NilsC

Alternate / multiple-data steams are an issue (feature) with the NTFS file system. This issue is difficult to deal with if you are in a networked environment. What are data streams. It's a sequence of bytes. (it's a lot more to this but not necesarry for this tutorial) All files and folders have a 'main' unnamed stream associated with it regardless of the file system used. NTFS differs because it supports additional named data streams that can be added to the file. Why do we need alternate data-streams are they good or bad. The answer is both, they are good when you use them to record a summary with the properties tab. Each stream has a different name and are only visible to NTFS volumes. The bad thing is they can be used to hold viruses, Trojans, backdoors and other exe files and the kicker are a 64kb picture can contain a virus file of any size and the file-size will never change because that data are stored within the alternate data stream. How to create and view ADS is covered in a lot of other documents / sites so I will not get into that here. Windows Alternate Datastreams The easy solution to remove alternate data-streams is to have a FAT partition on your computer and save any file you are not sure of. If the file contains ADS it will be removed from the file because FAT can't handle ADS / multiple data streams. XP will sometimes (not all the time) pop up a message asking you to "Confirm Stream Loss". So to protect yourself from this kind of virus save pictures or songs to a FAT partition and use a batch file or copy paste to move them back to the NTFS partition. It's a good habit to save files to the FAT table instead of "Open with ...". Nils

It takes a little space, but the spam bots are using bandwidth anyway crawling your pages so why not give them a little poison pill. Welcome to the project (btw I'm just a member I don't work there but I laud the effort) Guess I didn't read your post correctly, sorry about that. I use different techniques to distinguish between offending and victimized IP addresses used to spam. To me victimized computers sending spam is 'still' offending me. As for offending IP addresses I see that the trend are going more and more to using 'Hijacked" home computers that are configured wrong and can be used as open proxies. I use the block lists. They have different criteria and are not blocking just known spam sources. I block whole country zones and for USA I block any CIDR /24 or /32 that are marked as "dynamic" by the ISP. A dynamic IP address should not be used to send mail, if you have to send mail from a dynamic address use your ISP server. I block /24 and /32 from known spammers. There are lists out there listing hijacked IP ranges, open form mail servers in china. The text inside the code box is injected into the email header when a email fails. If the email fails with only one "RBL" only 5 points are added, if it fails with 2 the points added are multiplied by times failed and if the number is to high the message are either rejected or placed in a 'spam review' folder for review. If the X-lookup does not match the IP it's a no go. X-RBL-Warning: mail from 61.11.98.164 refused by DSBL, see http://dsbl.org[tab][/tab]mail from 61.11.98.164 refused by CBL, see http://rcbl.abuseat.org[tab][/tab]mail from 61.11.98.164 refused by Blitzed Open Proxy Monitor List, see http://opm.blitzed.org[tab][/tab]mail from 61.11.98.164 is refused by SpamHaus, see http://cbl.abuseat.org/lookup.cgi?ip=61.11.98.164&.submit=Lookup[tab][/tab]mail 61.11.98.164 refused by spamcop.net, see https://www.spamcop.net/bl.shtml?61.11.98.164X-Lookup-Warning&; MAIL lookup on nrhcwkyynt@medun.acad.bg does not match 61.11.98.164 Nils

I agree, I think most websites should be built to standards, the link was for those who wish they could test with a different browser (including myself). Stat tidbits: It's interesting to see how many different browsers are in the log file and how they are identified. In the short time that I have played with website building tracking I'm amased at the inconsistensies. I looked at one set of statistics from 5 different sources. They all have IE6 in the 60 to 70% range of all browsers. One, an IPP miscounts Opera and Gecko based browsers as "Unknown", the second site (counter) miscounted KHTML- and Gecko-based browsers, USCG (US coast guard) have a large percentage of unknown i.e. not counting Opera and KHTM based browsers correctly. The last site is a narrow target audience and the stats source isn't fully reporting less-common browsers again. On the other hand you can go to http://www.mywebsite.force9.co.uk/ to see a snapshot of 3 different counters and some stats for 2 days after the counters was reset in November. Opera seem to identify itself as MSIE, I'm not sure if that is a 'spoofing trick" since I don't use Opera. Here are some pie charts, Mozilla rules: http://www-k12.atmos.washington.edu/inquisitor/browsers.html

You are right, if you pop a XP disk in the recovery console it asks for the Administrator password. Pop the W2k disk in and you start the W2k recovery console and bypass the whole XP system including passwords on files and folders.The solution are a patch that chagnes the permission for boot disks, xp works in XP. w2k works in w2k both are password protected. There should be an easy task to add code for the xp os to prompt for a password when w2k is in the cd drive. The technology is already there to prompt for a pwd it's already working for xp. :)Nils

You can bypass Windows XP passwords by using a W2k boot disc! M$ tried to make XP the securest version of Windows OS. This hole in the security are the norm not the exception! Since the flaw was found, why not use it for something. So if you are the proud owner of a w2k CD or have access to one, just pop it into the CD rom and boot the computer. Now you can go into the W2k recovery console. If you use a W2K CD on a W2K computer you need a password to start the recovery console, no such thing in XP. In recovery console you can now access all files on the computer you can copy and paste them to a disk or or other removeable media - memory stick anyone! So with unrestricted access to the computer it does not matter if you password protected the forlders any file by any owner can be accessed. This now opens the door for that same person to install programs. They can setup a backdoor program and grant themsef full access or what if a nice keystroke logger was installed. Next time they have access to the computer they can retrieve that data and get passwords you used. On a XP pro you can at least protect your files with EFS (encrypted file system) if you have installed XPP with NTFS. With XP Home you are out of luck, EFS are not enabled with the home version. If you are usig a computer in a place like a college campus, at work, for travel or at home with multiple users you can turn on 1 protection. (this works for desktops and laptops alike) Turn on the BIOS Password with a BIOS password in place the CD can not bypass and boot your computer. So until M$ releases a patch for this flaw, turn on BIOS password and make sure it's not the same as your regular password and store it in a secure place. Nils

Nobody want spyware / malware on their computers. Mosst of us knows the 3 or 4 good "free" programs to use out there. Then there are all the ads that show in google and on sidebars in different websites. Do we have any guarantee that they do what they say! Some of them are cracked old versions of legit software and some sound like the real thing. To keep up on legit and non working (sometimes even a spyware themself) programs. Check out: Spyware Warrior Find out if you are using the real thiing! here is a link to a test performed with some of the free and not free software claiming to remove malware / spyware. Spyware / malware removal tests There are some interesting data in there. Take the time to read... Nils

Since you did not put down an Operating System I'll use XP Pro for this example (Should be the same for XP Home but I can't check that now). Step one does your computer have any hardware conflicts? Click ?Start?, ?All Programs":, ?Accessories?, ?System Tools?. Select ?System Information?. Under ?Hardware Resources? Select ?ConflictsSharing? see what is in there and if there are any ?Conflicts? Sharing is OK, Conflicts are not. Second step is: Did you check the settings in your "Device Manager"? On your taskbar, click "Start", then "Control Panel". Double click "System", select the "Hardware" tab, then "Select Device". Expand the list at "Ports (Com & LPT). Here your com and lpt ports are listed. If you see the LPT port , right click on the line that say "ECP Printer Port (LPT)" (This may be differnt in your setup but the line should have (LPT) in it. From the dropdown box you can select to: Update Drivers disable or enable the port (If disabled "enable") Scan for Hardware Changes Properties If the first 3 options did not work then you have to click on "Properties"In Properties: "General" Tab, You can Troubleshoot, and Enable/disable device "Port Settings" Tab, Select "Never use interrupts", Uncheck "Enable Legacy ...", Select LPT! if not already selected. "Driver" Tab, You have "Details", Update", "Rollback" and "Unistal"l (Self explanatory!) "Resources" Tab, Look on the bottom to see if there are any conflicts. Hope this helps, let me know if you have a different OS. Nils

There is a way to detect situations like that. It's used by a lot of companies with their own email servers and it's used by some ISPs (or they use their own version). Emails contain headers - wow what a revelation - when you read the headers you can find the IP address the spammer used to mail the spam. Do a Google on DNSbl and you will get about 336,000 hits. Up close to the top are "Spam and Open Relay Blocking System (SORBS)" and DNS Providers Blacklist (DNS-bl). Here you can learn about what is done to prevent realys and open proxies. At SORBS you can submit an IP address for testing, to do this you have to sign up and get a user name. At the DNS-bl you can't submit entries unless you are: If you get a lot of spam and you have looked at a way of reporting this, try spamcop.net and sign up for a free reporting account. spamcop.com is a commercial site dedicated to fight spam. Both place you can submit a email (full headers and body) and they will parse the email for you give you the mail addresses to send a complaint. As a member (spamcop.net) you can submit spam by email and then send the report directly from the parser. Nils

Does anyone have a copy of M$ Windows XP SP1 DDK. I need the version for XP sp1 and it's retired. The following Microsoft Windows driver development kits have been retired: Windows Driver Kit Development I need the the version for sp1 since I have 1 to 3 minidumps a day after I rolled back sp2. Sp2 was not compatible with my version of "TUN Emulator" and the ODBC drivers stopped working(It's compatible with the new version, but I have to upgrade the server first). I rolled back to sp1 the computer is working but not stable. Thanks Nils

I'm still online even thou I should have gone to bed The Honeypot project are like Xisto.com a free service by a company that are working to make money. Parent company in 'code' to keep link from non click able :) http://http://www.unspam.com/ is the parent company and they have to be in the business of making money. The inherent problem with things you hear are "they are not first hand knowledge". Most of the income to spammers go to the big spam operations that are sending millions of spam a day. As a added side business they sell email addresses to spammer wannabies<sp> that buy a cd rom and think they can make money. What spammers do are stealing from all of us, everyone on the internet that pay for the connection are paying the cost. spammers steal bandwidth, who pays for that, your ISP and in the end you pay for it. The other issue are slow internet connection, if you are on a 56k dialup line and your pop3 email box are downloading 200 spam because you didn't go online for a couple of days. Are you going to be happy that you couldn't surf the net for 1/2hr because the spam downloaded? You can stop the transmission but then you may miss an important email. What if your rich uncles email telling you to come and pick up a million $ bounced because your email box on the server was over the limit and your ISP bouncesd it. Is it OK to steal a million $ from 1 person. If you answer no, then is it OK to steal $1.00 from a million people? the sum is the same and they are both wrong. Nils signing off from Mars.

r3d have a very good point when it comes to play with the firewall. By the way you can stop reading now, I'm just repeating r3d in a longwinded way:) A software firewall is a program you use to control what is going on or to prevent an action from occurring. It's better to be proactive that reactive. Because it's software you can tweak it and get different behavior. I'm using ZA (free version) for my examples. There are a lot of other firewalls out there but I have 'some' knowledge when it comes to this one. You: -install Mozilla Firefox and the firewall pops up and ask if allow access to the internet, grant yes but don’t check the “Remember this setting” the first time it accesses the Internet. -install a download enhance utility Lets call it SpeedDown “pun intended”) ample. -now pop the firewall asking you to grant access to AdSense. AdSense where did that come from? It was installed behind your back by SpeedDown If you are like most of us you don’t read the EULA (end user license agreement) and somewhere in that EULA you agreed to install that program and maybe a couple of more. (the firewall just paid for itself by blocking this) For this example check the “Remember this setting” and click deny. -Install a program that are used on this computer only, (I use emulation program to access a *nix computer) and after installing the program it starts broadcasting to the Internet. Deny with the check box. I used 4 examples here but every time you install or use a program you control what it’s doing and where it’s going by updating the firewall rules. It takes some time to figure out, if your internet access stops working and you think all the settings are correct. Try deleting all the programs you gave access to and start all over. (not a pleasant task) check your trusted zone, maybe your IP changed on the modem and now your modem are not in the trusted zone anymore. (I have seen that happen) Following are just me ranting and broadening the scope, some examples and testing:(some of this may be a little repetitious To control what is going on in your computer you have to have control, log files give you that control. You can use the log file to see who tried to scan your computer and from where the scan occurred. Log files and the interpretation of them is a whole other subject so I'm stopping here. With the firewall you can set trusted and blocked IP addresses as well as program access. With the firewall running, you start a new program. If it's a browser and you expect it to access the internet you give it permission. I normally grant per session access the first time so I can see if it behaves. Now I'm done using the new program, 'nice' behaving programs shut down and stay quiet until the next time you use them. Others try to call home and broadcast that they are shut down. This is unacceptable behavior. Another issue are when you install a program that are not meant to be used for the internet and the same program opens a port and broadcasts to the internet that they are installed and ready to go. That is what registration is for, I want control over my programs and I decide when or if I register that software. A lot of the so-called 'FREE' ware is not free. You pay by adding software that are bundled into the program you downloaded. Some them install in the background and start accessing the internet or tracking what you do and where you went on the net. From all the collected data they can target advertising to you and your surfing style. This can be good... "Not in my book". Another issue are malformed web-sites that host drive by downloads. You go on one of those sites and your computer star acting funny because malware is downloaded. Again a different subject... I get off track tonight) See how different spyware removers stack up. or Rouge spyware removers Back to firewall, now you have 'played' with it (in a nice way I hope), how do you test your settings and see what you tell the world about you and your computer? There are several ways to do this, "Ask a hacker to hack you"... I'm joking, OK! or go to a site that can help you test your firewall. One such place is GRC.com also known as Steve Gibson Research(you may get a splash page, just click on the link for 'ShieldsUP'. Scroll down to ShieldsUP and read the instructions there. You can use it to test your ports and other security issues. After you are done with those tests take the "Leak Test" to see if your computer leaks back out to the Internet. For the Leak Test you have to download a small program. read the instructions. If your firewall pops up a warning and asks for permission for this program to access the internet say "NO". to say yes defeats the purpose of the firewall, if you don't get any warnings and you connected to the server you will get a message. The steps of testing firewalls are not limited to XP home, this can be used with other OS also. Nils

[RANT]spam is a pet peeve of mine... I hate it. I'm an active spam reporter. I use spam-traps with some of my posts. I have not done it on this site yet but there are places I put a email address in my sigfile with text color the same as the background color. Only time that address get email is after a spam bot have harvested a forum or newsgroup. [/RANT] [RANT]If you read into the concept it will not stop spam but it will help identify spam harvesters and their IP address, a lot of times the spam bot are operated on zombie hosts without the knowledge of the user/owner. Some of the larger ISP's are ignorant when it comes to spam bot and don't shut them down when a complaint is filed. One of the excuses are "This is a dynamic IP range and it could have been anyone". (Translation, I'm working the abuse desk and I don't feel like checking the log to see who was assigned that IP address at the time of the complaint!) Or you get an auto-response that don't make sense or has anything to do with the problem you reported. I have reported open proxies and got an email back with the statement that this is not one of our email servers so we are not responsible for the spam, please report it to the proper ... bla bla bla.[/RANT] When they get a notice from the authorities the response seems to be a lot faster. Thanks for the interest, be an active spamreporter. It's like hunting Osama Bin .... Nils

Since you did not specify IDE, ATA, SATA or SCSI. No comparison on speed. 3200, 3500, 3600, 3700, 4200, 4500, 5400, 7200, or 10k rpm etc. I picked the maxtor since I'm using one in my system. The Maxtor's Atlas 10K IV has an incredible read write speed. :)Nils

Registry, what registry... <g> I have both XP Home and XP Pro computers and it's frustrating when you get on the xp home with none of the admin features working. Nils

I guess my first post here is going to put me in the fire ;)All the 'firewalls' mentioned are sofware based (as far as I could see reading the posts) If you are serious about the firewall you use get a hardware firewall or at least a reputeable company combination firewall/router.I use Cisco PIX 515 (base) and PIX 501 with VPN capability (remote users)The firewall logs are monitored on my computer. Portscan and suspicious activity are logged and reported to Dshield.One inherent problem with software firewalls is you need them on all computers you network, unless you dedicate one computer as a firewall appliance. If you don't keep the firewall up to date then it's just as good as no firewall. M$ sp2 firewall... what a joke, it only protects you from the outside, not against something already running on your computer. And if it's on the net and it uses a M$ 'safe' marked script then it will bypass the fw and run.What good is a firewall that don't protect you from programs that try to connect to the internet from your computer. There are a few sites out there that you can use to test your fw and see if your ports are open / closed / or stealth. What is the difference, a closed port will reply closed and a stealth port is like a black hole... no reply. Why is that important? if a portscanner get a closed reply from one of your ports then it have a starting point (Your IP) from where a serious portscan can start.On top of the HW firewall I use ZA Pro to control what programs get internet access. It's nice to know when a new program installed tries to broadcast home to let them know that you installed it. Have you ever trapped a license broadcast? I have, that is how they see how many times the same key is used. And this is used by some major, reputable companies. Take your firewall to Steve Gibsons site GRC dot Com and see what data you are leaking to the internet. Do a portscan and see if you have any open ports. Download the little utility that is used to see if your firewall blocks unauthorized programs from accessing the internet.Nils

I added a point to you, the comment are not mine. I wrote: but it show something about "email ..." the script must be broken. Great website, thanks for the link. The only thing are all the blank space around your website itself. I'm using a 21" monitor with the resolution set to 1280 x 1024 and the page occupies around 2/3 of the screen. I like the color scheme, looks great. I'm going to steal some of your ideas... hurry up and put a © copyright on it Nils

point taken, but you forgot to undeline the funny part again... not sure how many will get the point without the manual.Then again, I shouldent say to much... I had a spelling error in my sig file since Sunday. I have seen some of the fly by posters, 10 minutes of posting in someone elses work without thought to what the subject say.Have not been here long enough to see any 'flame' wars or demeaning posts. I have seen a few pointless ones and some placed in the wrong forum bur that is to be expected.Nils

Great tutorial,This is what I was looking for when joining. Some real life examples that are thought out. Now I just have to figure out how to make it work in real life Can this be used with internal and external links? can you put an example there for a link to http://forums.xisto.com/no_longer_exists/ because I can't visualize where the link itself go... Maybe it's to early or I'm to blind Nils

I'm not sure what version of XP HOMe you are using. This tutorial are for XP Home and not for XP Pro. This quote are from Microsofts Corporate Management As I said this is XP Home. Maybe you can make the "How to setup XP Pro security" and save me or someone else from writing it. Please stay on topic because there are huge differences between XP Pro and XP home. If I had put "How to setup XP security" you would have been right on topic and I would have written a non conclusive tutorial. Nils

I'm a firm believer in self controll. -huh- I know it sounds funny and in a way it's ment to be funny in another way it's supposed to make you think. We are here on this board posting our opinions, opinions are like sand on the beach. Everyone walking barefoot in it get sand between their toes. Google search on 'Opinions are like' To quote an old proverb: You can win people to your side more easily by gentle persuasion and flattery than by hostile confrontation. A friend who helps out when we are in trouble is a true friend—unlike others who disappear when trouble arises. In life, things that are noble and magnificent are never far from things that are trivial and laughable. This saying has been attributed to both Napoleon Bonaparte and the French statesman Talleyrand. All quotes and subtexts from http://www.bartleby.com/ Nothing original here. The point is to criticize in private and applaud in public. Why? Criticism = censure! look it up! I will give a positive point and post a note of why when I like a post. I'll send you a PM and ask you why you posted what you did before I post a negative point. That way you can explain what happened and maybe I misunderstood you. Nils

I was testing a website setup that was working perfect in one browser, when the new version (browser) was installed the site looked like 'trash'. The second issue is when I get an email complainig that your website don't work in such and such a browser and you wish you had that version to test with. Here is a link that I found to a repository of old and new browsers. This site include some of the more obscure browsers out there. So if you ever wish you had a browser to test your site, here is a link: http://browsers.evolt.org/ Nils

MajesticTreeFrog,I did a print screen of what I see when using, Mozilla and Firefox. Only one complete post and one partial post and I see the tags. (I hope the picture show up or I have to put it online and link.Nils

I (partly) agre, keep it away from new users. Maybe the ability to post a positive or negative point should be limited to members that are hosted. If you are a non hosted member with 5 or more positive points your ability to post points should be turned on. Any hosted member with 2 or more negative points (I mean 2 or more points below 0) should not be able to post points until the count is -1 or 0. New members with good posts can receive bonus points but not dish them out. If I understand the point system you can get 5 good points and deduct 3 bad points and yout total good point count is 2. You have one good point and 3 bad points your bad point count is -2 and you need to improve your quality of posts. May it be content or staying on topic. Only Hosted Members to post points Not hosted with 5 or more good points, should be able to post points (if you loose grace and fall below 5... your'e outta here ) Hosted member with -2 or lower should loose the ability to post points This concept on points rating are an opinion tool as well as a way of recognizing good posts. Just because you do/don't agree/disagree with the poster does not make it a good / bad post. A good bad post should have merrit on its own. Is it on topic, is the scope covering the points in the topic, is it copied from another source, did the poster quote the source, etc etc.. It's a lot to take into account for this to be a reliable tool. Nils

Admin / programmer look at the page for the Reputation: prodigy prodigy have 3 points but only 2 show and the last one none of the buttons or comment show up, but you can see the tags. <{P_UP}> //' this tag show up on the tail end of top comment '// and <" + "/script>"); //--> //' This show up where the "Card", "PM" button should be '// I'm using Mozilla 1.73 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910 Nils PS I posted it here because I didn't see any other place to put board comments. It should be a place in "Others" that deal with Issues and or comments like the New Reputation Thing This post belongs (IMHO) in a "non point earning" / "no good post earning" forum. DS

My $0.02 for what it's worth When you use it in a positive or a negative way. Put the reason behind your action maybe the link to the post you are grading. That way 5 different users are not going to trash a single post. 1 tick for a very bad or good post should be the norm. Maybe there is a way of monitoring when a reputation point was given for a post, then close the reputation link for 24 hrs for that username / post. If you have another very good or bad post... then the process starts over. Just as an example: Hashbang creates a real good post, I read it decide it was a good piece of work and I give him +1 point and posted some positive or constructive comments. Then this post should be closed to points for 24 hrs. My reason behind that is to prevent the opposite to happen, I'll use hashbang again for this example. He seems to be a good person with good posts and a knowledge of computers. Here is the senario: Monday morning, hashbang in a bad mode, snow or rain on the way to work. He was cut of by an idiot in a red SUV... <g> He logs onto the site, reads a post, replies a little out of line. He meant to say one thing, maybe a little sarcastic. <hypothetically> speaking off course since I don’t know hashbang. I read the post later, think hashbang was out of line, and deduct a point. MajesticTreeFrog chirps in and deduct another point so on and so on. In the blink of an eye hashbangs <hypotetical> reputation is gone…. This because nobody put a reason for the deduct or the post it was made against and we all overreacted. As for rules, when you have to many rules there have to be more moderators enforcing them. I think the moderators have enough keeping an eye out for posts and working the board. If we use the reward system in an adult way then it will be a positive thing. If used for revenge or to bash someone you don’t agree with then it’s a bad thing. A lot of words for the money Nils {updated} I just saw the link in reputation, up in the right hand corner of the post where a reputation point was credited.... duh... Nils wake up {/updated}