Scot’s Newsletter

Windows and Broadband Information You Can Use!

 
NEWSLETTER ISSUES

 
 09-12-2002

 08-15-2002

 07-18-2002

 06-21-2002

 More Back Issues

 Please Subscribe

 
 
 
 
OTHER LINKS

 
 The Forums

 Product Reviews

 Let’s Fight Sp@m!

 NetBEUI and Win XP

 PayPal Donate

 Letter Mail Donate

 
 
Get free email delivery of this newsletter!

Recommend Scot’s Newsletter to a Friend!

August 15, 2002 - Vol. 2, Issue No. 30

By Scot Finnie

IN THIS ISSUE

  • Review: BlackICE PC Protection 3.5.cdf
  • Windows 2000 Service Pack 3
  • Product Beat: ChoiceMail, Linksys Firewall, ZA 3.1
  • StarBand Interview
  • Announcement About Advertising in SFNL
  • Windows XP Remote Desktop -- Part Deux
  • Q&A
  • SFNL's Broadband: Cable Internet At Last
  • Win 98 Support Extension, and Windows Coverage
  • Link of the Week: Kartoo.com
  • Tip of the Week: Desktop on a Menu
  • Summer Schedule Ends Soon
  • Subscribe, Unsubscribe, or Change Your Address.


    Review: BlackICE PC Protection 3.5.cdf
    BlackICE PC Protection (previously BlackICE Defender) has something wonderful going for it: It was the first desktop-based intrusion-detection system. I'm a big believer in intrusion detection. A layered, or ringed, strategy of protection is the best approach in my book. A firewall, application monitoring, script blocking, and antivirus protection with email scanning are all important aspects of that. And so is intrusion detection. The BlackICE product fairly invented that category.

    This version of BlackICE is also much better than the last version I tried, version 2.1. The product, now under the aegis of ISS, integrates itself in the Windows environment properly. It does what it's supposed to do.

    BlackICE proved itself to be good at plugging most types of vulnerabilities and common Trojan exploits. It performed admirably on the intense Security Space scans -- better by a notch than Norton Internet Security Pro 2002, for example.

    But that's, I'm afraid, where the high praise stops. In my ever-growing barrage of vulnerable-port scans, BlackICE showed four ports that were closed but not invisible. Not the end of the world, but not what you expect when you pay $30-40 (single-PC license) for a product designed to protect you. After all, the free version of ZoneAlarm shows no ports at all -- they're all both closed and invisible. ZA is still perfect in all my firewall-specific tests. And that's what you want from any firewall product.

    For details on how I test firewalls, please see the SFNL Firewall Test Suite and Methodology page.

    There's a second very real and more important issue: BlackICE's user interface is bad. It's not just that it is drab gray and looks like something created during the Windows 3.x era. I'm talking about what it's capable of doing, what it forces the user to understand, and how hard it is to grasp those things.

    BlackICE does an application scan at installation and thereafter watches your apps closely. In fact, if you install a new application, you'll be prompted much as you would be by a crash-protection program to temporarily stop watching so that it doesn't interrupt you with a blizzard of warning messages. BlackICE affords pretty good application blocking, but you may find that it prompts you in annoying ways. And you may have trouble modifying it.

    You see, user-modification of application rules pretty much requires a degree in BlackICE-ology. Actually, it's not just knowledge of BlackICE that's needed, but in many cases knowledge of specific files that run your applications. Because that's what BlackICE's Advanced Application Protection Settings really offer you, a way to turn on or off controls on specific EXEs, DLLs, and so on. To the uninitiated, this is going to seem not only scary, but obscure. And, well ... it is.

    But more than that, the strategy is wrong. The thing about application control is that use of an application in one setting may be perfectly allowable, while use in another setting may be absolutely terrible. To some extent, the user has to play a role in making that decision. BlackICE is not designed to interact with its users on this point in context by automatically creating rules as situations arise.

    The BlackICE firewall is similar in nature to Tiny Personal Firewall in that it's literally a shell that the user must understand and configure to allow specific ports or block additional ports. There are very few controls for the firewall. You have to bring to this program an understanding of the Internet and common port usages if you want to customize it to your application needs. In other words, it's the exact opposite of products like ZoneAlarm and Norton Personal Firewall (in Norton Internet Security).

    Intrusion detection has even fewer controls, and you won't know that it's working unless you're attacked by a specific intruder targeting you. This is among the very hardest things to check for in a test environment, and I can't claim to have gotten a deep look at BlackICE in this department. One very small thing I noticed; BlackICE has the ability to automatically update intrusion-detection signatures, but that feature is turned off by default. While I can understand that decision, some part of the installation process should advise users to turn it on -- or at least let them know it is there. The product should also automatically check for program updates (it does offer a manually activated update feature.)

    A lot of the user interface in BlackICE is event driven. By that I mean that stuff pops up in context of when it's needed. So, in other words, while you can make settings for Back Tracing (the ability to trace back an attack to its Internet address starting point), you won't know how those settings affect the experience until you have a situation that calls for back tracing. The problem with that is that when something does pop up, you may not know what it is, how to handle it, and how to gauge how serious it is. And the Help files don't help enough. In some places they refer to tabs or dialogs that no longer appear to exist in the program. In other cases, they just don't explain the main thing a user wants to know, like, what is this thing and what do I do with it. There are way too many assumptions made.

    Decisions
    BlackICE has good technology, and it is still a worthy contender in this software firewall/intrusion-detection category. It is most like Norton Personal Firewall, but it has opposite strengths. And in its current guise, it might best be used in conjunction with ZoneAlarm. Turn down the BlackICE firewall and disable its application protection. Then use its intrusion-detection features in conjunction with the ZA firewall and application protection. I've been testing ZoneAlarm Plus 3.1 and BlackICE PC Protection 3.5.cdf together for the last couple of days, and have had no problems so far. If you're looking for belt-and-suspenders protection, that combination might be it.

    Meanwhile, I have to give a miss to BlackICE as your sole protection. It places a distant third to the Zone Labs and Norton products, and just ahead of Tiny Personal Firewall, which I reviewed last year.

    I'll be very interested to look at the next version of BlackICE.

  • $40 for one PC ($105 for three PCs; $175 for five PCs), BlackICE PC Protection 3.5.cdf, Internet Security Systems (ISS), 888-901-7477, Lowest Price: $30, Outpost.com

    Update on SFNL Firewall Coverage
    Ok, ok, I give up. I've been inundated with requests to review two additional firewall products: Sygate Personal Firewall and Agnitum Outpost. I can't promise you when, just yet. But I will add them to the list of firewalls I will test in the relatively near future. You could see one in the next issue.

  • Sygate Personal Firewall
  • Agnitum Outpost

    Back to the Top


    Windows 2000 Service Pack 3
    This most likely won't be a news flash to you: On August 1, Microsoft made Windows 2000 Service Pack 3 (SP3) publicly available to everyone. You can either download it or order it on CD from this Microsoft page.

    A Microsoft spokesperson had this to say to me about SP3:

    SP3 is a well-tested collection of updates that focuses on a variety of customer-reported concerns with the Windows 2000 family of operating systems. In many ways, SP3 is a traditional service pack in that it includes enhancements to improve upon Windows 2000's reliability, compatibility, and security. In addition, Microsoft is fulfilling its commitment to implement the changes required by the consent decree signed with the DOJ and nine settling states.

    Antitrust Settlement Features
    That last part refers to a feature very similar to the one I've already described in detail in my discussion of the beta of Windows XP Service Pack 1 that allows users to selectively hide programs that come bundled with Windows.

    Windows 2000 lacks Windows Messenger, so the instant messaging program part of the "Set Program Access and Defaults" configuration panel (part of Add/Remove Programs) in Win2000 SP3 isn't useful by default. (I haven't tried adding Windows Messenger to Windows 2000, but it looks like doing so might make that part of UI come alive.) The programs controlled by Win2K SP3's changes are browser, email, media player, and Java virtual machine.

    The Win2K version of Set Program Access and Defaults is also greatly simplified by only providing an updated version of the Custom mode that's offered in the Windows XP beta of SP1. The Computer Manufacturer, Non-Microsoft, and Microsoft Windows modes are absent in the Win2K version. No big loss. It wouldn't surprise me if this were the way Windows XP's version shipped as well. The other is overkill. Of course, I'll bet Win2000 OEMs get their own version of SP3.

    What's In It?
    Windows 2000 Service Pack 3 is a roll-up of both previous service packs plus all the key interim security updates. It also contains many bug fixes, compatibility updates, base OS tweaks, directory services patches, and more. For a full list of the fixes, see List of Bugs Fixed in Windows 2000 Service Pack 3 (Q320853).

    One of the larger features SP3 installs is Windows XP's Automatic Updates feature, which can automatically check and download system patches and fixes, and then install them with your permission. Here's where you can find out more about Automatic Updates for Windows 2000.

    There's gobs information about Win2000 Service Pack 3 in Microsoft's Service Pack 3 Installation and Deployment Guide. Be sure to check I out. For example, you'll find sections both on installing and removing SP3.

    Installing Win2K SP3
    Speaking of which, before you install it, read the SP3 Release Notes and Readme. Some people have run into problems with this service pack (a fact you can say about any Windows service pack). So far, I'm not hearing about an inordinate number of problems. I have only installed the update on one machine, and I have not had any trouble.

    My friend and ex-Winmag colleague Serdar Yegulalp has a tale in the latest issue of his Windows 2000 Power Users newsletter about a reader who ran into a serious installation problem with SP3.

    Details
    Windows 2000 SP3 may be installed in three ways. Two are downloadable and one is CD-based. The CD and the larger download are exactly the same. Each contains 125MB worth of stuff, which is installed over your existing installation, regardless of what patches or service packs you already have installed. Microsoft recommends that you do not remove previous patches before installing SP3. The 125MB download is called the Network Installation. With this method, you can re-use the service pack download for multiple PCs.

    Because for a lot of people, a 125MB download is a big deal, Microsoft is also offering an Express Installation online install. This method checks your PC to see what you already have installed, and you only download the stuff you don't already have. Microsoft estimates that the average size of SP3 Express Installation is 22MB for Win2000 Professional and 33.6MB for the Win2000 Server family. With Express Install, you cannot use the same download to reinstall the service pack on other computers.

    SP3 is free to all downloaders. If you opt to purchase a CD, the price is $19.95 in the U.S. and $27.45 in Canada. Both prices include shipping. You can order online, by phone (toll free), by fax, or by mail.

    Experiences
    I've installed SP3 on one Windows 2000 Pro machine so far. I had zero problems with the installation, and have had no trouble so far. I downloaded the 125MB Network Installation option. To install it, I just double-clicked the W2Ksp3.exe file. It was extremely straightforward.

    But SFNL reader Sande Nissen had a different experience. Here's what she wrote to me recently:

    Here's a possible gotcha in SP3: On my Windows 2000 Pro IBM ThinkPad, I had upgraded to Internet Explorer 6.0, so I could take advantage of continuing support and security patches. To go with IE6, I installed Windows Media Player 7.1 with its cumulative security patch. After the SP3 upgrade, guess what: IE was reverted to version 5.01 and the WMP cumulative security patch was gone! I had to reinstall IE6, reinstall its cumulative security patch, and then reinstall the Media Player security patch.

    I read all the posted information about SP3 at the Microsoft website, and nowhere did it say anything about downgrading IE, or how to prevent such an action.

    This may be an isolated problem though. On two other brands of computers with IE6 already installed -- Compaq and Gateway desktop computers -- installing SP3 did not change the IE version. All were original installations of Windows 2000 Pro, none OEM or upgrades. --Sande Nissen

    Let's hear your experiences. If you've installed Windows 2000 Service Pack 3, how'd it go? Did you have problems? If so, what problems? Did it go off without a hitch? Let me know either way.

    Back to the Top


    Product Beat: ChoiceMail, Linksys Firewall, ZA 3.1 Free
    Three new products stand out this time around, each of which is security oriented. ChoiceMail goes after spam -- and succeeds. Linksys and Zone Labs have each issued new firewall products.

    DigiPortal's ChoiceMail Spam Fighter
    I learned about this product from SFNL subscribers who are using this software and service to prevent unwanted spam. Of all the solutions I've heard about or tested to date, DigiPortal's ChoiceMail is the most promising.

    Here's how it works. You purchase the $40 ChoiceMail client software. It's designed to work cleanly with Outlook Express 5.x or greater and Eudora Email 4.x or greater. It can also work with Outlook 98, 2000, and 2002 or Netscape, but it needs some manual configuration in those programs. Other limitations: Works with Windows NT, 2000, XP, 98, and ME only. It only works with POP3 email. In other words, it doesn't handle IMAP, Web mail (like Hotmail, Juno, or Yahoo, nor the proprietary mail systems of AOL or MSN. There is also a 14-day trial version.

    ChoiceMail blocks all unauthorized email, and you train it by managing a white list and a black list. The whitelist is your list of approved mail senders. The blacklist is the list of senders you want to reject automatically. When you set up ChoiceMail, you can automatically import all the email addresses in your address book to speed up the whitelist process.

    Any mail originating from a sender whose email address isn't on either list is held temporarily. The sender is required to give his name, email address, and reason for sending the email. He or she must also read a short alphanumeric phrase shown in bitmap (so it cannot be copied and pasted) and then type it into a field. You get that information from the sender, and you have the option at that point to approve or deny. So it's a one-time authorization. The process for the sender takes about 40 seconds, so it's relatively painless.

    There's a lot more to this, but I'll save that detail for a future review. In the meantime, I want to point out a couple of problems with this system. If you subscribe to something like 347 newsletters, like I do, virtually all of those are going to be rejected right away. There are things you can do about that, because you can review the rejected emails and place their senders on your white list. But it's an issue. Secondly, if, again like me, you have a public email address -- one that is designed to accept email from hundreds or thousands of unknown senders, this really isn't going to work well at all for that account. The ChoiceMail program does not have to apply to all your email accounts, though. You can set it up to work with specific ones.

    All in all, ChoiceMail is an excellent, very well thought out solution. It's the best thing to come along to fight spam since spam started.

    New Linksys Firewall Router
    The prolific folks at Linksys released a new version of their EtherFast series of broadband routers with firewall protection. The four-port Cable or DSL routing product, called the Linksys BEFSX41 EtherFast Firewall Router, has an estimated $120 list price, and offers stateful inspection of packets and built-in protection for a variety of common security exploits, including denial of service, IP spoofing, and pings of death. It also supports two VPN tunnels and supports Universal Plug and Play (UPnP). I'm running a test unit right now in the SFNL Labs, and I'll report on this guy in an upcoming issue of the newsletter.

    New Free ZoneAlarm 3.1.291
    Last time I reviewed Zone Labs' new ZoneAlarm Plus 3.1 firewall product. And in that story I mentioned that the freeware was due shortly. Since then, Zone Labs began shipping the free version of ZoneAlarm 3.1, just as I said. For the differences between the versions of ZoneAlarm, check this comparison page. And use this link to download a copy of free ZoneAlarm 3.1.

    Almost everything I wrote about ZoneAlarm Plus 3.1 in last month's review applies to the free version. So check that out before you try this or upgrade.

    For the record, I've received serious numbers of complaints about every new version of ZoneAlarm that's come along since version 2.1.44. Many people dislike ZoneAlarm 3.x, both because of user interface and operational issues. Others, though, prefer it. In my experience, 2.6 is a better version for Win9x and 3.x is a better version for Windows XP. But even that is just one man's opinion. You might want to decide for yourself.

    Even though it is perfectly possible to install ZoneAlarm 3.1 as an upgrade of a previous version installation, I recommend against doing that. Uninstall the old version and install 3.1 fresh. You are far less likely to have problems that way.

    Does your company have a new computer product of interest to this newsletter's readers? Submit it to Product Beat.

    Back to the Top


    StarBand Interview
    There are all sorts of rumors and innuendo swirling around about StarBand's Chapter 11 filing. A small handful of SFNL subscribers have recently contacted me about Starband-sucks.com, which I spent some time looking at. The character who runs the site, who doesn't use a real name, provides a very long commentary on his experiences with StarBand. Because I've had StarBand's service since January of 2001, I can sympathize with some of his experiences. For a good part of 2001, StarBand didn't work well for me either. I also had considerable trouble getting the 360 installed, and the cause wound up being faulty documentation. All of this has been covered in more than a dozen stories I wrote about StarBand and DirecWay-powered Pegasus Express.

    Since January of 2002, though, my StarBand service has been pretty good. Granted, I have both DSL and now cable Internet, so I don't use it all day long. But in January of this year, I hooked StarBand up as the main service used in SFNL Labs, which means the whole house. And it did very well indeed. It's always running here, and I check it frequently. All in all, today's StarBand isn't as described on the Starband-sucks.com website. It's a lot better than that. Still, it isn't perfect by any stretch. As I describe in several reviews (see link above), two-way satellite Internet services make trade-offs that affect many types of non-browsing Internet functions.

    My head-to-head review of StarBand and Pegasus Express (DirecWay) is worth reading if you're considering two-way satellite. Let me sum it up for you quickly, though: StarBand came out ahead. If cable or DSL are available to you, skip StarBand or any satellite service. Even 144kbps IDSL (a sort of hybrid between ISDN and DSL) is probably a better solution than StarBand. StarBand is definitely better than ISDN or analog dial-up.

    All that said, after perusing the Starband-sucks.com site, I decided it was time to interview StarBand about where the company stands on its bankruptcy proceedings, its recent agreement with EchoStar, and its plans to emerge from Chapter 11 protection. My telephone interview was with David Trachtenberg, president and chief marketing officer, and Sheila Blackwell, public relations manager. Any time a company is in Chapter 11, there are legal limits on what its representatives can say to the public. But here's the gist of what I learned.

    StarBand is actively seeking to come out of bankruptcy protection in the September to October timeframe. Probably the most likely option is that outside investors or another company will purchase a large stake in the company, effectively bailing it out of its financial woes.

    EchoStar still owns a 30-32 percent stake in StarBand, but it no longer sits on the board and no longer holds sway on management decisions, according to Trachtenberg. This is part of an agreement struck between EchoStar and StarBand. In return, StarBand gave up on trying to collect money it perceived that EchoStar owed it.

    One of the biggest changes is that StarBand is now serving all its customers directly. Instead of EchoStar billing its customers, StarBand will be billing them. According to Trachtenberg, EchoStar and StarBand have jointly agreed to continue fulfilling the Dish Networks/StarBand Internet services that some customers purchased, and at the prices they agreed to pay. The only difference is that they'll be getting two invoices instead of one.

    Although StarBand subscriptions have been somewhat flat in recent months (presumably because customers whose one-year contracts are expiring have decided to leave) at around 41,000, Trachtenberg says it has increased its dealer network to 1,800 including Puerto Rico and the U.S. Virgin Islands, where it has recently rolled out new service. Under EchoStar, Trachtenberg says StarBand had 1,100-1,200 dealers. The company is also marketing the StarBand Small Office high-speed SOHO product, and it's planning to release a new version of its modem, which I hear can be used with a hardware router.

    StarBand Small Office is supposed to be turned on at SFNL Labs some time in the near future. The new service uses the same equipment as the consumer StarBand service, but it improves performance up to 1Mbps, provides a static IP address, supports VPN, includes 15 email accounts, and other benefits. StarBand Small Office comes in two variations, 3-user and 5-user, which cost $129.99 per month and $169.99 per month, respectively.

    See Q&A later in this issue for additional comments about StarBand in light of the Chapter 11 filing.

    Back to the Top


    Announcement About Advertising in SFNL
    Effective with the next issue, Scot’s Newsletter is accepting up to three advertisements per issue. So you could see two or even three ads beginning in September. Up to three ad placements will be spaced out throughout the issue. In the text issue, they'll be text ads. In the HTML issue and the website version, they'll likely be standard banner ads. The HTML version of the newsletter doesn't actually contain a banner ad; it calls the ad from the scotsnewsletter.com Web server, so this will not increase the size of the newsletter in your mailbox.

    As subscribers to a free publication, I ask that you not only accept these small additions to the newsletter, but also support the newsletter by investigating any advertisements that sound interesting. Advertising helps pay the bills at SFNL. Your contributions are also a major help. Ideally, though, advertising and contributions (and eventually paid subscriptions to a "Plus" version of the newsletter) are what's needed to offset the costs of producing Scot’s Newsletter. Someday I might even make a little money. Who knows? But I'm still a long way from that now.

    Why is this happening? The simple truth is that I don't do any outbound selling of ad space for Scot’s Newsletter. But several advertisers came to me recently expressing interest. Some have already purchased long-term advertising contracts. I'm hoping to attract others.

    If you have strong opinions, pro or con, about the increasing emphasis on advertising in Scot’s Newsletter, I'd like to hear about them. Also, for anyone interested in details about advertising in Scot’s Newsletter, I've created the Scot’s Newsletter Advertising Information page. Write to sales@scotsnewsletter.com for more information about advertising.

    Back to the Top


    Windows XP Remote Desktop -- Part Deux
    The one thing I can promise you Scot’s Newsletter will always do is own up to its mistakes. After years of working at major computer magazines, I grew weary of the tendency that when the facts were gotten wrong, somehow we forgot to go back and correct the errors. Well, not here. I consider it bad mojo to leave you in the dark, or worse, to leave you with the wrong information.

    I haven't tracked down all the reasons why yet, but I gave you some wrong info last time about the limitations of Remote Desktop Connection (RDC) functionality in Windows XP (and other versions of Windows).

    It wasn't for lack of testing on my part. I just started with a bad assumption that came from not reading a Microsoft document carefully enough. Compounding that, I ran into a testing error, probably a problem on my host PC, that caused three different machines to absolutely require that the same name exist as a user account on both client and host PC.

    But let's skip the excuses. I made two large errors about the limitations of RDC. Here they are with the corrected information following.

    ERROR 1: I wrote that both the host and client computers involved in a Remote Desktop Connection must have Windows XP Pro installed. That's patently wrong.

    CORRECTION: The host PC must be a Pro box, but literally any version of Windows back to Windows 95 can quickly and easily connect to a Windows XP Pro Remote Desktop Connection host. Windows XP (both Pro and Home versions) comes with the necessary RDC software onboard. All these earlier versions of Windows -- Windows 95, Windows 98, Windows 98 Second Edition, Windows Me, Windows NT 4.0, and Windows 2000 -- can also function as Windows XP Remote Desktop Connection clients. To do so, they need only install a 3.4MB downloadable RDC client program whose filename is MSRDPCLI.EXE. The software is freely available from the Microsoft website.

    You can also find the client program on the Windows XP Pro and Home discs. To install the Remote Desktop Connection client from the XP CD to any of the approved versions of Windows, insert the disc into the client machine's CD drive, select Perform Additional Tasks, and click Install Remote Desktop Connection.

    Installation is fast and straightforward. In use, the separately installed client operates exactly the same as RDC works under Windows XP. For more information, check these references:

  • Remote Desktop Connection Client
  • Using Remote Desktop

    The RDC client program is also backwardly compatible with Windows 2000 and Windows NT 4.0 Terminal Server Edition. When using the newer client to access those older servers, you get the features of the original Terminal Server Client.

    ERROR 2: The second error I made was in saying that both PCs must have the same Windows user name. When I tested this earlier, the host PC repeatedly required several client PCs to have a user account with the same name as the one I was accessing on the host PC in order to connect. But retesting that now (with a different suite of PCs), I see that clearly isn't the case. There was something amiss on my earlier host PC. (After stripping out some settings and doing some other stuff, the problem went away there too.) An abetting factor: Several Microsoft tech docs -- particularly in the onboard Windows XP Help system -- are worded in ambiguous ways, and seemed to lend support to my misunderstanding. Here's the straight info.

    CORRECTION: It is not at all necessary for the client PC to have a local user account with the same name as the host PC. The only bits required at the client PC end are these:

    1. Host PC's computer name
    2. Host PC user name and password

    There's one limitation I didn't address that bears mentioning. In addition to being configured to accept Remote Desktop connections, the user account on the host PC must either be an Administrator or a member of Windows XP Pro's Remote Desktop Users permissions group. If the PC you're setting up as the host does not have Administrator privileges, follow these steps to add it to the Remote Desktop Users group:

    1. Open Control Panel > Administrative Tools > Computer Management > Local Users and Groups.

    2. Double-click Users on the right pane.

    3. Double-click the user name you want to enable Remote Desktop host functionality with on the right pane.

    4. Click the Member Of tab and then the Add button at the bottom.

    5. Click the Advanced button on the Select Groups dialog.

    6. Click the Find Now button.

    7. Click the Remote Desktop Users entry in the search results field and then click the OK button.

    8. Click OK on all remaining open dialogs and close Computer Management.

    Note: These steps are outlined for a peer networking environment. It's likely that options will be slightly different under Windows client/server and Active Directory environment.

    CLARIFICATION: Let me be far more clear about another very specific RDC limitation than I was in the last issue. The host PC user name (or account name) that serves the Remote Desktop Connection must have a login password. The client PC must provide the host PC's computer name, user name, and password to initiate every new session. You'll get an error message and no connection if the host user account does not have a password enabled.

    FIREWALL ISSUES: Another potential limitation I didn't address last time is that when the host PC is behind a firewall, the firewall may need to be configured to permit two-way communication on port 3389, which is the port Remote Desktop uses. Each firewall is different, so I can't tell you how to do that for your environment. It is also possible to change the port that Remote Desktop uses. See Microsoft KnowledgeBase article Q306759, How to Change the Listening Port for Remote Desktop, for more information about that.

    The rest of the information I wrote for the last issue was by and large correct, though tinged in one or two places with the wrong point of view. I have completely rewritten that topic, fully updating the website version of the last newsletter. So if you're looking for a reference you can work step-by-step from, that page is your best bet.

    A number of SFNL readers helped to set me straight and contributed in large and small ways to the information I've just given you. I want to thank some of them: Tadeusz Atanowski, Matthew T. Blackmon, Alex Byron, Harley Feldman, Russell Gilbert, Stefan Jodar, Jeff Johnson, Michael Levitt, Scott E. Maier, Jeff Preou, Al Romanosky, Colin Sewell, Jackson Stephens, and Dave Wade. Special thanks to Haydn Hilling, who went above and beyond the call of duty. I always welcome constructive criticism and corrections (even though I'm sometimes not as gracious about them as I'd like to be). SFNL readers continue to prove to me that I'm always learning and that computer people are a lot more helpful and friendly than we get credit for.

    If there's anything you'd like to comment on or point out about Remote Desktop Connection, fire away.

    Back to the Top


    Q&A
    Four new questions and answers this week on EMF, which satellite service to buy, dumping Windows login, and surge protection for cable modems.

    CRT 'Radiation'?
    Question: : Should I be using a radiation filter on my CRT (cathode-ray tube) monitor? If so, any specific brand? What about the radiation emitted from the CPU? How far from your body should that be? --Ed "JC" Mendus, posted on the Computer America Radio Show Tech Talk bulletin board

    Answer: : There is some EMF (electromagnetic field) radiation from CRTs and computers and, in fact, virtually everything electronic, and a lot more things. See TechEncyclopedia on the subject. The truth is, they really don't know whether EMF is harmful to humans or not. But people in the computer field don't seem to be stricken with diseases (other than those stemming from being sedentary) more than those who are not. It's the collected wisdom of computer users everywhere that CRTs don't cause ill health, and certainly not CPUs. I would be more concerned about eye fatigue and other eye problems or repetitive-stress injuries associated with using computers. Everything in moderation.

    I do have one suggestion for you, though. It's not a cheap alternative. But it is one I have adopted whole-heartedly: Buy an LCD (liquid crystal digital) flat-panel display. They've come down significantly in price over the last year or two. In the Scot’s Newsletter Labs, where I work, I have more than 15 PCs and not a single CRT. Each of my PCs has its own display, too. (I'm not using KVM switches.) I don't use LCDs because I'm concerned about EMF though. While it's true LCDs give off almost no EMF, what I like most about them is that they use less power, give off less heat, and take up a lot less space. CRT picture quality is slightly better, but I had no problems adapting. Something to think about. --S.F.


    StarBand or DirecWay?
    Question: : I just read your review of StarBand vs. Pegasus. Good job! Since I live too far out for DSL or cable I must take the satellite plunge. Any last recommendations? --Bill Northrup

    Answer: : I still prefer StarBand over the DirecWay (DirecPC, Earthlink, Pegasus Express) service, but StarBand's Chapter 11 filing (discussed both earlier in this issue and in last issue) does complicate things. This happened because of boardroom politics. EchoStar owns 30 percent of StarBand, and it is in the midst of trying to purchase StarBand's competitor, Hughes, which owns DirecWay.

    But whatever the cause, nothing is certain in a Chapter 11 situation. My gut tells me that they will re-emerge, and I think the change will be for the better. The EchoStar relationship was never all that healthy. There has never been any interruption of the StarBand service because of the Chapter 11 filing (May 31, 2002), and the company is continuing to fulfill new customer orders.

    In practice, StarBand's service is better and more reliable than DirecWay's. It's no contest. The big issue here is your upfront costs in buying the satellite dish, transceiver, and modem. They don't come cheap from either company (especially not from DirecWay). And the installation is sometimes expensive too. So if StarBand goes out of business, you would be out that upfront charge. The actual amount varies, although right now it's $200 for StarBand (less than usual).

  • StarBand pricing
  • DirecWay pricing

    Here are some details that may help you decide. Both services have a one-year contract, you're bound to pay them anywhere from $60 to $100 (depending on service levels, and that's just for the consumer versions) for a year. If StarBand goes fully belly up, of course you'll be let out of that contract. If it goes only partially belly up, you could wind up with a problem. Meanwhile, DirecWay is owned by a company that is not at all responsive to its customers and also in middle of a huge merger being considered by the FCC because of possible antitrust issues. That process will probably go on for at least a year. An unresponsive company that now has a huge distraction is also not a great situation.

    The indoor cabling in your house is the same for either company. So if you start with one and wind up with the other, you won't have to go through that part of the installation again. One difference that is often overlooked, though, is that the satellites of the two companies are not at the same point in the sky. If you have a lot of trees, neighboring buildings, or other obstructions near to where you live, one or the other of these services may be the only one you can get because the other's dish may be totally blocked for direct line of sight to the satellite.

    The satellites of both companies are in the southwestern part of the sky (for anyone living in the northern hemisphere). In the northeastern part of the U.S., the DirecWay satellite is several degrees farther south than the StarBand satellite. In my yard, that made installing the DirecWay satellite quite a bit harder, since I have a lot of trees and foliage due south. I actually hired a tree service to come in and clear away a section of the sky where the DirecWay dish was expecting to find a signal. [Editor's note: Oh, so that's what happened to the back yard. Think green, people! --Cyndy.]

    Finally, whatever you decide, prepare to be disappointed by the performance and consistency of the service. Both of them tend to wider ups and downs than other broadband services. --S.F.


    Say Bye to Windows Login
    Question: : Where do I go to turn off that annoying "Password for Microsoft Networking" screen that comes up before I can get to my desktop? I am running Win98SE. -- Don St. Luke, posted on the Computer America Radio Show Tech Talk bulletin board

    Answer: : Hi, Don. You've asked one of the perennial questions that people ask about Windows 98. There are a few ways to turn the Windows Login dialog box off. There are also ways that you can get into trouble with it. One way is by pressing its "Cancel" button. So don't do that. Also, if you don't want a password, just enter no password, but be sure to click OK. Here are the two easiest solutions for disabling the Windows login.

    I. The Microsoft Family Logon Method
    If you properly install Microsoft Family Logon, the Windows Login dialog should go away. Follow these steps to install it:

    1. Right-click Network Neighborhood and choose Properties (or open the "Network" Control Panel).

    2. Click the Add button.

    3. Double-click the "Client" entry.

    4. Select "Microsoft" on the left side.

    5. Double-click "Microsoft Family Logon" on the right side.

    6. Click OK.

    7. You may need to insert your Windows 98 CD at this point, or Windows may find the files it needs automatically (depending on how your computer is set up).

    8. Restart your computer.

    II. The Tweak UI Method
    The second solution is to install Microsoft's unsupported PowerToy, Tweak UI 1.33. You'll find everything you need to download and install Tweak UI from this Scot’s Newsletter Tweak UI page.

    Once Tweak UI is installed, access it from the Control Panel. Select the "Logon" tab. Put a check in the box beside "Log on automatically at system startup." Then in the spaces below, enter the information you normally enter into the Windows Logon box. Be sure to get this right. Don't put anything new in these boxes. --S.F.


    Cable Modem Surge Protection?
    Question: : I have a U.S. Robotics external cable modem. I pay a small fee per month to my cable ISP to cover insurance for a new cable modem in case lightning destroys my modem. Where I live we have many lightning and thunderstorms in the summer months, and I understand lots of people have lost their modems as a result. I now use two surge protectors for my system (two are normally sufficient, I've been told). Someone said that you can add a special surge protector to the cable modem that would protect it from lightning, because supposedly lightning can travel through your cable. Please advise your take on this, and where I might purchase a cable modem protector. -- Vasco Small

    Answer: : I do recommend that you protect the cable Internet line itself in addition to the power line. In fact, phone and cable lines are more prone to lightning damage than power lines. They usually aren't grounded, or aren't well grounded -- both on the pole and in your house. So the advice you received is good advice.

    Many surge protectors come with phone line protection these days. But I have never seen coax cable line protection in a surge protector. So I can't advise you from hands-on experience. But I can suggest ways you might find out:

    1. Call your cable company. They should be able to advise you.

    2. But if that doesn't work: Call the companies that do surge protectors, such as APC, Kensington, Belkin, Newpoint, Esselte, and so forth. DealTime has a list of them. I did a little snooping around for you, and this DealTime page lists some coaxial surge suppressors. APC's ProtectNet for Coaxial Cables, $22.95, from Computers4sure.com, looks particularly good to me.

    You should definitely check with your cable company before purchasing to make sure that these products won't interfere with the quality of your signal. --S.F.

    Send your burning question to the newsletter and look for an answer in a future issue.
    Back to the Top


    SFNL's Broadband: Cable Internet At Last
    It happened. I've been waiting since June of 1999 to get a cable modem back. You see that's when I moved to a new much bigger and nicer house in a tonier town just down the road from where close relatives live. But unfortunately, it's a town that didn't have cable Internet service, until about four weeks ago. The fact that I'm highly experienced with DSL, ISDN, satellite broadband, as well as cable Internet is in part due to that move. But when I made the move, giving up my MediaOne cable Internet service, I never thought I'd have to wait three long years to get cable Internet back. [Editor's note: You can bet I didn't expect to hear about how awful that was for three long years either. --Cyndy.] My worst-case scenarios involved a two-year wait. But Cablevision sold to AT&T, and then AT&T had financial woes, and was being sniffed by Comcast, and then they agreed to merge. All that took three years.

    In the event, my installation on July 25 was almost completely uneventful. The installer arrived precisely at 11AM, the time he was scheduled to come. Through some prior negotiations, I had managed to work out that AT&T Broadband (ATTb) would redo the drop, that is, the wiring from the pole to my house. I also got them to agree to split the cable inside my house, which gets the cut away from the elements. I paid electrician David Caron about $1,000 to rewire my entire house with high-end RG-6 quad shielded coaxial cable. He ran seven different lines, each of which was an isolated run from my basement to the endpoint, with no splits. My living room, family room, dining room, office, bedroom , and older boy's bedrooms all got cable TV lines, and my office got the cable Internet line.

    When the ATTb guy showed up, he reinstalled the drop and ran the line into my basement. First he installed a two-way splitter, with one line going to the cable Internet and the other getting a data filter. From the data filter, the line went to an ATTb signal amplifier, which requires AC power. Then it went to an eight-way splitter that handles all the digital TV connections. Picture quality is excellent, although it's not quite as good as my Dish Networks satellite cable TV service with WebTV digital video recorder. But it's darn close.

    I think the surprising thing to me was that the ATTb technician was able to run the new drop, set up two TVs with new boxes, do all the wiring in the basement, and check out and test the cable Internet all in two hours. I helped him with some of it because we got friendly, and that sped things up a little. After he left, he told me to wait 15 minutes and then run an installation disc and follow instructions. It literally took me under 10 minutes to get the connection working. But all told it was about 20 minutes, only because I had to disable my network temporarily. (Your computer has to be connected directly to the network without a broadband router in between during the setup procedure.)

    After setup was completed, I was able to reconfigure my network with the Linksys 8-port EtherFast Cable/DSL Router. I had no trouble with that. ATTb assigns IP addresses dynamically, and once you make that setting on the Linksys Web-based config screen, the rest of it takes care of itself.

    In the end, the installation process -- both the wiring and the computer setup -- went very smoothly. In fact, I've never had a broadband installation go that well, and this one is my ninth or tenth.

    So what about performance? Subjectively, Web surfing seems about the same as my 384kbps SDSL service, but when I download software, that happens up to five times faster than my SDSL connection. My data-transfer rate results measure anywhere from 1.1Mbps to 1.4Mbps. On a good day, my SpeakEasy SDSL connection tests outs at 25kbps to 320kbps.

    For more information about data-transfer rates, including common conversions, see the Scot’s Newsletter Data-Transfer-Rate Conversion Table.

    By the way, if you're looking for a bandwidth test, there's still no better place to find one than past Link of the Week: TestMySpeed.com.

    Now that I have cable Internet, I've got the three main types of SOHO broadband available: cable, DSL, and two-way satellite. You can expect stories in future issues that talk about the differences and also about using cable and DSL together -- because there are tools that let you bond multiple services. I recognize that many of you don't have either DSL or cable Internet available to you, let alone both of them. But a growing number of people do. The notion that you could "bond" the two services together for increased performance and reliability is very interesting, and I plan to cover it.

    What's your broadband story? Whether it installed like a dream, or became an utter nightmare, tell SFNL readers about it.

    Back to the Top


    Win 98 Support Extension, and SFNL's Windows Coverage
    In the last issue I reported on a change of status for Win 98's life cycle. But despite checking this point with Microsoft, the information I provided originally was a little off. Free telephone support was extended an additional year, until June 30, 2003. But Microsoft did not extend the overall life of Windows 98 and Windows 98 Second Edition -- something I didn't make clear. What it did was lengthen the "Mainstream phase" during which limited free telephone support is available into the one-year interval when the "Extended" support phase had been planned. During the Extended phase, all telephone support is usually fee-based. So it's as if Microsoft has just eliminated the Extended phase for Windows 98 and Windows 98 Second Edition, and extended the warranty period, during which Windows 98/SE retail buyers are permitted two free tech support phone calls.

    The website version of the last issue of Scot’s Newsletter has been revised with the correct information. So if you want more detail, including links to support options and Windows version life cycles, check there.

    Scot’s Newsletter Windows Version Coverage Update
    There has been no hue and cry or drop off in subscriptions since I announced a few months ago that I no longer had Windows Me installed anywhere in SFNL Labs for test purposes. At that time, I also mentioned that Windows 95, though still in the labs, wouldn't last the year. The time has come for a change on both points.

    The bad news is that I am donating my last Windows 95 PC to a local charity, so SFNL will no be able to test Windows 95 issues. Doesn't mean I'll never cover Windows 95, but I won't be able to test what I write. If something important arises, I can always install Windows 95, somewhere. To be figured out then.

    The good news is that I've changed my mind about my coverage of Windows ME. I still don't like the operating system, but enough SFNL readers are running it (because of new PCs they bought last year with ME preinstalled) that I can't ignore the operating system. In fact, I think it's probably more important to have that one around than some others because people are apt to get into trouble with it. So here's a recap:

    Windows Versions Covered by SFNL:

  • Windows 98
  • Windows 98 Second Edition
  • Windows ME
  • Windows NT 4.0
  • Windows 2000
  • Windows XP

    The emphasis is on Windows 98 Second Edition, Windows XP, and Windows 2000. Assuming you meet the system requirements, those are also the versions of Windows I recommend as preferred. If I had to pick one version of Windows to recommend, it would be Windows XP.

    Back to the Top


    Link of the Week: Kartoo.com
    In the vernacular, this Kartoo is just wicked cool. Kartoo.com is the ultimate linkmaster of the Web. If you own or are affiliated with a website, it'll show you a visual map of the other websites that are linking to you. It also summarizes the topic they're linking to and shows complex interrelationships between sites. The company calls Kartoo a visual search engine, but to me it's more along the lines of relationship matching. But then maybe I just haven't spent enough time with it yet. Whatever you call it, Kartoo is like nothing else you've seen on the 'Net. A hands-down Link of the Week.

    Have you discovered a relatively unknown Windows- or broadband-oriented website that everyone should know about? Please send me the URL, and let me know why you liked it.

    Back to the Top


    Tip of the Week: Desktop on a Menu
    This is the first Windows tip I ran in Windows Insider back in July of 1999. It was developed for Windows 98, and the original idea was contributed by Stephen V. Ciaglia. It makes most things you access on your PC available from a single cascading pop-up menu mounted conveniently as a "button" on the Taskbar.

    Think of it as putting your desktop and file system on a menu. When you click the button the tip creates, you'll see everything on your computer mounted on a pop-up menu, and as you pause your mouse pointer over "container objects," like My Documents or My Computer, a cascading submenu appears -- revealing all the drives, files, folders, programs, and other icons at that level. What's more, you can keep delving into lower levels of your PC, so you can reach every single folder and file on your every drive of your computer, including CDs and ZIP drives, even network volumes. There's really only one catch: You have to have Internet Explorer 5.0 or newer installed.

    The Desktop on a Menu tip takes only a few seconds to configure. Right-click any empty part of the Taskbar. Select Toolbars > Desktop from the context menu. That's it. (On older versions of Windows, you may have to select Toolbars > New Toolbars > then scroll all the way upward, click the "Desktop" icon, and click OK.)

    On some PCs, you'll see the chevron (two bold greater-than symbols, like this: >>) just to the left of the system tray area on the taskbar. Under other versions of Windows, you'll see the word Desktop followed by the chevron. And on older versions of Windows, the new Desktop toolbar may spread out across your Taskbar, using all available space. If that last thing happens to you, grab the handle just to the left of the Desktop label and slide it as far to the right as it will go, so all you see is the word "Desktop" followed by the chevron.

    A chevron indicates there are more items available but not currently visible. When you click right on the chevron itself, you'll see a giant menu open. The more things on your desktop, the more things you'll find on this menu. And container objects, like folders, My Computer, and so on, cascade their contents off into submenus. Once you try this powerful menu, you'll see how much it can do.

    Note: This tip can be localized on any folder, drive, or Windows structure you find in the New Toolbar selection dialog, including Control Panel, Printers, My Documents, My Computer, Dial-Up Networking. The two we like best are Desktop and My Documents. It's very easy to turn the feature off. Follow the same steps and click the Desktop entry to remove the checkmark beside it.

    I've tested the tip under Windows 98, 2000, and XP. There's a bit less value to the tip under Windows XP because Microsoft's improvements to the Start menu provide some of the same advantages, or at least they can if you configure the Start menu properly.

    Cascading Control Panel II
    Last week's Cascading Control Panel tip has an error in the first step, which should have read: "Right-click a blank area of the taskbar and choose Properties." It's been corrected on the website version of the newsletter. I also didn't do a good job of explaining things to Windows 2000 and ME users, whose user interface is very slightly different. My apologies about that. (Doing Windows tips is getting a lot more complicated these days.) Here's the Cascading Control Panel tip specifically for Windows 2000 and ME:

    1. Right-click a blank area of the taskbar and choose Properties.

    2. Click the Advanced tab.

    3. Scroll down (if necessary) and put a check in the box beside "Expand Control Panel."

    4. Click OK.

    Thanks to the many folks who wrote to me about this, especially Dan Buck who took the time to help me work out the Windows ME differences.

    Do you have a Windows or broadband tip you think SFNL readers will like? Send it along to me, and if I print it in the newsletter, I'll print your name with it.

    Back to the Top


    Summer Schedule Ends Soon
    The next issue of Scot’s Newsletter is slated for September 12. Thereafter, SFNL is off its reduced summer schedule and back to every-other-week issues. Northern Hemisphere folks: Have a great rest of your summer.

    Back to the Top


    The Fine Print
    If you like this newsletter, I need your help spreading the word about it. Please share it with friends and co-workers, and encourage them to sign up! It's free.

    Visit the new Scot's Newsletter Forums.

    Subscribe, Unsubscribe, Change Email Address or Message Format
    You can unsubscribe at any time; I don't believe in captive audiences. The website subscription center is the easiest way to manage your Scot’s Newsletter subscription. Changes take only a minute or two. You must select your message format — Text or HTML — even for address changes or unsubscribes.

  • Unsubscribe
  • Unsubscribe Help and Options
  • Subscribe
  • Change Email Address or Message Format (HTML or Text)

    Contributions
    To help with the cost of creating and distributing the newsletter, I accept contributions via PayPal and Letter Mail. For more information on donations:

  • Sign-up for PayPal (if you don't already have it)
  • Option #1: Donate via PayPal
  • Option #2: Donate via Letter Mail

    Contact
    Send comments, suggestions, or questions about this newsletter. Don't be bashful about telling me what you like or don't like. Send emails related to editorial content (only) to scot@scotsnewsletter.com.

    Please address advertising inquires (only) to: sales@scotsnewsletter.com



    Sign-up for PayPal.

    Support this Newsletter by Donating Today.
    Or donate via Letter Mail.

    How to Link to Scot’s Newsletter

    Copyright © 2001-2007 Scot Finnie. All Rights Reserved.
    Ten Myths About Copyright Explained.


    You are subscribed to Scot's Newsletter HTML EDITION as: $subst('Recip.EmailAddr')