Tech
Talk Radio Program
June 10, 2000 Show
Sponsored by Stratford University
Internet
Security News
Microsoft Outlook
Security Update Now Available
Microsoft
Outlook has been targeted by many virus/worms, most notably the "ILoveYou"
worm. These worms exploit VBScript to send copies of themselves to Outlook address
book entries. Tech Talk has discussed these scripting vulnerabilities over
the past few weeks. Finally, Microsoft has released a software patch for Outlook
to minimize the risk of infection and e-mail propagation. The security update
is available at www.officeupdate.com.
This update removes any VBS attachment, asks for
permission to read the address book, asks for permission to send e-mail, and increases
the Outlook default security to that of a high-risk restricted zone. This increase
in zone security disables the Windows Scripting Host, the program that executes
VBScripts. Tech Talk recommends that this security patch be downloaded
and installed immediately.
Security Advisories
Posted this Week
Several advisories,
alerts, and incident reports have been posted during the past week by both CERT
(www.cert.org) and NIPC (www.nipc.gov).
These two agencies serve as a Clearinghouse for all Internet security threats
and should be checked on a regular basis. The most recent are listed below.
Spyware on
the Rise
Gibson Research has
noted an alarming trend. Shareware software frequently includes a hidden Trojan
horse program designed to spy on computer activity (software used, ads viewed,
etc.) and to secretly report back to a central location. The shareware programs
are compensated by the Trojan horse companies for each successful Trojan horse
placement. These Trojan horse programs have been known to create system crashes
while browsing the Internet. To make matters worse, these Trojans remain on
the host computer even when the shareware is deleted. The most widely distributed
Trojan horse is Aureate. It is estimated to reside on over 22 million computers.
Steve Gibson has written a program
to scan for the presence of spyware. The program called OptOut can be
found on the Gibson Research Corporation Website (www.grc.com).
Gibson reports that removal of the spyware programs frequently fixes mysterious
browser instability problems.
How
Does a Firewall Work?
Computers
communicate over the Internet using short bursts of data, called packets. Each
packet has a source and destination network address (called the IP address) and
can be viewed as a digital envelop. The packets are routed independently through
the Internet, with the actual path traversed determined by the Cisco Routers that
are located at all network nodes. Each packet contains a second digital envelop
with an inside address. The inside address (also called the Port address) identifies
which program, within the destination computer, should receive the data.
The envelop with the Network address is created and routed
by Internet Protocol (IP) software. The inside digital envelop is created and
read by Transmission Control Protocol (TCP) software. The overall protocol is
called TCP/IP.
The most common method of protecting a computer
from attack is to restrict access to internal programs using a port filter program.
Such a port filter is called a firewall.
The firewall is normally the only connection to
the Internet. It serves as a check point so that all traffic must be inspected
prior to entering (or leaving) the network. When used in this manner the firewall
is actually a port-filtering proxy server. In this role, it communicates directly
with the Internet on behalf of all internal computers (as their proxy). The outside
world only sees one computer (albeit a very busy one) and one IP address. All
internal IP addresses are hidden from the outside world. All internal computer
processes defined by port numbers are protected by the port filtering process.
A few of the common port numbers are given below
- Hypertext Transfer
Protocol (HTTP) -- Port 80
- File Transfer
Protocol (FTP) -- Ports 20 and 21
- Simple Mail
Transport Protocol (SMTP) -- Port 25
- Post Office
Protocol 3 (POP3) -- Port 110
- Network Basic
Input Output System (NetBios) -- Port 139
Hackers
perform an address scan to locate active IP addresses and then perform a port
scan on each active address. Once the open ports are identified, they then attempt
to exploit known vulnerabilities of programs located at those port addresses.
Gibson Research Corporation has developed a port scanning
system to help assess the vulnerability of your open ports. This free port scanning
service can be found at www.grc.com
and is call Shields Up. Port 139, the most vulnerable, permits reading/writing
data and printing. Shields Up is an excellent tool that is highly recommended
by Tech Talk.
If you desire to connect multiple computers to
the Internet and are not overly concerned with port filtering, you can use the
Internet Connection Sharing that is built into Windows 98 SE (Second Edition).
It uses a simple Network Address Translation (NAT) protocol to convert the Internal
IP addresses to the single external IP address.
If on the other hand, you desire some degree of
protection using port filtering, you need a firewall. The three that Tech Talk
recommends are:
Tech Talk recommends
that all users with either DSL or Cable Modem install a firewall. These systems
are very vulnerable since they are continuously connected to the Internet.
How
Does E-mail Work?
Internet e-mail is
delivered using a store-and-forward method. Outgoing and incoming e-mail typically
use different mail servers. When an e-mail message is sent, it is sent to the
local SMTP (Simple Mail Transport Protocol) Server. This SMTP Server forwards
it to the destination SMTP mail server, which in turn forwards it to the final
POP3 (Post Office Protocol, Version 3) mail server. All SMTP connections are made
using Port 25.
The POP3 mail server has a subdirectory for each mail
account. This subdirectory is like the mailbox located at your home. When a user
checks the mail, the mail client (e.g. Microsoft Outlook) logs into the POP3 server
using Port 110 and downloads all e-mail located in the user subdirectory.
In the event that the outgoing SMTP mail server
cannot deliver the message, the sender is notified. The SMTP server continues
to attempt delivery for 12 hours. If still unsuccessful, the sender is notified
again. No further attempts are made.
Files can be attached to e-mails. These files can be simple
text, audio, video, or graphic files. Some Internet service providers limit the
maximum size of these attachments (AOL in particular). These attachments are configured
using the Internet Engineering Task Force (www.ietf.org)
standards for Multipurpose Internet Mail Extensions (MIME), as defined by Request
for Comments 2045 through 2049. The Internet Engineering Task Force is part
of the Internet Society (www.isoc.org).
All common e-mail clients support these standards.
Cleaning
CD-ROM and Floppy Drives
CD-ROM
Drives
CD-ROM drives are optical
devices. The information is encoded on the top surface of a CD (the side with
the label). The digital data is encoded by spacing small pits on the top surface.
These pits are initially created with a laser. CD production is performed with
using a duplication process. A shiny aluminum layer is placed over the pitted
surface. Labeling and a protective shellac are then placed over the aluminum reflector.
The information is accessed by shining a laser through the bottom surface of the
CD. The reflected signal is read by a sensor in the CD drive.
The most common failure for a CD drive is caused
by dirt and dust buildup on the laser/sensor lens. This can be fixed by simply
blowing into the CD drive with a short burst of air. There are also compressed
air cans with thin application tubes for this purpose (some are called compressed
air dusters). If the dirt buildup is substantial, a Q-tip with alcohol can be
used. A simpler way is simply to buy a CD cleaning kit. The kit has a CD with
small brushes on the bottom. When the CD is inserted and the sound track is played
the brushes are located directly over the tracks being read by the optical system.
Kensington has such a kit for $6.50. The CDs themselves may also need cleaning.
Kensington sells a CD cleaning assembly for $10.00.
Floppy Drive
Floppy drives are magnetic devices. A 1.44MB (or
3.5") floppy is a thin 3.5" circular plastic sheet with a magnetic
coating on each side. The digital information is encoded by creating magnetic
flux reversal patterns in this coating using a current driven magnetic coil.
The drive is read in the same way, except that induced current is read by the
drive circuits. If these magnetic heads become dirty the drive begins to fail.
This can frequently be fixed by simply blowing into the drive or by using a
drive cleaning kit. Kensington sells a combo 3.5" and CD drive cleaning
kit for $10.00. The 3.5" cleaning disk is actually a disk with a felt pad.
This pad is saturated with a cleaner. When the disk is placed in the drive,
the heads are cleaned as the disk is rotated. Many manufacturers make cleaning
kits that are as good as the Kensington kits.
The
Misguided Microsoft Breakup
On
June 7th, Judge Jackson issued his Final
Judgment in the Microsoft antitrust case. Microsoft filed its Proposed
Final Judgment on Wednesday, May 10, 2000. The Plaintiffs filed their Proposed
Final Judgment on April 28, 2000. All were filed in response to the Court's
Conclusions
of Law, filed on April 3rd, 2000 and its Findings
of Fact, filed November 5, 1999. As expected this Final Judgment called for
the breakup of Microsoft into two competing companies, one dealing the operating
system and the other with applications. Tech Talk has discussed this case
several times before (May 13th,
April 29th, and April
8th). The judgment appears to be identical to the Plaintiffs Proposed Final
Judgment, which was discussed in detail on the April
29th show.
Clearly, the Court did not respond well to Microsoft's
arrogance and apparent determination to declare total innocence of all anti-competitive
practices. The Oracle of Delphi prediction discussed on May 13th has come true.
As we have discussed previously, the Court reached the right conclusion, but has
proposed the wrong solution. Tech Talk is not pleased with this outcome.
This result will help Microsoft's competitors, but will not help the consumer.
The market place tends to be a winner-take-all
environment. Microsoft's business practice has been to price software at a very
low price and to broaden the base. The Microsoft NT Server is much cheaper than
the Novell 5 Server. The Microsoft SQL Server is much cheaper than the Oracle
Server. Microsoft Word is much cheaper than WordPerfect. In fact, prices have
always dropped when Microsoft entered any market. In constant dollars, Windows
is 53% cheaper now than it was ten years ago. Microsoft can be viewed as the McDonald's
of the software marketplace. Fragmentation of the desktop market will only increase
prices. In effect, Microsoft has been punished for lowering prices and gaining
market dominance.
It is true, however, that Microsoft engaged in anti-competitive
practices designed to not only beat the competition, but to destroy the competition.
They did stiff arm the Independent Software Vendors (ISVs), the Independent Hardware
Vendors (IHVs), the Original Equipment Equipment Manufacturers (OEMs), and the
Internet Service Providers (ISPs). They forced them to be exclusive Microsoft
agents or risk losing all Microsoft support. Microsoft should be punished for
these actions. The punishment should be monetary, perhaps a fine for each operating
system sold during this period of anti-competitive behavior. The money collected
could be used to fund an non-profit organization tasked with providing startup
capital for new and innovative software ventures.
The Courts have stumbled on part of the solution
-- the mandated, early release of all desktop Application Programming Interfaces
(APIs). In fact, Windows has become the defacto desktop standard and if Microsoft
were forced to publish and maintain all APIs, the community would have the beginning
of a standard. The rapid growth and deployment of distributed applications has
brought the acceptance of other standards, including TCP/IP (a packet switching
communications protocol) and Extensible Markup Language (XML, a standardized data
classification schema). Even Microsoft has proposed Simple Object Access Protocol
(SOAP), which would allow Microsoft COM objects to communicate with other applications
using standard remote procedure calls embedded in XML. Open standards are dictated
by the competitive market. The Court should let that market prevail.
It should be noted that only 19 states joined the
Attorney General in the lawsuit. It is interesting to note that many of Microsoft
competitors reside in those states. It should also be noted that only 17 on the
19 agreed with the breakup proposal. Ohio and Illinois recommended that only behavioral
restrictions be applied (including the release of API information) and that a
breakup should be imposed only if Microsoft fails to honor those restrictions.
Ohio and Illinois were correct.
Perhaps we should all try to help Microsoft by loading
another operating system on our computers. Two likely alternatives are Redhat
Linux (www.redhat.com) and the
Be Operating System (www.be.com).
Use Partition Magic (www.powerquest.com)
to set up a system that allows you to select which operating system at bootup
time.
Stratford
University News of the Week
It
has been a busy week at Stratford. The Culinary Department catered events for
former Governor George Allen, who is now running for the US Senate and for Virginia
State legislator Jay Katzen, who is now running for Lieutenant Governor. In addition,
the University conducted graduation on June 10th. Over seven hundred attended.
Following the ceremony in the Grand Ballroom of the Double Tree, all returned
to the University for an event catered by the Culinary Department.