ANZQ Questions/Comments to : webmaster (AT) infinidim.org

• Issue 1 - June 2002 - Klez/Elkern Virus.

• Issue 2 - September 2002 - SPAM.

• Issue 3 - October 2002 - History & Cookies.

• Issue 4 - December 2002 - Utilities & Credit Cards.

• Issue 5 - January 2003 - Virus Hoaxes

• Issue 6 - February 2003 - Image Managers & Outlook 2003 Holidays

Issue #1 - June 2002 - Klez/Elkern Virus

G’day All. This is the first issue of Computer Corner. This issue will concentrate on the Elkern/Klez virus which is sweeping the world, especially Dubai (as many of you know to your misfortune. I’ll also list a couple of Favorites to add to your collection. Next month I’ll have an e-mail address you can send questions to – the answers to some I’ll include in Computer Corner, but I’ll try and answer all ANZA members who sit down to write to me, via return e-mail.

Klez / Elkern Virus.

I’ll go into detail here because while virus’ (viruses? Virii?) continue to be a major problem for computer users, for the most part they don’t need to be. I have personally restored 12 computers that were all but disabled here in Dubai, and that’s the tip of the iceberg. The Klez / Elkern virus has the following characteristics:

·        It’s initially spread via e-mail. It exploits a security flaw in Outlook and Outlook Express which allows the virus to infect your computer even though you may not have run the virus attachment.

·        The first thing it does once you’re infected is to disable your virus scanner. Many complaints begin with “My virus scanner has stopped running” – Congrats, you have Elkern.

·        Once you’re infected, it uses your e-mail client to send itself out to any e-mail addresses it finds in your address book, as well actively searching your computer for web pages, Word documents, Excel spreadsheets etc. etc. that may contain e-mail addresses.

·        As a nice twist, the e-mails it sends include a “From” address that is someone else from your address book.  Thus the recipients will blame someone else, not you.

·        The e-mail it sends can take one of many forms, including a warning message about the spread of the Elkern virus, advising the recipient to run the attachment to protect themselves from the virus.  The attachment mentioned is of course the virus itself.

·        It may also randomly select files from your hard drive and send one along with the virus.

·        Elkern then mutates into the Klez virus which is capable of attaching itself to a variety of files on your computer.  I have come across machines with literally hundreds of infected files. As another nice twist, it renames some of your critical files, and writes itself as the file you run when, for example, you think you’re opening Word . This last problem is what in most cases requires a complete format and re-install of Windows . There is no recovery from this level of virus infection, when your vital system files have been corrupted.

What to do, What to do

Of all the computers I’ve fixed, none of them would have gotten infected had their virus scanner been up to date when the e-mail came in. It is actually extremely rare to be the recipient of a virus that none of the scanners are able to stop. I’ve only seen it once and actually felt quite privileged.

SO UPDATE YOUR VIRUS SCANNER.

Note that “updating” means you update the scanner engine itself, as well as your list of virus definitions. Some scanners don’t differentiate – an update is an update. But some scanners (older versions of McAfee for example) do – if you’re only updating your virus definitions, you’re still not up to date.

Which virus scanner should you have? It doesn’t really matter – as long as you keep it up to date.  Don’t rely on automated update system – make sure you know how to tell if your virus scanner is up to date, how to tell if it’s up to date, and how to update it.

How often should you update? This is a subjective question – If you get lots of mail and use the computer a lot – I would suggest you check daily. Otherwise once a week is good enough.

Having declared all virus scanners equal - I use AVG virus scanner from www.grisoft.com  (plug plug). Why? Because it works, because it’s quick and easy to update, because it’s free. Don’t be put off by the last point - it makes no sense to me being free, I think it’s a great product. They don’t charge for the updates either. And no, there’s no advertising.

Finally, make sure your Windows is up to date. It’s not called Windows for nothing – as an operating system it has more holes the a slice of Swiss cheese. Again, www.windowsupdate.com is a start, and if you use MS Office then go to http://office.microsoft.com/ProductUpdates/ When you get there, click the “Go” button (it took me ages to figure that out). These two links offer to scan your system and list the updates you require. Be prepared for big downloads if you haven’t done it before.

Too Late, She Cried.

OK, so you’re infected. Symantec® has a tool you can download from http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html (or just goto www.google.com and search for “Klez Symantec” and you’ll find it.

This tool will work if you have just been infected and haven’t re-booted too many times and the virus hasn’t begun to infiltrate your system. In other words – it probably won’t work, but it’s a good place to start. At best it’ll give you a virus free system that may or may not be stable. Or maybe it’ll tell you you’re infected but can’t be cleaned. Or probably it won’t work at all – you are too far gone and your Windows is unstable. There is some help available on this Symantec page for the further steps of virus removal, but they are quite cryptic and frighteningly fundamental for more novice users (editing the registry, deleting and restoring system files etc.)

The next step is data backup and system restore – but that’s for another column.

Bookmarks & Favorites

(Yes, I can spell favourites – but this is how Microsoft spells it, and they rule the world.)

Continuing on the virus theme …

http://www.symantec.com/avcenter/hoax.html

http://vil.mcafee.com/hoax.asp

Ever received a warning telling you to search your computer and if you find a particular file, then you should delete it because it’s a virus?  Well, you’ve probably just deleted a (hopefully inconsequential) system file – a virus hoax. If you get one of these – pop onto these two sites and look through. Use Edit – Find to see if the subject of your e-mail is in this list. Rarely can a virus be cleaned simply by deleting a file. Also do a Google search for the words in your e-mails subject and/or content. See what turns up.

http://emotioneric.com/

You can e-mail Eric at his site, and he will take a picture of himself, expressing the emotion you request. He’ll then place it on the web site for you. No I’m not kidding.

Keep Well All.

Issue #2 - September 2002 - SPAM

Last issue I wrote about the Klez/Elkern virus, how you can protect yourself and what to do once infected. You can read last month's issue at http://www.infinidim.org – Click Computer Corner.

Let me summarise by the following:

1. Install one of the mainstream virus scanners. It doesn't matter which one - they all work fine.

2. Keep it up to date. Checking for updates weekly (if you need to do it manually) is adequate, if not ideal. If your virus update is automatic - set it to perform the check daily. What does it cost you vs what might it cost not doing it?

3. Try and keep Windows up to date if you use Outlook/Outlook Express (http://www.windowsupdate.com)  and Office up to date (http://office.microsoft.com/ProductUpdates/default.aspx) if you use Outlook.

4. Don't open ANY attachments from people you don't know.

5. Don't open attachments that come unexpectedly from people now matter how well you know them. Instead e-mail them to find out what they've sent. As a addendum - when you send attachments, send a message first so your receivers know it's coming.

6. Make Windows show you the full extensions of the files you view on the computer. If you receive an e-mail with an attachment Anna_Kournikova.jpg you might be less likely to open it if you can see that it's actually ANNA_Kournikova.jpg.EXE For details on how to do this - check http://www.infinidim.org – Click Tips.

Moving right along ...

Klez is essentially an e-mail virus. This month I'm delving into a different type of e-mail problem - SPAM. I'm sure you know what I'm talking about.

SPAM is unsolicited e-mail, usually promoting a business or a service, often sex-related. Funny how our ISP provider here in the UAE can limit our browsers such that I can't view pages at Middlesex University, but I can receive all sorts of unwanted hard core porn through my e-mail account.

SPAM – The Big Picture.

SPAM is approaching epidemic proportions in our electronic society. While accurate statistics are probably impossible, estimates suggest that between 15% and 50% of all e-mail messages are SPAM. Over a billion SPAM messages flow into Hotmail every day equating to 80% of incoming Hotmail messages. Industry analysts believe that the amount of SPAM is doubling every 6 months – it is estimated that the average e-mail address will receive 1500 SPAM messages per year by 2006. Some of us are beyond this point already. SPAM costs the business world $8 to $10 billion per year in bandwidth charges alone.

To date, legislation hasn’t worked. SPAM is illegal in just one state in the US and at present all active government efforts at combating SPAM relate to false advertising and targeting pyramid-like marketing schemes. What little legislation that does exist undergoes regular testing as SPAM companies attempt to sue those organisations leading the fight against SPAM for “unfair business practices.” To date these cases are largely unsuccessful – presumably most Judges have e-mail addresses.

Legislation currently moving through the US Senate will require spammers to include a valid return e‑mail address and prohibit them from using phoney or misleading subject headers. Should this legislation come into effect, it may have a measurable effect on SPAM generated inside the US. However spammers can (and do) operate from any country in the world, sending their pernicious payloads to every corner of the internet. Some of it is innocuous and at worst inconvenient, but for those of us with children who have access to our computers, the more lascivious content is of serious concern, particularly if your internet connection is such that those HTML pages come down with the pictures intact. Not nice.

So where do they get our e-mail addresses from? In these days of corporate responsibility, where the companies we give our address out to are themselves swamped with SPAM, one presumes these corporations are aware of the need to protect the privacy of those who transact commercially with them. However there is a basic financial imperative to share customer databases amongst web companies, whether it’s as basic as employees illegally selling customer lists for money, or corporations sharing information at a global level – let’s take Microsoft as an example.

Earlier this year Microsoft was the subject of some controversy owing to its apparent willingness to share its Microsoft’s.Net Passport database amongst it’s Passport affiliated companies. Passport is Microsoft’s central database of customer information. If you use MSN Messenger (Microsoft’s version of ICQ), if you have Windows XP and use Windows Update, if you register Microsoft software, if you have a PocketPC and activate it so you can us the Reader program, if you use Hotmail (which was purchased by Microsoft in January 1998) – you have a Passport account. Microsoft may know only your name and e-mail address, or they may have age, sex, address, contact numbers etc.

Hotmail was central to the furore earlier this year, because it appeared that Microsoft had introduced new selections during the signup process, allowing users to specify whether Microsoft could share your information with the Microsoft Passport affiliated companies, meanwhile post-setting the other 125+ million Hotmail subscribers with a tick in the box to allow Microsoft to share their information at will.

Microsoft’s response to this charge was that in fact the licensing agreement that previous Hotmail users had signed allowed Microsoft to share their information anyway – the new selections were merely a convenience for users. Microsoft currently maintains over 18 licensing agreements at http://privacy.msn.com/tou which range fro 500 to over 1000 lines of incomprehensible legalese. A thorough reading however does reveal that apart from MS reserving the right to share your information, they also have the ability to change the agreement you read carefully and agreed to, as long as they publish the changes on the above web site 30 days before the agreement comes into action. How often do you check this site?

What does this mean, practically? Let me give you an example – Let’s say you go to the Starbuck’s web site. While you’re there you notice that there are some incentives to establish an online account with Starbucks – free screensaver, cheap coffee, whatever. So you click the link to create an account. When you do so, you see a link that allows you to use your .NET Passport account instead. So you click it and log into the Starbucks system. You’re in – no registration process, no personal details. Isn’t technology wonderful?

You have just given Starbucks some or all of the information Microsoft has in their files about you. By the way – Starbucks is not restricted from sharing that information to other companies. At present there are over 150 Passport affiliates (http://www.passport.com/Directory/Default.asp) and the number is growing. Watch where you click …

Microsoft and the Federal Trade Commission recently “settled in agreement” over a complaint lodged about the Passport service, relating to Microsoft’s online security and privacy practices. You can read the text at http://www.techlawjournal.com/topstories/2002/20020808.asp but essentially this agreement does not address the issue of Microsoft sharing onwards your information, just it’s inability to maintain the privacy of the records they already have on you.

Our e-mail addresses are out there – the contents of our inboxes tells us that.

What about Etisalat ?

One of the common questions asked is – can Etisalat stop spam? The answer is Yes; and No. One of the more effective responses to the spam problem is through identifying the ISP’s who allow spam activity on their servers, or who’s security is such that holes are left for spammers to operate through. ISP’s such as Etisalat can block traffic from those servers and filter spam before it arrives in your inbox. The lists of spam source ISP’s have been established by non-profit organisations such as the Mail Abuse Prevention System (MAPS) or the Open Relay Behaviour Modification System (ORBS). Thousands of ISP’s currently use these sources to screen out the more commonly identified spammers. At present Etisalat has not undertaken this fairly basic step which would be effective against the majority of spam received by it’s subscribers. Customer responsive ISP’s set up channels by which their subscribers can report spam and have it blocked – Etislat have abuse@emirates.net.ae Unfortunately this channel seems mostly concerned with updating the proxy to remove access to unacceptable web sites – funnily enough often the ones you need to access to ‘Unsubscribe’ from a spammers’ list.

 You can see the ISP that originated the spam coming into your inbox by looking at the e-mail header information of each mail item. In Outlook, open the mail item and choose View menu, Options. In Netscape it’s View, Headers, All. Look for the word “Received :” which may occur several times, the last of which will identify the ISP domain name from which the mail originated. Server addresses are usually constructed as: servername.domainname.domainsuffix

You can report these spammers yourself of course. In the above case, your first choice would be to send an e-mail to postmaster@mail.yahoo.com (substitute the values from your own SPAM) identifying the mail server (mx1) as the source of spam and asking them to close down this service. You can also report the spamming ISP to MAPS http://www.mail-abuse.org/rbl/notifyfaq.html or ORBS http://www.orbs.org/report_1.html

This fairly manual method is automated by SpamCop (http://www.spamcop.net) You can forward the offending e-mail to SpamCop and they will fully describe how and where to report the spammer and offer to report them for you. SpamCop also offer pre-screened e-mail boxes for $30 USD per year.

Should I UnSubscribe ?

Have you ever scrolled down the bottom of your spam and seen a link or a method mentioned for un‑subscribing from the spammer’s list? Some are as simple click on a link and a web site pops up confirming that you are off the list. Others require you to enter your e-mail address, some require you to send an e-mail with “UNSUBSCRIBE” as the subject. Quite simple really.

Congratulations – you have given the true spammer his holy grail – a valid, confirmed e‑mail address. Now not only can he send you mail knowing you’re receiving it – he can provide confirmation to those he sells your address to of it’s validity, increasing the value of the sale. Unless the SPAM comes from a valid, reputable company, never unsubscribe – you just put yourself in for more SPAM. However at present choosing not to unsubscribe does place you in something of a legal dilemma. In court, spammers have effectively used the argument that receivers of spam who choose not to unsubscribe have in effect opted in. My advice stands however – unless you have grounds for believing in the morals of the spammer – don’t bother with unsubscribe.

So What Can You Do ?

There are several methods you can use to fight your own private battle against SPAM. I shall start with the basics and move on up. The following list is by no means comprehensive. Direct your browser to http://www.google.com and search for SPAM to see more solutions.

• Press the Delete Key after it comes in. This process has a 100% success rate. I use it regularly.

• If you receive SPAM regularly from the same or similar e-mail addresses, or with the similar Subjects, you can tell your e-mail program to delete, (or move to another folder) any mail meeting that criteria.

	In Outlook Express this is called either Blocked Senders, or using the Message Rules. Open the offending message, then click either Message – Block Sender or Message – Create Rule From Message.
	In Outlook (97/98/2000/2002‑XP) this is either Organizing your mail or using the Message Rules. Click Tools – Organize or Tools – Rules Wizard. These processes are reasonably straight forward, but if there are requests for more information on how to do it – I’ll post some instructions on the web site.

1. Say I want to buy a widget from WidgetsRus.Com This necessitates setting up an account with them and providing an e-mail address. First I establish an e-mail address using SneakEmail, - you end up with an address such as idzlsqagm001@sneakemail.com which you labelled within the SneakEmail site as “WidgetsRus”

2. This is the address I give to WidgetsRus. Anytime I correspond with WidgetsRus, or log on to my account with them, I use this address. I send mail through SneakEmail, so that WidgetsRus sees this as the return address. I can also configure my e-mail software to do this as well.

3. Any mail sent to this address (by WidgetsRus only we hope) is re-directed to my main address. If any of it is SPAM … Ha! You can now approach WidgetsRus for an explanation. Often it will be a case of you missing a preference setting to restrict your e-mail address when you created an account with them. Sometimes not. You can cancel the SneakEmail account and decide whether you want to keep doing business with WidgetsRus.

Does this sound foolproof? It’s not. “Worm” software exists that explore the internet, sitting on mail servers and extracting e-mail addresses from passing messages (the bulk of e-mail is unsecured, un‑encrypted) and forwarding them to spam servers. For the foreseeable future software such as MailWasher and SpamNet will be necessary evils.

Defeating SPAM will take a concerted effort on the part of Governments and Consumers alike. Most of the blame falls on people like you and me. Remember that in a perfect world, no-one would ever respond to SPAM - SPAM would cease to be because it would be ineffective as a marketing tool.

In case you’re interested – the concept of SPAM as an advertising medium dates back to the UseNet groups of the early 80’s, with the actual term “SPAM” first being used in the early 90’s. The etymology of “SPAM” (believe it or not) relates to a Monty Python skit in which a group of Vikings sang a chorus of “SPAM SPAM SPAM” in an increasing crescendo, drowning out conversation.  This was thought analogous to the UCE (Unsolicited Commercial E-mail) that was swamping UseNet at the time.

Web site for the day is http://www.scorpioncity.com/mscrash.shtml which for some of us will cut a little close to the bone. I look forward to your questions and comments!

Fair Well, All.

Issue #3 - October 2002 - History & Cookies.

Last issue I wrote about the Spam. Several people have written to tell me they remember the Monty Python skit “Spam, Spam, Spam, Spam” – can anyone remember which movie it was?

This month I will answer a few questions that have come up, give you a brief discussion on Cookies (not the kind Meg makes) and finish with a series of Web Sites – wacky and wonderful.

Now a question from me - I have recently upgraded to ADSL, the “Al Shamil” service with Etisalat. This has resulted in the loss of internet to the two other computers at home – I was previously ISDN with a hardware router to share the internet to my network. If anyone out there has a hardware solution to this problem, I’d be most interested in hearing from you at webmaster (AT) infinidim.org

Browser History.

I am an Internet Explorer (IE) user. Not because it’s better, not because it’s Microsoft, just because it’s there (roll on Department of Justice). The biggest objection I hear to IE is that after a time it becomes unstable and crashes all the time. My response is that you may (or may not) have the wrong end of the stick. IE could well be crashing because your Windows has become unstable. These days, IE is so much a core component of Windows that Windows instability is reflected in IE, and vice versa. Did you know that when you look at an e-mail using Outlook or Outlook Express that includes HTML (Fonts, Colours etc.), you are using IE? Instability and especially security issues associated with IE affect all of Windows, as well as Office and other programs. Remember to keep your Windows up to day using http://www.windowsupdate.com

I had a question recently asking me how to clear the browser history. Browser history is the record IE keeps of what web sites you visit, and when you visited them. History is grouped by Weeks, Days of the Week and Today. It’s supposed to make it easier to find a site you recently visited. You can even search the History for phrases in the event you can’t remember how far back it was when you last visited the site.

IE gives you both coarse and fine detail control over clearing your browsing history. If you want to clear an individual site, bring up the History in IE and find the entry by clicking and expanding. Then right click on either the Page (IBLCE) or the Site (iblce www.iblce.org) and choose Delete. You will be asked to confirm the deletion – note that this is final and can’t be undone – no recycle bin involved here.

Deleting individual sections of your history is useful if you want to keep the rest of your history intact – either for convenience or to avoid accusatory questions “Why did you clear all the history – where have you been browsing too?”

IE also allows you to clear all the history in one fell swoop :

• Start Menu -> Settings -> Control Panel -> Internet Options

• Within IE : Tools Menu -> Options

You are now in the Internet Options control Panel. Note these instructions are for Windows 2000, but on your system it will be very similar. One of these two methods should work.

You can now see the History Settings, on the first (General) tab of Internet Options. The Clear History button is what you want. Click it, you will be asked to confirm, and your History is gone.

Selectively deleting History is done within IE itself, and is reasonably flexible.

Cookies.

There was a time when Cookies were a big security issue. Those times are gone – now we have software firewalls and anti‑virus software on our home computer’s. Against all this a few cookies aren’t much to worry about. But to put your mind to rest …

Cookies are a small collection of information your browser remembers at the request of a web site, when you visit that web site. The information it stores depends on the web site and your browser. When a web site asks your browser to remember something, it gives your browser an expiry time/date beyond which the information is no longer valid. If you leave the web site (browse somewhere else or close your browser) before that time is up, your browser stores that information on your hard disk, in a text file.

This information is used by the web site, as you browse from page to page, so that each page may add to or check the contents of, it's cookie. Some sites use cookies as a security measure. If you're carrying a cookie that says you've logged onto their site and been verified as a user (say with Amazon.co.uk) it won't keep asking you to log on. The box shown here is one created by www.dpreview.com (a sight I used to look for information on digital cameras). Some of the content I can guess at, some of it I haven’t a clue. At least part of it will be the expiry time/date of the cookie.

As a practical example, I know that I can browse to the Amazon.co.uk Web Site, log on to my account and change something (say my delivery address. I can then close the browser, open it again and get into my account without logging on. However tomorrow would be a different story. This is just one of the features cookies give.

There are security issues with Cookies, but not many, and none too serious. In almost all circumstances, one web site cannot read the cookie set by another. There are exceptions - see the Cookie FAQ page for more details.

Sometimes you may find that logging onto a web site is interfered with by your "remembered" cookie history. I know this happens often to me at the Emirates Flight Crew home page. If you want to clear your cookies in Internet Explorer, try Start Menu -> Settings -> Control Panel -> Internet Options  However from within Internet Explorer, you could also go Tools Menu -> Options. Now click the Delete Cookies button. There are no real problems associated with deleting your cookies.

You can also turn cookies off. This does have some implications to your browsing. Some sites simply will not work if you turn off Cookies. I personally have no concerns about the use of, or possible abuse of Cookies.

Check the Cookie FAQ page (http://www.cookiecentral.com/faq/) for a readable, thorough treatment of the issue of Cookies. This page has everything you ever (never) wanted to know about Cookies.

Web Sites.

I hope that this month the ANZA web site will be up and running at http://www.anzauae.org  Contributions welcome - ideas, content, suggestions and impressions !

And as you type at your computer, beating the keys with frustration, remember that the QWERTY keyboard layout was specifically designed to as difficult to use as mathematically possible (http://njnj.essortment.com/keyboardhisto_rdqo.htm) Does knowing this help? Probably not, but at least you now know why it's frustrating !

Issue #4 - November 2002 - Utilities & Credit Cards.

Last issue I answered a few questions. Well, I must have frightened people - because I had very few since! Those I've had haven't been relevant to anyone other than the senders, so I won't be answering questions this month. Remember - send your questions to anzaccquest@anzauae.org

Firstly an announcement - ANZA has a web site!  The address is http://www.anzauae.org The savvy internet users amongst you will know that the http:// bit is accurate but un-necessary, and you can just type www.anzauae.org into your web browser. This site is very much in it's infancy. If you'd like to comment or contribute, send mail to webmaster@anzauae.org

This issue will concentrate on reviewing a couple of utilities that I use regularly on my computer. One I've been using for years, the other I've just discovered. I'll finish up with a look at credit cards over the internet.

Software Utilities.

ClickBook, by Blue Squirrel Software.

Clickbook (http://www.bluesquirrel.com/clickbook/) is an extremely useful utility that has been around for several years. Clickbook is available for the PC and the Macintosh. In essence it gives you the ability to play with the formatting of what you print, after you click the print button in your application (Word, Excel, Acrobat, almost anything) but before it comes out the printer. I use it mainly to minimise paper usage. It works like this :

Say I have a 12 page A4 document in Word that I want to print out to take away and read. Instead of printing to my HP Laserjet, I can print to the Clickbook HP Laserjet instead. The document will now be printed out of the Word normally (at least as far as Word is concerned) but will not come out of the printer. Shortly thereafter, Clickbook will pop up.

You will now be presented with a long list of pre-prepared, standard formats. These formats range from simply compressing the two pages of A4 paper onto one, to a range of standard diary formats, planners, greeting cards and more. In the picture here (which you can hardly see, I know) a preview of the printout is displayed, along with controls to choose your format. You can queue files up and print multiple documents, from multiple applications into the one printout (as long as you aren't using Windows 2000 - ask me how I know this ...)

If you're reading this on ANZA's web site, click the image for an enlarged, readable version.

For the bold and adventurous, a world of customisation awaits, with settings galore that you can change on all of the pre-prepared formats, or you can create your own.

I've left the best bit to last. Most of the formats allow double sided printing. Since most printers (including mine) don't print double sided, it works like this. You print your 12 page document. The print run begins, and a Clickbook dialog pops up and prompts you to click  button when the print run is finished, and you've fed the paper back into the printer. Then it prints the back side. All in the correct page order.

Naturally, this software is not free. It costs $49.95 USD, downloaded from the Blue Squirrel web site. Try the evaluation version first. I've been using this software on and off for almost 5 years now and I don't regret the money at all. It's saved me a lot of paper over the years. Note that the web site is advertising version 5.0, whereas version 6.0 has just been released.

One of Blue Squirrel's latest developments is Spam Sleuth (http://www.bluesquirrel.com/products/spamsleuth/) , which I am presently evaluating as another possible Spam solution. I'll keep you posted !

ActiveWords.

Can you type? Ever frustrated by the fact that you can enter information quickly from the keyboard, but Windows forces you to take your hands off and click that damned mouse?

ActiveWords (http://www.activewords.com) is a relatively new utility that is sweeping the Windows world at the moment. I've been trialling the software for several weeks now and I'm impressed. It works like this :

• Active Words runs in the background of Windows, monitoring your keystrokes.

• If you type something it recognises, you have the ability to press the Action Key (F8 the default) and Active Words will perform a pre-determined action.

• These Actions can consist of :

• Opening a File, Folder or Program.

• Inserting a stream of text.

• Navigate to a Web Site.

• Change a Windows Setting.

Where do these pre-determined actions come from? Well, you create them of course. There's a Wizard that asks what kind of ActiveWord you want to add, and steps you through the process of creating one. You then specify the string of characters you want to use. Finally you specify whether to use the action key to activate the ActiveWord, or if it should just happen after you type.

Those of us who use AutoText entries in Word will find this familiar.

In three weeks I now have over 90 ActiveWords, examples include :

• I type "rkp" and get "Regards, Ken Pascoe."

• I type "psp" and PaintShop Pro Opens.

• I type "google" and Explorer opens up with Google as the web site.

But it sounds like a pain adding all these words, doesn't it? It's not. ActiveWords monitors what you do, and suggests (in a relatively unobtrusive way) that you could make an ActiveWord for an action that you are performing regularly. And it works. It really does.

ActiveWords is a complete, well thought out, rounded application. You can tell that it's the result of imagination, developed with care and careful thought. I've had several dealings with their Support department (over an issue relating to has spaces in Word, among others) and I've found them responsive and prompt. They developed an active word to solve my hard space problem, which really exposed to me the potential of this software. ActiveWords comes with :

• A toolbar, which shows you what you're typing, gives you instant access to adding words and controlling the utility.

• A good range of options for the more advanced user to take control of the software, altering all sorts of default behaviours to your liking.

• An excellent manager for overseeing and tracking all the ActiveWords you end up with.

• You can export and import your ActiveWords. I regularly transfer words back and forth from my Server to my Notebook, to my work computer.

• A command interpreter, allowing you to program ActiveWords (advanced users only!) in a scripting language.

The Next Level ...

Are you ready? Because ActiveWords doesn't stop there. You can download pre-set lists of ActiveWords from the web site (for free). These active words cover a range of topics and applications such as Outlook, Windows, Yahoo. the Web, Emoticons (MSN Messenger etc.), C++ and more. These lists contain sets of actions that take ActiveWords beyond the next plane of existance. For example, I can :

• Automatically run Outlook, Open a new message, and address it to my Mother (yes, no excuses now, Mum.)

• Correct Spelling as I type from a preset list of 1800 common English language mistakes. This works in ALL applications, not just Word.

• Minimize, maximize and restore application windows. Save files, Open files, Preview a document and open the printer setup dialogue.

• Insert Dates and Times and perform simple mathematical calculations.

• Lots more.

ActiveWords can be downloaded from http://www.activewords.com and used for a free sixty day trial. After that it costs $39.95 for an annual subscription. Personally, I hate subscription software, and for me, when I buy this software, it will be the exception rather than the rule.  The $30 licence lets me use it on as many computers as I like, which is a nice change. If you push the developers, they will sell you a single use version for $50 (no information about this on the web site). But this version is subject to a version of MS's product activation - sell your computer and you lose the software - you'd have to contact the developers for a new key. For a discussion of subscription software, see http://www.scotsnewsletter.com/34.htm#swbiz

Online Credit Card Security.

When it comes to shopping on the Web, which of the following is you :

I personally shop quite regularly on the Net. Amazon.co.uk for books, various sites for software and music. I bought a trampoline over the net for the kids from Australia. Many of you do the same, I'm sure. And some of you never have and never will. So how safe is it ?

Firstly, how safe is your credit card in general? Ever given your credit card to a waiter, have him take it away, to bring it back with the bill later? How hard would it be for someone to copy down your credit card number, name, expiry date, even the little security code number on the back and then go and use it on the web? Easy mate.

Never ever had someone behind you in line at the ATM within viewing distance of your fingers on the keypad ?

Not so common now, but occasionally I'm still signing the old carbonated type of credit card invoice. Do you make sure the carbon is destroyed, and not just left crumpled in the bin?

Hopefully I've established now that Credit Cards are not secure, partly the result of design flaw (or a limit of the technology), partly by our lax practices. So what do you do about it?

First and foremost - look closely at your bank. When it comes to credit card fraud - who is responsible? If it's you, or if your bank insists on you being culpable for a fixed amount or percentage of the first X 000's of dirhams stolen - time to change banks.

Note that it's possible to use debit cards on the web. Fraud perpetrated with these cards is almost NEVER covered by the bank. Never use this card online. Always be most careful with debit cards and the associated PIN's.

When it comes to online fraud - most of it begins in the previous paragraphs. When your card is fraudulently used online, the knowledge is usually gained through non-electronic means. Thus if everyone was ultra-conservative with their online credit card usage, the end to credit card fraud we would not see. Having said this :

Online fraud takes all forms. Hackers have broken into servers at e-commerce sites and stolen literally hundreds of valid credit card records. But that's analogous to a thief breaking into a shopping centre or other business and stealing records - except the electronic version is a lot harder to do. Just as banks and commercial enterprises need good physical security, reputable e-commerce sites have strong security protection against theft - after all this is what they're trading on.

1. Who are you dealing with? Are you sure you are on the web site of the retailer you wish to give your money too. In the past there have been cases in the past where people have received an e-mail purporting to be from AOL, informing you that their database has gone down and they need to update your credit card details. The e-mail includes a link to a site that looks like AOL, but isn't. You enter your details to update their database and  ...

2. Is it too good to be true? Are you paying for something that simply can't be right? Would you give your money to someone who knocked on your front door and offered you this? Then why are you doing it online?

3. Do you have a secure connection? Firstly - NEVER send your credit card details over e-mail. E-mail is not encrypted. E-mail is not secure. E-mail can be monitored by ISP's inbound and outbound (and often is for SPAM) and SPAMmer's already have software sitting surreptitiously on e-mail servers extracting new e-mail addresses for their databases. So how do you know if you have a secure connection. Before you enter a Credit Card number, a Password, or anything you don't want others to know - think. Often using a secure connection is an option. Well, it's an option you should take. I note with displeasure that Etisalat still don't have a secure connection for altering your password, checking bill or mail etc, on their web site.

Internet Explorer (IE) warns you when you are switching to (or from) a secure site. If you've clicked "In the future, do not show this warning." you won't see it - IE just connects to the site.

When you have a secure connection, IE shows you this icon at the bottom of your page. That's all you need to look for, right? Well, not quite.

The thing is, I can apply for, and get a security certificate for my web site (http://www.infinidim.org - have you been there yet?) then set up a page that says "Amazon.co.uk" all over it and ask you for your credit card. You'd see the secure connection indicator and be none the wiser. The URL address at the top might look a little confusing though (http:///www.infinidim.org/amazonuk/milksuckers.html)

But if you double clicked my certificate, you'd see that it was issued to me and not Amazon.co.uk - unlike the one shown here. This should be enough of a hint that all's not right ...

Do I do this all the time - of course not. But if I have doubts about the authenticity of the retailer I'm dealing with, I check.

Is this the answer to all you security connection worries? Almost ...

You see about 12 months ago, VeriSign (who sells digital certificates to businesses) sold three to Microsoft, or at least, someone they thought was Microsoft. As it turns out it wasn't Microsoft, just someone purporting to be from MS. Thus there are three certificates out there in electron-lala-land which are real, genuine digital certificates, that say "Microsoft" but aren't. Ain't that just perfect ?

4. Are you fully covered for card fraud? Again - if your bank expects you to pay for credit card fraud - change your bank.

5. Is your browser up to date? I know I'm beating a dead horse - but keep your computer current. For whichever operating system you use - 98, 2000, ME, XP, some strange Mac variant, whatever - download the patches and keep yourself nice. On this specific issue, Microsoft has an update to IE which fixes a flaw that could allow web sites to circumvent the security certificate system. This means you could be fooled by an SSL connection into thinking that a web site is the genuine articele, when it's not (http://support.microsoft.com/default.aspx?scid=kb;en-us;329115)

As long are thieves there will be theft - take some basic precautions and you'll be fine - the world of e-commerce is damned convenient - don't deny yourself.

The web sites I choose here are a sample of the browsing I've been doing for the past month. They're eclectic, unusual and occasionally useful (to someone).

Issue #5 - December 2002 – Virus Hoaxes.

CC is moving to a new format. I’m going to try and keep the newsletter to a single page. Remember you can still ask questions at anzaccquest@anzauae.org. And don’t forget to visit the ANZA web site at http://www.anzauae.org

Virus Hoaxes.

This week I’ve had several people e-mailing me (and a note under the windshield wiper of the car) advising me to delete a file off of my computer called “jdbgmgr.exe”. As you may have guessed – this file is not a virus.

Well, at least it’s not supposed to be. There are many files on your computer (.doc, .exe, .com, .vs, .scr and more) that could be infected with a virus. And there are virus’s (virii ?) that specifically target particular files. But in this case – not this file. I know when I receive a message like this (and look it up on the internet) that it’s a hoax warning, the equivalent of an urban legend – and I’m safe.

How can I be sure? Because I have a Virus Scanner. And I keep it up to date daily (weekly would suffice). This gives me the right to be 95% smug.

If your computer is connected to the internet and you don’t have a virus scanner on your computer, or if you do and haven’t updated it since you installed it back in 1998 – please stop reading this article. It’s not for you – the words are too long and it’s not handwritten in crayon. Seriously – you are a menace to everyone in your address book. Get it together.

I use AVG virus scanner from www.grisoft.com – I explained why about four CC issues back. But so you don’t think I’m biased (I am) I’ll put Symantec (http://www.symantec.com/) and McAfee (http://www.mcafee.com/) here too. I don’t particularly think any virus scanner is head and shoulders above the rest. The important thing for me is not which virus scanner you’re using – but is it up to date? This means the scanning engine (version of the program) and the virus database/definitions as well.

Whichever virus scanner you choose – the update methodology for the engine and the database should be straight forward and require as little involvement from you as possible. My scanner updates itself automatically at 3am, then performs a complete scan of my computer for virus’s every night.

Back to Hoaxes.

Here is a summary of the most common three delete-this-file-before-your-computer-explodes hoax e‑mails.

Ok – so apart from contacting me – how do you know if a virus message is a hoax? Well, Symantec (http://www.symantec.com/avcenter/hoax.html) and McAfee (http://vil.nai.com/VIL/hoaxes.asp) have a list of the more common hoax messages. This is a good place to start to see if what you have is a hoax.

Symantec (http://www.sarc.com/) and McAfee (http://vil.nai.com/vil/default.asp) also maintain pretty good virus information libraries – you can look here to see it what you have been warned about is genuine. If you actually have a virus, you’ll find removal instructions here too.

On the topic of Urban Legends – have a look at the following for information on Urban Legends and Myths, Folklore and Net Lore:

http://www.urbanlegends.com/

http://www.truthorfiction.com/

http://hoaxinfo.com/

http://directory.google.com/Top/Society/Folklore/Literature/Urban_Legends/Computer_Virus_Hoaxes/ 

 This last one is the most important. Google is my primary search engine. I use the Google toolbar in Explorer and I have Active Words set so that I can type a phrase anywhere, press a key and have Google come up with the results. I think it is the Tour de France of search engines. What do you think?

Safe (for the rest of us) Computing, Ken Pascoe.

Issue #6 - February 2003 – Image Managers & Outlook Calendar 2003.

Greetings, one and all. As I sit down to write this the morning, I’m stiff and sore after the tug of war at the Australia/Watangi Day celebrations. I learnt yesterday of the momentous impact the sun can have on a tug of war match, causing the Aussie team to just barely lose only two of the three attempts, both of which were into the fierce glare of the sun. Photos of the valiant Australians (and the others) as well as the rest of the day can be found at http://www.anzauae.org Well done the Kiwis.

Digital Photos.

Several months ago, I rewarded myself with a digital camera (I’ll let you know what I rewarded myself for when I decide …) Many of you will have seen me taking pictures at various ANZA functions. Having now taken over 2200 pictures, I’ve been looking for tools to assist me in managing this menagerie of imagery. I have two requirements – something for me to use and something to give to the relatives who view the images I send them. Lately this has taken the form of a CD of photos and movies posted in the mail, so the software for the ‘Rels needed to be capable of handling lots of images, while easy to install and use.

My camera (a Canon S45) comes with image manipulation tools of course, but for a variety of reasons I was not happy with them – and they are no good to send to others, because they insist on installing drivers for a camera other people don’t have.

The Freebie.

The freebie is iBrowser from the fCoder group (http://ibrowser.fcodersoft.com/ftp/index.htm). I was quite frankly amazed at what this free piece of software does. I have it setup by default to show me my computer (hard drives and sub folders) on the left, thumbnails of the current folder in the middle and an image preview on the right – but you can have it any way you want.

It offers basic image manipulation – rotate, flip, scroll, zoom etc.  It’s quick to load the thumbnails and doesn’t leave messy indexing files in the image folder – something you can’t do when you send photos on cd’s anyway.

Something for Me.

There are two things I really wanted to accomplish with an image browser, over and above the usual thumb nails and slide shows. I want to (a) select a number of images and rotate them round the right way (for when I take photos with my camera upside down) and (b) select a lot of images and batch convert them from the ~450Kb files my camera produces into the ~30Kb files I put in Web pages and E-mails. After some searching and a few expired evaluation periods, I settled on FireGraphic XP ($39.95 USD at http://www.firegraphic.com/)

It’s even more customisable than iBrowser and does the batch conversion jobs I require with ease. When batch processing, I can choose to over write the existing files (as in rotation) or convert the selected files to new folder (which I do when compressing them to keep the original high image). It will also let you change image size, reducing those high quality 1600x1200 images down to high quality 640x480 images with ease.

One neat feature is seeing a film strip preview of a folder before clicking on it. So if you have some vague esoteric method of organising and naming your 2200+ images, help is at hand … just point your mouse at a folder and see the first X images (you define how many). And the print options are legion.

To see larger views of the images here, go to this article on ANZA’s web site and click on the images.

 Outlook Calendar Holidays – Where’s 2003 ??

I’ve had several queries about the Outlook version 2000 Calendar holidays for year 2003. For those not in the know – Outlook 97/98/2000/XP has a built in calendar. You can automatically add holidays to that calendar, based on the country of you choice. I have Australia and the UAE added, but I suppose the New Zealanders may choose to add a third …

While I don’t wish to spoil anyone’s moon watching – I find it does a reasonably good job of predicting the various UAE holidays, religious ones included.

If you have Outlook (not Outlook Express) but no holidays in your calendar – you can add them by clicking on the Top Menu – Tools ► Options ► Preferences ► Calendar Options ► Add Holidays.

This process adds holiday as discrete dates. Those who’ve played around with Outlook’s Calendar know that you can enter calendar events in a recurring fashion – ANZA Playgroup, every Sunday, 10am. However Microsoft has chosen to have the holidays entered singly, so there is a New Years Day 2001, 2002, 2003, 2004 etc. No one seems to know why.

Neither does anyone seem to know why Microsoft chose not to have any holidays after the year 2002 in Outlook 2000 – I suppose they presumed we’d all have upgraded by then. This flaw is acknowledged by Microsoft, so they have provided a file you can download, to update your Holidays. It is at http://microsoft.com/downloads/details.aspx?FamilyId=7D4D9017-8D4E-4963-8BA7-D2E91D491F5E&displaylang=en

Remember instead of typing these addresses into your browser, you can goto www.anzauae.org and find this article – then click on the link in the article instead. The web site method is quicker and less prone to error.

The Microsoft download link above includes instructions on installation, which are straight forward.

Web Sites.

My daughter (Ruby, 3) loves to colour in at http://www.niehs.nih.gov/kids/color.htm#online Choose a drawing, then let your child click and colour in at will. Meg (my wife) says she’d rather Ruby colored with crayons and paper. No pleasing some people.
Tried Battle Ship? Well, try Battle Chips http://www.wwwattmedia.co.uk/games/battlechips/battlechips.php3 Once you’ve conquered that, edit the address by deleting all after games/ to see some more.
The Google Viewer is another innovation from Google people http://labs.google.com/gviewer.html This may only work for ISDN/ADSL surfers – enter your search criteria and have each “hit” come up in turn in a viewer inside the web browser.
For those of you who miss ABC FM – you can listen (almost) live at http://abc.net.au/classic/audio/ Here you’ll find Clive Robertson (Classic FM), Jim McLeod (Jazz Tracks) and Margaret Throsby.
NewsPapers! Australian Ones can be found at http://www.nla.gov.au/npapers/ and the New Zealanders should look at http://www.onlinenewspapers.com/nz.htm
Emirates Flights : Either yourself, or someone visiting probably flies Emirates (hazard of where we live). If you’re waiting for a flight – look at http://www.emirates.com and click Flight Status. From what I’ve see it is updated live from a source here in Dubai and is generally spot on !
Do you remember the disappearing Aston Martin in the latest Bond flick? Well, researchers have been working on this concept for some time and are further along than you might think. See a demonstration movie at http://www.star.t.u-tokyo.ac.jp/projects/MEDIA/xv/oc.html

Feed Back Requested – webmaster@anzauae.org

And now, a request. I would like to make this a two way column. If you have a link you’d like to send out to everyone – send it in. If you’d like a question answered – please send it in.

Basically I need to gauge the level at which I’m pitching these articles. If you’d like more advanced stuff, let me know. If you want to know the simple everyday tips and hints – let me know that too. I use Windows, Word, Excel, Access, Outlook, the Web, Virus Scanners, MSN Messenger, Paintshop Pro and Visio. I write CD’s record MP3 to a player, have a home network and use a plastic brain (Compaq PocketPC) Any of these subjects are fair game. Anything else will require me to do some work, which is not off limits either.

 Regards, Ken Pascoe.