Brought to you each week by the 84 Online Team, a loose collection of volunteers from around the Kentuckiana region.
84 Online is broadcast live each Sunday from 3:00 PM to 6:00 PM (EDT) on WHAS radio, 840 AM. You may call the show directly during this time period at 502-571-8484 or toll free at 1-800-444-8484. You may also interact with the team online by visiting www.84online.com and clicking on Chat Room. IRC users can access the room through irc://ucanweb.com/84online. Chat hours match the show on Sunday and generally some of the members are in nightly from 8:00 to 10:00 PM EDT.
If you’re new to the Newsletter you can read back issues at http://forums.84online.net/forumdisplay.php?s=&forumid=53. Team member JP Durbin mirrors the archive at
http://www.jpdurbin.net/84archive/.
Looking for answers to your computer questions? The 84Online BBS offers 24/7 tech support directly from the 84Online team. Search for answers to frequently asked questions or post a question of your own. Visit us at http://forums.84online.net.
The WHAS Crusade for Children provides year round support for needy children throughout the Kentuckiana region. Visit http://www.whascrusade.org to make donations online.
8-20-03
Blaster is still in the news but stupidity and a misguided attempt to help have knocked it down a peg or two.
A new worm making the rounds this week uses the same security hole that Blaster did to slither its way into unpatched PCs but the payload is pretty unusual. Once the target PC is infected the Nachi (or Welchia) virus searches for the Blaster worm and deletes it, then contacts the Windows Update site and downloads the patch to close the security hole. Once finished Nachi deletes itself and reboots the PC.
While I’m sure there was some feeling of public service here the whole episode reminds me of the “Jurassic Park” scene when the T-Rex attacks the ‘Raptors in the main lobby, allowing Dr. Grant and crew to escape. One creature capable of eating the gang whole killed another creature capable of eating the gang whole.
Nachi caused some problems of it’s own, clogging up network bandwidth and shutting down many corporate and government functions, which account for the stupidity in this equation. According to http://www.courier-journal.com/localnews/2003/08/19ky/met-front-worm08190-4538.html Rodney Murphy from Kentucky’s Office of Technology said “We know that we've got many offices that have been infected across the state. I would say that it's at least hundreds of machines around the state. It could be thousands." Can I hear a huge DUH! here?
Blaster infected hundreds of thousands to millions of PCs last week using the same exploit, for which Microsoft posted a patch over a month ago, and Ky. State Government could have “thousands” of machines infected with Nachi?!? Color me stupefied! What’s sad is that this isn’t a slam against Kentucky. They join almost every other State and maybe even the Federal government and many, many corporations in lagging behind installing updates.
The biggest reason updates from Microsoft aren’t installed as soon as they become available, especially amongst IT professionals in charge of large corporate and government networks, is that often the patch will fix one problem and break something else.
While this patch is small, easy to install by end users and poses an obvious danger if left out of the update cycle I understand the reticence of SysOps. In my humble opinion it should have been rolled out sometime in late July, after careful testing by the folks in charge of large networks, but it’s up to each organization to weigh the obvious dangers of an exploit and the possibility of a public relations nightmare if they get bit vs. the distinct possibility that a quickly distributed patch could shut down vital services for an unacceptably long time due to some unforeseen conflict with a proprietary application.
To make matters worse, Microsoft is again considering a default setting to automatically update Windows without user intervention (http://www.theregister.co.uk/content/4/32406.html), much to the chagrin of anyone with an IQ above 2. Do you investigate a series of thumps in the basement after discovering the bodies of a bunch of promiscuous teens in your isolated cabin? OF COURSE NOT! It may be next week before we can release Hash from his cage in the back yard after he heard about this ;)
Microsoft has tried this “auto update” feature before in Service Pack 1 for XP. Hash points out from his chain-link digs that the EULA (End User License Agreement) for SP1 contained this frightening line:
“You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer.”
Luckily that particular nightmare died aborning and most savvy users turned it off because it was annoying. And if someone figured how to hack into the auto update feature? Cyber Armageddon I’m certain.
Allowing ANY program to install things on your PC without asking first and describing what the download does is begging for trouble. Who knows what might come down the pipe?
And yet another fast spreading virus, Sobig.F, exploded onto the scene on Tuesday. http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=40408&sind=0 gives it a Severe rating. The lucky thing here is that it spreads via email attachments so if the savvy user doesn’t open the attachment they’re safe.
Sobig.F has a back door component, which could allow malicious remote users to hijack your PC. It can spread through unprotected network shares and can “update” itself through downloads from the Internet.
The unlucky thing with Sobig.F is that it spoofs the From field in the infected emails it sends out, which results in mindless server virus filters auto-responding to the spoofed “sender” that they are infected. Obviously this has caused a great deal of confusion and concern over the last couple of days. If you get an email telling you that you’re infected with Sobig.F you can pretty much ignore it. It’s a false positive.
This has been a bad couple of weeks for computer users and my usual mantra of update your antivirus program, update Windows and run a firewall applies yet again.
Wait a minute; I feel a sneeze coming on… Uhoh…
Kevin Mefford, Editor
Hardware Review: Vision TW-712
Hello to all
the 84 Online subscribers!
This week I
have decided to submit a hardware review for the newsletter. I was flipping
through a magazine when I saw this device in a PC and thought “Wow! I gotta have
it!” After I did a little research to see what I was getting into, I ordered it.
The Vision
TW-712 is an IDE hard drive canister. This means that I can put multiple drives
into one box for easy access/replacement. The device claims to be hot-swappable,
which means I can replace drives “on the fly” and fills two empty 5 ¼ external
drive bays. This unit holds three standard hard drives. Let’s see how we fared.
The package
includes one frame (referred to as the “canister” throughout the article) to
mount permanently in the case. There are 3 separate PCB’s on the rear of the
unit, with connections on the outside for power and data connections, and a male
receptacle on the inside to connect to the drive trays when they are inserted
into the unit. Each PCB is secured to the canister by two small screws that
allow for any adjustments, there’ll be more on that later. The kit also included the keys to use in
the locks, various screws for mounting the unit, and a power adapter with one
female and three male ends, thereby requiring only one precious power connector
from your power supply.
Also included
are three trays to mount your drives into. The front of the trays have a purple
lever to secure/detach the drive to/from the canister and a key lock to keep the
drives in place. There are also LED’s for power and activity right above the
lock. Inside are screw holes to mount the drives and another adjustable PCB with
connections for power and data on the drive. Power is delivered to the drive
with a standard wired Molex connector with about 1 inch of wire to work with.
The connection for the data on the drive is hard soldered to the PCB and has to
be adjusted to meet the needs of your drive.
Setting up the
unit is apparently pretty simple, as no instructions were included with my unit.
A diagram was provided that shows the pinouts for the extra LED’s that you may
want to connect. Unfortunately some users may find that the sheer size
necessitates that they modify their case so that the canister will fit inside,
as some cases have lips to hold your drives in place while you secure them.
The mounting
points provided on my canister did not line up in my case. I had to decide
between forcing screws into the unit at an angle and leaving the unit unsecured
in the case. I attempted to use the provided screws to secure the unit, and the
first one broke at the head. I then decided to leave the unit in the case
without screws. I attached the power and ribbons to the back and was ready to
mount a drive in the tray.
Mounting the
drives in the tray was pretty simple, just as you would in any other case. I do
however have to point out a few flaws in the design of the trays. First, due to
the design of the tray and PCB, once the drive is mounted, no adjustments can be
made, so be sure that your drive is properly configured for master, slave, or
cable select. I also find fault with the design of the tray in that the PCB has
to be aligned to the drive. Instead of a simple ribbon cable from the PCB to the
drive, this design requires that you align each drive individually, and then
align the canister to the tray. I don’t prefer this design because it prevents
simple changes to the drive, and greatly reduces compatibility. Matters are made
worse by the fact that the adjustments need to be so precise that minor
differences might allow the tray cause damage to the canister. I found out the
hard way, bending the three pins on the middle receptacle when I installed the
Western Digital drive after what seemed to be a smooth installation.
Another
downfall to this package is that no extra drive trays are included in the kit.
The idea for hot-swapping a hard drive may require that a speedy replacement be
installed, and I would like to see another tray included to accommodate this
feature. This is another reason I do not like the need to align the two PCB’s to
properly install a drive. If you are a user, who is faithful to one drive
manufacturer, and need a replacement, but get another brand, then you have to
remove some or all of the drives to make all the necessary adjustments. This
means that the system will be down while you work. I have to ask, how
“hot-swappable” is that?
Yet another
oversight on this unit is the total lack of cooling. When you have three drives
in one small, confined space, things can get hot. Cooling was completely
overlooked, and only a few slits are in the canister that allows any type of
airflow. I hardly believe that this is sufficient. I would like to see future
generation of this model include some type of active cooling. I found more than
enough space on the left of the canister, or in the front of the tray.
My results
with hot-swapping the drives were far less than stellar. Using Windows 2000 Pro,
the system still refused to acknowledge that drives had been moved and did not
give me access to them once placed in their new location. Does this mean that I
can only replace the drive with exact replicas of what was in there? If so, it
would have been nice to see that in the manual that was not included. I feel
that really detracts from the value of the unit and the idea.
Overall, this
is a great idea, but that’s where the brownie points end. The idea is hampered
by a complete lack of thought on the design of the unit, no active cooling and
manual PCB alignment that is tedious and should be unnecessary. I cannot recommend this unit to anyone
in its current state. I hate to say it, but there just aren’t many good things
to say about the device. They should redesign the unit to use a more SCSI-like
design for the receptacle between the tray and canister, to facilitate permanent
placement of PCB’s and include active cooling. Also, incorporate an 80-wire
ribbon for the transfer between the tray and its PCB.
You can expect
to pay about $160 for this unit before taxes or shipping, far more than what I
feel is proper considering its current state. As I said before, I can’t
recommend this kit to anyone who uses drives from multiple manufacturers,
doesn’t feel safe modifying their case, changing the internal workings of the
canister or anyone who is looking for a (key words here) simple to use and easy
to install hot-swap IDE unit.
Troy
Overton
As long as we’re talking about online security I might as well mention a really easy way to prevent malicious websites from retrieving the data you may have stored in your clipboard.
Anytime you
use the copy/cut and paste function the information that you moved remains in
the clipboard until it’s replaced by something else or is cleared by a
reboot. A default setting in
Internet Explorer allows that information to be read remotely by a web
site.
To block this
you’ll need to open IE and click on Tools and Internet Options. Click the Security tab, click Internet
and click the Custom Level button.
Look for the listing labeled as Allow paste operations via script. Click the box to disable that and OK,
Apply and OK and your precious data is safer.
Q: I was listening this past Sunday on your 84
Online show, what does your team have against Compaq computers always? I have two desktops and one laptop and
haven’t had any trouble out of any of them. But they were bought before HP
merged with Compaq. In my opinion
HP computers are junk. I hope
Compaq keeps the same standards as they have in the past, but if HP has its way
they probably will become junk too.
Love your Show on Sunday.
Keep up the good work.
A: Compaq/HP is like many
other computer manufacturers of late: if you buy a mid-range or high-end system
from them, you will probably get a decent machine. Many of the problems
come with the low-end systems, where the profit margins are so slim that some
manufacturers change parts suppliers every week. The company I work
for uses Compaq servers exclusively and they have been, overall, great
machines.
As team member Kevin Mefford has said more than once, when you buy a computer you are actually buying a group of parts made by different companies and assembled by Compaq, Gateway, Dell etc. On the high-end systems offered by these companies, the parts are from manufacturers that we have heard of: Nvidia, ATI, Creative, Western Digital, Maxtor etc. On the low-end systems the parts are often made by second- and third- tier manufacturers. So while we may seem to come down hard on Compaq, rest assured that they are not the only guilty party. Thanks for listening.
Matthew Dattilo
If you have
tech support questions or ideas and/or submissions for our newsletter please
email them to bob@iglou.com.
Copyright 2003,
The 84 Online Team. All rights
reserved. Publication, rebroadcast
or storage is prohibited without prior consent, however you may freely forward
this publication to friends as long as A) it is forwarded in its entirety and B)
no fee is charged.
Information
provided in this publication is provided "as is" without warranty of any kind,
either expressed or implied.
Although the information provided is known to work on most systems, it
may not work on ALL systems. Make
use of any information supplied at your own risk.
The 84 Online
Team is a group of volunteers who provide support for the 84 Online radio
broadcast. Team members are not
directly affiliated with nor employed by Clear Channel Communications or
WHAS. Views and opinions voiced in
this publication do not necessarily reflect the views held by Clear Channel or
WHAS.
To unsubscribe from this newsletter send a blank email to newsletter-unsubscribe@84online.net.