WATCH OUT- NEW VIRUS

[PeacefulWarrior]

Hackers hint of plan to unleash havoc
By TED BRIDIS, Associated Press
August 1, 2003

WASHINGTON - Government and industry experts consider brewing hacker activity a precursor to a broad Internet attack that would target enormous numbers of computers vulnerable from a flaw in Windows software from Microsoft Corp.

Experts described an unusual confluence of conditions that heightens prospects for a serious disruption soon. They cite the high numbers of potential victims and increasingly sophisticated attack tools already tested successfully by hackers recently.


 


An alert distributed Thursday among U.S. government agencies warned of "widespread scanning and exploitation" of victim computers by hackers who were developing "improved and automated exploit tools."

The Homeland Security Department cautioned Wednesday that it had detected an "Internet-wide increase in scanning" for victim computers. In an unusually ominous alert, it warned the threat could cause a "significant impact" on the Internet.

Experts advised computer users with renewed urgency to apply a free repairing patch that Microsoft has offered on its Web site since July 16, when it acknowledged that the flaw affected nearly all versions of its flagship Windows operating system software. Applying Microsoft's repairing patch takes a few moments for home users but is a more daunting challenge for large corporations.

The Microsoft flaw affects Windows technology used to share data files across computer networks. It involves a category of vulnerabilities known as "buffer overflows," which can trick software into accepting dangerous commands.

"People are definitely aggressively trying to patch this," said Ken Dunham, an analyst at iDefense Inc., an online security company.
-----------------------------------------------------------------
 
Big attack looms, warn experts
Ted Bridis in Washington
AUGUST 01, 2003  

US government and industry experts consider increased hacker activity a precursor to a broad internet attack that would target enormous numbers of computers vulnerable from a Windows flaw.

Experts described an unusual confluence of conditions that heighten prospects for a serious disruption soon. They cite the high numbers of potential victims and increasingly sophisticated attack tools already tested successfully by hackers in recent days.
An alert distributed today among US government agencies warned of "widespread scanning and exploitation" of victim computers by hackers who were developing "improved and automated exploit tools".

The US Homeland Security Department cautioned that it had detected an "internet-wide increase in scanning" for victim computers. In an unusually ominous alert, it warned the threat could cause a "significant impact" on the internet.

Experts advised computer users with renewed urgency to apply a free repairing patch that Microsoft has offered on its web site since July 16, when it acknowledged that the flaw affected nearly all versions of its flagship Windows operating system .

 ADVERTISEMENT


 




An attack could come "any day now," predicted Chris Wysopal of US security company AtStake. Another company, Qualys, put the threat at the top of a newly released ranking of the internet's most severe vulnerabilities.

A disruption could be worse by orders of magnitude than previous high-profile attacks - such as the 2001 outbreak of the "Code Red" virus - because of the numbers of vulnerable systems, Alan Paller of the SANS Institute said.

Security companies guarding government and corporate networks have identified sporadic break-in attempts worldwide using such tools and have monitored hackers in discussion groups and chat rooms exchanging tips about how to improve the effectiveness of their programs.

Applying Microsoft's repairing patch takes a few moments for home users but is a more daunting challenge for large corporations with tens of thousands of Windows computers.

"People are definitely aggressively trying to patch this," iDefense analyst Ken Dunham said. "But a large rollout may need to take some time."

Researchers' biggest fears - that hackers will quickly unleash automated "worm" software that attacks large numbers of computers within minutes - have so far been unrealised.

"Everybody is predicting a widespread event, going from zero to 60 very quickly," Dan Ingevaldson, an engineering director for internet Security Systems said. He estimated the likelihood of a major internet attack as "closer to imminent than probable".

Depending on the hackers' designs, attack tools could be engineered to disrupt internet traffic by clogging data pipelines, delete important files or steal sensitive documents. Experts cautioned that a particularly clever hacker could leave little trace of an attack.

Oliver Friedrichs, the senior manager for security response at Symantec Corp, predicted that widespread attacks will not occur soon because hackers still need to resolve important glitches in their own attack tools.

"It is a little early," Mr Friedrichs said. "The exploit needs to be perfected. The effort applied to the exploit is certainly increased, but we're not sure if that's indicative of when we might see a widespread threat. People certainly need to be aware of this."

FBI spokesman Bill Murray said bureau investigators were studying several hacker tools designed so far and were highly concerned about a wide-scale internet attack. "We implore the private sector - both business and home users - to visit the Microsoft web site and install the patches and mitigations necessary to prevent this from creating a negative effect on the internet as a whole," Mr Murray said.

The Microsoft flaw affects Windows technology used to share data files across computer networks. It involves a category of vulnerabilities known as "buffer overflows", which can trick software into accepting dangerous commands.

The Associated Press

[Kojie]

Thanks for the info.

[PeacefulWarrior]

To get the patch go to:
http://v4.windowsupdate.microsoft.com/en/default.asp

[Links Shadow]

quote:Originally posted by PeacefulWarrior

To get the patch go to:
http://v4.windowsupdate.microsoft.com/en/default.asp

Thanks for the link I was looking for the patch.

[Nick]

Thanks Peaceful Warrior,

Those of us running Win XP can utilize the automatic update feature which downloads the critical updates automatically. Then, it asks you if you're ready to install. However, I'll have to look over the Windows Update page as well, to make sure I haven't missed anything. Thanks again.

Very best,

[PeacefulWarrior]

Yeah, I too use the automatic update feature, but I figured not everyone does.  I do recommend it because it takes the work out of it.  Unfortunately for those with dial-up like me it can take a while and cause slowing on the modem, but it's worth it!

[PeacefulWarrior]

I originally posted this message on the first of August and I hate to say I told you so, but I am saying it now!  jk

One of the best things to do besides getting the "patch" (I feel like I am helping someone quit smoking) is to set up the firewall built into your OS, that is if you are running XP.  If you don't know how, I will post a link explaining how.
Dan

[WalkerInTheWoods]

I just purchased a new computer the other day that I will be receiving in the next day or two. I will have XP on it. I have been using ME. Since I am not familar with XP I would much appreciate any info on how to set up the firewall, and disable that annoying message pop up thing I have read can give people problems.

Thanks

[James S]

Fallnangel,

Definitely apply the patch put out by MS because most firewalls won't stop the latest batch.

There are a number of worms out and about, all based on the Blaster worm - W32/Lovsan.worm, W32.Blaster.Worm, WORM_MSBLAST.A, Win32.Poza, Worm/Lovsan.A, W32/Blaster-B.....the list is growing.

There are two ways these worms are getting in:
1) by forcing a buffer overrun condition in the RPC interface (Remote Procedure Call) which allows the worm to request a service access to your PC with no resistance as it's sort of running under a fault condition.

2) through a seemingly harmless TFTP transfer through your operating system's svchost file, which is not usually blocked by firewalls as it is a generic host process used by a lot of applications. So far I know that Sygate Personal Firewall Pro will block this because the default setting for svchost is to ask first before accepting the transfer, and an unidentified TFTP request is always a bit suspect.

You know you've got the worm if you try opening MS applications and they all just hang or shutdown on you.

The best place I've found for fixes to these worms so far is NOT microsoft (surprise surprise!) though that's where you'll get the preventative patch from, but the Sophos antivirus site. Believe me, these guys are usually way ahead of Symantec, or McAfee. Sophos have the cure for these particular nasties.

The site - www.sophos.com

Good luck all,
James.

[Links Shadow]

Hey PeacefulWarrior,

It isn't really right for you to say I told you so because the patch that you directed us to doesn't work on all variations of the virus.  As I stated in my new post the Postal Service had installed the patch as soon as it came out but they still wound up being infected.  I mean it is still good to have the patch regardless but it just is not enough.  The firewall idea is a good one.  Any extra protection you can get right now is a good idea.

Respectfully,
Link's Shadow

[Nick]

Now I just installed Norton Internet Security along with Norton System Works. Lots of bells and whistles. Hope it all works.

James, I'm a bit of a computer geek, I get three computer mags a month, read stuff online, etc. For some reason I hadn't heard of Sophos. I'll look into it, but will stick with Norton (b/c I spent all this money). Oh well. []

Take care,

[PeacefulWarrior]

Hey Links, I didn't mean about the patch, but about the worm/virus being the real deal, besides, I was just kidding[] about that.  My whole goal is to protect people from malicious intrusions into their systems.

Anyway, as far as I know the patch a long with the firewall is sufficient, but according to others here who I can tell are far better informed than myself, I guess there are other things we should do to protects oursleves as well.

Set up firewall on your home computer with XP:
WinBook Tech Article
For more information visit www.winbookcorp.com

Subject:
How to set up Internet Connection Firewall in Windows XP

Keywords:
enable firewall Windows XP

Tech Article Number:
WBTA00000789


--------------------------------------------------------------------------------

NOTE: You, the customer, are solely responsible for data security. WinBook strongly recommends that you perform a backup of all personal data contained on your system prior to performing this procedure. Warning: WinBook will NOT be held responsible for any data loss incurred during this process.


--------------------------------------------------------------------------------

Description: Enabling the Internet Connection Firewall in Windows XP can make your computer less vulnerable to intrusions when on the internet. To set up the Internet Connection Firewall:

Click on the start button then right click on My Network Places. In the menu that opens click on Properties.
This will open the Network Connections window. Right click on your Local Area Connection or Dial-up Networking Connection Icon and click Properties.
In the Connection Properties window click on the Advanced tab.
Place a check in the box next to Protect my computer and network by limiting or preventing access to this computer from the internet.
For more information on how to use and set up the Internet Connection Firewall to suit your individual needs click on Learn more about Internet Connection Firewall.
Click OK after configuring your Internet Connection Firewall settings.
Note: You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure.


--------------------------------------------------------------------------------

Your feedback is greatly appreciated. If you have noticed any problems with this tech article, or if you feel that something is not clear enough, please E-mail our Technical Support department by clicking on the link below. Please include the Technical Article Number and the specific area that you feel is inaccurate. Thank you.
WinBook Tech Article Feedback

Disclaimer: This information is being provided to you as a service from the Technical Support Department of WinBook Computers. It is intended to assist you in the resolution of your technical problems or questions. If you feel uncomfortable implementing any of the information or suggestions contained herein then you should e-mail the WinBook Technical Support Department. WinBook will not be held responsible for any loss of information, data or programming as a result of the use of this TechNote.



TO set up the firewall for a small network:
http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp

Other cool stuff for XP:

On the Road with Windows XP  
 
  This issue of WinXPnews™ contains:

 
EDITOR'S CORNER
Staying Connected with Windows XP at Home and on the Road
Followup: Microsoft as Good Guy?
HINTS, TIPS, TRICKS & TWEAKS
Having Fun with the Windows Logo Key
Synchronize Your Internet Explorer Favorites Automatically
Use Autoruns to Discover What's Starting Automatically
More Cool Outlook Note Tricks
A Possible Solution to the Dead System Restore Problem
How to Run Ancient Computer Programs on Windows XP
HOW TO'S: ALL THE NEW XP FEATURES
Internet Explorer Tips and Tricks
WINXP SECURITY: UPDATES & PATCHES
Beware the Mimail Internet Explorer/Outlook Virus
Protect Your College Student's Windows XP Computer
WINXP QUESTION CORNER
How can I easily and automatically synchronize content in folders?
Can I delete compressed old Files?
WINXP CONFIGURING & TROUBLESHOOTING
Pop-Up Windows That Contain Advertisements to Adult Web Sites Intermittently Appear on Your Desktop
Windows Explorer Quits Unexpectedly or You Receive an Error Message When You Right-Click a File
How to Configure a Direct Cable Connection with Windows XP Home Edition (PART 1)
Cannot Upgrade with the MSDN Version of Windows XP
FAVE LINKS
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
FTP Voyager: Winner of 2003 Shareware Industry Award "Best Internet Enhancement or Utility"

 
  SPONSOR: iHateSpam

 
Want to eliminate that annoying junk email? Sick and tired of spam?
iHateSpam for Outlook and Outlook Express significantly reduces irritating
junk emails, including the endless stream of pornography, casino offers and
financial deals! It's super easy to use because it runs as a part of your
email program. PC World recently gave the Outlook version of iHateSpam both
a Best Buy and 2003 World Class Award. iHateSpam is a great solution. And
it's available at an incredible no-brainer price with a 30 day money back
guarantee. Get it now! Check out Dells low price or if you want it right now,
WalMart has it in stock too! Comes with one year of free spam updates, and
works with Outlook Express 5 or 6 or Outlook 2000 or 2002.
Visit iHateSpam for more information.  
 
  EDITOR'S CORNER

 
Staying Connected with Windows XP at Home and on the Road

The Internet is everywhere; that's fast becoming true as we surf our ways on into the 21st century. A 'net connection at home has long been the norm for many of us. Now it's getting easier and easier to stay connected no matter where you go. Last week, Tom took over the editorial duties for me while I took a road trip from the Dallas area up to northern Illinois to visit my daughter. However, I was able to easily stay in touch via email and web, thanks to the increasingly ubiquitous nature of the network. With a laptop computer equipped with integrated Ethernet adapter and built in wireless adapter and antenna, you're ready to take advantage of connectivity wherever you find it.

More and more hotels now offer not just modem dataports, but broadband service so you won't be relegated to the "world wide wait" when you're on the road. A number of the hotels we've stayed in over the last couple of years have offered cable or DSL, usually at a per-day price (in the neighborhood of $10/day). On this trip, though, I had the good luck to find Drury Inn and Suites, which not only provided a huge, beautiful two room suite for $79/night, but also included broadband Internet free. Hookup was simple (just plug the Ethernet cable from the phone into your computer's RJ-45 jack and make sure your TCP/IP settings are configured to use DHCP) and the connection was not noticeably slower than the T-1 we have at home.

(Here's a tip: if two of you are traveling together and you both have laptops, you don't have to take turns at the connection - at least, not if the terms of service don't prohibit multiple connections. You can take along a wireless cable/DSL "router" - really a NAT device - and plug the Ethernet cable in the room into it, then both of your wireless NIC-equipped laptops can surf the web at the same time. Be sure to check the TOS before you do this, though).

If you can't wait until you get to a hotel room, a number of public locations now have wireless access. Many Starbucks coffee houses provide service through T-Mobile, and there are now numerous restaurants, convention centers, airports, hotels and other locations that provide wireless "hot spots" around the country. Many of these aren't free - you either have to pay a monthly fee or you can pay a per-use fee (there are, however, quite a few wireless "freenets" springing up, too). If you're going to be traveling, you might want to check out http://www.ezgoal.com/hotspots/wireless/ for a list of wi-fi locations in the U.S. You can search by state, by wireless provider or by location type (restaurants, bars, health clubs, hotels, etc.). SBC (Southwestern Bell) recently announced that they are going to deploy 6000 wireless access points throughout the country, as well. For more info see:
http://www.winxpnews.com/rd/rd.cfm?id=030812ED-WAP

When I got to my daughter's house, my networking concerns weren't yet over. She was using a cable modem to connect to the 'Net, and she was a little frustrated because the cable was short and she was limited in where her computer could be placed. Well, I could fix that easily; we went down to Target and I bought her a Microsoft wireless access point and wireless network card. I hadn't used the Microsoft brand equipment before, and I was pleasantly surprised at how easy it was to set up. Plug the Ethernet cable from the cable modem into the WAP, put the wireless PCMCIA (PC Card) NIC into her laptop, run the software, and she was up on running wirelessly, and able to take her computer into her bedroom, out onto the balcony or wherever she wanted, within 15 minutes.

Let us know how you stay connected when you travel. Do you use high speed broadband in hotels? Do you seek out wi-fi hotspots when you're on the road or around town? Which services have you had good (or bad) luck with? How much - if anything - are you willing to pay for wired or wireless 'net connectivity in hotels, restaurants, etc.? Send your answers to feedback@winxpnews.


Followup: Microsoft as Good Guy?

Last week, Tom posed the question as to whether Microsoft could become the "good guy" by dropping support for digital rights management (DRM), the software that seeks to prevent copyright violation and often ends up doing a whole lot more. I came back to a flood of responses from readers on the subject.

Considering how popular it is in many circles to bash Microsoft, I was pleasantly surprised at the large number of folks who wrote to say that they already consider Microsoft to be a "good guy." Don't get me wrong - I don't support everything they do, and we've voiced our complaints about some of those things here on occasion, but we believe that if you're going to rant when someone does something you don't like, you also ought to express your positive opinions when they do something you do like.

Some folks seemed to think that last week's editorial was advocating illegal downloading of music. That wasn't the intent at all (I made a special trip to the attic to check with Tom on this). Hey, folks, we make our living creating intellectual property, too. Our complaint with RIAA and DRM as it's being implemented is about the "innocent until proven guilty" attitude and the efforts to squash copying at all costs, even when it's legal (e.g., making backups of music you've purchased, or being able to play songs you paid for in more than one location).

We got a number of messages from musicians and composers who are (rightly) concerned about their livelihood. We have many friends in that business, and from what we've seen, (most) record companies treat the creators just as badly as they're treating the consumers. Any comments we've made about greed was directed toward those companies, not to the individuals who write and perform the songs.

Bottom line: this is an emotional issue, on both sides. We're not done with it yet. Next week, I'll address DRM from another side. 'Til then, have a great week.

'Til next week,
Deb Shinder, Editor
(email us with feedback: feedback@winxpnews.com)

 
  SPONSOR: Lost your WinXP Administrator password?!

 
Can't login? Lost your WinXP Administrator password?!
NTAccess can replace the administrator password of your WinXP system
by rebooting your computer with a special set of boot disks or CD-ROM.
A great way out if you forgot the Administrator password and cannot access
your XP (NT/2000) system anymore. It's this or a complete reinstall from
scratch and potentially lose all your stuff! At the Online Shop for just
70 bucks with instant online delivery.
Visit Lost your WinXP Administrator password?! for more information.  
 
  HINTS, TIPS, TRICKS & TWEAKS

 
Having Fun with the Windows Logo Key

Todd Green wrote and reminded us that you can use the Windows Key + L combination to lock your Windows XP computer. He also sent in these other cool Windows Key combinations that can speed up your work:

Windows Key - Display or hide the Start menu
Windows Key + Break - Display the System Properties window
Windows Key + M - Minimize all windows
Windows Key + E - Open the My Computer window
Windows Key + F - Open the Find Files or Folders window
Windows Key + F1 - Open Windows Help
Windows Key + R - Open the "Run" dialog
Synchronize Your Internet Explorer Favorites Automatically

A few weeks ago, we shared with you a method you can use to copy your Favorites from one computer to another. Wouldn't it be cool to be able to automatically update your Favorites and have those Favorites available on any computer you work on? David Robinson wrote in and said that he's been using SyncIt for years and has been pleased with the service. You have to pay a one time fee, but if you like the convenience, it's worth it. Check it out at
http://www.winxpnews.com/rd/rd.cfm?id=030812TI-Bookmarks

Thomas Tueber wrote and said he likes MyBooksmarks. This is a free service that allows you to publish your bookmarks. It doesn't work quite as automatically as SyncIt, but you can't beat the price.

Use Autoruns to Discover What's Starting Automatically

Is your machine running slowly? Maybe it runs OK sometimes and other times it's whacked out. It could be that some software inserted itself into your Windows XP computer's startup routine. Remember that not all startup programs show up in the Startup folder in the Start menu. Some run from the Registry. David Soloman created a great tool called AutoRuns that tells you everything that starts automatically. Armed with this info, you can take the machete to some of those errant startup programs!
http://www.winxpnews.com/rd/rd.cfm?id=030812TI-Autorun

More Cool Outlook Note Tricks

In a previous newsletter, we shared a trick you can use to save information in email messages as notes in Outlook 2000/2002. Andrew Moore sends in another great Outlook notes tip:

"I don't know about the size, but your tip seems to imply that the trick only works with email messages. In fact, you can create notes this way from any application that supports dragging a selection (other office apps, Internet Explorer, some text editors, etc.). For example, you can select text in Internet Explorer, drag it over the Outlook toolbar icon long enough to activate Outlook, and drop it on the notes folder to create your note."

A Possible Solution to the Dead System Restore Problem

The Windows XP System Restore feature is one of XP's pivotal recovery features. Why doesn't Microsoft have a definitive answer to the broken System Restore problem? While we are still trying to come up with an answer to the whacked System Restore problem, Lisa Hoffman wrote to say that the problem might be Norton System Works. In her case, System Restore stopped working after installing Norton and then worked again when she uninstalled it. We've seen similar references to this solution on the Web, so it might be worth a try.

If you're an enterprising sort, check out the following for more information on troubleshooting a broken System Restore:
http://www.winxpnews.com/rd/rd.cfm?id=030812TI-Broken_Restore

How to Run Ancient Computer Programs on Windows XP

We get a ton of mail each week from WinXPnews readers who have problems getting old programs to work in Windows XP. The sad news is that often it's impossible to get these old chestnuts to roast on a Windows XP machine. The good news is that there is a better solution than dual booting or using two computers. VMware is an incredible software program that allows you to run multiple "virtual" computers on your machine. You can load a full version of Windows 98 in a window on your Windows XP desktop. You can run your old programs in that virtual Windows 98 machine while doing your other work on your Windows XP computer. You have to see it to believe it! Check it out at:
http://www.winxpnews.com/rd/rd.cfm?id=030812TI-VMWare

 
  HOW TO'S: ALL THE NEW XP FEATURES

 
Internet Explorer Tips and Tricks

Every few months, we feature a few fun Internet Explorer 6.0 tips and tricks here in the How To section.

Want to make Internet Explorer appear in full screen mode? Open Internet Explorer and go to a Web page. Then press the F11 button on the keyboard. The Web page takes up the entire screen. Press F11 again to return the Internet Explorer window to its previous size
Tired of seeing that "Links" toolbar in Internet Explorer? Get rid of it! Right click on an empty area just right of the Help menu. You'll see that the "Links" entry has a checkmark next to it. Click the "Links" entry to remove the checkmark and the Links toolbar. Repeat the procedure if you want to get the links toolbar back.
Want more viewing space in the Internet Explorer window? Try this: click the View menu, point to Toolbars and click on Customize. Click the down arrow in the Text options drop down list box and select Selective text on right. Click the down arrow in the Icon options drop down list box and select Small icons. Close the Close button. Now you have small icons with only a few of them showing text, and a lot more room to view your Web pages.
How about a way to type in Web addresses without opening IE first? Right click an empty space in the taskbar, point to toolbars and click Address. Now you can type a Web address in the address box in your toolbar and Internet Explorer will open and take you there.
Prevent the Internet Explorer toolbars from moving around! Right click an empty area just to the right of the Help menu and click the Lock the Toolbars command.
Are you behind a Proxy server? Click the Tools menu, then click Internet Options. In the Internet Options dialog box, click the Advanced tab. On the Advanced tab, find the HTTP 1.1 settings section. Put a checkmark in the Use HTTP 1.1 through proxy connections checkbox. Click Apply and then click OK. This will significantly speed up your Web browsing.
Has some scumware hijacked your browser settings? You can reinstate the default home and search pages with a single click. Click the Tools menu and then click Internet Options. In the Internet Options dialog box, click the Programs tab. On the Programs tab, click the Reset Web Settings button.
We're sure you'll find some of the above tips new, useful and fun!  
 
  WINXP SECURITY: UPDATES & PATCHES

 
Beware the Mimail Internet Explorer/Outlook Virus

Yet another new virus is being spread via email. The "Mimail" virus poses as an email message from an "Administrator" with an attachment that you're asked to read. Don't read it! Opening the attachment (which contains an html file) will run a program that captures information from your desktop and emails it to specific addresses. For more information about the virus, check out:
http://www.winxpnews.com/rd/rd.cfm?id=030812SE-New_Virus

There are links on the page to anti-virus software vendors with more information about how each anti-virus package deals with the problem.

Protect Your College Student's Windows XP Computer

A computer is no longer a luxury, it's now a requirement for just about all college students. While most new Windows XP computers used by college students have lots of productivity software that allows them to create papers and make graphs, they also need something to protect them from Internet criminals who create and distribute destructive programs.

Do you know where your student goes when online? Does the student use Instant Messaging? Do you know who else will be using the computer, or what programs or games might be downloaded? Web sites, Instant Messaging and friends with 'warez' CDs can all introduce spyware and scumware onto your child's computer. When the crapware is there, neither you nor your child might ever know if a hacker is secretly learning everything your student is doing. The Internet criminal might even be a school friend! This is a gross invasion of privacy that you need to prevent in order to protect your child (and yourself).

Whether or not you're purchasing a new computer, it's imperative that you add a spyware/scumware whacker and other security tools. These include anti-virus software, pop-up blockers, and anti-spyware software to keep hackers from stealing your student's personal and private information.

Spyware and scumware are the fastest growing forms of malicious code, and the most intrusive of your privacy. Spyware takes away your control and steals the data in your computer. Scumware can disable your programs and files (e.g., DRM). Firewalls don't stop it, and anti-virus software doesn't detect it.

The only way to know it's there is to use software specifically designed to find it. PestPatrol is the leading anti-spyware software, able to detect over 70,000 different pests, including hacker tools, key loggers, cookies, Trojan programs, Remote Access Trojans (RATS), and much more.

Click here to download a trial version, or purchase it online:
http://www.winxpnews.com/rd/rd.cfm?id=030812SE-PestPatrol

 
  WINXP QUESTION CORNER

 
Send your Windows XP questions to feedback@winxpnews.com

How can I easily and automatically synchronize content in folders?

Question: Perhaps you could write an article about synchronizing folders. I know that Briefcase can be used to sync offline files but what about synching files or folders on one drive with files or folders on another drive? With thanks for your consideration. -- Timothy O'Connor

Answer: Synchronizing folder content on the same machine is a popular way of backing up important information. We do this with our My Documents folders. Everything in the My Documents folder (including all the folders in the My Documents folder) is copied to another hard disk on the same computer. This makes it very easy to recover when one of the drives in the computer dies. How do we do it? We've been using a little program called Second Copy for many years. It's won the Shareware Peoples Choice Award several years in a row (http://www.sic.org/peopleschoice.asp). Second Copy makes it a no-brainer to automatically synchronize information between two disks on the same computer, or between a computer and a network drive. Check it out at:
http://www.winxpnews.com/rd/rd.cfm?id=030812QC-Synchronize

Can I delete compressed old Files?

Question: When I run Disk Cleanup, one of the categories of files available is "Compress Old Files." From the description of these files I would presume that it is not safe to actually remove them (as they may be programs of data that I would need in the future), but the fact that they are presented during Disk Cleanup leads me to suspect that they could/should be deleted. Unfortunately, when I highlight this category in Disk Cleanup, I am unable to determine just which files are being referred to. Thus, two questions:
1) Can these files safely be deleted?
2) Is there a way to determine just which files will be deleted?
Thanks! --David Sumner

Answer: The "compress old files" feature allows you to squeeze down the size of files on your hard disk so they'll take up less space. Any file on the disk that is older than a specified age is compressed. Note that you can still open these files. They aren't removed from the disk. Windows XP does not "zip" these files. It uses NTFS compression, which compressed each cluster within a file individually. To use it, the drive needs to be formatted with NTFS. You won't even know that the file is compressed unless Windows Explorer is configured to show compressed files in a different color. Here's how you change the age files need to be before Disk Cleanup compresses them:

Click Start, point to All Programs, point to Accessories and then point to System Tools. Click Disk Cleanup.
A Disk Cleanup dialog box will appears. Select the drive you want to clean up and click OK.
In the Disk Cleanup for dialog box, click on the Compress old files entry, then click the Options button.
You can change the number of day in the Compress Old Files dialog box. Sixty days is a good round number. Click OK.
Click OK in the Disk Cleanup dialog box.
Disk Cleanup is designed to mark the following types of files for removal: temporary Internet files, downloaded program files (such as ActiveX controls and Java applets), Windows temp files, Windows components that aren't being used and installed programs that aren't being used. It's usually safe to remove these. In the Files to Delete box on the Disk Cleanup tab of the Disk Cleanup applet, you'll see a list of the types of files recommended to be deleted. For example, if Disk Cleanup lists "Office Setup files," these are the files used to install Office. Removing them won't harm your program, but if you do a repair or patch operation, you might have to insert the Office installation CD. On the More Options tab, if you click the Clean up button for Windows components or Installed Programs, you'll be shown a list where you can check or uncheck boxes to indicate which components or programs you want to remove.  
 
  WINXP CONFIGURING & TROUBLESHOOTING

 
Pop-Up Windows That Contain Advertisements to Adult Web Sites Intermittently Appear on Your Desktop

Many of you have written to us about inappropriate pop up ads showing up spontaneously on your desktop. Not good! It could be that you have the W32.DSS Trojan (a Trojan is a malicious program). This link shows you how to fix the problem:
http://www.winxpnews.com/rd/rd.cfm?id=030812CO-Popup_trojan

Windows Explorer Quits Unexpectedly or You Receive an Error Message When You Right-Click a File

Several WinXPnews readers have written about this problem. They right click a file in Windows Explorer and POW, they get an access violation message and Windows Explorer closes. What's up with that? Check here and find out:
http://www.winxpnews.com/rd/rd.cfm?id=030812CO-Explorer_quits

How to Configure a Direct Cable Connection with Windows XP Home Edition (PART 1)

Here's another great "how to" article from the Microsoft site. A Direct Cable Connection allows you to connect two PCs using a serial cable to create a "mini network". The article includes good pics and step by step explanations:
http://www.winxpnews.com/rd/rd.cfm?id=030812CO-Mini_network

Cannot Upgrade with the MSDN Version of Windows XP

MSDN users receive loads of Microsoft software with their subscriptions. However, some subscribers have had problems upgrading their Windows 2000 test machines to Windows XP. It seems there's a problem with the folder layout with some versions of the XP software. Check out this link for the details:
http://www.winxpnews.com/rd/rd.cfm?id=030812CO-MSDN_upgrade

 
  FAVE LINKS

 
Got a fun link? Send it in! feedback@winxpnews.com

This Week's Links We Like. Tips, Hints And Fun Stuff


Sit back and enjoy the flight: the Bad Movies database
http://www.winxpnews.com/rd/rd.cfm?id=030812FA-Bad_movies
I hate when this happens!
http://www.winxpnews.com/rd/rd.cfm?id=030812FA-a
The long, sad tale of Clippy the Microsoft Office help-thing
http://www.winxpnews.com/rd/rd.cfm?id=030812FA-Clippy
Britney's Guide to semiconductor physics
http://www.winxpnews.com/rd/rd.cfm?id=030812FA-Britney
Here's a great role model for all young women (thanks for Jarrette Smith for the link)
http://www.winxpnews.com/rd/rd.cfm?id=030812FA-Role_model
Get a great tropical island vacation spot cheap
http://www.winxpnews.com/rd/rd.cfm?id=030812FA-Tropical_Island
Janis Ian's take on why the RIAA blows
http://www.winxpnews.com/rd/rd.cfm?id=030812FA-RIAA
Apollo Moon landings on DVD:
http://www.winxpnews.com/rd/rd.cfm?id=030812FA-Apollo

 
  PRODUCT OF THE WEEK

 
FTP Voyager: Winner of 2003 Shareware Industry Award "Best Internet Enhancement or Utility"

Exclusive $10.00 discount for WinXPnews subscribers!
This easy to use FTP tool can help you update your personal home pages or transfer files around professional sites. FTP Voyager's intuitive drag-and-drop interface is as easy as picking up files and putting them anywhere you need them. Simply the best in its category. FTP Voyager brings you the very best in FTP with no hassles. Even if you've been using FTP for years, you'll see the power of synchronization, file queuing, advanced searching capabilities, and so much more! Try it out for 30 days, and you'll see why it beat out the competition at the recent Shareware Industry Awards to receive the coveted prize of "Best Internet Enhancement or Utility".

[Links Shadow]

Thanks for all the information PeacefulWarrior.  I misunderstood what you meant, but that is okay.  I know what you mean when you say you just want to protect people from malicious activities, and I as well as others on the site are thankful.

Respectfully,
Link's Shadow

[PeacefulWarrior]

Microsoft: 'No impact' from second 'Blaster' attack
SEATTLE, Washington (AP) -- The second wave of an Internet attack by the "blaster" worm barely caused a ripple Saturday.

Microsoft Corp. said it had no major problems from the worm's attempt to turn thousands of infected computers into instruments targeting the software company's Web site and network.

The Redmond-based company had not noticed any extraordinary network congestion, spokesman Sean Sundwall said. There were also no reports of customers having major problems accessing the targeted Web site, which houses a software patch that fixes the flaw exploited by the worm.

"So far we have seen no impact on our Web sites or any other Web sites due to the 'blaster' worm," Sundwall said.

Still, he urged people to take precautions to protect their computers.

The virus-like infection, also dubbed "LovSan" or "MSBlast," exploits a flaw in most current versions of Microsoft's Windows operating system for personal computers, laptops and server computers. Although Microsoft posted a software patch to fix the flaw July 16, many users failed to download it, leaving them vulnerable.

As of Saturday afternoon, the worm had infected more than 423,000 computers around the world since Monday, according to security firm Symantec Corp.

Of those, about 50,000 were affected on Saturday, said Mike Bradsaw, a Symantec spokesman.

The infection caused computers to reboot frequently or disrupted users' browsing on the Internet. But it also packed a second punch.

Computer experts said starting at 12:01 a.m. local time Saturday, infected computers that have not cleaned up the virus would in effect turn into a legion of zombies instructed to repeatedly call up a Microsoft Web site that houses the software patch. If enough traffic flooded the network, the site could be rendered unreachable and computer users would be unable to access the patch.

But the exploiters of the Microsoft flaw made a mistake themselves. The worm instructed computers to call up http://windowsupdate.com -- which is an incorrect address for reaching the actual Microsoft Web site that houses the software patch. Although Microsoft has long redirected those who visited that incorrect address to the real site -- http://windowsupdate.microsoft.com -- the company disabled the automatic redirection Thursday in preparation for the onslaught of infected computers.

That has helped Microsoft's real Web site stay accessible to users, Sundwall said. The company was taking other measures to keep its site up and running, he said. He declined to give specifics.

Vincent Weafer, senior director of security response for Symantec, warned that Microsoft's network and others across the country could see a slowdown in Internet traffic simply from the volume of activity the worm is expected to generate from its legion of infected computers.

But that slowdown didn't happen, Weafer said Saturday.

The rate of new infections has slowed in recent days, he said, though computer users who still have not downloaded the patch need to do so. He said the company expects new infections to continue for as long as two years.

The worm left behind a love note on vulnerable computers: "I just want to say LOVE YOU SAN!" It also carried a hidden message to taunt Microsoft's chairman: "billy gates why do you make this possible? Stop making money and fix your software!"

[PeacefulWarrior]

Sorry about the loud title, but those of you with Windows XP or server 2003 need to go to the Windows download page and get the new patch for a security flaw that even the Federal gov't is warning could allow hackers and terrorists to do major damage to your system.

Here is some "offical" info regarding this:
Feds issue second Internet attack warning



WASHINGTON, July 31 (UPI) -- The Department of Homeland Security has issued what's believed to be an unprecedented second warning to Internet users about a Microsoft security flaw.

Federal officials said the defect in the Microsoft Corp. windows software could leave millions of computers around the world vulnerable to hacker attacks.

Homeland Security officials said there's been an internet-wide increase in scanning for vulnerable computers during the past several days, reinforcing the urgency for updating affected systems.

The second warning comes two weeks after Microsoft announced it had discovered a critical flaw in some of its Windows operating systems, including Windows XP and Windows Server 2003.

The flaw allows hackers to use the Internet to seize control of computers to steal files, read e-mails and launch virus and worm attacks that could seriously damage the Internet.

Microsoft has issued a free "patch"' that users can download to correct the problem, but many people's computers aren't programmed to automatically download patches, or they ignore such announcements.
----------------------------
Concerns mount over possible big Net attack

A flaw that affects almost all versions of the Windows operating system could be exploited

By Paul Roberts, IDG News Service
JULY 31, 2003

Security experts warn that a recently disclosed security vulnerability in Microsoft Corp.'s Windows operating system may soon be used by a powerful Internet worm that could disrupt traffic on the Internet and affect millions of machines worldwide.
The vulnerability, a buffer overrun in a Windows interface that handles the remote procedure call (RPC) protocol, was acknowledged by Microsoft in Security Bulletin MS03-026 on July 16. Today, the U.S. Department of Homeland Security updated an earlier warning about the RPC vulnerability, noting increased network scanning and the widespread distribution of working exploits on the Internet.

The vulnerability affects almost all versions of Windows and could enable remote attackers to place and run malicious code on affected machines, giving them total control over the systems, Microsoft said.

No user interaction would be required for machines to be compromised, prompting security experts to liken the RPC vulnerability to the buffer-overflow vulnerability in Microsoft's Internet Information Server (IIS) that was exploited by the Code Red worm in July 2001. "I would compare [the RPC vulnerability] to Code Red. It doesn't require user interaction, and the number of infectable machines is on same order of magnitude," said Johannes Ullrich, chief technology officer at the Bethesda, Md.-based SANS Institute's Internet Storm Center.

However, although Code Red affected a component typically found on Windows servers, the RPC vulnerability affects a component found on both Windows servers and desktops, according to Tomasz Ostwald, a co-founder of The Last Stage of Delirium Research Group in Poland, which discovered the RPC flaw and reported it to Microsoft. That increases the number of vulnerable machines from a few hundred thousand systems for Code Red to several million for RPC.

Concern heightened last week after code designed to exploit the RPC vulnerability -- known as DCOM RPC, after the flawed Windows Distributed Component Object Model (DCOM) interface -- appeared on the Internet on July 25 (see story). The Internet Storm Center noted an increase in scanning on ports used by the affected interface, Ullrich said.

Much of that activity is disorganized, however, and doesn't necessarily mean that a widespread attack or DCOM RPC worm is in the works. "Most of what we've seen is people using [the DCOM RPC exploit] as part of regular hacking activity, [Web site] defacements or people just compromising machines."

However, recent posts to security newsgroups suggest that hackers and computer security experts have been enthusiastically modifying and swapping the exploit code since it was released.

Although the original DCOM RPC exploit code worked only on machines running English-language versions of Windows 2000, recent modifications show that the code has been modified to exploit the same vulnerability on French, Chinese, Polish, German and Japanese versions of Windows 2000, XP and NT.

RPC is at a stage similar to that of a widespread Microsoft SQL vulnerability after exploit code for that vulnerability was published in August 2002 by David Litchfield, a security researcher at U.K.-based Next Generation Security Software Ltd., according to Ullrich. That exploit code was later modified to create Slammer, one of the most widespread worms to exploit disclosed vulnerabilities.

In its present form, the DCOM RPC exploit code probably isn't ready for wide distribution as a worm, according to Ostwald. The code isn't fully developed and often relies on variables such as the presence of particular versions of Windows to work, he said.

In contrast, Last Stage of Delirium developed so-called proof-of-concept code for use internally that works against a wide variety of Windows platforms and requires only the Internet Protocol address of the vulnerable machine to create a buffer overflow, Ostwald said. Such code would be "very useful" to worm writers, making it easy for a worm to spread from machine to machine, he said.

Hackers are also working on shrinking the exploit code, narrowing the exploit to work on a small set of sytems that will net the most compromised machines, Ullrich said.

However, the release of a worm that uses DCOM RPC is unpredictable, he said. While it typically takes a couple of months from the time of a published exploit to the development of a worm, the development of a worm that takes advantage of the RPC vulnerability may be influenced by other factors such as media attention or this week's DefCon conference in Las Vegas, a popular gathering for hackers and computer security experts.

"These things are really random," Ullrich said. "It just takes one guy to put in the effort."

In the end, the media attention given to the problem may prompt more administrators to patch vulnerable systems, blunting the effects of a worm once it's released, Ostwald said.

In fact, the period of greatest danger from the RPC vulnerability may be now, before a widespread attack on vulnerable systems has been launched, Ullrich said.