NEWSLETTER ISSUES

 
 12-20-2001

 12-07-2001

 11-01-2001
 Special Edition


 10-31-2001

 Subscribe!

 
 
 
 
OTHER LINKS

 
 The Forums

 Product Reviews

 Let’s Fight Sp@m!

 NetBEUI and Win XP

 PayPal Donate

 Letter Mail Donate

 
 
Scot’s Newsletter

Windows and Broadband Information You Can Use!

Get free email delivery of this newsletter!

Recommend Scot’s Newsletter to a Friend!

December 7, 2001 - Vol. 1, Issue No. 17

By Scot Finnie

IN THIS ISSUE

  • Wild About Emily Paige Finnie
  • Office XP Service Pack 1, and the Word 2002 Fix
  • Product Beat: Opera 6 Soars
  • Steve Gibson, Take II
  • Tiny Personal Firewall, and the SFNL Reviews List
  • In the News: The Excite@Home Debacle
  • Network Know-How: Wireless Wisdom
  • Windows XP Q&A
  • PC and Broadband Q&A
  • Xbox Is Microsoft's Trojan Horse
  • Link of the Week: BBWExchange Mag
  • Regret to Inform the Mac Faithful ...
  • Tip of the Week: FTP Browsing
  • Subscribe, Unsubscribe, or Change Your Address.


    Wild About Emily Paige Finnie
    Those of you who read recent issues closely knew that my wife (and editor) Cyndy and I have been expecting. The happy day finally arrived. Emily Paige Finnie was born on November 8, 2001. She's perfect. Mother and child are happy and healthy. Mother and father aren't getting enough sleep. But so it goes.

  • Emily (Who Has The Best Mom in the World) at Seven Days

    In case you've been wondering, "where the heck has Scot’s Newsletter been?" Now you know. I've been thinking about it a lot in the middle of the night, 3AM, 4AM, so forth. But no writing. Now, after a month of adjustments (I've come to accept that four hours of sleep is okay), I'm ready to get back into action.

    Of course, the holidays always throw my newsletter production a few curve balls. But we'll be business as usual soon enough.

    — State of the Newsletter —
    Because many of you ask this question, here's what's up with the newsletter. It hasn't been getting many ads. And donations have fallen off sharply since September 11. But subscriptions are on the rise, and I fully intend to keep at this. If you want to help, send a donation (whatever you can afford):

  • Via PayPal
  • Via Letter Mail

    In lieu of a donation, why not advertise your product or service? Drop me a message and I'll send you back all the details.

    Back to the Top


    Office XP Service Pack 1, and the Word 2002 Fix
    I've mentioned a forthcoming Microsoft Office XP service pack in back issues of SFNL. Well now it's getting close. Microsoft is about to release Office XP Service Pack 1. I hear SP1 is slated for a December 13 release if all goes well.

    Those who've followed my somewhat narrow coverage of Office XP will remember several articles about Microsoft patches to the WINWORD.EXE file to prevent a problem Win98 users have if they launch Word 2002 from the Quick Launch area of the Taskbar.

    Well I've just gotten word that the patch for that problem, which I've been beta testing for the last several weeks, will *not* be included in Office XP SP1. It will instead be released toward the end of the month as a separate hotfix. It didn't make the cut for SP1. I don't know whether that's because the problem only affects Windows 98/98SE users or whether it just didn't get in the Service Pack in time, but bottom line, the fix is still three to four weeks off.

    For the record, I've tested several fixes for Microsoft. But both of the last two solved the problem. I prefer the one they're working on now because I noticed minor Word performance issues with the earlier one. So Microsoft is on the right track; it's just taking the slow boat to get there.

    To me, given that there are still more Windows 98 users than any other type of Windows user -- Win98 problems should take precedence.

    Back to the Top


    Product Beat: Opera 6 Soars
    I haven't been this excited about a new browser since about 1997. Finally, a program worth installing over Internet Explorer. It's fast, sleek, well conceived, and neck and neck with the bits from Redmond. The usability conveniences aren't quite up to the measure of IE, but did I mention it's fast? Opera 6.0 is still the quickest browser on the planet. It's still a small download. It's still got a lot of features that no one else has. In this new version, if you hate MDI windows, you can kill them -- forcing Opera to put the "feet" of individual browser windows into Windows' taskbar, instead of its own taskbar-like structure. Frankly, I've grown used to the Opera way of doing things. It makes managing multiple browser windows easy. (I just wish other windows -- like email, dialogs, etc. -- could exist outside the bounds of the main Opera window.) There are also some improvements to the Opera Bookmarks system, which has been a weak point in the past.

    Something else has changed about Opera. The company seems much more receptive to needs of Windows users. Three or four years ago, Opera was trying to make it as an outcast, a rebel. It no longer has that overt corporate culture. They've got the #2 browser (in terms of momentum, not market share, at least not yet) and they know it.

    I'm already working on a full review of Opera 6.0 for an upcoming issue. I really want to use it some more and focus my impressions. If you want to drop your thoughts about Opera 6.0 my way, please do.

  • Download Opera 6.0

    For Linux users, Opera has also just announced the Technology Preview 2 (beta) release, which includes fixes to the user interface, installation, and the document layout. I don't know about you, but I'm not a big fan of any of the browsers I've tried in Linux so far. I'm really hopeful that this version of Opera for Linux could claim that throne.

  • Download Opera 6.0 for Linux Technology Preview 2
  • Check out the log of changes

    — Netscape 6.1 — —
    Longtime readers of SFNL may be a little tired of my saying I'll review it ... later. My apologies. After thinking about it for too long (probably), I've decided not to review Netscape 6.1. On balance, I don't think the product is worthy of that much ink. If you're a confirmed Netscape 4.x user. Great. Stick with it. Mozilla may some day be an alternative. Right now, it's just not ready for prime time.

    Does your company have a new computer product of interest to this newsletter's readers? Submit it to Product Beat.

    Back to the Top


    Steve Gibson, Take II
    I really have to say that the folks who support Steve Gibson -- at least the ones who wrote to me -- have a lot of class. Even though I received scores of messages in Steve's defense, not a single one was a flame. And I might have given some people reason to be a little hot with my coverage of Internet resources aligned against Gibson and his company, GRC, in the last full issue of the newsletter.

    Because everyone who cares about this subject deserves my honest opinion, I'm going tell you exactly what I think. I like Steve Gibson. He's done great things for PC users everywhere by hammering on desktop security issues. Steve is a good force in our industry, even though I don't I always agree with him. The criticisms I wrote about him last time stand: He doesn't finish many of the projects he announces, he has a tendency to over-dramatize some of the issues he raises, and the GRC software we do have (with the exception of SpinRite) isn't as all-fired great as you might think. But Steve would probably be the first to admit some of that.

    What's more, it's worth noting that I, for one, am far from perfect myself.

    Some other thoughts: Although Gibson has a point about Windows XP Home Edition's security, I don't think the end result is utter calamity. Also, like Steve, I've tested and retested ZoneAlarm, and I just keep coming back to the same thing. It's an excellent personal firewall. Because no PC is an island -- everyone should be running ZoneAlarm or something of similar quality (Norton Personal Firewall is the next best thing).

    SFNL has been a pretty good supporter of Steve Gibson, GRC, and many of the things Steve is trying to do. I am not yanking the plug on that. Right or wrong, there's just another side to the story, and I felt I had to give it equal time.

    A few readers wrote me detailed, constructive, and well thought out responses to the points I made. I only have space for two in this issue.

    — In Defense of Steve Gibson —
    SFNL reader and GRC supporter Milly Peters wrote to make five separate points in response to the "Questioning Steve Gibson" article. Here's her letter:

    I don't want to add to any bunfights about Steve Gibson, so may I just take up a few points you raised?

    1. From 10-31-2001 SFNL:
    "...[There are] several allusions to collusion between Gibson and the top brass of the folks behind ZoneAlarm. Gibson has repeatedly published on his site that ZoneAlarm is the only firewall for him and the Internet masses. I don't know if there's any hanky panky going on there. What I do know is that Scot’s Newsletter ranks ZoneAlarm as a Top Product..." --S.F.

    But Steve Gibson wrote:

    "For the record, I have NO INTEREST in any of these vendors. I have NO undisclosed relationship of any sort with any person, company, or entity, and no hidden agenda creating bias of any kind."

    So either he doesn't or he's a bare-faced liar. I know which I believe.

    2. From 10-31-2001 SFNL: "Despite using Shields Up and LeakTest in my firewall test suite, I have to admit to being somewhat disillusioned by the lack of follow-through on all the products and Web services GRC claims to be working on." --S.F.

    Fair enough, though it's not as if we're waiting for something we've paid for. SpinRite is the only product Steve Gibson offers that isn't free. They're not even ad supported. Here's part of what Steve has said about on this point in a newsgroup post:

    Message-ID: <MPG.1644b9a8bd7293e1989fdb@207.71.92.194>
    "...I believe that the best thing I can do is to keep focused and working to turn the capabilities and ideas I have into reality. I believe that it is because I have not done enough of that, that the nay-sayers have the ammo to create whatever doubt they can. People here, who have taken the time to know me and work with me on past projects, know who I am and why, and what I can and have done. But I have also spent a lot of time talking about cool things that I have not yet finished. Getting them done now is the best answer can give to Thomas and Co."

    [Note: I am unable to find this newsgroup post, but I am taking Milly at her word that Steve Gibson posted this message exactly as is. --S.F.]

    3. From 10-31-2001 SFNL:
    "Shields Up has never been an important part of my test suite. There are several other scanners out there that do a much better job than Shields Up." --S.F.

    True enough. How about giving him credit for pioneering such services though (as you've done in the past?

    Response: You're right, credit is due. I agree that Steve has had a wonderful effect on desktop security. Shields Up is an important part of how he accomplished that. I guess my point was that, that was then (1999, 2000) and this is now. I'm talking about Shields Up now, and it no longer stacks up well against what's out there. --S.F.

    4. Shields Up is undergoing a period of development as we speak, often with daily improvements. You might like to glance at NanoProbe. This is still non-functioning. But you might find Shields Up [that is, NanoProbe] retaking the lead in due course.

    5. "LeakTest is a very simple program. To be honest, as a test, it's not very credible ... The only point of LeakTest is to show whether firewalls actually monitor outbound Internet activity. That's all it shows." --S.F.

    Not so, that is not what it shows. It is a very simple program, but its principal purpose is to show whether firewalls that do monitor outbound Internet activity can be defeated by malware using the (trivial) means of renaming itself with a program name that's already trusted, either by user determination or the firewall's default settings. I know you know this because you've written about LeakTest in the past. But anyone just reading your latest comments might get the entirely wrong idea about LeakTest entirely. No?

    Before LeakTest, only ZoneAlarm bothered to use some kind of checksum on the authorized application. Now all the good ones do, in direct response to the LeakTest publicity. What other third-party test, free or not, has had such an effect on the personal firewall industry? What's not credible about that? --Milly Peters

    Response: This is a fair question. The problem is that, as a serious firewall test, LeakTest 1.x is a pretty terrible app. It requires the user to change the LeakTest filename to a common application name, such as IEXPLORE.EXE. But users -- including reviewers -- don't necessarily know what to rename the file to that might spoof their firewalls. Some applications block the use of their names this way under Windows. Others never actually use their primary .EXE files to initiate authorized outbound transmissions, so using their primary .EXE filenames won't really cut it. LeakTest is a painfully simple little program that shows only the tip of the iceberg for what's a fairly complicated area.

    One thing LeakTest doesn't do, for example, is automatically test a wide variety of common application names. Another thing it might do is read the list of programs authorized by your firewall and try filenames associated with those programs. Both of these approaches are way beyond LeakTest's current scope.

    In all fairness to Steve, I don't think he meant LeakTest to be a benchmark, at least, not at first. He meant it as a quick and dirty demonstration for firewall vendors about just how easy it is for a Trojan or other bad actor to spoof their software into allowing unauthorized outbound transmissions. There are actually comments in dialog text of the program to this effect. And clearly LeakTest achieved this goal quite handily. It woke up the vendor community, an important service Steve Gibson performed for desktop users everywhere.

    The trouble is that we still don't have a tool that really tests this thoroughly. And I'm not fully convinced that all the personal security vendors have, in fact, done a whole lot about the problem. So when I say that LeakTest isn't very credible, I don't mean that the problem it points out is a non-issue. In fact, quite the opposite. I'm concerned that LeakTest's simplicity may have lulled us into a false sense of security.

    Not 10 minutes after writing the above Steve Gibson sent me information about the next major version of LeakTest. While it does not appear to address all the issues I've just raised, it is clearly a much more ambitious product than the existing LeakTest and would be a welcome improvement. I guess we'll have to wait and see. --S.F.

    — Point by Point —
    SFNL reader Keith Williams took issue with some of the points made by the anti-Gibson websites I referenced last time. Here's what he had to say:

    During the Steve Gibson-Thomas Greene (TheRegister) interview on the July 24, 2001 radio show Online Tonight with David Lawrence, Greene all but admitted to having done some hacking during his younger years. He should, therefore, have a reasonable level of knowledge of what Steve is talking about.

    Steve's concern with the raw sockets issue in XP is that once in an XP machine with no outbound control firewall, it will be very simple for a Trojan to masquerade as some other machine. In short, spoofing made easy. It has been pointed out that it is possible for a cracker to include device drivers to do this, specifically the WinPcap set. I doubt this as it is difficult enough to do so when the proper user is at the keyboard, let alone a hacker/cracker who is sending the Trojan via email. There really is no good reason for raw sockets on any personal computer and not many on a corporate one.

    In GRC Dissected, David Ford points out that the various flavors of Unix/Linux already had raw sockets and crackers could install and use Unix to attack and thus don't need the raw sockets in XP to perform their address spoofing. That's absolutely true but it misses the point. Crackers don't use their own machines for this, they use the raw sockets on other people's machines to do it.

    David Ford also points out that a lot of ISPs won't allow source addresses which are not within their address range to exit their networks. True, but a lot of other ISPs do. If that weren't the case, there wouldn't be any distributed denial of service (DDoS) attacks.

    In his defense of Black ICE, Cyrano de Bergerac (how's that for guts?) wonders how much Steve makes from ZoneAlarm. Steve has repeatedly stated that although he knows the people at Zone Labs, he has no fiduciary interest in the product. If there is evidence otherwise, it should be shown, not snidely implied without any evidence that Steve is has anything to gain from singling out ZoneAlarm or Zone Labs products." --Keith Williams

    Response: Many good points here, Keith. I remain unconvinced that the Home Edition of Windows XP is suddenly going to open up the floodgates to DDoS attacks though. There are so many ways for our PCs to be exploited that I doubt this one change -- exposing the raw sockets -- will make a world of difference. But I guess time will tell.

    Was Steve right to raise the point with Microsoft? Does it seem like not a smart thing for Microsoft to have done? Yes on both counts. I'm not sure we've seen a response from Microsoft that really explains why they've done this. Steve was quoted last summer as saying they did it by accident. I'm not so sure about that. But either way, this web document the only information I've seen from Redmond on the issue.

    Although it's creative, my problem with this whole thing is that Steve went too far on his website with the whole "Dawn of the Cyber Dead" thing. It's important to publicize issues like this one. But by dramatizing it, we run the risk of making it laughable -- and, I think, actually minimizing the effect that the publicity has. --S.F.

    Back to the Top


    Tiny Personal Firewall, and the SFNL Reviews List
    Speaking of personal firewalls, last time around I mentioned I'm planning a comparison review of ZoneAlarm 3.0, the next version of Norton Internet Security, and possibly Black ICE Defender. That comment earned several dozen messages from SFNL readers asking me to include Tiny Personal Firewall in the round-up. That's a request I can understand since I tested TPF fairly recently. I did not, however, award Tiny Personal Firewall "SFNL Top Product" status. But if I offered an honorable mention, TPF would have received it.

  • Tiny Personal Firewall 2.0.14 Good, But Not Great

    Since then, TPF has been awarded ICSA certification, a very good thing for a firewall. (Note: ZoneAlarm Pro and Norton Personal Firewall 2001 are also ICSA certified.)

    I liked TPF a lot. My big problem with it is that it's almost 100 percent manual. If you don't already fully understand your operating system and the Internet, you could get in trouble with TPF. Frankly, it just doesn't assume enough. Everything else about it is great. If you're an experienced user, it probably gives you more control than either ZA or NPF. Like I say, think of it as an honorable mention. It's a great product for advanced users.

    — Scot’s Newsletter Reviews List —
    When you combine the reviews from Scot’s Newsletter and those of my two now defunct earlier Winmag newsletters -- Windows Insider and Broadband Report -- you'll find a good list of reviewed products you might want to check out. Especially broadband hardware and important Windows software. But until now, it's been hard to find those reviews. One of the things I did at 4AM one night was put it together for you on a web page.

  • Best of Scot’s Newsletter - Reviews

    — Scot’s Favorite Windows 9x Tips —
    Similarly, there's a list of tips aimed mostly at Win95 and Win98 that I find invaluable. I still get Q&A questions whose answers are found on this tips page. I've recently posted that page in SFNL as well.

  • Essential Windows 9x Tips & Fixes

    Back to the Top


    In the News: The Excite@Home Debacle
    Somehow things had a way of working out for the 4+ million Excite@Home cable modem subscribers whose services were threatened with termination last week.

    This past Saturday some 850,000 AT&T@Home customers lost their cable modem service. A close colleague of mine, Erik Loyd, who lives in northern California, had his service summarily terminated on Saturday. AT&T hadn't even bothered to warn its @Home customers in advance, according to Erik. The plug was just yanked. He only knew about it from reading news stories.

    Erik got a broadcast voicemail message after the fact. (When you're AT&T, hundreds of thousands of long-distance calls come cheap.) Among other things, the message promised to give him two days credit for every day his service was down until AT&T could absorb his account into its broadband network. By Tuesday afternoon, Erik's service was working again. He had to make some changes to his network settings, but that was it. He has noticed a small reduction in performance since the change, and his machine picked up what believes may be a mild virus as soon as the new AT&T service was turned on.

    SFNL reader Laurie Stoker was also an AT&T Excite@Home customer living in the San Francisco area. She writes:

    My friend in Livermore, a nearby town, got his connection back on Monday because he checked when he got home that day. I didn't check, so I don't exactly when I was restored, but it was working on Tuesday. Another friend in San Rafael was back online on Monday too. He mentioned that the connection was a little sporadic, and that's been my experience too. Since AT&T is still in the process of adding all their subscribers onto the new network this week, I guess that's to be expected. Hopefully things will smooth out over the next few days.

    Since we had been keeping a close watch on the bankruptcy proceedings, I stayed up late Friday night with Outlook Express open just to get every last message before Excite cut me off. Even so, I ended up losing at least two days' worth of email. Excite said it was deleting every message that came in to AT&T@Home accounts and would not forward anything. Not the way to get public support! --Laurie Stoker

    Meanwhile, my mother, who has Cox@Home in southern California was wondering -- like many other Cox, Comcast, Rogers, and other @Home customers -- whether her plug would be yanked too. As it turns out, most other Excite@Home affiliate ISPs have cut short-term deals with Excite to continue provide service for the next 90 days. According to published reports, companies that have made arrangements with Excite include Cox, Comcast, Rogers, Mediacom, and Insight Communications. For now, customers of those companies need to nothing to keep getting service. In addition to AT&T, it appears Pennsylvania-based Adelphia may be going it alone without the Excite network. Adelphia's website informs customers that they need to convert to Adelphia Power Link.

    Both AT&T and Excite@Home demonstrated utter arrogance and disregard for their customers in carrying out what amounted to a boardroom pissing match. The fact that AT&T owns a large percentage of Excite@Home and there there's been a severe corporate culture clash is no excuse for 850,000 customer losing their connections, for no matter how brief a time. In a corporate sense, AT&T is the "winner" here, and Excite the loser. To be honest, given the way Excite played its hand, that seems just to me. But the real loser is the customer. Excite has one heck of a network which suddenly 850,000 customers no longer have access to. In short order, that could be over 4 million customers -- a huge percentage of the North American broadband marketplace. It's pathetic that these two companies were allowed to fight a duel in the Sun with total disregard for their customers.

    Another point that has gone largely unreported is that Excite's network is faster than AT&T's. It wouldn't surprise me, of course if AT&T didn't pick a good portion of Excite's goodies at bankruptcy auction -- and firesale prices, to be sure. Same thing AT&T did with NorthPoint. So, with luck, maybe many of those customers will regain access to the better network.

    Some articles:

  • AT&T Nearly Finished With @Home Migration (InternetNews.com)
  • AT&T absorbs @Home Customers Smoothly, Readers Say (TheRegister)
  • AT&T Withdraws $307 Million @Home Bid (InternetNews.com)

    — Changing Your SFNL Subscription Address —
    By the way, those of you who are trying to change your subscription email address to this newsletter, you will find that using the web-page version, called Scot’s Newsletter Subscription Center, is much easier for changing your email address.

    Really, you can do this on your own. Give it a shot. But if you need my help, feel free to email me. You must send both the old email address and the new one in the body of your message.

    Back to the Top


    Network Know-How: Wireless Wisdom
    After more than a year working with 802.11b wireless networking in my house, testing and reviewing literally dozens of products, and stretching the technology to its limit, I have some real-world comments to pass along to you.

    My house is medium to large. It's a two-story nine-room New England colonial. So if your place is more space economical, your mileage may be better. But I've found that wireless networking is finicky and imperfect. With my wife at home full time for the next couple of months with the baby, and my own increasing need for reliable networking in all parts of my house, I finally broke down and hired an electrician for $605 to run Cat 5e to two strategic points in my home. With these wired Ethernet extensions to my SFNL Labs network, used in combination with wireless networking, I am now able to reach all the living spaces inside and outside of my house. I could sort do that before ... if the wind was blowing just right.

    Bottom line: wireless networking is no panacea. I believe that it has a better place as an adjunct to existing wired networks than it does as the underpinning of your entire network. Of course, if your entire network is two or three PCs in adjoining bedrooms, then a wireless broadband router may well be your best choice. But for more PCs, on multiple floors, or for any business application -- even if it's a five-person small business working out of someone's house -- wired is better. Or, even better, wired + wireless.

    Part of the reason for that is performance. Even with properly placed wireless access points to extend my "infrastructure" style wireless network, I find that network performance (especially with multiple-megabyte file copies) just doesn't compare with a wired network. Even when the software utilities report that the available bandwidth is 11-Mbps. Don't believe it. Wireless is slower than wired Ethernet.

    You can also go nuts trying to position your PC in its physical space in just the right place to optimize throughput. Moving your PC (or its wireless antenna) even an inch or two can make a serious difference to the signal quality. It's like adjusting a radio antenna.

    Basic 802.11b interoperability does exist. Most 802.11b PC Cards do interoperate. But the two-piece PCMCIA-card plus PCI card adapters for desktop PCs are hugely problematic. They often don't interoperate with PC Cards made by other companies. They are also just unreliable. To be sure, there are exceptions to this rule. But a word to the wise: USB. The USB 802.11b adapters work surprising well. Many of them have little antennas you can raise, and that does help with reception.

    Back to the Top


    Windows XP Q&A

    A few ever-popular Windows XP questions and answers:

    — Correction —
    In a tip in a previous issue of the newsletter, the newsletter stated that MSCONFIG.EXE (the .EXE file for System Configuration Utility) is available in Win98 and Win98 SE only. But that's incorrect; MSCONFIG.EXE is also found in Windows ME and Windows XP. Thanks to longtime reader Anthony Abraham Molina for pointing that out.

    — Remote Assistance Confusion —
    I really enjoy your newsletter. Today you answered a question for Roger Siemers on whether he should upgrade his father's OS with XP. One computer must have Windows XP Pro for this to work. The other or others can have XP Home. In this case Roger would need XP Pro. --Carl Beck

    Response: Carl isn't the only person to write me with this information, so I'm not picking on him. But I double-checked with Microsoft on this point, and the way I wrote it originally is correct. This works with two Home Edition versions of XP. There may be other Remote whatever features of XP that may require XP Pro on at least one client. But not Remote Assistance.

    — XP and Wireless Networking —
    Question: I have been a faithful reader of your newsletters from the old days of Winmag, and appreciate all the work you do to give the rest of us useful information. I need some advice. I am currently running Windows Me on three computers in my home, networked with an old Intel Anypoint Phoneline USB system. It works pretty well. One of the computers is my laptop, another is my son's. Those two share my cable modem connection, using my home office computer as the server/gateway. I'm planning to purchase a new computer in a couple of months to replace my main desktop machine, and it will come with Windows XP. Intel doesn't yet support XP with its networking software. I am considering changing to a wireless networking system, and may do all this at one time. Any suggestions for a wireless system? I am assuming I should go with an 802.11b system. I don t mind installing PCI cards. Who is supporting XP in their software? --John L. Meade, MD, FACEP

    Answer: You ask a good question. First, I do recommend 802.11b for wireless networking. XP has native support for 802.1x, and even includes generic drivers for several popular models of wireless PC Cards. You can find out more about this in my review on Windows XP Beta 2 (scroll to bottom), co-authored with several smart ex-Winmag folks.

    I suggest Linksys as a good low-cost solution. I also like SMC and Netgear. I actually prefer the SMC PC Cards and the Linksys wireless access points. Go figure. There are many others doing this, but with drivers still scarce for XP, it's better to go with higher volume, more "name" brand manufacturers who focus on consumer distribution. Or any company you know to have a solid XP driver. It's tough to really be sure in this current climate, sort of the dawning of XP, though. Still, by the time you buy your new PC things will have begun to straighten. Hope this helps. See also the Network Know-How: Wireless Wisdom article in this issue of the newsletter. --S.F.

    Send your burning Windows XP question to the newsletter and look for an answer in a future issue.
    Back to the Top


    PC and Broadband Q&A

    This time around I have both Win98 and security Q&A topics to pass along to you.

    — Saving Local Copies of Windows Update Patches —
    Question: I am wondering if there is a way to download the complete library of patches and updates for Windows 98SE and save them locally to be installed later. You had written in a previous edition of SFNL on how to do this with IE5.01 setup files. Microsoft will be ending the support for Win98 and the updates/patches will be needed locally for folks who run Win98. --Stephen Kobsa

    Answer: It's a good question. Unfortunately, so far as I know the answer is "No." Many of the patches in Windows Update are available somewhere else on the Microsoft website. From those locations, you can download and save the patch or program installers. Some examples include DirectX 8.1, Windows Media Player 7.1, and so forth. A good portion of the smaller patches are linked in the same fashion from various Microsoft Knowledgebase articles. But I know of no one place at Microsoft that offers Win98 patches as a downloadable library -- other than Windows Update, which does not allow you to save the installers locally. I agree, completely, that this is a major failing of Windows Update, especially for advanced users or anyone supporting multiple PCs.

    When Winmag was still operational, I used to maintain a page that did exactly what your looking for. It had links to a long list of Windows 95/98 patches whose downloads you could save. But that was part of a paying job, it was never 100 percent complete, and it took a lot of work.

    I agree with you that this would be a good thing. But Microsoft wants you to use Windows Update for this purpose -- which means you keep downloading and downloading and downloading. I'm guessing the reason for that is that A.) Microsoft does everything now with the mythical "idiot" Windows user in mind. We can't be trusted to install these things ourselves, and save them in a logical way. B.) It gives them a way to stealth upgrade their patches, and ensures adoption of later patches at the quickest rate possible.

    TechNet and MSDN subscribers (paid services from Microsoft) do have access to some of this stuff on CD, by the way. But the subscriptions are expensive. --S.F.

    — Security Primer for Desktop PCs —
    Question: I appreciate your newsletter for its objective information and useful tips. Perhaps sometime you can comment about whether a software firewall is really needed for home users, even when a cable modem router is used. I often feel that keeping things simple is the best approach. --Alan Moskowitz

    Answer: A broadband router makes you more or less invisible on the Internet using a technology called Network Address Translation (NAT). It is not literally a firewall. If someone knows who you are and is specifically coming after you, it won't help you at all. It gives you a good measure of probable protection against a random attack. It has no protection at all from Trojans and worms that would seek to enter your PC via email or another Internet application.

    A cable modem router -- the one supplied by your cable modem company -- probably affords even less protection than a broadband router. Cable modem companies may tell you that you're perfectly protected and do not need any other devices, but be aware that they have a vested interest in telling you this. First, they don't want you to share your broadband connection with multiple PCs, both because it uses extra bandwidth (potentially) and because they may want to charge you for extra IP addresses for that purpose -- which you don't need. Secondly, cable modem companies don't want to deal with the support calls that may come in based on extra hardware or software security protections. Bottom line: They really don't care about your security.

    I don't want to overstate the security threat, but you should be aware that it's not uncommon -- especially with cable modems -- for other people to hack their way into your computer. They would have access potentially to all the files on your computer and could wreak havoc. It's much more common than you think.

    There are the different levels of security protections you should consider. Some combination of these is not just a belt-and-suspenders idea. Every broadband user should have them; every computer user with an Internet connection should have at least some of them:

    1. A top-notch antivirus program with email protection. I use Norton AntiVirus 2001, but I'm now considering Panda and others because the NAV 2002 upgrade, while showing many improvements, took away too many options in the name of streamlining. Norton, Panda, McAfee, PC-cillin, and others are all viable options. Everyone should have an antivirus program with active email scanning turned on.

    2. Software or hardware firewall. True hardware firewalls start at around $300, and most are at least $500-$1,000. Enterprise-grade firewalls can cost much more. It would be preferable if your firewall offered intrusion detection. My recommendation is to use Zone Labs' ZoneAlarm Pro , which is $39.95 per PC, or you can download the freeware version. Norton Personal Firewall is another good personal firewall option.

    I'm also a believer in intrusion detection as an adjunct to firewall protection. Black ICE offers inbound intrusion detection, and other products will be adding it in the near future. (More on this in the next issue of SFNL.)

    3. Trojan protection software (I'm a little lukewarm on this category because I've yet to find a program I really like). Finjin and others have made this into a category.

    4. A NAT-based hardware or software routing product, such as the Linksys EtherFast Cable/DSL Router or Ositis WinProxy. As noted above, this kind of product affords an extra layer of protection but it should not be your only defense. Even in the home. Especially in hardware (which I recommend over software), it's at least as important for convenience as it is for security. --S.F.

    Send your burning PC or broadband question to the newsletter and look for an answer in a future issue.
    Back to the Top


    Xbox Is Microsoft's Trojan Horse
    You think Microsoft has given up on the PC market? Xbox is about as close as you get to a PC in a game console. The thing is flying off store shelves -- even with the $500 mandatory bundle most retailers are insisting upon. Even so, Microsoft is losing gobs of money on Xbox, and will be for a long, long time to come. Some analysts say Microsoft has an uphill battle. Sony's PS2 has a one-year head start, and Nintendo's new GameCube has a huge existing brand-loyal customer base. I own PS2 (well, my 10-year-old does). From what I've seen so far, I prefer PS2 graphics. Microsoft's Xbox PR firm, Shandwick, has so far declined to return my numerous calls in request of an eval. unit, or otherwise I might be bringing you a review of the Xbox.

    Here's the nut, though. Even if you're not interested in game consoles, Xbox is very interesting. This is a blank slate for Microsoft. Once it has an installed base it can start providing other applications besides games, hardware add-ons, and really a whole group of products and services. Surprise, surprise. Current Xbox buyers (or users), many of whom are now age 10 to 25, may be in the marketplace for more from their home hardware in five to ten years. Maybe Xbox will someday do Windows -- or whatever Microsoft will be calling what passes for an operating system in the year 2009.

  • Who's Console King? (TheRegister)

    Back to the Top


    Link of the Week: BBWExchange
    Robert Hoskins' self-described "one big electronic press kit dedicated to the broadband wireless industry" is jam-packed with useful stuff not just for industry folks, but also end-users like us. BBWExchange covers 300 vendors and 1,100+ service providers plus tons of industry research, tutorials, and a bunch more. If you're hungering for broadband access, but you don't have cable modem or DSL access in your area, you should be checking this place out for fixed wireless solutions on the Broadband Wireless ISPs page (see below). It can help you find solutions right in your back yard (no promises, but it's worth a shot).

  • Broadband Wireless Exchange Magazine
  • Broadband Wireless ISPs

    No less important or useful this week is an InformationWeek column from my buddy Fred Langa, who's back with a continuation of his Winmag series, Ten Ways to Make Windows {whatever} Run Better. Check it out.

  • Ten Ways to Make Windows XP Run Better

    Have you discovered a relatively unknown Windows- or broadband-oriented website that everyone should know about? Please send me the URL, and let me know why you liked it.

    Back to the Top


    Regret to Inform the Mac Faithful ...
    After first telling me no, and then apologizing and telling me they would put me on the list to get a Macintosh and OS X.1 to evaluate for this newsletter -- Apple has just peremptorily reneged. I got an email last week informing me that they only have so many evaluation units, and there aren't enough to go around. Blah, blah, blah.

    This isn't the fault of the PR people. I've faced the same Apple brick wall while working as the reviews editor at more than one major computer magazine. It's a corporate culture thing at Apple. I had hoped they'd changed their tune. But Apple continues to dis the press. It's probably a Steve Jobs thing.

    My response: I can't afford to go out and buy a $2,500-$3,000 Mac to test a long overdue new operating system that fewer than 10 percent of computingdom is interested in. I offered to give Apple a fair shake, just as I've given Linux. Unfortunately, Apple has a proprietary system. If it wants objective reviews, it's going to have to send loaner hardware.

    With that, I'm washing my hands of Apple. If you're looking for Mac coverage, Scot’s Newsletter isn't the place. Sorry.

    Back to the Top


    Tip of the Week: FTP Browsing
    Our reader-submitted tip this week is simple one, but it's just as useful for power users to keep and mind as it is for less experienced users to be aware of.

    — Web Browser as FTP Client —
    Very few folks seem to realize that their modern Web browser is an excellent FTP client too. IE, Opera, and Netscape all work this way. To make this work, type ftp:// followed by the FTP URL in your browser's Address or Location bar. For example:

    ftp://ftp.microsoft.com/Softlib/mslfiles/

    You will be prompted for a password, and magically will be at your ftp location.

    Personally, I prefer IE's performance over Netscape's. Additionally, IE will use all of your local icon settings, so directories look like folders, html files will have the IE logo, graphics will bear the logo of your viewer/editor, and so forth. Essentially, the FTP location just looks like another Windows folder, with a functional right-click context menu and the ability to drag and drop. --Dale Poole

    Response: Opera's interface isn't as whizzy as Microsoft's, and in fact, after you enter an FTP address with a long scrolling directory, Opera may appear to hang while it loads the directory. (The example above is just such a long directory.) But Opera's FTP browser does appear, like everything else, to be faster than IE's. But in a switch, I found Netscape 6.1's FTP browser to be the fastest of the bunch. Netscape 4.77 was the slowest.

    One final point, despite the bogus advertising window for the shareware version, I still use CuteFTP (the registered version) as my FTP client. For a simple nip into an FTP directory, your browser is fine. But if you want to download or upload some serious MBs, an FTP client is both faster and more reliable than your Web browser. WS_FTP would be my second choice among FTP clients.

  • CuteFTP 4.2 trialware (an older freeware/shareware version may be available from independent download sites)
  • WS_FTP LE 5.08 (freeware) or WS_FTP Pro 7.0 (trialware)

    Do you have a Windows or broadband tip you think SFNL readers will like? Send it along to me, and if I test it and print it in the newsletter, I'll print your name with it.

    Back to the Top


    The Fine Print
    If you like this newsletter, I need your help spreading the word about it. Please share it with friends and co-workers, and encourage them to sign up! It's free.

    Visit the new Scot's Newsletter Forums.

    Subscribe, Unsubscribe, Change Email Address or Message Format
    You can unsubscribe at any time; I don't believe in captive audiences. The website subscription center is the easiest way to manage your Scot’s Newsletter subscription. Changes take only a minute or two. You must select your message format — Text or HTML — even for address changes or unsubscribes.

  • Unsubscribe
  • Unsubscribe Help and Options
  • Subscribe
  • Change Email Address or Message Format (HTML or Text)

    Contributions
    To help with the cost of creating and distributing the newsletter, I accept contributions via PayPal and Letter Mail. For more information on donations:

  • Sign-up for PayPal (if you don't already have it)
  • Option #1: Donate via PayPal
  • Option #2: Donate via Letter Mail

    Contact
    Send comments, suggestions, or questions about this newsletter. Don't be bashful about telling me what you like or don't like. Send emails related to editorial content (only) to scot@scotsnewsletter.com.

    Please address advertising inquires (only) to: sales@scotsnewsletter.com



    Sign-up for PayPal.

    Support this Newsletter by Donating Today.
    Or donate via Letter Mail.

    How to Link to Scot’s Newsletter

    Copyright © 2001-2007 Scot Finnie. All Rights Reserved.
    Ten Myths About Copyright Explained.


    You are subscribed to Scot's Newsletter HTML EDITION as: $subst('Recip.EmailAddr')