News Letter Template

News Bytes:

Thursday evening, April 1, 2004 at Manhattanville College in Purchase, NY from 7:00-9:00 pm, SurfSafely.com Founder and CEO Mark Brasche will share center stage New York District Attorney Jeanine Pirro and other Internet safety experts in a public town meeting organized by Westchester County News Channel 12. Contact number at the college for this event is 914-323-5172. Please join us there and say hello! Full details to be posted at the Child Safety-Net portal as well as at Safe-PC.net.

Speaking of Safe-PC.net, we have just launched this new service here in CT to provide in-home and small business networking services. In-home services will include Internet service connection, wireless networks, antivirus, firewall and Internet safety software sales and installation, general computer setup and tutoring, upgrades and repairs, pre-purchase advice, even home theater. Emphasis will be placed on security and online safety for children. The pilot program is going so well that plans are already under way to expand nationally and in the UK too! For more information on Safe-PC.net, please visit the web site.

If you've taken my advice and purchased MailWasher Pro, there's a free upgrade to version 4.0 available at the Firetrust web site that I highly recommend. It takes care of several very annoying bugs that I've been reporting to them for many months. If you've been waiting for it to become more refined, it doesn't get much better than this! They even give you 30 days to try it free. Take my word for it, this is the good stuff.

Lastly, either I'm doing my job very well or the only people voting in the newest online poll at SurfSafely.com are those who actually do update their antivirus software regularly. I hate to be a skeptic, really I do, but I just can't shake the feeling that the latter is true. Hope springs eternal just the same. ;-)

Back to top.

Microsoft vulnerabilities leaking out

Tuning in to the Security Focus web site this morning I came across a disturbing article which reports of security holes in Microsoft products already being demonstrated as a direct result of last month's leak of source code:

"The first new security vulnerability to emerge from last week's Microsoft source code leak crossed a security mailing list over the weekend, reigniting debate over the seriousness of the leak. The vulnerability affects Internet Explorer 5 and various versions of Outlook Express. It was unearthed in code the two programs use to process bitmap image files, and affects the software on several versions of Windows, including 98, 2000 and XP. While some systems appear to be immune to the glitch, a proof-of-concept exploit that was posted to the Full Disclosure mailing list crashes Outlook Express 6 on Windows XP systems. Service Pack 1 appears to correct the vulnerability." The full article is at http://www.securityfocus.com/news/8060. This is a good site to bookmark and visit once in a while.

Another great article by Security Focus columnist Scott Granneman is at http://www.securityfocus.com/columnists/220, a step by step checklist for securing most Windows based home computers. This one is worth printing out, physically checking off and keeping for your records. You can also save the article to your computer as HTML in Internet Explorer by using File/Save as. The reason I recommend this is because there are many useful links in the body of the text to additional information and services that can not be printed.

Back to top.

~-~-~-~ Peace of mind online! ~-~-~-~
Remember the days when one could go
online and not have to worry about booby
traps, malicious javascript and spyware?
Sign up for SurfSafely.net Internet service
and bring back those good old days!
~-~-~-~ http://www.surfsafely.net ~-~-~-~

Norton Antivirus review.

Up until very recently I had been a happy user of McAfee AntiVirus 4.51 SP1. Their scan engine was very fast, updates very easy to find and install, it never bogged down performance to the point of intolerability and it always caught the bug before it got onto my hard drive. So what happened? Microsoft Outlook Express happened.

As a consequence of switching Internet Service Providers from Comcast Cable to SBC/Yahoo! DSL, my former Eudora email client became too difficult to manage multiple email accounts with. Comcast does not require customers to set their email clients to password authenticate SMTP mail service (the service you use to send email) because it's assumed that the only way to use their servers is to connect directly from the home using your cable modem. By virtue of this you're already authenticated. SBC/Yahoo! does require you to configure the SMTP Authentication which Eudora does not handle well. If all you have is one or two email accounts then Eudora might still be a good choice for your email software. But juggle half a dozen accounts plus those of your family and try to explain to them why they have to do certain things a certain way and you quickly realize it's never going to work.

It's not all bad, though. One benefit I discovered is password authenticated SMTP allows me to easily send email from my computer while connected to any public and/or wireless computer network which are popping up everywhere these days. You see them at airports, Internet cafés, trade shows and hotels just to name a few.

So, as reluctant as I was to use a Microsoft product for my email and possibly expose my computer to computer viruses I was previously immune to, I simply could not ignore the logical way SMTP auth is configured for each email account making it a transparent transition for my family as well. And to be frank, I do like the Microsoft user interface.

What does any of this have to do with Antivirus? When I switched to Outlook Express and set up all my Identities and accounts I later discovered that McAfee would no longer scan my inbound email! This is a known bug in 4.51 for which there is apparently no known solution. So I went through my software cabinet and dug out a bundled copy of Norton Antivirus 2003 that came with one of my Dell's, installed it and took it for a test drive.

This is going to be a very short review. The user interface is logically organized and installation was "paint by numbers". The first thing it want's to do is update itself after installation which is to be expected. Overall, though, the installation went very slowly and a full system scan takes forever! Run it at night when you go to bed and maybe it will be done in the morning. Just maybe.

With Autoprotect turned on (scans everything all the time) system overhead is very high meaning it bogs down performance very noticeably. Since email scanning is separate I disabled Autoprotect. Even the email scan adds quite a bit of wait time when getting and sending email. But in the interested of protected personal information, some may consider this to be a valid sacrifice.

Supposedly, the LiveUpdate utility updates all components of the NAV program including the LiveUpdate utility itself. This could not be further from the truth! The only way I discovered it was to visit the Norton web site and use their Automated Support Assistant which examines your computer for the latest versions. Just imagine my surprise when after running LiveUpdate only seconds before that the Support Assistant warned me of an out of date LiveUpdate! I don't know about you but I find loopholes in security like this totally unacceptable.

Prior to finally getting the latest LiveUpdate version I was also able to retrieve email from the server with Netsky.P email viruses attached. They slipped in completely under the NAV radar screen. Granted, NAV did detect the virus once I tried to open the attachment but as far as I'm concerned, the virus should have never even gotten that far. This product is supposed to be able to scan compressed attachments. In this instance it failed miserably.

This concluded my testing of Norton Antivirus. I now know enough about the product to know I don't want it any longer. In my next newsletter I'll be discussing the newer version of McAfee. Are there others besides McAfee and Norton? Sure, but having been doing it the longest, I still trust McAfee above all others to be absolutely the best defense against computer viruses. Hopefully their newer versions addresses the Outlook Express bug. I'll keep you posted.

Back to top.

Our newest sponsors!

We are delighted to welcome into our family of paid sponsors the following companies and individuals. Please visit them and thank them for their generosity to SurfSafely.com and our mission to create a safer Internet for us all.

Computer virus watch.

I learned a little more about the Bagel.j virus I reported to you earlier this month. The virus author did not target SurfSafely as part of a smear campaign. Even worse, for every user it generates an email message to in an attempt to spread, it signs the message as if it originated from the ISP of that user. So, when I opened my message, it was made to appear as if my ISP support generated it. Only flaw with that logic is I AM the ISP, which is why I thought it might be consistently signed from SurfSafely. My apologies for responding too quickly without checking first.

Just for kicks I opened up my incoming email this afternoon to deliver anything sent to anyone at surfsafely.com whether it was a valid user account or not. In just 5 hours I received 48 email to all sorts of bogus addresses. 37 of the 48 email had viruses attached to them!!! The messages vary as do the attachment names which is why it's vitally important that users know exactly what is being sent to them. The problem with Windows is it makes too many assumptions for the user at the expense of security. The basic rule when browsing local files is, if Windows recognizes the file type, by default it will just show you the file name and the program icon it's associated with. The Microsoft mentality at work here is, if Windows knows what the file type is, you don't need to know. That's not just inadvisable, it is STUPID.

So what of files like TextFile.exe? or TextFile.pif? Windows knows what these file types are. They are potentially harmful executable programs. And yet, all the user sees is the file name TextFile with a cute little icon next to it they don't normally see. The name itself is enough to fool many users into thinking the file is just a harmless text file so they double click it to "open" it and see what their friend sent them. What Windows does is execute the program, infecting your computer with the virus and spreading to everyone in your email address books.

Files are displayed the same way whether you browse them in Windows Explorer of see them as attachments to Outlook email. Changing this behavior in Explorer changes it also in Outlook. Here's how.

Don't forget to keep your antivirus software up to date. Get your latest virus updates here:
Microsoft Internet Explorer 5.x patch
Mcafee updates
Norton updates
F-Secure updates
PC-cillin updates

Back to top.

Come visit our growing family of web sites and services
=======================================================
http://surfsafely.com/ Our web directory/portal
http://surfsafely.net/ Our pre-filtered Internet service
http://surfsafety.com/ Our online safety community site
=======================================================

Website hosting & designs	Website design, promotion and hosting for UK companies. (3/27/04)
Exhibition stands & displays	LDA Exhibitions, provide exhibition stands and trade show displays worldwide. (3/27/04)
Acclaim Credit Cards	Information and articles on managing credit cards. Includes applications and tips.
Health & Dental Insurance	Search for the right source for insurance. Group and individual packages available.
Home Mortgages & Refinance	Find the right mortgage or refinancing source nationwide. Competitive low rates.