SPAUG Newsletter February 2004

SPAUG Editor: John Buck
SPAUG Publisher/Business Manager: Susan Mueller
SPAUG Co-Webmasters: Stan Hutchings & John Sleeman

TABLE OF CONTENTS

• February Notes from the Prez by Jim Dinkey
  
  
• February General Meeting Notes by Stan Hutchings
  
  
• February Planning Meeting Notes by Stan Hutchings
  
  
• Now that the CAN-SPAM has passed, where do I send the spam I'm still getting? by Stan Hutchings
  
  
• Tripp-lite UPS 700 VA available for $5 (used)  by Jim Dinkey
  
  
• Symantec Intelligent Updater is updated DAILY  by Jim Dinkey
  
  

February Notes from the Prez

by Jim Dinkey

Just yesterday [Feb 27 2004] I had to handle the MyDoom worm. It is a testimonial to the Norton AntiVirus software that the worm was totally contained and that the repeated cycling of the worm was enough to cause an apparent 81 instances of the software having to intercede.

That there was a period of all-consuming ferocity when dealing with the computer means that those who have not handled an infection of this sort might panic and reboot or shut down the computer.

The mode of operation was that I turned on the computer because the absent owner had indicated that there was a networking problem. I turned it on and evidently the worm was just waiting to pounce. The Norton AntiVirus panels kept coming so fast that it appeared that there were about thirty of them in succession. When I finally was able to get caught up with the onslaught, the cleanup phase started and it was found that I had to initiate the correction of 81 separate files that had been infected.

While I had not seen such ferocity before, the patient deletion and response to the automatic activation of the worm was effective. Norton AntiVirus stated that the worm could not be quarantined but that the file could, in each case, be deleted.

Once Norton AntiVirus had finished with the worm, the cleanup phase was instituted. All parts of the computer were updated including the Security Updates for Win98 in this case and also Norton AntiVirus. While the computer was set on automatic update, it seems to have been compromised in some manner as that function had slipped for two weeks. Time will tell on this one as the setup showed to be correct.

Then, to be sure, Norton AntiVirus was requested to scan the entire computer for viruses and it found four instances which were duly corrected at operator request.

Finally, as a check function, the Norton AntiVirus scanner from Symantec's site was downloaded and run. There were no remaining infections found.

The reason that I am telling you all this is to give you some insights into how to treat your computer when you are in the middle of an infection and the responses are flooding in your direction and you need to act quickly as though you were in a firefight. In this case the task bar showed about 30 infections waiting for eradication and I was hard pressed to do treatments fast enough to be able to get the number to zero while it was busy creating. The activity stopped when I deleted faster than it could create. At least that is how it appeared.

The moral of the narration is to keep your anxiety level high enough that you will keep your anti-virus programs current, run your Spy Bot, use your Mail Washer assiduously, scan the hard drive daily, and scratch your left ear simultaneously to keep your computer pristine.

If you do, your computer will not be invaded.

If you happen to be in the process of purchasing some Wi-Fi equipment, and realize that not all of the equipment is the same, then you should take the effort to specify equipment that has AFH (Adaptive Frequency Hopping) or its equivalent. If you choose equipment in the 2.4 GHz range, then you had better plan to have your equipment be somewhat agile in the frequency department as that is the same frequency of microwave ovens, cell phones, and some cordless phones. The most recent installation that was having troubles was approximately 14 inches from a 2.4 GHz frequency generator called a cordless phone. A frequency-hopping wireless device would be able to select or utilize frequencies that were other then the ones(s) used by the telephone in close proximity. The smarter action is to place the cordless on the other side of the room.

There is a new anti-spam protocol that is being talked about that just might work to some great degree - at the price of privacy and anonymity. The protocol is a means of registering in a central repository that allows you to be part of huge "club" of people who are identifiable enough such that you all can send each other email precisely because you are identifiable.

Yes, there are problems with it, but because there is a trail of servers that handled the messages, there is traceability back to the originating computer.

I think the plan has some merit and should be tried.

Over the past year the philosophy of having an extra hard drive in each computer has proven to be a great asset in protection of data and more importantly, when setting up a new computer - especially when Acronis True Image is also present.

If do some action that takes a lot of time, I take under two minutes to make a copy of all that I have on the "C" drive onto the "D" drive without even rebooting. Two minutes to protect 30+ minutes' work seems like a good tradeoff. If something goes wrong, I have only a two-minute reload.

The effectiveness of this system is dependant upon having Acronis True Image in place which, in itself, takes some time, but is a worthwhile tradeoff.

The thing that is unique about Acronis True Image is that when the program encounters a file that is open, and thus is not available for copying, the program closes the file, copies the data, and then opens the file again. Thus running in standalone mode is not necessary as the files do not have to be all closed by rebooting to a DOS equivalent.

I suggest you purchase both the Acronis True Image 7.x and an extra 7200 rpm hard drive and bring them to a Clinic if you need assistance in installation and operation.

[ TOP ]

February General Meeting Notes

by Stan Hutchings

Administrivia

• The club has a new projector. Jim will test the new one against the old to see how much improvement we got.
• You are strongly advised to go to the Microsoft Update site (or Start - Settings - Windows Update or from Internet Explorer Tools - Windows Update) and get the latest Critical Updates installed. This will save you a trip to the clinic with a corrupt system.
• After you finish that, update your antivirus database (if you haven't scanned your drive for a week, do that too). If you use Norton AV, download the Intelligent Updater: Virus Definitions. There is a comparison of Intelligent Updater and LiveUpdate - read the discussion and choose the best for you (or both, to be extra safe).
• the clinic will operate this weekend, for those of you who didn't take the preceeding advice

CrossTalk/Random Access

• What does a "Dangerously Low on System Resources" error mean? Run Norton Systemworks. This will often fix the causes of the problem. The system pagefile may be fragmented, so defragmenting might help. Later OSs have an Event Log that may have information. There is a discussion at Annoyances.org that says too many programs are running. Use Start - Run - MSCONFIG and uncheck the programs you don't need. Here's a link many articles at Microsoft support - from a Google Advanced search on domain support.microsoft.com; from the selections, choose your message and operating system.
• I want to encrypt my wireless - how? Do I need a third party application? There are two types of encryption: one for the wireless access signal, and one for data. You can use one or both. The wireless signal is usually encryped using WEP, and is done in your wireless software (that came with the router, or wireless setup procedure for a notebook with built-in wireless). You can choose 64- or 128-bit; 128 is safer, but is still not absolutely secure. This encryption will inhibit "war drivers" from pirating you signal. The other encryption for data can be used to encode files, folders, drives, etc so that a decryption process must be used to read the data. If you have a computer with personal information on it, this would be a good strategy to prevent Identity Theft in event of loss or theft of the computer. PGP (Pretty Good Privacy) is one scheme; there are others, some free, some expensive.
• Advice for handling puzzling errors. I recently upgraded a Hewlett-Packard computer with WinME. Suddenly the machine would not boot, various (cryptic unhelpful) error messages, such as "Setup is inspecting your computer's hardware configuration." Suddenly, the following error message would appear "An unexpected error (-1) occurred at line 1562 in D:\nt\private\ntos\boot\setup\arcdisp.c. Press any key to continue." (your errors may be different). After much trial and error, failure of the Recovery disk to reinitialize the computer, the cause was finally determined to be a bad RAM chip. The moral - check your RAM occasionally, either by turning on the memory check during bootup, or with the RAM check program on the club CD. [N.B. - Another RAM upgrade, two new 256-MB RAM chips, also caused failure to boot. Removing the chips one at a time and attempting to install Windows gave the error message both times. Removing both chips (luckily the laptop had 64 MB of onboard memory) and what do you know? The installation worked perfectly. According to on online discussion posting, Windows creates a RAM drive during installation and a faulty chip can cause an error. Microsoft Knowledge Base Article 316400 addresses this problem with Windows XP.] If you get cryptic unhelpful error messages, copy them exactly into Google and run a search. Chances are, someone else has had the problem (and hopefully had it solved).
• I recently found more than 250 MB of Temp files on my computer, which was causing a problem. Windows has a cleanup utility that should be run periodically. You can actually schedule it, if you leave your computer on during the day or night. Start - Help - (in the Index tab field, type temporary files and choose the temporary files, removing, disk cleanup information (different OSs may have different wording). For my WinNT system, it says, "Disk Cleanup helps free up space on your hard drive. Disk Cleanup searches your drive, and then shows you temporary files, Internet cache files, and unnecessary program files that you can safely delete. You can direct Disk Cleanup to delete some or all of those files." and the instructions are, "Start, point to Programs, point to Accessories, point to System Tools, and then click the appropriate icon."
• Mailwasher, along with EarthLink's Total Access, has done a good job cleaning up spam. For reviews and comparisons of anti-spam tools, go to PC Magazines Anti-Spam Tools online. There are four "Editor Choice" awards, and about 20 to choose among.
• How do I enlarge an image?. Answer by John Buck: You can enlarge (or reduce) a jpg image (such as a signature) using IrfanView.
  1. Start IrfanView.
  2. Select/Open the image you want to enlarge (or reduce).
  3. Select File/Save As. A two-window menu will open. In the left-hand window, specify the new file name you want to use (so you don't mess up your original). Also be sure to check that the directory is the one you want. In the right-hand "JPEG/GIF Options" menu, slide the "Save quality" button to the right. Now save your image.
  4. Click Image on the menu bar.
  5. Click Resize/Resample (Ctrl+R) on the dropdown menu. A new menu is presented.
  6. Be sure "Preserve aspect ratio" at the bottom of the left column is checked.
  7. Select "Set new size as percentage ...", then specify the value you want.
  8. Save your new image.
  NOTE: XnView has a similar capability. Both IrfanView and XnView are on the SPAUG Mid 03 CD. You're Welcome.

There was a break for coffee and cookies, and a lot of networking.

Presentation

Officer Jeff Keegan, Menlo Park Police Dept. Web Services whose duties include investigation of Identity Theft, High Tech & Computer crime, financial fraud related crime, DUI enforcement, and computer component theft, gave a scary but informative presentation on recent developments in Identity Theft. He gave us many valuable tips on how to prevent ID theft, how to recognize scams and attempts to steal our IDs, and lots of good advice. Officer Keegan also gives an Identity Theft training course for Investigators and Detectives, so he was able to give us good advice and answer our many questions.

Some useful URLs he recommends are:

• Menlo Park Police Department IDENTITY THEFT QUICK TIPS, a very brief synopsis of the presentation.
• MillerSmiles.co.uk, which has up-to-the-minute information on scams, frauds, phishing, online auction fraud, etc.;
• California Department of Consumer Affairs - Office of Privacy Protection, which serves as a statewide resource for consumer information and sources of assistance on identity theft and other privacy issues, assists local, state and federal law enforcement by providing training on privacy issues and by coordinating with them in investigations, works with businesses to define and encourage sound privacy protection practices, and reports on trends in consumer privacy problems and issues;
• The Privacy Rights Clearinghouse, a nonprofit consumer education, research, and advocacy program. Our publications empower you to take action to control your personal information by providing practical tips on privacy protection.
• The Anti-Phishing Working Group is an industry organization focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. The organization provides a forum to discuss phishing issues, define the scope of the phishing problem in terms of hard and soft costs, and share information and best practices for eliminating the problem. The website serves as a public and industry resource for information about the problem of phishing and email fraud, including identification and promotion of pragmatic technical solutions that can provide immediate protection and benefits against phishing attacks.
• If you didn't pick up one of Joe Simitian's "Identity Theft" brochures, a PDF version is available online at -- http://democrats.assembly.ca.gov/members/a21/pdf/IDTheft.pdf. (It requires 16"x8.8" paper to print correctly, but you can read it online.)

N.B. - PC Magazine's Cover Story is about Identity Theft, a timely subject that complements the presentation, and includes a list of places to contact when your identity is stolen.

Identity Theft issues can be addressed by accessing the Attorney General's website: http://caag.state.ca.us/idtheft/index.htm. The Attorney General's office is the lead organization on ID theft. You can get information on the six key steps for entering your name into the Identity Theft Data Base, find links to other sites you should inform, get forms and file a complaint on their website. If you would like to notify an agency about identity theft schemes and other frauds you receive, you can send the original message (with complete header information) to the California Attorney General at caspam@doj.ca.gov [N.B. if you don't know how to find the full header display, Google email header full display, find the instructions for your email program; LavaNet technical support has quite a few, including the elusive Eudora Blah Blah Blah button].

[ TOP ]

Planning Meeting Notes

by Stan Hutchings

• The meeting was held at Bev Altman's house; attendees: Jim Dinkey, John Sleeman, Bev Altman, John Buck, Stan Hutchings, Nat Landes. The attendees enjoyed the refreshments served.
• Finances (Nat) - the club balance is about $7400, after a $1600 expenditure for a new projector.
• Replacement projector report and new projector training (Jim) - the club has a new projector, and training will be necessary to use it properly. The lamp is $500, so we want to make sure it comes to no harm.
• Programs
• Future speakers - Bev will try to contact David Einstein david.einstein@comcast.net, a technology writer for the SF Chronicle. Nat suggested some of the more advanced members demonstrate some of the ways to personalize.
  March - Zone Alarm
  April - Gary Sasaki on the CES
  May - still open, possibly George Sidman at Monterey Net
  June - John Sleeman wll investigate Sun
• Show-and-tell demo of club CD for next meeting - we'll stop doing demos until the next CD is ready. We'll discuss plans at the upcoming WebSIG.
• Individual reports and suggestions
  Bev announced that our accountant, Arlan Kertz, is resigning. Bev will try to persuade him to provide his services on a fee basis. Otherwise, we'll need to have a volunteer to replace him.
• WebSIG activities and schedules
  Non-Microsoft solutions SIG? Linux interest? (Jim) Linux is gaining popularity and "mainstream" acceptance. Support and documentation are still poor at the OS level, but at the applications level the OS is pretty transparent to a user. We could start introducing the members to Linux and applications, by guest speakers and demonstrations. Some possibilities are Sun, Lindows, Red Hat, Star Office or Openoffice.org.
• Outreach & Membership - Bev asked if the members who join to use Jim's Saturday Clinic ever renew their membership. Nobody has a way to find out easily. Bev will send Jim a spreadsheet of members with their address and email. Probably after a year or so, something else goes wrong with the computer, and the person will join again.
• Support
• Clinic activities and changes (Jim) - the Clinic is still operating. Need an older computer for an organization that has nothing. Stan suggested his old (minus hard drive) computer, if it is recent enough. Nat may have one.
• Goals -
  Possible member involvement in tracking (Jim) - SPAUG volunteers could some day help the Menlo Park PD with ID Theft investigations. This topic will be further discussed with the police department.
  (Stan) - support of the Palo Alto Library could be suggested to the membership; the Library is looking for computer-literate volunteers to sell books over the Internet. Some of the donations are pretty valuable, and could be sold for much more than at the monthly sales.
• Whatever else comes up
  Jim will have some 3-year old UPSs that are being replaced, will be sold "as is" for about $5 to $10.

[ TOP ]

Now that the CAN-SPAM has passed, where do I send the spam I'm still getting?

by Stan Hutchings

I sent an email to Assemblymember Joe Simitian's office asking what to do with the spam I still receive, despite the CAN-SPAN (Controlling the Assault of Non-Solicited Pornography and Marketing) act that recently was enacted by Congress. Here's his reply:

What Can I Do With the Spam in my In-Box?

Report it to the Federal Trade Commission. Send a copy of unwanted or deceptive messages to spam@uce.gov. The FTC uses the unsolicited emails stored in this database to pursue law enforcement actions against people who send deceptive spam email.

Let the FTC know if a "remove me" request is not honored. If you want to complain about a removal link that doesn't work or not being able to unsubcribe from a list, you can fill out the FTC's online complaint form at www.ftc.gov. Your complaint will be added to the FTC's Consumer Sentinel database and made available to hundreds of law enforcement and consumer protection agencies.

Whenever you complain about spam, it's important to include the full email header [N.B. if you don't know how to find the full header display, Google email header full display, find the instructions for your email program. LavaNet technical support has quite a few (including the elusive Eudora Blah Blah Blah button)]. The information in the header makes it possible for consumer protection agencies to follow up on your complaint. Send a copy of the spam to your ISP's abuse desk. Often the email address is abuse@yourispname.com or postmaster@yourispname.com. By doing this, you can let the ISP know about the spam problem on their system and help them to stop it in the future. Make sure to include a copy of the spam, along with the full email header. At the top of the message, state that you're complaining about being spammed.

Complain to the sender's ISP. Most ISPs want to cut off spammers who abuse their system. Again, make sure to include a copy of the message and header information and state that you're complaining about spam. The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint https://rn.ftc.gov/dod/wsolcq$.startup?Z_ORG_CODE=PU01 or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft and other fraud-related complaints into Consumer Sentinel www.consumer.gov/sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

The Direct Marketing Association also has an EMail Preference Service to help you reduce unsolicited commercial emails. To "opt-out" of receiving unsolicited commercial email, use DMA's online form at www.dmaconsumers.org/offemaillist.html . Your online request will be effective for one year. (This information was posted on the FTC website.)

The California Attorney General's Office is looking for examples of spam e-mails being sent to consumers in violation of California law, particularly from persons operating in California.

While we have valuable leads from spam posted in various newsgroups and mailing lists, we would like to obtain certain examples directly from individuals who would be prepared to verify, in a written statement under oath, information about the spam they received. Please send your examples (as attachments, with all header information) to:
caspam@doj.ca.gov

If you prefer to submit spam samples in printed form, you can download and print our complaint form for that purpose, available at: http://caag.state.ca.us/contact/unsolicited_email.pdf. If you are submitting spam on paper, please be sure to include all headers.

The Attorney General's Office is looking for samples of spam that meet all of the following conditions:

• You are the recipient of the spam and you are a resident of California.
• The spam was delivered via servers located in California (sender's, recipient's or intermediary server will suffice).
• There is some indication that the spammer is operating in California, such as a California telephone number or address for orders. If you can identify the spammer and have information from other sources showing that the spammer is in California, that will also work.
• The spam fails to comply with the statutory restrictions. To comply, the unsolicited advertising emails' subject line must begin with "ADV:", the first text in the message must offer a toll-free number or functioning email address for removal of the recipient from further unsolicited emails, and that statement must be in a type size as large as most of the other text.
• [Note: The statute also makes it an offense to fail to honor a request for removal included as outlined above, and we would like to get evidence of specific instances of that involving California residents.]

Please let me know if you have further questions.
Best Regards,
Melissa Millsaps
Office of Assemblymember Joe Simitian
160 Town & Country Village
Palo Alto, CA 94301
Phone: 650-688-6330
Fax: 650-688-6336

I was favorably impressed by the depth of research in the reply. It's information that has been gleaned from many sources. I sent a similar request to Senators Barbara Boxer and Diane Feinstein, but their replies were less than helpful - full of political speech, sympathy and commiseration, but no real help.

[ TOP ]

Tripp-lite UPS 700 VA available for $5 (used)

by Jim Dinkey

Available to you while they last for $5 and your pickup, is a Tripp-lite 700 VA UPS (Uninterruptable Power Supply [current product description here]) which is over 2.5 years old and has been taken out of service working. They have been replaced by current units. They have the following characteristics:

• Taken out of service working.
• They are near the end of their battery life.
• There is no warranty.
• They are $5.00.
• There are no instructions (similar model instructions).
• They are not delivered to you.
• You have to come and get one at Jim Dinkey's.
• The replacement batteries are available via Allied.
• We may set up a quantity battery buy if the new owners desire.
• They probably should be used until the battery finally ages out.

[ TOP ]

Symantec Intelligent Updater is updated DAILY

 by Jim Dinkey

The good news is that Norton Anti Virus and (presumably) the other anti virus programs will catch the viruses, such as MyDoom and its variants, that are going around.

The bad news is that some of the computers that come into the Clinic were not updated enough, and are not current enough to detect the most recent viruses.

Intelligent Updater is a manual procedure that Symantec has made available to all users and is updated DAILY and thus can allow you to plug your computer if you see that 1) You are badly out of date or 2) You need to get the latest because some reliable website has reported a "new" virus and Wednesday has passed.

For future reference, if there is a really virulent recent virus running around and you want to go to Norton's Intelligent Updater, you can go here:
securityresponse.symantec.com/avcenter/download/pages/US-N95.html.

Note that the date of the most current weekly Norton AntiVirus release is dated today (February 25) and that Live Update will pick it up as Wednesday is usually the day that the weekly virus list is released.

Your Live Update should be scheduled DAILY and should probably be after 3 p.m. on each day.

This is the story that provoked this notice: Latest MyDoom Outbreak Spreading, Deletes Files.

[ TOP ]