Dear members,

 

The January meeting of the PC Club of Costa Rica is this Saturday, Jan

15th, at the Panamerican School in Belen. It starts at 8:30AM. This

meeting is very important to the club in that we will discuss a new way

of forming up the club that will make things easier and simpler. And we

need your input for this to happen.

 

The agenda is as follows:

8:30   General computing news, including technology and happenings in

the computing world (demo of webcams)

9:00   Repair clinic: bring anything needing repair and those there will

attempt to fix it

9:30   Open sharing and socializing

10:00   Formal classes, impromptu classes, special talks (formal class:

"part 1, email")

11:00   Break

11:15   Club business, wrapup of sharing, end of meeting

 

And now, news you can use:

 

Item 1: From Dorie Dawson:

 

IE flaw threat hits the roof

Three unpatched flaws in Internet Explorer now pose a higher danger, a

security company warned after code to exploit one of the issues was

published to the Internet.

 

Secunia said Friday it has raised its rating of the vulnerabilities in

Microsoft's browser to "extremely critical," its highest rating. The flaws,

which affect IE 6, could enable attackers to place and execute programs such

as spyware and pornography dialers on victims' computers without their

knowledge, said Thomas Kristensen, Secunia's chief technology officer.

 

Exploit code for one of the vulnerabilities, a flaw in an HTML Help control,

was published on the Internet on Dec. 21 in an advisory

<http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.greyhatsecurity.org%2Fsp2r

c-analysis.htm&siteId=22&oId=2100-1009-5517457&ontId=1009&lop=nl.ex>  by

GreyHats Security Group.

 

"In order for us to rate a vulnerability as extremely critical, there has to

be a working exploit out there and one that doesn't require user

interaction," Kristensen said. "This is our highest rating and is the last

warning for users to fix their systems."

 

The exploit code can be used to attack computers running Windows XP even if

Microsoft's Service Pack 2 patch has been installed, Secunia said. The

company is advising people to disable IE's Active X support as a

preventative measure, until Microsoft develops a patch for the problem. It

also suggests using another browser product.

 

The Secunia advisory also warns of another HTML Help control vulnerability

that, when used in combination with a drag-and-drop flaw, could be used to

attack PCs--though in that case, it would have to be with the interaction of

the victim. The company first issued an

<http://dw.com.com/redir?destUrl=http%3A%2F%2Fsecunia.com%2Fadvisories%2F128

89&siteId=22&oId=2100-1009-5517457&ontId=1009&lop=nl.ex>  alert about the

three security holes in October.

 

"Microsoft knew of this back in October," Kristensen said. "In my opinion,

it's not fair to have a vulnerability known for two months without having an

available patch, especially when every little detail (of the vulnerability)

is out there."

 

"Microsoft is now aware of all three issues, and I'm sure they're giving it

an even higher priority," he added.

 

Microsoft said it was investigating the public reports of the exploit,

adding that the delay in fixing the IE patch was related to the extensive

work needed to produce an effective patch.

 

"It's important to note that security response requires a balance between

time and testing, and Microsoft will only release an update that is as well

engineered and thoroughly tested as possible--whether that is a day, week,

month or longer," a Microsoft representative said. "In security response, an

incomplete security update can be worse than no patch at all if it only

serves to alert malicious hackers to a new issue."

 

The company is advising people to check its safe

<http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.microsoft.com%2Fsecurity%2

Fincident%2Fsettings.mspx&siteId=22&oId=2100-1009-5517457&ontId=1009&lop=nl.

ex>  browsing guidelines and to set their Internet security zone settings to

"high." It also suggests people continue installing automatic security

updates from Service Pack 2.

 

This latest discovery marks another setback in Microsoft's

<http://news.zdnet.com/2100-3513_22-5378366.html?tag=nl>  efforts to shore

up its security. When Microsoft launched SP2 in August, Chairman Bill Gates

touted it as a significant step in shoring up systems against attacks.

 

Secunia also offers users the ability to conduct an online

<http://dw.com.com/redir?destUrl=http%3A%2F%2Fsecunia.com%2Finternet_explore

r_command_execution_vulnerability_test%2F&siteId=22&oId=2100-1009-5517457&on

tId=1009&lop=nl.ex>  test of their systems to see if they are vulnerable.

 

Item 2:Should you use stickon labels to label the CDs you burner in your burner?

 

Here's what Fred Langa of the Langalist says:

 

Indeed, the worst problem was stick-on, print-it-yourself labels, Mark---

they have a history of ruining the CDs or DVDs they're stuck on--- but

they weren't the only problem: The real problem is solvents, and they can

be in the glue on stick-on labels, or in the liquid "carrier" of inks.

But not all solvents are equally bad. Some, like the solvents used in

felt-tip "Sharpie" permanent markers, seem to flash off almost instantly,

leaving behind only mostly-inert dyes or pigments. I would guess that

water-based inks, used in moderation, also wouldn't pose much of a

problem.

 

Whatever harm a solvent may do is exaggerated if the solvent is trapped

against the data-carrying top surface of the CD (as with stick-on labels)

or slathered on in heavy application directly to the CD surface.

 

That leads me to use two rules of thumb: Use no stick-on labels, ever;

and don't put a lot of ink on any CD or DVD.

 

If I want to label a backup, for example, I'll use a fine- or medium-

point felt-tip Sharpie to write the machine name (in shorthand form) and

the date on the CD. Thus, I'll label today's overnight backup for my

Systemax 3.2GHZ PC as "S32-20041220." If I need to record more

information about what's on a CD, I'll write it on a paper or Tyvek CD

storage envelope (they only cost about a penny or two apiece, in bulk).

While I have had problems with CDs being ruined by stick-on labels, I've

never had *any* problems caused by this simple manual labeling method.

 

So, because the above works so easily and inexpensively, I see no reason

to try a more elaborate, expensive, and potentially dangerous labeling

method. Why take a chance with your data?

 

On the other hand, if you really want to print right on your CDs and

DVDs, buy the more expensive brands of blank discs: These often have a

protective plastic top coat to help preserve the data-carrying layers. In

contrast, cheap CDs usually have naked foil as the top surface; these are

OK for the simple labeling method described above, but I'd never trust

them to any kind of label-printer.

 

Item 3: Just For Grins

 

     With all the sadness and trauma going on in the world today, it

     is worth reflecting on the death of a very important person,

     which almost went unnoticed last week. Larry La Prise, the man

     who wrote "The Hokey Pokey", died peacefully at age 93. The

     most traumatic part for his family was getting him into the

     coffin. They put his left leg in, and then the trouble started.

 

Item 4: From Kim Komando on spyware

 

MICROSOFT RELEASES BETA VERSION OF SPYWARE UTILITY

Microsoft has posted a test version of a utility designed to fight

spyware. The free download is available for Windows 2000 and XP.

 

Spyware is advertising-related software that collects information on

your interests. It usually accompanies the download of something else,

and is often disclosed in the other program's terms. Many spyware

programs are unobtrusive, but some seize control of important functions

of your computer.

 

Microsoft recently purchased Giant Software, a maker of anti-spyware

programs. The download is the fruit of that purchase.

 

I will continue to use the anti-spyware programs recommended on my

site. I know they work. You should do the same. If you try the

Microsoft utility, remember that anti-spyware programs sometimes

conflict. Here are the links for my recommendations and Microsoft's

program, respectively:

http://www.komando.com/bestshareware.asp

http://www.microsoft.com/athome/security/spyware/software/default.mspx

 

 

Item 5: From Sid Matthews (or someone emminently funny)

 

An invisible man married an invisible woman. The kids were nothing

to look at, either.

 

 

Item 6: From Mitch Frazier, who recently dismantled a hosting service:

 

(2) Dual Processor Systems         $1000/each

 

         2U Rack Mount Case

 

         Dual Pentium-III 1.2 GHz

 

         1GB RAM

 

         Dual 36GB SCSI Drives

 

 

 

  (2) Single Processor Systems        $700/each

 

         2U Rack Mount Case

 

         AMD Athlon XP 2.0GHz

 

         512MB Ram

 

         80GB IDE Drive

 

Item 7: From Woody's Watch about scams to watch for:

 

 

With more sophisticated junk mail filters and savvy email users the

subject lines on messages have become more misleading to entice you to

at least glance at the message before deletion.

 

An example of this is the spate of messages, usually for prescription

medicines, that have message headings that appear to be about tracking a

parcel. A real courier company name is used with a sincere but fake

tracking number.

 

For example:

 

DHL Ship Notification, Tracking Number : QH1245689-0000

 

In the same category are subject headings like:

 

RE: info you requested

 

Re: Foxnews coverage

 

And many, many more ...

 

Item 8: And for advanced users, something for you about "shared memory"

from Fred Langa

 

"Shared" System Memory

 

Reader Brett Schulte sent in a note with two separate questions. We

answered one in the previous item; here's the second:

 

     My laptop uses shared memory which I can set in the bios

     anywhere from 8MB to 128MB.  For normal Windows applications

     what's the best setting?  I'm guessing the bare minimum of 8MB

     is enough... Windows doesn't seem any faster with 128MB than

     with 8MB! --- ---Brett Schulte

 

Usually, "shared" memory is used in PCs where the video system is built

right onto the motherboard, sometimes called "on-board" or "embedded"

video. This is common in laptops (to save space) and in lower-end desktop

PCs (to save money). Instead of having a separate graphics/video card

with its own special-purpose video RAM, these systems "share" the normal

system RAM, reserving some for the use of the built-on video system, and

the rest for use by the operating system, applications, utilities, etc.,

as standard RAM. (These systems may also use the PC's own CPU for

processing the video, instead of having a dedicated graphics co-

processor; but that's another issue.)

 

As Brett found, there's usually a setting in the BIOS that lets you

determine how much RAM should be set aside for sharing by the video

system. The more RAM you set aside for video, the better the video

performance may be in graphics-intensive applications--- photo editing or

viewing, streaming video, games, etc. But it's a trade-off because every

megabyte you set aside for the video system is a megabyte that's not

available to the OS.

 

In standard office-type PC uses--- email, word processing, etc--- you

usually do better by giving the video system less RAM, and leaving as

much as possible for use as normal system RAM. But if you find screen

redraws taking too long, or run into obvious video-related problems

(color problems, inability to run at a high resolution, etc.), you can

try bumping up the amount of RAM assigned to the video pool until the

problems go away.

 

Shared-RAM video systems are usually never as fast as the better

dedicated video cards: the latter almost always have dedicated

coprocessors and special high-speed RAM that's not shared with anything

else. If you need maximum video/graphics performance, a separate video

card is usually the way to go.

 

More info:

"OnBoard" Video OK?

http://langa.com/newsletters/2002/2002-09-09.htm#4

 

Fresh Look At On-Board Video:

http://langa.com/newsletters/2002/2002-10-03.htm#3

 

Item 9: See you at the meeting on Saturday.

 

Chuck