Welcome to the 84 Online Newsletter

 

Brought to you each week by the 84 Online Team, a loose collection of volunteers from around the Kentuckiana region.

 

84 Online is broadcast live each Sunday from 3:00 PM to 6:00 PM (EDT) on WHAS radio, 840 AM.  You may call the show directly during this time period at 502-571-8484 or toll free at 1-800-444-8484.  You may also interact with the team online by visiting www.84online.com and clicking on Chat Room.  IRC users can access the room through server ucanweb.com, channel #84online.  Chat hours match the show on Sunday and generally some of the members are in nightly from 8:00 to 10:00 PM EDT. 

Vol. 3, No. 7                

 

I’m sure you all remember the widely reported “SQL Slammer” worm, which slowed the Internet to a crawl a few weekends ago.  http://news.com.com/2100-1001-983197.html calls it the first “Warhol” worm since it appears to have been able to infect the entire Internet within 15 minutes.

 

According to that CNet report, Slammer “doubled in size every 8.5 seconds when it first appeared, and reached the full rate at which it was scanning for vulnerable computers--a rate of more than 55 million scans per second--after about three minutes.”

 

Robert Graham at http://www.robertgraham.com/journal/030126-sqlslammer.html has an extremely in depth analysis of the worm’s spread, as well as common misconceptions about it from the news media (such as that it was similar to CodeRed and that it originated in the US) and offers his thoughts that dispute their statements. 

 

A radical Islamic terrorist group called Harkat-ul-Mujahideen has claimed responsibility for the worm (http://www.pc-radio.com/Terrorist.htm) but most IT security experts are dismissing the claim as bogus.  The NIPC (National Infrastructure Protection Center) at the FBI is looking into the matter.

 

The worm took down South Korea’s phone system and ATMs and airline reservation systems in the US, as well as infecting a slew of SQL servers at Microsoft (http://www.computerworld.com/securitytopics/security/story/0,10801,77945,00.html), which I find amusing but not particularly surprising.

 

Why do I bring this up now, lo these many weeks later?

 

Last week Symantec, the folks who bring you the Norton security and antivirus products, issued a press release at http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0 that claimed that their DeepSight Threat Management System tumbled to the worm’s activity hours before it exploded on the web.  They go on to say they “then delivered timely alerts and procedures, enabling administrators to protect against the attack before their environment was compromised.”

 

Hmmm… So, every security expert known to man says that Slammer had pretty much infected every vulnerable machine in about 10 minutes?  And Symantec knew about this likelihood hours ahead of time?  That statement certainly raises some interesting possibilities.

 

My first thought is that DeepSight must be psychic ala “Minority Report”.  If this is in fact true then all future virus writers better turn themselves in now because they are SO busted.  My second thought (actually it was my first thought but I lied to give the first sentence of this paragraph a little more punch ;)) is that Symantec may have “exaggerated” a bit about the abilities of DeepSight to bolster the unwashed masses’ view of them as the be-all and end-all of security software.   

 

One pundit at http://tech-report.com/news_reply.x/4747 even suggests that Symantec may have known about the existence of the worm prior to its release.  Not that I give any credence to that theory but you have to admit it is a juicy little bit for the conspiracy theorists.

 

Regardless of whether Symantec’s claims are true or not, they have really shot themselves in the foot with this press release.  They basically say they knew about the fastest spreading virus ever and they didn’t adhere to the “common good” agreement between antivirus companies to share such information as soon as possible.

 

Security expert Robert Ferrell is quoted at http://www.wired.com/news/infostructure/0,1377,57676-2,00.html as saying “But if they did detect and correctly interpret the signs of Slammer before anyone else and they chose not to make that information public, then they're just as responsible for the damages done by the worm as the author”.

 

Since Symantec can’t even secure its own servers (see http://www.wired.com/news/infostructure/0,1377,57438,00.html) one would think they are too inept to be of much use in the real world.  I’m so glad I use Panda ;)

 

Kevin Mefford, Editor

84online@microdome.net

 

Download of the Week

 

Boot

 

I spent way too much time this week emailing other Team members about the “boot process” I guess.  As fate would have it, I picked up the March issue of PCWorld magazine and found a nice utility for speeding up Windows XP’s load time.

 

The program is called “BootVis”, a free Microsoft utility.  “BootVis” will graphically display your machine’s boot performance, then it will explain why the load takes the time it does.

 

Download “BootVis” to a folder, and then launch it.  Choose <Trace<Next Boot + Driver Delays>.  When the dialog box appears, choose four repetitions and walk away.  “BootVis” can take a very long time to complete its analysis.  Your machine may even appear to stall or lock up; don’t worry about it.  Once “BootVis” is complete, choose <Trace<Optimize>.  The program will then shuffle drivers and their boot order based on that analysis.

                               

The result is a faster boot process with details about how and why your machine was slow to start.  Get “BootVis” here: http://find.pcworld.com/32681.

 

I have decided to heed some advice about “getting out more often” and will make this my final article in this newsletter.  I have enjoyed sharing my finds with you all and hope to see the column continue under the tutelage of my successor whoever that may be.  Thanks for all of your kind words.

 

Art Maley

 

Windows Tip of the Week

 

We’ve mentioned before how to change XP’s Start menu to look more like Windows 98 (right click on Start, click Properties and select Classic View) but did you know you could change almost everything to look the same?

 

Control Panel has the new Category View for example.  In the upper left corner of that window you can click on Switch to Classic View and see the familiar Add New Hardware and Add/Remove Programs etc. icons.  Right click on the Desktop and choose Properties and Appearance and you can change the Windows and Buttons from Windows XP style to Windows Classic style.

 

These little appearance tweaks are everywhere in XP.  Don’t be afraid to experiment J

 

Email Question of the Week

 

Q:  For about two years, I had Internet connection via Telocity / DirectTV DSL.  They recently went out of business so we signed up for cable
connection to the Internet via Insightbb.

We had numerous problems with Telocity and so we decided to use a PC with minimal software on it and use it for our Internet PC.  The PC uses Windows 98, 64 Meg RAM, 15 Gig Hard Drive and a 233 MZ Pentium
processor.  The only significant software we have installed is MS Office.

The first few days that we had Insightbb installed, it worked fine.  It gave us a faster connection than with Telocity.  I knew from past experience that we should install a firewall so I went out and bought McAfee VirusScan 7.0, which has a firewall with it.

After installing both the VirusScan and the firewall and after selecting what programs could have access thru the firewall, I have found that I couldn't access the Internet.  The problem has continued for several days so we resorted to turning off the firewall to access the Internet (defeating the purpose of the firewall).  It seems like this worked Ok for a couple
of days and then, even that wouldn't allow us access.  I then uninstalled the firewall and can now access the Internet as usual.  What is going on?

What good is the firewall if it won't allow me to access the Internet, even when it is turned off?

How critical is it that I have firewall protection if I cable access to the Internet? 

Does Insightbb have a recommended firewall?

If I am accessing my bank account and mutual fund account online, whereby I have to enter a password and ID, can hackers see what I am doing if I don't have the firewall enabled? 

Can they read my password as I type it into a starred ("******") field?

Most of these financial sites have some kind of message that their sites are protected by some kind of encryption.  Is that reliable without a firewall
enabled? 

On your show you mentioned something about zonelab.com as having a free firewall.  Will that firewall meet my needs?

 

A:  I'm sorry to say that you have been affected by the McAfee curse.  We generally recommend avoiding McAfee products at all costs, at least for the home user.  I would almost be willing to put money on the fact that McAfee was your problem, even when the firewall itself is turned off.  That said we should be able to help you get protected, without costing you any more money.

 

First of all, you are going to want to uninstall all of the McAfee software that you can.  Unfortunately, you probably won't be able to get a refund on open-box software.  Next, head to http://www.grisoft.com to download AVG.  This is a free antivirus program that works extremely well.  Just download the AVG Free Edition.

 

Now, you have two options.  As Bob suggested, you can get a router.  This will run you under $100 and will serve two purposes: it will give you a built-in firewall that will probably be more effective than a software firewall, and it will allow you to easily share your internet connection between all of your computers.  That way you will not be forced to use that one computer for accessing the Internet.  We generally recommend SMC, NetGear, or DLink equipment.  I would go ahead and get a wireless router since it will give you the option of wired or wireless connectivity.  For each of the client computers you will need either a nic card and a nic cable or a wireless nic (I recommend USB because it is easy).  For your main machine, InsightBB probably already installed a nic card for the cable modem, so you should be set for that one.  Your other (free) option is to download ZoneAlarm at http://www.zonelabs.com.  Like the McAfee one, this one will have to be trained, but it does provide effective protection.  Note: they kind of hide the free version ... just look hard.  Don't bother spending money for the pro version.

 

As for your Internet banking, look in the lower-right corner of the IE window when you are entering data.  If you see a little locked padlock there, it means that all the data that is transferred, is being transferred over an encrypted connection.  This means that, provided that your machine is virus-free, that data is safe, with or without a firewall.

 

I hope this helps.  If you have any other questions, please let me know.

 

Kyle Harmon

webmaster@ucanweb.com

 

Contact info and legal stuff

 

If you have tech support questions or ideas and/or submissions for our newsletter please email them to bob@iglou.com.

 

Copyright 2003, The 84 Online Team.  All rights reserved.  Publication, rebroadcast or storage is prohibited without prior consent, however you may freely forward this publication to friends as long as A) it is forwarded in its entirety and B) no fee is charged.

 

Information provided in this publication is provided "as is" without warranty of any kind, either expressed or implied.  Although the information provided is known to work on most systems, it may not work on ALL systems.  Make use of any information supplied at your own risk.

 

The 84 Online Team is a group of volunteers who provide support for the 84 Online radio broadcast.  Team members are not directly affiliated with nor employed by Clear Channel Communications or WHAS.  Views and opinions voiced in this publication do not necessarily reflect the views held by Clear Channel or WHAS.

 

To unsubscribe from this newsletter send a blank email to newsletter-unsubscribe@84online.net.