No story this week, but soon ...

Apple's new operating system (Tiger) is on the prowl. We'll talk about it once I've had a chance to look at it.

Security becomes even more critical

Technology Corner has been around for a long time. How long? So long that, in the early days, antivirus software wasn't a necessity. Today you need to wrap your computer in many layers of protection.

That's true. In the early days, when somebody asked if their computer should have antivirus software, I asked ...

• Do you have a modem?
• If so, do you download software from bulletin board systems?
• If so, are the bulletin boards you visit legitimate?
• Do you receive floppy disks from others?

If the computer didn't have a modem and the user didn't exchange software on floppy disks, there was no need for antivirus software. An antivirus program was needed only if the user visited bulletin board systems and downloaded applications that might come with a little "prize" inside.

The instant the Internet became widely available (and Al Gore never claimed that he invented it) the threat became sufficiently large that an antivirus utility was no longer optional. Virus definitions were updated monthly, or less often. Today, the updates are immediate and it's uncommon for a day to go by without the addition of a new definition.

No longer optional these days are these kinds of utilities:

• Anti-spyware applications (usually more than one is needed).
• Anti-browser-hijack application.
• Anti-pop-up application.
• Software firewall.

What about a hardware firewall?

Let me be one of the first to say that a hardware firewall may still be an optional luxury, but not for long. As far as I'm concerned, a firewall is no longer an option any more than brakes are optional on my car. A few weeks ago, I mentioned routers that use network address translation (NAT) and true firewalls. Poking through NAT is a relatively trivial thing to do and that makes computers behind your router vulnerable.

Considering hardware firewalls are available for less than $100 these days, there's little excuse for not having one if your computer is connected to any kind of broadband connection. One key phrase to look for in buying a hardware firewall is "stateful packet inspection" (SPI).

SPI (also called dynamic packet filtering) is the name of a technique that provides enhanced security by keeping track of communications packets over time. Incoming and outgoing packets are examined. Outgoing packets that request specific types of incoming packets are tracked and the firewall allows only appropriate responses to pass. Static packet filtering, the older method, looks only at the headers, assuming that what information the headers provide is truthful.

Is a hardware firewall difficult to set up?

Yes, if you plan to use some of the advanced functions. If your goal is simply to protect your computer and you don't use specialized communications procedures, you'll need to make a few physical connections, reboot your computer, connect to the firewall's administration control panel, and change the administrator's password.

My setup goes only slightly beyond that. Here are some of the Netgear FR114P's control panel screens. I've blurred some of the information. For a larger view, click any of the images below.

	Most users won't have to change anything here. In my case, the broadband ISP that I use doesn't require me to type a user ID and password. Those are hard coded in the cable modem. Unless you're paying a lot of money for a static IP address, your ISP will give you one that changes each time you log on. The ISP will provide an IP address for the DNS (domain name service) servers. In most cases, you'll allow the firewall to use the default address, which will almost certainly be the MAC address of the primary computer's network card.
	The status screen for the router part of the device shows information about the IP address on the Internet side (WAN) and about the network that's behind the firewall (LAN). This screen and the next two are simply informational screens.
	Here we see WAN and LAN status information.
	And here are the WAN statistics.
	One of the important features of most firewalls is logging and reporting. I've set the firewall to report immediately when it encounters certain types of threats. Except for threats that generate immediate notification, the router sends me a log each morning at 7.

There are, as you probably expect, more complex screens in the firewall's control panel. These are where you allow specific kinds of packets to pass through the firewall. You may need to make changes here if you play interactive on-line games and you will definitely need to make changes here if your computer acts as a server of any sort.

Protecting your computer, your data, and your identity is worth the small investment in time and money that are involved in obtaining and setting up a firewall.

How secure is your computer?

	Steve Gibson (Gibson Research) has been concerned about security for a long time. His initial concerns were with disks that could malfunction and destroy data, so he wrote an application that thoroughly tests disks. When Iomega Zip disks and Zip drives had a problem known as the "click of death", it was Steve who wrote a utility to test them. He considered writing his own firewall program, but found Zone Alarm by Zone Labs before he could build his own. After looking at Zone Alarm, Steve pronounced it to be so good that he would not bother to write his own. But he did write a series of applications that can test a computer to determine just how secure it is. I strongly recommend that you visit the Shields Up website and test your computer. The first screen you see will show you your computer's identity on the Internet. In most cases this will be a combination of your IP address and the name of your ISP. Take the time to read Steve's explanations. They're written in plain English and you'll be better informed for reading them. Look around the website, too and consider using some of the additional utilities that can make your computer more secure. All of Steve's security utilities are free. Click any of the illustrations here to see them in a size that's large enough to actually read. When you start the test (upper left) Shields Up will first attempt to exploit the two most common problems known. Your computer should easily pass this test.

The second test (upper right) scans your computer's most common ports. Ideally, you should see "stealth" on every one. If you're not running at least a software firewall, some will probably be open.

The third test (lower left) scans the first 1056 ports. If you don't have a hardware firewall, some of these will almost certainly be open. Your goal is to have them all be green.

Spam Wars: Now is the time

Danny Goodman is an author who is well known among people who write computer programs or who maintain websites because of his books on dynamic HTML, Javascript, and the like. These are usually books that are sold by the pound. Recently he became so frustrated with spam that he's written Spam Wars to help average Internet users find a way to shut off the spam spigot.

I spoke with Goodman recently and we talked about the book and about ways to put your e-mail program on a diet that contains less spam ...

REAL AUDIO Goodman #1 3:15 q-the sender and the subject.

REAL AUDIO Goodman #2 4:17 q-front lines.

Occasionally, I have time to look at some of the crud that oozes in under the door. In an average day, I receive upwards of 800 spams. Typically, 700 or more are killed at the server. One hundred or so come through marked as probable spam and are sorted into a special spam box. I spend perhaps 60 seconds scanning subject lines and "from" addresses to determine whether any messages accidentally received a spam classification, something that happens once or twice per week. Most days, no spam reaches my in box. Here are few of the 32 that were in my spam box on day recently.

What amazes me is that some people (a tiny faction of 1% probably) are stupid enough to fall for any of these "offers".

An offer for medications the writer can't spell. Gives me quite a bit of confidence!

Subject: SU-per Hu^ge 0ffers AE
V-codin - 225.00 (90 pi lls) 
Hydrocodonee - 297.00 (90 pi lls)
Valliuum - 153.00 (90 pi lls)
Vi graa - 270.00 (90 pi lls)
Cai llis - 348.00 (90 pi lls)
Codeinne - 126.00 (90 pi lls)
X|a naax - 171.00 (90 pi lls)
Where they want me to go:
http://goi6942d.com/_fd5977142df59d3662baa654773c6a8e/
    WentWorth, James  inetpharmacy@gmail.com
    Biri House
    Bahia Street
    PO Box 123
    Port Vila, NA NA
    VU
    (509) 695 4466

They can't spell the names of the medicines. The domain is registered to Vanuatu. Doesn't ring a bell? Surely you know where Vanuatu is, don't you? It's an island country of the southern Pacific Ocean east of northern Australia. Inhabited primarily by Melanesian peoples. Under joint French and British control after 1906, New Hebrides achieved independence as Vanuatu in 1980. Port-Vila, on Efate Island, is the capital. Population: 165,000. I imagine there's a lot of medical research and development going on there, don't you?

A long letter from an "attorney" wanting me to help "retrieve" money.

Subject: Reply (investment)
Mrs. Luisa Estrada has humbly asked that I send this message out for any
possible assistances in retreiving some of her family's funds in different
locations all over the world. My name is Paul Maraki (Attorney) Though
this has come through an email but would have gotten to you via post but
merely as a result of some inadequacies.

Then, after several paragraphs of illogic, the "attorney" had this caution for me:

A sealed lips is the topmost requirement needed for the
successful execution of this line of action. Please do not get
apprehensive about this instance as there is nothing to be worried about.

Those who fall for one of the "419" scams will get no money, will surely lose money, and could lose their lives.

What's the deal with all the anatomical enlargements?

Subject: Pen1s enlarg3ment p1lls
Enlarge y0ur pen1s n0w Cl1ck h3re!
http://www.qual1typ1lls.info/
Domain Name:QUAL1TYP1LLS.INFO
Created On:10-Mar-2005 16:31:21 UTC
Registrant Name:Victor Slimer
Registrant Organization:Victor Slimer
Registrant Street1:Ribnikova street 10-3-44
Registrant City:Moscow

If you want to enlarge your PENLS, this is the place. I received the spam on March 18 and this website had been in business for 8 whole days. That certainly makes me confident.

I can get a $405,000 loan and my credit is not a factor!

Subject: Payment confirmation: $82522
You have been pre-approved for a $405,000 Home Loan at a 
3.25% Fixed Rate. This offer is being extended to you 
unconditionally and your credit is in no way a factor.
http://amalee.ownquote.com/?partid=aaks9
And this offer is from ...
domain:       ownquote.com
owner:        Hou Maoju
email:        selectionmail1234@yahoo.com
address:      46#dongsi west street
city:         Beijing
state:        Beijing
postal-code:  100010
country:      CN

Correct me if I'm wrong, but wouldn't any bank that's willing to loan more than $400,000 at a 3.25% fixed rate care just a little bit about the borrower's credit history?

Among the software offerings for $60 are several that carry a $1000 price tag.

cheap oem soft shipping worldwide
Looking for not expensive high-quality software?
We might have just what you need.
Windows XP Professional 2002 ............. $50
Adobe Photoshop 7.0 ...................... $60
Microsoft Office XP Professional 2002 .... $60
Corel Draw Graphics Suite 11 ............. $60
http://io.qmcntbs.info/?L.NQh0L3UPm8xLLo
To be taken out: http://ju.nrbzxqf.info/kj?2h4D4PySHC9XQy20
Domain Name:QMCNTBS.INFO
Created On:15-Mar-2005 14:34:56 UTC
Registrant Name:Valeriya Potapova
Registrant Organization:NA
Registrant Street1:ulica Stremennaia 6, kv 41
Registrant City:St Peterburg
Registrant State/Province:St Peterburg
Registrant Postal Code:191025
Registrant Country:RU

Best possible outcome: The Russian mob will take your credit card number, steal your identity, and buy things with your money. Other likely additional effects (no extra charge): You'll receive software that has been cracked and, when it's installed on your computer, it will let Ms. Potapova know that it's ready to be used for sending spam. And it'll probably also provide any other financial information it finds on your computer to Ms. Potapova. Oh ... and this is another long-time business, too. It's been around for 3 whole days.

From all over the world come stock tips ...

From Willie Coon (bgtzaevmqsrxge@serv.net)
Subject: Aggressive st0ck traders alert
Identical message from Trinidad Cowan (ojsgtpq@fcbayern.de)
Subject: Stel|ar research p0ints the way tO maximizing success
Now that Oi| and Gas has entered a long-term bu|| market,
our specia|ty in pinpointing the hottest companies of the few 
remaining undervalued energy p|ays has produced soaring returns.
Montana Oil and Gas, Inc.(MOGI) To Explore further opportunities 
in Alberta Canada , a is an energy developer in Canada's most 
highly coveted reservoirs with generating potentia| of 
Millions per week

Pay attention here: There is no such thing as a free lunch. Nobody wants to give you free stock tips.

Watch sell we you counterfeit is yet it maybe!?

Subject: We determine to tender you perfectly unexampled model 
of Roger Dubuis watch. Excellent price for our clients.
Trip our company website, our company offer great prices and 
many of brandnames available,
e.g. Roger Dubuis, Patek Philippe or Rolex Ladys.
http://klemfestbwde.qump.com/r/vron/pukekmflg.php4
Registrant:
    Kimbo K
    Gangdong-gu, Seoul Gangdong P.O.Box, Gangdong-gu
    Seoul,  134600
    GB   

At least this one doesn't want me to "Trip our company website"

Subject: I want to tender you utterly fresh model of Box Set watch.
Prime price for xxxx@xxxxx.com.
Visit our web-site, our company offer great prices and great 
number of brandnames available,
for example Chopard, Tudor and Breitling.
http://mbdccni.TlCKS.com/rep/vron/elegut.pl
domain:       tlcks.com
owner:        Roelf Van der Brug
email:        admin@taiwanmedialtd.com
address:      Singel 2
address:      Jordaan
city:         Amsterdam
state:        --
postal-code:  1015JT
country:      NL

And P.S. -- nobody will sell you a $6000 watch* for $20.

*Anybody who buys a $6000 watch has more money than brains. If you have $6000 that's burning a hole in your pocket, put it in your 401K. Or contribute it to an organization that will use it to reduce suffering somewhere in the world.

Just one more and then I'll stop

Subject: Wealth can be found through us!
We purchase uncollected Judgments

You will feel good when you receive what you are owed and at the same time
you see that justice happens.

Reach us at: 8.8.8-978-3999 or 3.1.0-495-0934 from Canada

http://h.1i5T.optimaexcellentitem.com/3/
Here for more information or to un-subscribe or to see our address.

The Turks laughed and said something in their own language. They had no knowledge of 
English You're only making fools of yourselves, continued the boy, wrathfully
     domain:       optimaexcellentitem.com
     organization: Michael Tojos
     owner:        Michael Tojos
     email:        to_josmich@hotmail.com
     address:      945 McKinney, Suite 376
     city:         Houston
     state:        TX
     postal-code:  77002

This is interesting. The domain owner claims to be in Houston, Texas, but the phone number is in Los Angeles and the message claims to have come from "latasha hansen" (-hidden-@mail.bulgaria.com), which suggests that it originated in Bulgaria. But even this is a lie. Why would someone try to make a piece of spam look like it originated in Bulgaria? Apparently because revealing its true point of origin would be even worse. Here's the pertinent routing header:

Received: from [218.80.136.17] (helo=mail.bulgaria.com)
   by my.server.not.names.com with smtp (Exim 4.44)
   id 1DCZQ1-0007a3-Da; Sat, 19 Mar 2005 03:34:51 -0500 

The header claims to be "mail.bulgaria.com" but the IP address belongs to China:

    person: Chinanet Hostmaster
 	address: No.31 ,jingrong street,beijing
 	address: 100032
 	country: CN
 	phone: +86-10-66027112
 	fax-no: +86-10-58501144

You might be wondering about bulgaria.com. It's located in California. You may also be wondering why I replaced the e-mail address with "-hidden-". That's because the website is legitimate and the e-mail address probably belongs to a real person who knows nothing about the scam. Ah, sorry, I meant the spam.

Domain Name: BULGARIA.COM
    Administrative Contact, Technical Contact:
 	Koltchev, Jivko (BVEWDAOHDI) xxxxxxxx@IJS.COM
 	Campbell, CA 95008

And finally, where do you think the website mister "Michael Tojos" wants you to go to is located? It's not in California. It's not in Texas. No, the IP address (222.47.183.13) belongs to a server owned by the China Railway Telecommunications Center. There's a good chance that the system administrator doesn't even suspect what his server is being used for.

    inetnum: 222.32.0.0 - 222.63.255.255
 	netname: CRTC
 	descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER
 	descr: 22F Yuetan Mansion,Xicheng District,Beijing,P.R.China
 	country: CN

Let's get the terminology straight!

Just because you're paranoid doesn't mean that people aren't out to get you. (Trapped by the old double negative.) It's smart to be concerned about your security on the Internet, but it's not smart to be afraid of your own shadow.

Spam: Danny Goodman defines spam as any message that arrives without your express permission. I like that definition. Spam can be commercial in nature or fraudulent. It often carries viruses, worms, or invitations to websites that will turn your computer into a zombie.

Spyware: These are applications that are installed on your computer, often without your permission. A spyware application may tell you what its planning to do because the developers know that nobody reads agreements before downloading and installing applications. Most, though, don't bother to tell you what they're doing. The spyware may do nothing more than watch what kinds of websites you visit and display ads for similar site, but it may also collect information about you and send it to people you don't want to have it.

Adware: These applications usually tell you what they're doing. A good example is Eudora. The e-mail application will run in free mode (single account), paid mode (multiple accounts), or adware mode (multiple accounts with ads). The Opera browser also has an advertising mode.

Cookies: Cookies are small text files that a website writes to your computer. These usually maintain "state" information from one page to the next. Even those cookies placed by advertising sites aren't harmful. Unfortunately, there is an irrational fear of cookies that obscures more serious problems.

Nerdly News

Adobe picks up Macromedia

Adobe has acquired Macromedia for $3.4 billion. The combination gives Adobe nearly unquestioned ownership of the publishing and website development markets, even though the folks at Quark might dispute that. Adobe Acrobat and InDesign join Dreamweaver and Fireworks. There is overlap in some areas -- such as Macromedia Dreamweaver and Adobe GoLive, Macromedia Freehand and Adobe Illustrator. This isn't new territory for Adobe, though. The company already offers three applications that deal with publishing -- InDesign, FrameMaker, and PageMaker.

This could put Adobe a little higher on Microsoft's radar, which is what happened when Corel started challenging Microsoft in areas that Microsoft felt should belong to it. Microsoft Media Player and Media Center PCs compete with products the new company owns or could develop.

Microsoft dynamic forms and graphics application -- the still in development Avalon -- will be part of Longhorn, the next generation operating system. Adobe may be trying reach that destination before Microsoft gets there.

Peace talks between HD-DVD and Blu-Ray

Backers of two competing technologies for the next-generation DVD standard are talking to see if they can find common ground instead of fighting for domination in the marketplace. They're trying to avoid the events typified by the VHS/Beta or DVD+r/DVD-R wars.

Hostile competition is expensive and the backer of the losing technology can end up with a lot of red ink on the books. The DVD recordable market is growing fast and the two sides may realize that both technologies can exist. They also may be looking over their shoulders at the 3-year period during which the market grew slowly because of the +/-R battles.

As you might expect, the technology is complex and not (yet) compatible. Factor in egos, money, and such and you have more than a slight challenge. But at least they're trying.

Microsoft's Q3 earnings double, but disappoint Wall Street

Microsoft says third-quarter earnings nearly doubled from last year, but that wasn't good enough for Wall Street -- possibly because last year's third quarter included legal charges of $2.53 billion.

Microsoft reported net income of $2.56 billion on revenue of $9.62 billion. The company would have met earnings projections, except for expenses of 4 cents a share figured in to cover the cost of stock options. Microsoft shares fell 54 cents on the news.

Let us know what you think. Write to:
Bill Blinn --
Joe Bradley --

Have a question? Ask it and you might pick up a prize for stumping the chump. Send your question to . And ... good luck!

Privacy Guarantee:

I HATE SPAM and will not sell, rent, loan, auction, trade, or do anything else with your e-mail address. Period.

Is this information useful?
If so, consider making a contribution, please.

Joe

(Photo by Sally)

Bill

(Photo by Scampi)

As if you didn't already get enough weather on the radio!

If you do not see a Weather Underground banner above and you use ad-blocking software, please set your application to allow images from "www.wunderground.com" to appear.

Annoying legal disclaimer
My attorney says I really need to say this: The Technology Corner website is for informational purposes only. Neither Joe nor I assume any responsibility for its accuracy, although we do our best. The information is subject to change without notice. Any actions you take based on information from the radio program or from this website are entirely at your own risk. Products and services are mentioned for informational purposes only and their various trademarks and service marks are the property of their respective owners. Technology Corner cannot provide technical support for products or services mentioned on the air or on the website.