PuterGeek.Com News
Issue # 15

[ Home ] [ Site Map ] [ Site Search ] [ Back to last page ]

Do you want to subscribe to the newsletter?

Hello everyone, I had some free time while on the road to check my email so I thought I'd do a quick update. So far it seems that the poll isn't very popular. I was hoping to get more feed back and have some fun at the same time. Out of the last 200 hits the site has had only 24 people have voted (sigh), and I find it hard to believe none of you have any suggestions for the site. (As Peter climbs down from his soap box)

Here's the good stuff...

FROM MICROSOFT www.microsoft.com

VULNERABILITY UPDATE Microsoft testing has discovered a vulnerability in the ODBC database driver that may affect Excel 2000 users. This vulnerability is related to the IISAM component of the ODBC database driver and could be exploited using an Excel 2000 query to do malicious acts. Microsoft has produced a solution to this specific vulnerability and incorporated it into this update. Get more technical information and download the update today at: http://www.microsoft.com/insider/mi/pfodbc.htm

~~~~~~~~~~~~~~~~~~~~~~ TIPS & TRICKS ~~~~~~~~~~~~~~~~~~~~~~ _____________________________________ Windows 98 Second Edition: Create a New Startup Disk http://www.microsoft.com/insider/mi/pfstartup.htm

Word 2000: Print a Portion of a Document http://www.microsoft.com/insider/mi/pfportion.htm

FrontPage 2000: Create a Custom Toolbar http://www.microsoft.com/insider/mi/pfcustom.htm

Excel 2000: Automatically Format Additional List Items http://www.microsoft.com/insider/mi/pfexlist.htm

For more tips & tricks for your favorite products, go to the Microsoft Product Insider Web site and click on the product you want on the Table of Contents. http://www.microsoft.com/insider/mi/pfhome.htm

YOUR CHANCE TO INFLUENCE MICROSOFT PRODUCTS (hehe==peter) http://www.microsoft.com/usability

 Sign up now to become eligible to participate in Microsoft's Nationwide Usability Research Program. In this program, members of Microsoft's product design and development teams meet with software users in their own businesses or homes to better understand their software needs. Each person visited receives his or her choice of a software gift from an extensive gratuity list, along with the chance to have a direct line of feedback to the product teams at Microsoft. Sign up now at http://www.microsoft.com/usability/sign_up.htm

INTELLIMOUSE(r) EXPLORER-THE MOUSE OF THE FUTURE http://www.microsoft.com/products/hardware/mouse

 The mouse has finally caught up with advances in the rest of computer hardware with the new Microsoft IntelliMouse Explorer. The IntelliMouse Explorer features Microsoft IntelliEye(tm), an innovative new optical tracking technology that does away with rubber mouse balls and eliminates all moving parts for greater accuracy and reliability. (I have one and I love it!==peter)

(in case you're not on the list==peter) Dear Microsoft Customer:

The year 2000 is rapidly approaching, and there are simple steps you can take to get your hardware, software and data ready. We at Microsoft want to make sure you have the information you need to make this transition as easy as possible.

In order to keep you updated, we've set up a Web site that you can access whenever you wish. Just go to http://www.microsoft.com/y2k to get year 2000 information and Microsoft® software updates. In order to work properly after the year 2000, some Microsoft products may require a year 2000 software update. We recommend that you install the software updates so you'll continue to have the best computing experience. Of course, access to this Web site and any software updates you need are free of charge (connect time charges may apply).

Thanks for using Microsoft products. We look forward to continuing to provide you with the best products to meet your computing needs.


The Microsoft Product Groups

©1999 Microsoft Corporation. All rights reserved. Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.

FROM THE LANGALIST www.langa.com

By The Bootstraps...

All personal computers start in stages: There's just enough special, low-level code permanently stored in the system BIOS and inside the CPU itself to get the machine going to the point where the CPU can talk to the hard drive, monitor, etc. Once this tiny amount of initial code has run, the system then looks on your floppy or hard drive for the most basic components of an operating system. If it finds them, it loads and runs them. These core operating system components contain the instructions the system needs to load the rest of the operating system and to complete the start- up process. In this piece-by-piece way, your computer self- starts.

Computers didn't always start this way, and a computer that could "pull itself up by its own bootstraps" was once a novel idea. In fact, when this system of self-starting was first invented, it was called "bootstrapping," which later got shortened to "booting." (And that's where that familiar bit of computer jargon comes from.)

Some computers need special configuration files to boot properly. Different operating systems call them different names, but the idea is the same: Once the core operating system is running, but before the full-blown OS starts, it looks for these special files to see what hardware drivers, software settings, and so on, are needed by the machine.

These special files transform the generic, low-level operating system into a version that's specific for the machine it's running on.

On PCs, two of these configuration files are called "Config.sys" and "Autoexec.bat." The former is a text file that can tell the OS what low-level memory managers, hardware drivers (etc.) to run. The latter is a series or "batch" of commands that run automatically at startup.

Together, these two files create the software foundation for everything a PC can do. In the Dark Old Days Of DOS, "power users" often would spend hours honing and perfecting these files to wring out every last iota of memory and performance from their PCs. (continued in next item...)

10% More Memory For Free?

Today, some Windows system ship with no Autoexec or Config file at all. Others ship with a vestigial file that's either just an empty placeholder, or that contains just a few simple commands. If you only run Windows applications, that may be fine. But chances are, even if you think you run only Windows apps, you actually do run DOS apps from time to time.

For example, I use PartitionMagic and Drive Image to manage disk space and create super-fast-loading backups of my Windows PCs. Although PartitionMagic and Drive Image have Windows front ends, they do their real work from DOS!

Likewise, some utilities such as ScanDisk or Norton Disk Doctor sometimes do their work from DOS!

And many games still run in DOS, even if you launch them from inside Windows.

What's more, Windows 3x and 9x are still rooted in DOS: Although many of the OS functions (especially in 9x) happen "above" the layers controlled by DOS, the old DOS foundation still is there, and can materially affect how your system behaves.

More specifically: The presence or absence of a properly- done Config.sys and Autoexec.bat can greatly affect how your OS and apps like these run. And, alas, the generic settings Windows provides for DOS usually aren't as good as what you can do on your own.

In this week's WinMag column, I'll post specific cut-and- paste examples of ways to set up your Config and Autoexec files. Because they'll be on web pages, you'll see the examples in the correct format, and without the weirdness and errors that text-wrapping email applications may introduce. (I learned my lesson about sending format- sensitive examples by plain email <grin> See http://www.langa.com/newsletters/oct-7-99.htm#email )

By posting the examples on a web page, you'll be able to simply copy the properly-formatted content right from your browser, and paste it into the proper files on your system (I'll tell you how). Chances are you'll see an instant benefit!

What benefit? On a test system here, my little cut-and-paste trick freed up 11% more "low" DOS memory than Windows could on its own! This was memory that was totally going to waste! This low memory is the foundation for all your Win9x and DOS software: DOS apps usually live entirely inside low memory, and Windows' deepest roots are anchored there. Making the most of your "low" memory isn't an idle exercise, and may improve the way your machine runs.

So if you want to gain more "low" memory for free or just learn more about Autoexec and Config files, click on over to the WinMag site for more info and fully-formatted, cut-and- paste ready samples. If you're a DOS Expert, please join in to share your best DOS tips, tricks, batch files, and tweaks. If you're a DOS Novice, please read the column and then post your questions and comments. Let's help each other!

The column should be live by the end of business (EDT; GMT- 5) on Monday Oct 11th. Look for the link via the WinMag front page at http://www.winmag.com !

Plugging A Nasty IE5 Security Hole

Here, in Microsoft's own words, is the scoop: "IE 5 includes a feature called "download behavior" that allows web page authors to download files for use in client-side script. By design, a web site should only be able to download files that reside in its domain; this prevents client- side code from exposing files on the user's machine or local intranet to the web site. However, a server-side redirect can be used to bypass this restriction, thereby enabling a malicious web site operator to read files on the user's machine or the user's local intranet."

When this problem first came to light, the only solution was to turn off all scripting--- a draconian solution. But now Microsoft has released a patch. It's at http://www.microsoft.com/msdownload/iebuild/dlbhav/en/dlbhav.htm and soon should be available via the Windows Update site as well: http://windowsupdate.microsoft.com

If you'd like more info, see

But in general, if you're running IE5, I recommend you grab this patch ASAP.

FREE Internet Security Check

Steve Gibson is a very smart and prolific guy--- he's been producing very cool, very useful software for, gosh, 15 years or more now.

A lot of his stuff takes a unique spin or tack at solving problems, and often does a better job than some of the more widely-know apps from the giant software houses.

Last week, I got a note from Steve describing a new free service he's offering:

Hey Fred, I wanted to apprise you of my just-this-instant finished contribution to the Internet-connected Windows-based personal computer community: http://grc.com/x/ne.dll?bh0bkyd2 or http://grc.com/ShieldsUp

When I recently switched my office from ISDN to DSL (our servers live on an off site T1 trunk), I did some research into the insecurity of typical Windows-based Internet connections ... which is exacerbated by "persistent" connections to the Net such as those now being established by DSL and Cable Modem technologies. I was SHOCKED by the number of people with insecure connections, and then by the ease with which Internet scanners can find, target, and penetrate their systems. (This is all documented in tutorial form on my new web site, but you can quickly peek here: < http://grc.com/su-nbscan1.htm > and also here < http://grc.com/su-nbscan2.htm >)

On Friday of Labor Day weekend (9/3) I realized that when someone came to my web server, their connection gave me the IP address of their machine. This meant that I could perform an ACTIVE SECURITY ANALYSIS of their system on the spot and display the results as a web page. So I started coding and the concept grew into a comprehensive, free service and extensive tutorial -- including some freeware -- to quickly secure ANY Windows system.

Given the inherent "default" insecurity of most Windows connections -- and the significant financial gain possible for intruders who can now easily install keystroke-monitoring Trojans into people's computers to capture online banking passwords, account numbers, etc. then eMail the results -- I worry that Internet Intrusion and Theft is a "growth industry." So I think this is a VERY important message to get out to the population at large.

The ratios of exposure as shown by the graphs on the visitor history page demonstrate the extent of the problem! http://grc.com/x/ne.dll?bh1akydu If you agree and wanted to help me spread the word that would be totally terrific!

Steve's site attempts to sniff back through your internet connection and will show you everything it can find out about your system, your files, your printer and so on.

Note that this is NOT the little JavaScript browser-sniffer that you may have seen. Steve's page is digging deeper and may uncover security holes you didn't know you had.

I tried Steve's test---I have a cable modem setup here--- and was relieved to see that the security steps I've taken here keep me pretty well hidden from prying eyes. Steve's pages reported:

"Unable to connect to your computer. All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer is VERY SECURE...."

Whew. 8-)

I'll discuss security more in an upcoming newsletter, but for now, check out Steve's page---it just might save your bacon!

Well, that's it for now. We're on our way back to CA for a delivery on Monday. Peter

Webmaster@PuterGeek Please vote in the poll!!

Do you want to subscribe to the newsletter?

[ Home ] [ Site Map ] [ Site Search ] [ Back to last page ]

Last Revised: 10/23/2000