole lot cheaper than buying a new PC, or upgrading to XP Pro, for example. In fact, if you have an old PC lying around, something like Sygate Network can let you use it not only to share your internet connection, but also to use the old PC as a buffer between your real PC(s) and the outside world: With a shared connection, that old PC is the only one that directly connects to the outside world, thus adding a layer of protection that makes your other PC(s) much, much harder for crackers to find and attack. Sygate Network: Note: You also can do this with many other brands and types of routers and ICS-like software, including some free products, especially for Linux, as in http://www.google.com/search?q=free+linux+router . But if you're not familiar with Linux, a Windows-based package like Sygate network may be a better fit. Sygate network even allows for a "one-NIC" setup, where you don't even have to have a conventional LAN at all! Click to email this item to a
friend 6) Three More Winners!"RodgeT," "Splitshot1" and "Ronlute" each won a FREE full one-year subscription to the LangaList Plus! edition by using the "Recommend To A Friend" form at http://www.langa.com/recommend.htm . You see, each month I choose three winners of a new FREE ONE YEAR SUBSCRIPTION to the LangaList Plus! edition. (Existing Plus! subscribers get their current subscription extended by a full year.) To have a shot at winning, just use the following link to recommend the LangaList to a friend. Your friend just may find a new source of useful information; I just may gain a new subscriber; and you just may win! (Full details also available via this link): http://www.langa.com/recommend.htm Click to email this item to a
friend 7) Outlook Aids
From the sites:
Thanks, Ron! Click to email this item to a
friend 8) More Reader Sites!Do you have a home page or website? (It doesn't
matter what size.) Please click over to
http://www.langa.com/code.htm , and maybe you can join the hundreds and
hundreds of LangaList readers who have "Loaded the Code!" (If you've already
"Loaded The Code" and are wondering if your site will appear here or on the
Langa.Com web site, please see
http://www.langa.com/link.txt ) View A Randomly-Chosen Reader Site From Among All Listed http://www.langa.com/randomlink.htm Manually Browse All Posted-to-Date Sites
Starting At Paleontological Facial Reconstruction SOHO Coaching & Resources Linda White An American on the loose in Europe Bruno-Rehn Business Brokers Bloke's Fun Page A-Z Darts Tours About Mull Serra Designs Jordan's Computer Service Click to email this item to a
friend --- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )-------------- 9) "Wowza Site"
"Wowza" is what Steve called the site in the Subject line of his email--- but I agree! There's an amazing array of material there--- even how-tos and tutorials. Check it out! Click to email this item to a
friend 10) Just For GrinsKen Dooley sent along this "QUIZ FOR PEOPLE WHO KNOW EVERYTHING:"
Click to email this item to a
friend --- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )-------------- 11) Plus! Edition Highlights:
DID YOU KNOW--- that Plus! subscribers have access to additional special features, extra content and links on a private web site? All that, plus 30% more content in every issue, for just $1 a month! Full Plus! Edition info: http://www.langa.com/plus.htm Click to email this item to a
friend (Want to give a gift
subscription to the LangaList Plus edition? See you next issue! Best, An easier-to read formatted HTML version is available in the "Current Issue" section of http://www.langa.com. (The HTML version of each issue normally is available by 9AM EST [UT-5] of the issue date.) All past LangaList issues are also available at the Langa.Com site. UNSUBSCRIBE: From the same email account you
used to sign up with), send an email to SUBSCRIBE (it's free!): Create and send a new email to CHANGE ADDRESS? LIST TROUBLE? HAVE QUESTIONS? OTHER PROBLEM? NEED HELP? See http://www.langa.com/help.htm This newsletter is SPAM PROOF and requires two levels of subscriber confirmation
before delivery begins: See
http://www.langa.com/info.htm |
|
Please visit the LangaList Home Page |