THE

LIST

This newsletter tracks new information, and improvements in existing information, on www.aumha.org, my website supporting Windows desktop systems and leading application software. I also include small, useful items that might not find a permanent place on the site, but that I would like to pass along.

Click here to subscribe. If you subscribe, you will receive email notification when there is a new edition of the newsletter. (You will not receive the newsletter itself by email. That's why I call it low-tech.) My intention is to provide a new and further way to serve the 50,000 people per month who visit my site. Previous newsletters are available online, and their content searchable through this site's search engine. Enjoy! — Jim Eshelman

CONTENTS of this Issue

1. NEWS & VIEWS
2. WINDOWS SUPPORT SITES
3. WINDOWS 95/98/ME SUPPORT ARTICLES
4. REGISTRY PATCHES
5. KNOWLEDGE BASE Articles: Error Messages
6. KNOWLEDGE BASE Articles: Hardware & Drivers
7. MY FAVORITE FREEWARE
8. HUMOR

---------------------- ( one miniscule advertisement ) ----------------------
I AM MY ONLY AD!
My employer closed its doors for good in February.
If you find anything of value in this newsletter or on this site,
please view my resume and pass it along to someone. Thank you!
---------------------- ( See, that wasn't very long. ) ----------------------

NEWS & VIEWS

WHOSE SERVER IS YOUR 13-YEAR-OLD DISABLING TONIGHT?
Distributed Denial of Service (DDoS) Attack Wake-Up Call!

If you can connect to it, read the following article: “The Strange Tale of the Attacks Against GRC.COM”.

I say, “if you can connect to it,” because the grc.com site has been under heavy attack. (At the moment, it is down again.) But it is worth persevering to try to read it. The site will surely come up again, and the article to which I am directing you is one of the most important and, at the same time, one of the most engaging and readable technical articles you probably have seen in a long time. When you have finished reading it, you also may want to read the same author's “I surrender!” at grc.com/dos/openletter.htm.

NOTE: You can now download the primary article in PDF format here.

Grc.com is owned and operated by Internet security consultant Steve Gibson. I already link to, and recommend, his Optout page on my Windows Support Sites page (click on “Miscellaneous”). Despite the fact that his site has been down much the last few days, I assure you he is quite good! On the other hand, he is, at the moment, 100% defenseless against a 13-year-old hacker who has taken up the game of taking Steve down.

This is the wake-up call — the object lesson — both in Steve Gibson's plight over the last month, and in the message he is trying to communicate to the Internet community: There are things against which we have no defense. They can bring down any part of the world wide web structure almost at whim. It's bad now. It's about to get a lot worse.

You may, or may not, agree with the author's conclusions or political views. Nonetheless, you should read his facts, and understand what they mean. As I said above, at the very least it is a compelling and interesting read. If you don't understand “Denial of Service” attacks now, you will understand them after reading his 26-page novella (yeah, it's pretty long). Then, please think about what you have read, and what we might all do about it. (PS – Thanks go to my MS-MVP companions Ron Martell and Sandi Hardmeier for first bringing these articles to my attention.)

Hang in with me a bit while I give a very simplified view of how this sort of attack can occur.

Simply put, Denial of Service (DoS) attacks are malicious assaults intended to completely disable a web site from functioning, using such tactics as flooding it beyond what it is capable of handling. This flooding usually does not come from a single source, though, commonly, it is triggered by a single source. The approach Steve Gibson details involves covertly distributing the attack points around the Internet — hence the term Distributed Denial of Service (DDoS) attack — then triggering all of the attack points at once so that the targeted site is bombarded.

Here is the first important thing you need to know: YOU AND YOUR COMPUTER MAY BE PART OF THESE ATTACKS WITHOUT YOU EVER KNOWING IT. If this stuns or disturbs you — or, if you just don't want to be part of such an attack — read ahead to learn some things you can do to prevent your computer from being hijacked for this purpose.

Suppose I want to shut down some web site like, oh, www.oracle.com. (This is just an example. If they get shut down this week, I had nothing to do with it!) To prepare for this, I would distribute little robot programs (“bots” — or “zombies” to the popular press) to as many different computers as possible. I would distribute these much as I would a virus or Trojan. In fact, I would distribute a Sub7 Trojan at the same time. I don't need to know where any of these copies land. One might end up on your computer. If it does, you are hijacked! You might become a party to bringing down Oracle, or Microsoft, or eBay, or Yahoo — or any other targeted site — and not even know it.

If you have one of these zombies on your hard drive, every time you log onto the Internet it will activate and “phone home,” awaiting instructions. (Read Steve's article for the ghoulish details.) If they were my zombies, all I would have to do is type a couple of commands on my own computer. This would launch them all to bombard any selected IP address (any selected web site, for example) with millions of small packets of data, as fast as your computer can transmit them. When these billions of tiny data packets from a few hundred hijacked computers hit the targeted site, it is overwhelmed and becomes incapable of functioning. You may never know it happened; but you will have participated (involuntarily) in disabling a web site somewhere — on the whim of a 13-year-old who ordered his zombies out of their graves and into attack mode.

At present, there are some things that can be done to stop or retard this from happening, at least for some types of attack. On the other hand, there are varieties of attacks from which there is, at present, no defense. (That's why I'm writing this entire piece from memory instead of consulting Steve Gibson's article — since he's offline at the moment, and there is no way for me to reach his site.)

However, while the sites in question may not be able to defend themselves, you can guarantee that you, personally, are not a part of any such attack with just a few precautions. If enough of us spread the word aggressively enough that people should undertake these precautious, just maybe it will take a bite out of the ability of these brilliant young vandals to be as effective. Don't get overly confident, though! The word will have to spread very far and wide before we have that level of success. But I believe in each person doing whatever they can for the issues which are important to them, with the hope that, collectively, we eventually will make a difference.

So, what steps can you take to ensure that you, personally, are not contributing to this problem by permitting your computer to become hijacked and used, behind your back, in a DDoS attack? The best and easiest thing you can do is to be sure that you have an effective personal firewall in use. Of those available, the only one that has been proven effective for this purpose is ZoneAlarm. To put it simply: If you have a zombie on your computer, BlackIce (which costs $40) won't even know it's there, let alone do anything to stop it. ZoneAlarm (which is completely free for personal use) will stop it cold, and not let a single abusive packet onto the Internet. I repeat: ZoneAlarm stops it cold. It won't permit the zombies to “phone home” unless you give your permission.

AMENDMENT: I have been advised that Norton Personal Firewall (and, therefore, the Norton Internet Security product), and also Tiny Personal Firewall, also will stop this variety of outbound attack.

A further thing you can do is something you surely want to do anyway: Practice “safe sex” on the Internet. Minimize your chance of getting one of those little bugs on your computer in the first place. Have a quality virus checker in place, and use it. Do not trust any attachments unless you are 100% sure of the source and are expecting what is included. Be sure you have all of the Microsoft security patches installed for Outlook, Internet Explorer, etc., to reduce your vulnerability. Keep your system clean.

There is a third thing to think about. I have no idea, and certainly no recommendation, what you might want to do about this. It does touch quite directly, though, on Steve Gibson's most aggressive point, that things will be getting very much worse within the next year. Here's the central issue: When DDoS attacks can, at present, be defended against, it is usually because all versions of the Windows operating system before Windows 2000 have an incomplete UNIX sockets implementation. This incomplete implementation makes all versions of Windows 95, 98, ME, and NT (through NT 4) vulnerable and ineffective in certain ways. These vulnerabilities and ineffectivenesses give a loophole for ISPs to use in defending themselves against many DDoS attacks. However, Windows 2000 doesn't have this deficiency. Neither will Windows XP.

That Windows 2000 has full UNIX sockets doesn't make much difference in the scope of things (with respect to DDoS attacks). Most consumers aren't going to need, nor wish to shell out the money for, Windows 2000. But when Windows XP is released this coming Christmas season, and when its Home Edition becomes the standard on nearly all new home, consumer-oriented PCs sold next year, things will change very dramatically.

Remember: It isn't an issue of what operating system is being used by the malicious hackers. If all that was needed was for them to have full UNIX sockets, they simply would have installed Lunix (as most of them probably have anyway) and been untouchable long before now. But it's not that simple. What really matters in this is which operating system is on the computers on which they are planting their zombies — your computer, for example. The issue, then, is what operating system will be on the greater number of general consumer computers in the near future. When Windows XP Home Edition emerges as the new standard in just a few months, the best defenses against defensible DDoS attacks will dissolve entirely. (If ZoneAlarm is installed and active, it overcomes this problem.)

That, my friends, is Wake-Up Call No. 2. (And you didn't even know you'd hit the snooze alarm, did you?)

In turn, this touches an important philosophical issue on which I invite your feedback for future discussion and, even more so, on which I invite your deep consideration for the purpose of making constructive decisions. The question is a little complicated, but can be summarized thus:

Over the last several years, Microsoft has made each of its major tools increasingly powerful. With every new stage of power added, these tools have become more subject to abuse — not because anything is wrong with the tool itself, but simply because abusive people will use the more powerful tools and the more ready opportunities.

For example, the prolificacy of Word Macro Viruses is due to the incredible power of Microsoft Word's macro language. You can control an operating system by using Word macros. That left a vulnerability on any computer on which Word was loaded.

The same is true for many of the other security vulnerabilities that have been identified in Windows and other Microsoft products. The ability to abuse comes from the power of the software. If new capabilities were not built into the software, the new problems wouldn't arise. But does anyone seriously want to suggest that Microsoft stop making each new generation of OS and application software more powerful? For the consumer public overall, I am sure the answer is that we do not want them to stop.

So we are faced with the tradeoff — and each of us, individually, has to decide what to do about it.

Steve Gibson wants Microsoft not to increase the DDoS problem beyond all capacity to deal with it. To this end, he is campaigning to have MS not provide full UNIX socket implementation in Windows XP. I do not agree with him on this — at least, not completely. I do think, though, that there is a possible compromise in their providing this superior standardization in the Professional version of XP (where it is needed), while leaving it out of the Home Edition (where it is not needed). I think they might also consider shipping XP Home Edition with its built-in firewall turned on by default — provided, of course, that its built-in firewall is sufficient to handle this particular problem. I understand that I probably do not understand enough of the details to know whether this is or is not a feasible, or even a good, idea. I do, however, throw the idea out into the world for the consideration of those who might be able to do something with it.

What do you think? What can we each do about this problem? And what can we do together?

YOUR “TOP 10” FAVORITES FROM MAY

One of the least visited pages on this site is the monthly “10 Most Visited Pages” list that I post here [Page no longer exists - Ed.]. This lack of popularity is due, at least partly, to the fact that it is almost impossible to find a link to it anywhere on the site. Possibly, also, no one (except me) cares too much which pages are most visited — though I am definitely interested in that sort of information, as it helps me make the site more useful overall. (Similarly, the search engine statistics I get each week tell me what sorts of things you are searching for on this site and not finding — which sometimes gives me ideas on what further information I might add.)

Here are the 10 most visited pages during the month of May, and a comparison of how their ranking is changing from month to month. As has been true since this site first opened almost two years ago, pages referring to Windows shutdown problems account for the majority of the traffic (56% of all page hits). However, one very gratifying trend has been that the Knowledge Base Articles on ERROR MESSAGES page has been rising through the ranks. Two months ago it wasn't even in the Top 10. Now, it has passed up the Windows 98 SE Shutdown Troubleshooter. This is gratifying because I have been working to hone this Error Message page into as powerful a tool as I can — I use it myself every day, in answering newsgroup questions — and it appears that this work has paid off, and more of my visitors also are using it (and using it more often). Last month, that one page was visited 5,627 times.

Here is the tabulation of your favorites on this site for the month of May.

Rank (Apr)	Rank (May)	% of Hits	Page Visited
1	1	32%	Windows Shutdown Troubleshooting: 15 Steps
3	2	12%	Windows Millennium Shutdown Troubleshooting
5	3	12%	KB Articles on ERROR MESSAGES
2	4	10%	Windows 98 Second Edition Shutdown Troubleshooting
4	5	9%	My Favorite Freeware
7	6	6%	Windows 98/ME Memory Management
8	7	5%	Windows Support Sites
9	8	5%	Registry Patches
**	9	5%	Suggested Fix for KERNEL32.DLL Errors
10	10	4%	Microsoft Knowledge Base Links

WINDOWS SUPPORT SITES

NEW PEER-SUPPORT NEWSGROUPS LISTED

On the Windows Support Sites page (which also got a facelift this week), I provide information about accessing the vast array of Microsoft-sponsored peer-support newsgroups on every imaginable topic concerning Microsoft operating systems and software. Personally, I think these newsgroups comprise the single best end-user support option that Microsoft supplies! Microsoft staff doesn't appear on the newsgroups (at least, not per se); but other, peer computer users provide an enormous wealth of information and assistance. Besides hosting the newsgroups, Microsoft's other main contribution to them is in identifying those participants who, over a long period of time, have consistently provided a high volume of accurate and helpful answers, awarding them with the Microsoft Most Valuable Professional (MS-MVP) designation. Along with scores of other helpful, able people, MS-MVPs patrol the newsgroups looking for the opportunity to be of assistance. If there is an answer to be found for your question, it almost certainly will be found, and offered. A complete list of all of these newsgroups can be found here.

Besides the general newsgroup access links, I give, on the Support Sites page, specific links to newsgroups that I frequent and find valuable. Since I have been hanging out in several of the Windows XP newsgroups lately, I have added them to the list. Those of you who have, or soon will have, one of the Beta versions of XP, or who simply are curious about the issues that are arising with the new operating system and how people are addressing these, might want to forage through the posts on the following as well:

• Windows XP (Beta) General/Basics
• Windows XP (Beta) New User
• Windows XP (Beta) Customization
• Windows XP (Beta) Hardware
• Windows XP (Beta) Performance & Maintenance

WINDOWS 95/98/ME SUPPORT ARTICLES

RESOURCES vs. MEMORY FAQ

Check out the revised and redesigned Resources vs. Memory FAQ article. One of the biggest problem areas for many users of Windows 95, 98, or ME is in the depletion of System Resources. This page explains exactly what System Resources are, how they differ from system memory, why they become depleted, how you can manage them, and a few other things you can do to address problems you may be having with Resources.

Two types of revisions were made this week — sufficient for me to bump this article up a full version number to 5.0. One change was in the information included: I have made information more accessible concerning “resource guzzling” applications, and also added more specific information on the forthcoming Windows XP operating system and its relationship to the System Resources issue. The other change is in the design of the page. I think it will be much easier to use now. (I am especially interested in feedback from people with smaller monitors as to whether this new layout is, in fact, easier for you — or the opposite.)

REGISTRY PATCHES

ACTIVATE SYSTEM CRASH LOGGING

This new Registry patch activates logging (to the Windows event log) of the exact time of any system crash. A companion patch disables this option. Thanks go to Kelly Theriot for this tip.

By the way, if anyone ever tries to tell you that MS-MVP's hog all the talent on the MS peer-support newsgroups, Kelly is one striking example of how untrue that is! She's a real newsgroup dynamo, and author of some of the most accurate and helpful responses on the newsgroups. Kelly also has a surprise in the works, from which we all will benefit — which I hope to be able to announce here in the near future.

NEW CONTENT & LOOK/FEEL FOR THE REGISTRY PATCH PAGE

Kelly also turned me on, this week, to the Windows Registry Guide site (formerly Regedit.com). This is an excellent resource for a number of Registry tricks, tweaks, and hacks for optimizing, enhancing, and securing the Windows operating system. Inspired by this, I added a new section to my Registry Patches page, listing “Other Registry Editing Resources.” In addition to Windows Registry Guide, I have included a link to John Woram's Home Page. In case you are not familiar with John and his work, I should tell you that this man “wrote the book” on the Windows Registry — literally! (Two of them, in fact.) There is much of value on his site — including John's incisive and delightful wit. These two pages joined MS-MVP Doug Knox's Registry Tweaks page, which I have had listed for most of the past year.

Inspired by all of this new material, I redesigned the look and feel for the Registry Patches page overall. I think you will find it to be much easier to navigate.

KB ARTICLES: Error Messages

PIP 2001: Invalid Page Fault in Module Kernel32.dll When Closing Program
If you have some version of Microsoft Picture It! installed (in the 2001 series), or have installed MS Greetings 2001 or MS Money 2001, you may have received the error message, “PIP caused an invalid page fault in module Kernel32.dll.” The above article diagnoses the likely cause, and provides a solution. (The problem is one particular update version of Norton Antivirus 2001.)

KB ARTICLES: Hardware & Drivers

My Hardware Knowledge Base article page is the third page to get a facelift this week. Also, I discovered that I had a lot of KB articles listed on the Troubleshooting Strategies page which really belonged on the Hardware page, so I migrated them over.

Among the new information aded to this Hardware page is a section on BIOS issues. The following article, which appeared on the Microsoft site May 31, is particularly valuable if you want to know what a BIOS is, how to determine various kinds of information about the BIOS on your computer, and how to evaluate the need for a BIOS update:

General Computer Basic Input/Output System (BIOS) Overview Win98, Win98 SE, Win ME

MY FAVORITE FREEWARE

NeoTrace Express
I hope no one is surprised to learn that I read other people's e-letters too! It is from Fred Langa's excellent LangaList that I learned, this week, about NeoTrace Express. Within minutes of downloading and trying it, I was adding a download link to My Favorite Freeware. What is NeoTrace Express? It is an excellent traceroute tool that gives you the option either to have the usual traceroute node list, or a dynamic map of the exact route of your connection. This “express” edition is the (slightly less powerful) personal freeware version of the already popular payware NeoTrace product by Neoworx.

During my tenure as Technical Support Lead for iSearch, our data center manager, the gracious and brilliant John Sanborn, provided us with a similar graphical traceroute tool. John's utility actually provided more information than NeoTrace Express gives (including a graphical way to catch the problem node at a glance in most cases). Since then, I hadn't come across anything similar — so I was quite excited to find this one. Here is a screen shot of the type of output the utility returns. Where Internet traffic is concerned, the shortest path is not always in a straight line! (The sample is a trace from my home in Los Angeles to the server hosting www.best.com at Verio's location in Englewood, Colorado. Note the small side-trip to Washington, DC first!)

HUMOR

Speaking of my time at iSearch (as I was above), I had several clients who were a true pleasure to work with, one of whom was Ms. Diane DeMailly. A few days ago, she sent me this update of a semi-classic bit of Californian humor, which I thought I would share. PS – I can't call this satire, since nearly all of it is literally true!

YOU KNOW YOU ARE IN SOUTHERN CALIFORNIA IF:

• You make over $250,000 a year and still can't afford a house.
• It's sprinkling outside, so you leave for work an hour early to avoid all the weather-related accidents.
• Your child's third grade teacher has purple hair, a nose ring, and is named Breeze.
• You've been to a baby shower for an infant who has two mothers and a sperm donor.
• You have a very strong opinion about where your coffee beans are grown, and can taste the difference between Sumatran and Ethiopian. [Well, duh! Can't everyone? – JAE]
• You know which restaurant serves the freshest arugula.
• A really great parking space can move you to tears.
• The guy in line at Starbucks, wearing the baseball cap and sunglasses, who looks like George Clooney, is George Clooney.
• Your car insurance costs as much as your house payment.
• Your hairdresser is straight, your plumber is gay, and your Mary Kay rep is a guy in drag.
• It's sprinkling out, and the lead story on every news channel is about “THE STORM!”
• Over 85% of the cities, towns, and streets start with San, Los, El, La, Santa, De La, or De Los.
• Two overcast days in a row drive you mad.
• A family of four owns six vehicles. [That doesn't count the scooters. – JAE]
• Everyone who lives here knows that hurricanes, tornadoes, floods, and snowstorms are way worse than earthquakes, which are, after all, over almost as soon as you realize what's happening.
  
  
• And, finally, a riddle:
  Q. How many Californians does it take to screw in a light bulb?
  A. None. Californians cannot afford to turn on the lights.

Happy computing, everyone!

Jim Eshelman

(Comments about The E-List can be sent to: elist@aumha.org)

THE NECESSARY LEGAL STUFF
DISCLAIMER: Any information given in this newsletter, or on any other part of the www.aumha.org website, is researched by me and believed to be accurate. However, I cannot guarantee, and do not guarantee, that all the information provided will work on all computer systems, for all users, all the time. Also, I sometimes make mistakes (that's life!), and it is possible I made one or more of them here. All information herein is offered as-is and without warranty of any kind. In other words, I rely on the best information sources I can, and do my best to get it to you accurately; and, thereafter, you take your life in your own hands if you trust me on it. Neither James Eshelman, this site, outside contributors to this site, people quoted on this site, nor my cat is/are responsible for any loss, injury, or damage, direct or consequential, resulting from application of any information presented here.

The E-List. Copyright © 2001 by James A. Eshelman. All Rights Reserved.

Return to the TOP of the Page.