How To Subscribe and Unsubscribe is at the end of this note. Mailing List Trouble? See http://langa.com/help.htm
Questions about the advertisers? See the end of this note. Please also see legal notices at the end of this note. LangaList: ISSN 1533-1156

Please recommend the LangaList to a friend! (And maybe win a prize!)

An easier-to read formatted HTML version of this newsletter is available
<a href=" http://langa.com/newsletters/2006/2006-01-16.htm ">here</a>

The LangaList
Standard Edition

2006-01-16

A Free Email Newsletter from Fred Langa
That Helps You Get More From Your Hardware, 
Software, and Time Online

Please visit our sponsors and help keep the LangaList S.E. free!

1) Five Essential Steps To PC Security

You see it in the news again and again: Identity theft, corporate data stolen, private information falling into the wrong hands...

But these kinds of problems are almost all preventable. With the five simple steps outlined here, you can make just about any PC secure from online attacks and data theft. This information is boiled down from literally hundreds of web sites and dozens of newsletter discussions, giving you a one-stop resource you can bookmark and refer to for keeping your PC safe and secure.

Plus, the article contains *dozens* of live links for you, giving you nearly instant access to the many tools and informational resources we discuss. See something you want in the text? It's just a click away!

Let's get started! With the information in this article, you'll be on your way to 365 days of safe computing!
http://www.informationweek.com/windows/showArticle.jhtml?articleID=177100010

Click to email this item to a friend
http://langa.com/sendit.htm

return to top of page

2) Symantec "Rootkit"

We first discussed "Rootkits" about a year ago.

A "rootkit" is a kind of software that activates each time the system boots. Malware installed as a rootkit is hard to find and very difficult to control because it's up and running before most of the rest of the OS is ready; and certainly before the user interface is up. Rootkits can be a problem for 2K/XP and Unix-like OSes (including Linux, Mac OSX, etc.). (More: http://langa.com/newsletters/2005/2005-04-18.htm#9 and http://www.google.com/search?as_q=rootkit&as_sitesearch=langa.com )

Although there are limited, valid uses for rootkits, some software vendors jumped on the technology for their own reasons. Sony, for example, started installing rootkits as part of their copy-protection scheme. In effect, they were covertly installing software at the deepest possible level in users PC solely for Sony's own benefit: "We're taking over your PC so we can protect our profits." That was bad enough, but the Sony rootkit also opened an avenue for malicious hackers to get into the deepest levels of your PC, too.

People were rightly incensed, and Sony had to backpedal. http://www.google.com/search?q=rootkit+sony

A week or so ago, it was widely reported that "Symantec Security Check" also installs a rootkit. In itself, as long as the user is notified what's going on, that wouldn't be a horrible thing because low-level security actually makes sense at the rootkit level. A rootkit-based security module would run early in the boot process, and be very hard to detect, remove or deactivate. Those are positive attributes for a security tool.

But, the early reports said, the Symantec tool contained a "buffer overflow" weakness that meant it could be used by malicious hackers to inject hostile code deep into a PC--- at the level of the rootkit itself. Yikes!

If it all were true, it might have been something. But as far as I can tell, the reports were a puree of fact, fiction, and old information.

First, the reports of a "rootkit" actually appear to be a somewhat hysterical overreaction to what was the normal action of the "Norton Protected Recycle Bin," which hides the files it contains from the OS. These files are not processed by the OS, and are not seen by normal software. This makes the Norton Recycle Bin a potentially attractive place to store malware, where it will be out of sight, hidden, and mostly inaccessible--- not a true rootkit, but something *like* a rootkit.

In response, Symantec released a patch, which makes their Recycle Bin less useful as a place to try to hide malware.

Quite separately, there apparently *is* a buffer-overflow problem in parts of the Norton suite. Some are apparently relatively newly-discovered: http://www.us-cert.gov/current/#symhpbuff . Others, especially the buffer-overflow vulnerability reported as part of "Symantec Security Check" rootkit thing, actually dates back a couple *years.* Those problems were resolved long ago, in 2003, when Symantec released a patch and a removal tool: http://www.symantec.com/avcenter/security/Content/2003.06.25.html

So, as far as I can tell, the story of the "Symantec Rootkit" contains a little bit of truth, a little bit of new news, some quite old "news," and a dollop of hysteria.

If you're running Symantec security tools, make sure you keep them updated--- run LiveUpdate manually, and/or visit the Symantec site yourself, if you have to--- and check this link for information that may supersede what's available to me as I write this:

http://www.google.com/search?q=symantec+rootkit

(See also next item.)

Click to email this item to a friend
http://langa.com/sendit.htm

return to top of page

3) Microsoft Completes XP "Lifecycle" Update

The careful language in the above item is to try to prevent a problem among some readers such as occurred in our discussions of Microsoft's changing XP's "Support Lifecycle" in anticipation of the arrival of Vista.

I'd said in the text:

Microsoft has juggled the lifecycle schedules of its products many times before and no doubt will do so again. In fact, as I write this, many of the official lifecycle information pages at Microsoft.Com are offline, presumably for updating.

and:

Those [Lifecycle] pages ARE in flux, just as I said in the last issue; there are changes being made RIGHT NOW.

and that proved true: In the 24 hours between when I wrote the last issue and when Plus! subscribers received it (Plus! issues are emailed sooner than other issues), Microsoft finally finished updating the Lifecycle pages, so they now all say the same thing: The Dec 31 2006 dates have been erased from the support timelines for XP; and the site now consistently states: "Mainstream support will end two years after the next version of this product is released." Microsoft still has not changed its base policy (and I don't think it will): "Consumer" products will normally have a 5-year life; "professional" or "business" products will normally have a 10-year life. But MS *is* allowing for at least a two-year transition period when a new product comes out. That's a good thing--- the old days of trying to "churn" the userbase into buying a new version every year or so seem well and truly dead.

Fred:  I'm sure you've probably already been notified ... Microsoft corrected the info they had posted that XP support would end at the end of this year. Here is a CNet article "False alarm over Windows support deadline" concerning it: http://tinyurl.com/9kahr I suspect your newsletter could be responsible, at least in part for bringing this to the forefront. ---Shawn Crites

Thanks, Shawn, and everyone who wrote in.

Click to email this item to a friend
http://langa.com/sendit.htm

return to top of page

--- ( Your Clicks On Ad Links Help Keep The LangaList S.E. Free! ) ---

"Dear Fred, Just wanted to let you know why I (finally) subscribed to
the Plus! edition. I have been a long time reader of the standard
edition, and had really been intending to upgrade for ages. In the
free edition, you made a comment about a hard drive needing around 15%
free space to defrag. Now, just a few days earlier I had found this out
the hard way... This is not the first time your comments have been
topical however, just off the top of my head, a few months back you
solved the mystery of the scrollbar issues that came up after a windows
update. Of all the newsletters I subscribe too, and there are quite a
few, yours is my favorite, something I always make time to really pore
over.... With all the talk about hackers and virus writers and scammers,
it's nice to know there are some good guys online!" --Craig Lee Asbury

Thanks, Craig!

The LangaList Plus! Edition is ad-free, spam-proof,
and carries even more content--- tips, tricks, advice, downloads---
than the Standard Edition you're now reading, and for just pennies an issue!

Once joined, you can renew your annual subscription for even less!

Get all the details:
http://langa.com/plus.htm

--------------( the above is an advertisement )--------------

4) That Pesky Vendor StartUp Logo

Hi Fred, Happy New Year to you and your's. Great news letter, I always pick up something useful. I hope that you could help me to shorten the time that the Dell logo stays on the screen before my PC boots up. It's like forever waiting for this PC to get rid of the logo and boot. The PC is a Dell Dimension L733r with a int pentium111,512mb of ram and running XP Pro. When my grandson bought it new it was running 98se and had the same problem. XP was a clean install, we ran "killdisk" a great program, (free from killdisk.com) that overwrites the drive with 0's. Than I formatted & partitioned and installed XP. The Dell logo still stays on the same amount of time. I think that it has to be something  in or on the motherboard. I tried msconfig to unload some start up programs, this makes no difference. I have Googled this on line but no luck. If you have any ideas I would be most appreciative. Thank you, Bob Peterson

I think you have two separate issues, here, Bob.

First: The startup logo, which can be either from the motherboard vendor, the system vendor, or the BIOS vendor, is usually inside the actual BIOS: It has nothing to do with the software on the hard drive. It's there to hide all the startup messages you otherwise see as various bits and pieces of the system wake up and come alive.

Those startup messages and (usually) an audible beep are part of the "power-on self test" or POST process. (See http://search.atomz.com/search/?sp-q=%22power%2Don+self+test%22+POST&sp-a=0008002a-sp00000000 )

But some of us actually like to see the startup messages--- OK, I'm a geek!--- as they provide the lowest-level feedback on a PC's hardware health: Any unexpected changes in the startup messages are usually worth exploring to see what changed, and why. And the startup messages are also useful in after-the-fact diagnosis of low-level system trouble.

Some systems let you temporarily disable the logo when you want to see the power-on messages. For example, some BIOSes let you hit the Tab or Esc key during boot to temporarily disable the on-screen logo, revealing the POST messages.

Other BIOSes let you toggle the logo on or off permanently. A common Intel BIOS, for example, offers a "Silent Boot" option. When enabled (the default setting), the OEM logo is displayed. When DISabled (that's my preferred setting), you see the POST messages.

So: Reboot your PC, and enter the BIOS setup program by hitting the appropriate key after the first POST beep. (The key is often Del or F2, although it could be any key; and you may have to hit it repeatedly. Check your owner's manual or vendor web site, or these pages http://www.google.com/search?q=enter+access+bios for exact info on how to get at the BIOS settings for your PC.)

Check under "Boot options" or any similar heading in the BIOS settings; and look for "Silent Boot" or any similar wording that might relate to what you see on screen as the PC wakes up. Not all BIOSes have the option to turn off the logo, but if yours does, the switch will be in there somewhere!

The second issue is the length of the boot process itself, which--- alas!--- will probably be the same whether or not the logo is displayed. You may be able to see where the PC is spending time in the boot process by seeing which POST messages take the longest, but you may have to dig deeper, once you can see what's going on:

http://www.google.com/search?as_q=slow+boot&as_sitesearch=langa.com
http://www.google.com/search?q=slow+boot

Click to email this item to a friend
http://langa.com/sendit.htm

return to top of page

5) "Mystery Program from MS"

That was the heading of this short note from reader DF Brown:

Hi Fred, I have a question about an update from Microsoft updates.Win XP Pro. I have been getting updates for a "Malicious Software Removal Tool" and I want to know what it is, what does it do and when does it do it. Any info would help. Thanks,  dfb

This started as a one-shot download from Microsoft, partly in response to the virulent "Sasser" worm; the rapid spread of which (like most worms and viruses) was caused by people running their PCs without even the most rudimentary forms of anti-malware protection.

The "Malicious Software Removal Tool" is actually just such a rudimentary anti-malware tool, designed to ensure that everyone has at least minimal protection. It showed up early last year. ( http://langa.com/newsletters/2005/2005-04-21.htm#3 ) It only targets a small number of the very worst and most common worms/trojans/viruses going around.

But because these malware nasties evolve, so does the tool: Now, a new version is  released about once a month, and is included as a routine part of WindowsUpdate downloads.

You can read more about the tool, or download the current version manually, at http://www.microsoft.com/security/malwareremove/default.mspx

Click to email this item to a friend
http://langa.com/sendit.htm

return to top of page

6) Is This Newsletter Interesting? Useful?

If you think the LangaList is a worthwhile read, maybe a friend would find it useful too! Just use the following link to recommend the LangaList---your friend may find a new source of useful information and you just may win one of three FREE ONE YEAR SUBSCRIPTIONS to the LangaList Plus! edition given each month. (If your name is drawn and you're already a Plus! subscriber, your current subscription will be extended by a full year.)

Check out the details at http://langa.com/recommend.htm . Thanks for recommending the LangaList--- and good luck!

Click to email this item to a friend
http://langa.com/sendit.htm

return to top of page

7) More CPU-Hungry Software

Our recent discussion of software that eats more than its share of your CPU time (eg "What's Eating His CPU Cycles?" http://langa.com/newsletters/2006/2006-01-12.htm#3 ) brought this query:

Fred: What the heck is lsass.exe? It is apparently some sort of system file that gobbles up CPU time. I thought I had the isass.exe Trojan, but it is the <little L> lsass.exe from the system folder.

Watching it for a little while, it uses from 56 to 76% of the CPU. Is that normal? If so, no wonder my P4/2.53 computer is slow and hiccupping! Duane Budd

We have to be a little careful with this one because the "sasser" worm (mentioned in #5, above) masquerades as the legitimate lsass component of the operating system: the Local Security Authority Service.

If your PC is up to date with all current security patches, including the "Malicious Software Removal Tool" (see #5, above), you shouldn't have the sasser worm; the security hole it used was patched a long time ago. But you can check by running any of the free sasser-removal tools available online, including:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html
http://vil.nai.com/vil/stinger/
http://www.f-secure.com/download-purchase/tools.shtml

Once your PC is known to be sasser-free, and if LSASS still seems to be too hungry, this information should help, as it's actually a fairly common problem:
http://support.microsoft.com/?kbid=842382
http://www.google.com/search?q=lsass+high+cpu+usage
http://tinyurl.com/8wksr

Click to email this item to a friend
http://langa.com/sendit.htm

return to top of page

8) They Loaded The Code

Do you have a home page or website? (It doesn't matter what size.) Please click over to http://langa.com/code.htm , and maybe you can join the hundreds and hundreds of LangaList readers who have "Loaded the Code!" (If you've already "Loaded The Code" and are wondering if your site will appear here or on the Langa.Com web site, please see http://langa.com/link.txt )

Speaking of which: Here's another eclectic sample of reader sites--- some professional, some very personal:

View A Randomly-Chosen Reader Site
http://langa.com/randomlink.htm

Manually Browse All Posted-to-Date Sites Starting At
http://langa.com/readersites.htm

Doug's Rambling Blog
http://dougramble.blogspot.com/

Jimmy Bayless Blog
http://www.myspace.com/jimmbay1

Airshow and Aviation video
http://www.topgunvideoproductions.com/

Jerseyville Pain Management
http://jerseyvillepainmanagement.com/links.htm

Christmas Pupper
http://www.bold-and-sassy.com/pupper/Cpupper.html

sandr gifts
http://www.sandrgifts.com/b1779s/

"In My own Way"
http://inmyownway.blogspot.com/

zimagirl79
http://www.xanga.com/zimagirl79

"Dave's Blog O'Stuff"
http://blogostuff.blogspot.com/

photo restoration
http://www.macajah.netfirms.com/

Click to email this item to a friend
http://langa.com/sendit.htm

return to top of page

9) CD/DVD/Flash Shelf Life?

In a recent article at "PCWorld.com", Kurt Gerecke, a physicist and storage expert at IBM Deutschland, stated that the best storage media for long-term was magnetic tape, with a life span of 30 to 100 years.  He also mentioned that CD and DVD storage was usually good for only a couple of years, 5 at the best.  Hard drives, he stated, have limitations based on the quality of their disk bearing.
 
My question is: Where do storage cards like CF and SD fall in comparison to these other storage media (in terms of longevity and reliability)? ---Mitch Trigger

We touched on this before when discussing USB thumb drives, which also are based on Flash-memory: Most vendors claim up to about a 10-year life for data stored in a flash device. (See "Life Expectancy Of Flash Drives?" http://langa.com/newsletters/2005/2005-12-08.htm#4 )

But I think it'd be dangerous to trust that--- it's called "flash" memory, not "freeze" memory. <g> It's simply not designed for archival storage. (And it's actually fairly expensive storage, too, compared to magnetic or optical storage. The only way to amortize the cost is to keep the flash device in use, not sitting in a drawer.)

So: I suggest that data be pulled out of flash memory and stored in a different form--- on a hard drive for medium-range storage, for example, or on a CD or DVD for long-range storage.

If the CDs or DVDs are stored casually, in ordinary room conditions and without special care, then Mr. Gerecke's estimate of 5 years, max, might be reasonable. But with a little care in preparation and handling (eg how the discs are labeled and stored), I think 10+ years should be achievable.

Consensus Emerging On CD/DVD Life
http://langa.com/newsletters/2004/2004-05-20.htm#5

Further Authoritative Info On CD/DVD Life
http://langa.com/newsletters/2004/2004-06-21.htm#4

The latter item includes this:

Click to email this item to a friend
http://langa.com/sendit.htm

return to top of page

10, 11, 12, 13) Plus! Edition Only:

Today's LangaList Plus! Edition contains about 40% more content including:

• Unfamiliar "File Blocked" Action
     (new security, new problems)
• Microsoft Monthly Updates On CD, Free
     (build a local library of updates/patches)
• Reader Feedback On "Microsoft OneCare"
     (where's MS going with these security tools?)
• Free VPN
     (connect PCs securely, even over the public internet)

Access to over 100,000 additional words in special features, extra content and private links, all on a private web site--- plus 40% more content in every issue, for about a dollar a month!

Full Plus! Edition info: http://langa.com/plus.htm 

Click to email this item to a friend
http://langa.com/sendit.htm

return to top of page

14) Just For Grins

Fred, just came across this... Google Purge ;)
http://www.theonion.com/content/node/40076
---Roger Saur

Click to email this item to a friend
http://langa.com/sendit.htm

return to top of page

 Give a gift subscription to the LangaList Plus edition!
Click <a href= " http://langa.com/plus_gift.htm ">here</a>)

The LangaList is published about 72 times a year, or about 6 times a month. See you next issue, 2006-01-19!

Best,

Fred
( Editor@Langa.Com )

Please recommend the LangaList to a friend! (And maybe win a prize!)

An easier-to read formatted HTML version is available in the "Current Issue" section of http://langa.com.  (The HTML version of each issue normally is available by 9AM EST [UT-5] of the issue date.) All past LangaList issues are also available at the Langa.Com site.

return to top of page

Administrivia:

UNSUBSCRIBE (instant removal!): http://langa.com/leave_langalist.htm

SUBSCRIBE (it's free!): http://langa.com/join_langalist.htm

CHANGE ADDRESS? LIST TROUBLE? HAVE QUESTIONS? OTHER PROBLEM? NEED HELP? See http://langa.com/help.htm

This newsletter is SPAM PROOF and requires two levels of subscriber confirmation before delivery begins: See http://langa.com/info.htm

About the advertisers: http://langa.com/privacy.htm#ads

Disclaimer: http://langa.com/legal.htm  In brief: All information herein is offered as-is and without warranty of any kind. Neither Langa Consulting LLC, nor its employees nor contributors are responsible for any loss, injury, or damage, direct or consequential, resulting from your choosing to use any information presented here.

This newsletter is a service of Langa Consulting LLC and is Copyright © 2006 Fred Langa / Langa Consulting LLC. All worldwide rights reserved. LangaList: ISSN 1533-1156

return to top of page