Scot’s Newsletter

Windows and Broadband Information You Can Use!

 
NEWSLETTER ISSUES

 
 02-03-2003

 01-21-2003

 12-23-2002

 12-09-2002

 More Back Issues

 Please Subscribe

 
 
 
 
OTHER LINKS

 
 The Forums

 Product Reviews

 Let’s Fight Sp@m!

 NetBEUI and Win XP

 PayPal Donate

 Letter Mail Donate

 
 
Get free email delivery of this newsletter!

Recommend Scot’s Newsletter to a Friend!

January 21, 2003 - Vol. 3, Issue No. 38

By Scot Finnie

IN THIS ISSUE

  • Review: Software Firewall Agnitum Outpost 1.0
  • Spamnix for Eudora Upgrade: Build 41
  • Let's Fight Spam, Part V
  • AT&T Broadband Email Addresses To Change Again
  • Slippery Slope Wars
  • How Can We Make Scot’s Newsletter Grow?
  • More and More on Java Virtual Machine Versions
  • Q&A
  • Link of the Week: DSL/Cable Webserver
  • Tip of the Week: Installing Win2K's NetBEUI in XP
  • SFNL Errata
  • Scot’s Newsletter Schedule
  • Subscribe, Unsubscribe, or Change Subscription.


    Review: Software Firewall Agnitum Outpost 1.0
    It's refreshingly simple. Agnitum Outpost is a full-featured yet light-weight personal firewall product with application scanning and basic intrusion-detection features. It offers a good balance between ease of use and protection. The emphasis in Outpost is on practical ease of use. It doesn't have the sort of software design that Symantec or Microsoft provide -- lots of code that automates the user interface -- but it does have this sort of thinking in small, prudent doses.

    The best example of that is the application Rules Wizard, a dialog that pops up automatically to help you create rules that govern inbound and outbound Internet activities specific to your applications and operating system. Although imperfect, this tool is a welcome advent in any software firewall, and something that's missing in products like Sygate Personal Firewall and Tiny Personal Firewall (at least, the last version I reviewed).

    The bottom line with this roughly 2.5MB download software firewall is that it works, and while not quite as easy to use as Norton Personal Firewall 2003 or Norton Internet Security 2003, it's a much simpler program overall. It's about as easy to use as Zone Labs' ZoneAlarm 3.x in most settings. The simplicity has a long-term advantage that could also bring greater ease of ownership with less likelihood of conflicts or problems with other programs.

    Another feature Agnitum provides is the Trusted Zone with a very simple user interface design. You can also configure for trusted NetBIOS communication in a separate but similar dialog. I find these features easier to configure than in either the Norton or Zone Labs products, although for people less experienced with networking, they aren't very discoverable -- which could be a problem. There's also little context sensitive help on these subjects. The good news is that like everything else about Agnitum Outpost, the separate help-file documentation is refreshingly well-written. Although concise, there's just enough get-to-the-point information to answer most questions. One thing I noticed, though, the docs are out of date in places and need revision.

    What About Security?
    Like every firewall I test, I subjected Agnitum Outpost Pro to a standard battery of firewall tests, described on the Firewall Test Suite and Methodology page. It performed well in those tests, ranking up there with the best software firewalls I've evaluated. Outpost 1.0 aced the Gibson Research, PC Flank, and AuditMyPC tests. It also did a great job of preventing malicious executables from accessing the Internet by employing the same filenames as Outpost-trusted applications (tests conducted with Gibson Research's LeakTest 1.2). It did well in the HackerWhacker port-probe tests. The only indication of any vulnerability in Agnitum Outpost came from my E-Soft SecuritySpace test. It turned up a couple of very minor "low risk" issues, the same ones I've seen with most every personal software firewall I've tested. In other words, Agnitum Outpost is as impervious to *known* Trojans, denial of service, and port probe attacks as ZoneAlarm, Sygate, and Norton Personal Firewall. That's good company indeed.

    I did find that Agnitum Outpost needs more hand-holding to accomplish this level of security than some other firewalls. I sometimes had to create and then refine specific application rules. During some of my benchmark tests, I was prompted that an outside source was using such and such a port to attempt to gain entrance, and was given the option of accepting, rejecting, or creating a custom rule. If I had opted to accept at this point, it would be like I didn't have a firewall at all. Same goes for program's that take on the filenames of trusted applications. I had to click a "Block It!" button to ensure security. That means that you need to know something about the Internet and your applications to make Agnitum work as well as, say, ZoneAlarm and Norton Personal Firewall.

    In July of 2001 I reviewed another personal firewall product called Tiny Personal Firewall 2.0. (This program is now at version 4.0). Agnitum Outpost is easier to use than Tiny Personal Firewall, but it's somewhat similar in its approach overall.

    Differences Between Pro and Free Versions
    I did not specifically test the freeware version of Agnitum Outpost for this review. Some of you, I know, may find that frustrating, since you have no plans to actually shell out $40 for the Pro version. I review the "pro" versions of most software firewalls because I believe you're better off using that level of product in this category. Most freeware software does not come with tech support, and some freeware firewalls are actually less secure. The only freeware software firewall I have ever recommended is ZoneAlarm, and even there, I think you'd be better off with the paid version.

    All that said, Agnitum Outpost's freeware version does not, according to documents provided by the company, compromise security in any way for an individual user. I'm basing that statement on this software firewall comparison chart Agnitum provides. Some notes about this chart: It's a little out of date. Also, I would not use this as my sole set of information to make my software firewall purchase decision about. It's a good piece of data, but like any vendor-supplied comparison chart it's slanted toward its creators.

    So, I will say this much about the free version of Agnitum Outpost: If you have to use a freeware firewall, and you're not going to use ZoneAlarm 3.1.195, then Agnitum Outpost Free would be a good choice. Some caveats: The free version won't work with Windows' Internet Connection Sharing (in fact, the Pro version doesn't support ICS in Windows 2000/XP) and it doesn't extend the cool multiple users/configurations features, password protection, global rules, or trusted IP address settings. It is possible that you don't need any of these things, especially if you have only one computer and you're the only person using it.

    Two Shortcomings
    There are two main drawbacks to Agnitum Outpost. The first, already mentioned, is that the built-in application rules only take you so far. And some applications attempting to use the Internet may pop up surprising defaults. If you choose to build a custom rule for an application, like Symantec's Norton Personal Firewall, you're quickly dropped off a cliff into a territory that requires sound firewall expertise. And it's not just expertise that's needed, but an understanding of how Outpost builds rules. Rule logging and rule modification are merged together in a user interface that's sometimes tough to figure out.

    Virtually all personal firewalls share the problem that when the average user needs to configure a process, the firewall doesn't always provide either a built-in default solution or enough ready information for a lay person to make a decision. A couple of times a month my wife or son call out to me saying, "Hey, I got one of those Zone Alarm thingies again, what do I do?" [Editor's Note: Ahem! Because I'm a regular reader of SFNL (and not because I'm a geek in my own right or anything), I know what to do when the ZoneAlarm dialog comes up, thank you. --Cyndy]

    The Zone Labs folks have taken the approach that providing information via in Help or via a Web page on their site about a specific process is the best way to help people make specific app configuration decisions. Symantec has taken the opposite approach, building in preconfigured rules for hundreds of known applications. Both approaches are good (although I would recommend a solid combination of the two).

    Agnitum really doesn't offer a deep solution in either vein, although Outpost comes closer to the Symantec approach and it does a better job at that than Sygate Personal Firewall.

    I would like to see Agnitum's developers elevate Outpost's level of application-scanning user-decision support. The semi-automatic rules-creation process was good for a 1.0 application, but much more is needed to make it work well for the average user. Agnitum has good bones, but it needs refinement.

    The second shortcoming is really more a buyer-beware piece of advice. Agnitum Outpost's default settings tend to be less secure than those of its better competitors. Part of the reason this product is so easy to use is that some of its sterner protections are turned off by default. For example, its intrusion-blocking features -- which block all traffic for so many minutes, block a specific IP address for so many minutes, and block a local port in the event of a Denial of Service attack is detected -- are all turned off by default. (You find them on the Options > Plug-ins > Attack Detection > Settings dialog in case you want to turn them on. I would.)

    Extras
    Like many software firewalls these days, Agnitum comes with plug-ins that eliminate Web banner ads, filter Web content, purportedly hasten Web page loading by DNS caching, and filter and limit "active" content (programs on Web pages) to prevent malicious apps from running on your system. I turned all those plug-ins off. I'm not a big fan of any of these sorts of protections. I'm not saying that no one should ever use them, but I have found that these sorts of modules tend to cause more problems than they solve. That is especially the case with ad-blocking, content filtering, and DNS caching.

    The DNS caching in particular tends to be a problem. Websites do occasionally change their IP addresses, and when they do, DNS-cache utility users may find themselves inexplicably locked out of those websites. I strongly recommend against the use of this sort of utility. I don't really find what they do to significantly boost performance anyway (although many dial-up users claim a difference).

    Two other plug-ins provided with Outpost, an email-attachments filter and the Attack Detection filter, I left running on my test systems. I already have attachment filtering provided by another program, but the good news is that this didn't slow down my email program's operation or cause any conflicts. So it's simple and well-thought out.

    Outpost 2.0 Coming Soon
    I know some among the Scot’s Newsletter ranks already are already ardent Agnitum Outpost fans. You may be interested to know that Agnitum is at work on a major new 2.0 version due out shortly in public beta. Here, according to Agnitum's Mikhail Fedorov, are the major features being added to Outpost Personal Firewall 2.0:

    Functionality

  • New database-driven logging system.

    Security

  • Control of DLLs loaded by application (protection against FireHole vulnerability).
  • Blocking of send data using hidden Internet Explorer window (protection against TooLeaky vulnerability).
  • Enabling filtering of TCP DATA packets instead of filtering only TCP Setup packets (protection against OutBound vulnerability).
  • Now during the start-up the rules are loaded from the registry by Outpost kernel (protecting against the vulnerability "Until the interface is not loaded nothing is filtered").

    Usability

  • Auto detection and configuration of commonly used applications during the installation.
  • Auto detection and configuration of NetBios and ICS.
  • The Allowed\Blocked\Reported and plug-ins windows modified.
  • Ability to run trashcan from the toolbar and Internet Explorer toolbar.

    Compatibility

  • Stateful inspection.
  • Support of ICS under Windows XP/2000+SP2.
  • Eight new languages added.
  • Support of Fast User Switching under Windows XP.
  • Enabling different rules creation for two different applications having the same name.

    Brass Tacks
    With three software firewall products -- Norton Internet Security 2003 (and Norton Personal Firewall 2003), Sygate Personal Firewall Pro 5.0, and Zone Labs ZoneAlarm 3.1 Plus (all 3.x versions) -- already on the Scot’s Newsletter Top Products! list, it was going to take a knock-out punch by Agnitum Outpost 1.0. That didn't happen. Outpost isn't the easiest to use nor the most secure. It's not quite the equal of the other products. It is, however, easily deserving of honorable mention in this category for this reason: It's the simplest software firewall I've tested since Tiny Personal Firewall 2.0, almost two years ago. Experienced software users will recognize, as I have, how large an advantage simplicity is. We'll have to wait and see what the 2.0 version brings to the party.

    Installation notes: As always, you should fully uninstall all previous software firewalls before installing any new one. These instructions, taken from the Agnitum Outpost forum, tell you:

  • How to fully uninstall Outpost
  • How to uninstall ZoneAlarm before installing Outpost

    Questions, comments, criticisms of this review? Send me your thoughts.

  • $39.95 (there is also a freeware version), Outpost Pro v.1.0.1817.1645, Agnitum, Ltd., Nicosia, Cyprus, Contact: sales@agnitum.com

    Back to the Top


    VCOM is offering you 15% off the entire line of VCOM products!
    paid advertisement


    Spamnix for Eudora Upgrade: Build 41
    The last issue of the newsletter contained a review of Spamnix 1.0 Build 37 for Eudora. Since then, program author Barry Jaspan has released Spamnix version 1.0 Build 41 with two significant improvements: Support of the 2.43 version of SpamAssassin and a reworked Accept/Reject dialog that allows you to create whitelist and blacklist rules by From, To, Domain, and Subject fields with variables. Long and short, these two changes go a long way toward addressing my biggest criticisms of Spamnix.

    I'm still testing the new 2.43 SpamAssassin spam-identification rule set, but I can tell you right now that my customizations of the previous rules are no longer needed. And the changes to the rule weightings definitely make a lot more sense in 2.43. So, for those few of you who wrote for the Spamnix customization info I offered in the last issue ... now you know why I haven't sent them. Just download build 41. You can install it right over the previous version. If after I've used it for a while, I think further customization is needed, I'll let you know. I'm testing Spamnix 1.0 Build 41 with this issue of the newsletter to see whether the program correctly allows Scot’s Newsletter to reach its intended destinations.

    I'd like to thank SFNL reader Dick Figgins for writing to let me know about the new Spamnix build.

    Spamnix Review Addendum
    In reading the interesting responses of many SFNL readers to my review of Spamnix, I realized that I didn't spend enough space on one of the chief advantages of Spamnix: Its Eudora integration. Spamnix installs as a Eudora plugin application. That means that it loads automatically whenever you launch Eudora, and it mounts four buttons on the Eudora toolbar that make managing Spamnix easy. From a user perspective, there is very little for you to do with Spamnix, and what little you have to do you do right in Eudora. This is the right way to create an end-user spam-fighting tool. As much as I think POPFile and ChoiceMail have provided very cool technology, Spamnix works better for me.

    You say you don't use Eudora? Well, one day, who knows, maybe there'll be a Spamnix for your email program. And if not, there are others out there, especially for Outlook users. (Some are mentioned later in the next section of this newsletter.)

    Bottom line: I did not give Spamnix a Scot’s Newsletter *Top Product!* honors. But I am using Spamnix is running on my system, day in, day out. It's getting the job done, quietly, and with less fuss than it used to. It's now much easier to control false positives, and there are fewer of them. That's about as close to a full-out recommendation as I can get right now.

    Back to the Top


    Let's Fight Spam, Part V
  • Blacklisting follow-up
  • POPFile, SpamPal, MailWasher, ChoiceMail, Spam Weasel, Spam Killer

    We begin with a return to that infamous topic, blacklist organizations. My diatribe in the last issue on blacklisting realities drew a steady trickle of angry or disagreeing email, mostly from IT managers or people who have come to believe that the blacklist keepers are the white knights.

    IT folks make the strongest argument in favor of blacklisting. They don't really care about newsletters, random company-to-company missives, and other non-specific "commercial" email that may get stopped. They're smart enough to set up local whitelists for mailers their companies require communication with. Using a blacklist, or several blacklists in concert, is working for many IT shops. In most cases, they're able to manually free false positives. And, let's face it, people don't complain about what they don't know they didn't get. Since company policy may forbid them from subscribing to newsletters anyway, what's the big deal?

    IT administrators have a very different set of priorities than the rest of us on this topic. And I agree with them that for their use, some combination of blacklists and content filtering is *currently* the best solution.

    Most of the other criticisms -- all well meaning -- boil down to a single point that might be paraphrased this way: My anti-spam program or service lets me create a whitelist. I simply use that function to make sure my newsletters get through -- including Scot’s Newsletter. What's so hard about that?

    I do the same thing. In fact, the same thing is required with many content-filter-based antispam products (such as Spamnix). But the folks who wrote that to me aren't giving enough weight to one important detail: They are smart people who know technology, know their computers, and know how to solve problems. My wild guesstimate is that something like 80 percent of the people out subscribed to newsletters don't have the first idea what to do when they stop receiving one (or any other email for that matter). And since there's no one way to flip a switch and allow in Scot’s Newsletter or all newsletters, there's no way I can tell people how to do it. Most people probably don't even know they've got a problem. But every week I get several emails from people asking me why they haven't seen Scot’s Newsletter since last October. The reason in almost every case is a spam-filter provided by their ISP, company, or running on their local PCs.

    Here's an example of such a message, sent in by Scot’s Newsletter reader Gary Lyte:

    I had a spam problem with Adelphia [the cable Internet provider]. They filter spam but they do not have a user-accessible folder of spam messages that a person can review before deleting the messages. The messages are just gone. Most of my newsletters were not coming through and I didn't know that right away. Adelphia did turn off the spam filters at my request, however. So Adelphia users who subscribe to your newsletter should be aware of this. Newsletters are very vulnerable to spam filters!

    I couldn't agree more. The irony is that I can't reach those people to tell them about the problem because they're probably not getting the newsletter -- my only means of communicating with them. Several current and past Earthlink customers have written that they've had similar experiences. On the plus side, one Verizon Internet customer wrote to tell me that Verizon's automatic spam filter does not incorrectly trap Scot’s Newsletter.

    But here's the guts of the thing. Whether you want to believe it or not, every legitimate mailing-list services company, newsletter distributor, ISP -- virtually every company that mails email professionally -- has been repeatedly defeated by content-filters and at one time or another blacklisted by blacklisting organizations. They don't like to admit that last point, but it's true. The vast majority of mail services companies are just as against spam as you and I are.

    The key isn't to "find a reputable company that will only work with other reputable companies," as one SFNL reader wrote to me. I did that. Dundee.net is a highly respected, reputable mailer. I pay hundreds of dollars a month to Dundee precisely because they are a reliable, spam-conscious email-distribution service provider with a long list of mainstream newsletter clients (many of whose newsletters you probably subscribe to in addition to mine). Dundee is not the problem. The ways that blacklisting organizations and content-filtering solutions work cause as many problems as they solve. They're too inflexible, too quick to brand something as spam that might be nothing of the sort.

    Finally, another group of people wrote to suggest that ISPs are at fault, and they should be putting a halt to this problem. This argument makes a certain amount of sense. But let me repeat what I've said in the past: No antispam solution, no matter how well meaning, should negatively impact any legitimate mail sender or recipient. Because our technology isn't great (yet), we're giving antispam solutions the benefit of the doubt to cut corners that hurt legitimate business people and mail recipients. That isn't right. While there is probably little I can do about it, I'm not going to quietly sit by and take it. You are free to disagree with me, of course. But you're not likely to change my mind on this point. [Editor's Note: Trust me, when he says you're not likely to change his mind ... believe him. --Cyndy.]

    By the way, a handful of you actually agreed with me. A big thanks to those folks who took the time to write me and say so.

    POPFile, ChoiceMail, SpamPal, MailWasher, SpamWeasel, SpamKiller
    With the exception of POPFile, I believe I have at one time or another touched on all the antispam products listed in the subhead above in the Let's Fight Spam series begun in September of last year. Let's Fight Spam is available at these links.

  • Let's Fight Spam I
  • Let's Fight Spam II
  • Let's Fight Spam III
  • Let's Fight Spam Rant
  • Paul Graham's Bayesian Plan for Spam
  • Let's Fight Spam IV

    For those of you just breaking into the discussion, let me reiterate: I am not a big fan of email-proxy-server-style products, or really any antispam product that requires me to install and use a whole separate program to manage may mail. As an end-user solution, having to learn and use a separate program obviates any productivity gains we get from not having to process spam manually.

    I have looked at a wide range of antispam products over the last six months or so. What I have found is that some of them are intensely smart ideas with a fatal flaw: They're not saving me time. I may not have to delete spam messages, but I spend just as much or more time training them, managing them, or futzing with them. I just want to read my mail the same way I always have -- minus the spam!

    There may be exceptions to this notion for some of you. SourceForge.net's POPFile is the most interesting of this crop of programs. It works by watching how you categorize mail. It builds rules on the fly according to a "na´ve Bayesian" approach that combines keyword-frequency tracking and probability to identify spam (or, indeed, any categorization you care to define, because POPFile is not just an antispam program). For more on how POPFile works, see SoundForge's explanation.

    Despite my interest in POPFile (which I've been playing with the last week or so), I'm not planning to adopt it or recommend it as a spam-fighting tool. For one thing, POPFile isn't a great Eudora (or Outlook, or Outlook Express, or Netscape Mail) solution. It's not designed to integrate with your email package. It works as an email proxy server. In other words, it intercepts your email between your ISP and your email package. Nevertheless, if you like to explore new products and technologies, POPFile is well worth your time, and it's a freeware program. Its ability to build its own mail-categorization rules automatically based on your actions is very cool.

    My conclusions may not be right for you. Many SFNL readers have written me to say they're using POPFile to fight spam and they love it. So, if you don't mind running a whole separate application, check it out.

    Now, if POPFile's programmer or more likely another developer creates a product designed to work pretty much the same way, using the Bayesian approach, within a specific email program -- now that's what holds promise. If you know of such a program, please tell me about it.

    For example, SFNL reader Rick Collins wrote to tell me about a program designed for Microsoft Outlook called Spammunition (which Fred Langa also mentioned in a recent issue of his newsletter). Rick writes: "I am using Spammunition and it has been 98-percent accurate with no glitches," although there are apparently conflicts with Norton Antivirus (presumably because both use email proxy servers).

  • Spammunition v.0.63 Beta for Outlook

    We need more products designed to integrate with email packages, including Eudora, Outlook Express, Outlook, Netscape Mail, and others. Although that makes development more complex, it's the solution that end-users need.

    Back to the Top


    AT&T Broadband Email Addresses To Change Again
    A report in an industry newsletter I get warns that AT&T Broadband users will soon have yet another forced email address change. If your email address ends in attbi.com, you may soon be hearing from your broadband provider that your email is about to change to ending in comcast.com. According to a Chicago Tribune story (which requires registration, so I'm not giving you the link), the change is scheduled to take effect in late March, and email sent to the "attbi.com" address will be delivered for only 60 days after the switch.

    I don't think I have to tell you how much I disagree with this decision on Comcast's part. This isn't about technology, it's about ego, in my opinion. But there's nothing you or I can do about it.

    If you've subscribed to Scot’s Newsletter with your attbi.com email address, please use this Change of Address tool to change your attbi.com address to your new comcast.com address, once you're sure the new address is working.

    Let me take a moment to say that you can handle all your own subscription changes to Scot’s Newsletter at the address above. When Excite and MediaOne subscribers underwent a similar email address change, I lost several thousand subscribers. I can't do this for you.

    Back to the Top


    Slippery Slope Wars
    You either love Slippery Slope or you hate it. That's the feedback I got. One fella hated it so much he wrote: "I don't know why you would move away from something you are good at (writing about computers) to something you have no discernible talent for (writing about the media)."

    Just for the record, I have considerable college-level training in journalism, media studies, film-making, and video production. I worked in film/video production field for a couple of years before moving to magazine editing. And then there's the 20 years I've spent writing and editing magazines, including several years as a reporter and news editor. (Granted: I was not working in newspapers or TV news.) On the flip side: I have absolutely no formal training in computers, but, of course, 25 years of on-the-job training.

    For every message like the one above, I got another like this one: "Please count my vote on the 'Slippery Slope' section as a resounding Yeah! In your opening salvo you not only selected a great topic for your venture into the slippery-slope milieu, but you dealt with it in a reasoned and balanced manner -- particularly the points you made about the "bad" stuff existing whether the media was around or not, and, the psychology of why we the public tend/seem to favor the bleed-if-it-leads phenomenon (as well as the Hollywood celebrity following)."

    I also got about a dozen especially insightful messages about the media that frankly blew me away with their thoughtfulness, knowledge, and strength of argument. Some were written by people working in the mainstream news media. In a future issue of the newsletter, I'd like to revisit the subject with quotes from those messages. So those of you who wrote them to me, please don't think I'm ignoring you.

    This Newsletter Stays the Same. A big part of the negative response was from people who were concerned -- quite understandably, I think -- that this signaled some vast shift in Scot’s Newsletter away from what it has been. Not going to happen, folks. I know what you signed up for, and I don't have any intention of switching gears on you midstream. Scot’s Newsletter will always be what it is now. That isn't to say that it might not grow and branch out a little here or there. But it will deliver the same benefits it does now for as long as it continues to be.

    Does that mean Slippery Slope is dead? No. But I'm only going to write it when I'm taken with a topic. Think of it as an occasional off-topic rant. That's really all it is. I'd be surprised if I do more than four of them a year, and it might be as few as two.

    Back to the Top


    Prosumis Scanner - Free Trial and Only $39 per Year!
    paid advertisement


    How Can We Make Scot’s Newsletter Grow?
    Hardly a week goes by when I don't get someone or several people suggesting that I do these things to improve Scot’s Newsletter:

    1. Make the issues shorter.

    2. Write them once a week.

    3. Create a premium edition (in addition to the free version) and charge $10-15 a year for it.

    And you know what, I agree with all three of those ideas. If I could support my family on Scot’s Newsletter's proceeds, I would definitely do all of those things.

    But there's one hitch even before I can get to that point. In order to take paid subscriptions, I would need to accept major credit cards -- something that costs several hundred dollars a month. I would also need a membership database tied to the annual subscriptions, and some way of updating this database that didn't require a lot of manual labor. I don't want to bore you with the backend stuff, but it is considerable. All of that becomes overhead that comes out of revenues I might make, weighing down the bottom line.

    The more subscribers I have, the more attractive offering a paid-subscription option becomes. Right now SFNL has about 35,000 subscribers. Nearly 10,000 of you take the HTML version, and nearly 25,000 take the Text version. That's a respectable number of opt-in subscribers given I started this list from scratch less than two years ago. But it's nowhere near enough readers yet to offset the overhead required for paid subscriptions.

    So making the newsletter much better for all of us, and a paying enterprise for me, requires that I attract new subscribers. Because I have a day job, and write this really cool newsletter, I have limited bandwidth to work on subscription promotion. But that's just what I need to do.

    If I were stumped by a computer problem, I would ask this newsletter's readers for help. Well, it struck me that I should ask you for help or ideas about how to promote Scot’s Newsletter to potential new subscribers. I'm open to any and all reasonable ideas. Thanks in advance for your thoughts.

    P.S. -- This page of website promotional buttons and banners is about as far along as I've gotten on this endeavor.

    Back to the Top


    More and More on Java Virtual Machine Versions
    In the last issue of this newsletter, I revisited the issue of how to check your version of the Java Virtual Machine. And although that round definitely improved on my instructions, there is -- of course -- more to the story. My friend Michael Horowitz, who runs ComputerGripes.com (a past Link of the Week), has created a new website called JavaTester.org. It provides answers to many of the questions you have. Check it out.

    Michael writes:

    There are two branches, so to speak, to answering this question [about what Java run-time software you have]. Your newsletter has so far covered only one branch, the JVIEW command. The other branch involves running a Java applet on a Web page and having the applet display its version and vendor. This, arguably, is the better test as it comes straight from the horse's mouth in the target run-time environment (the Web browser).

    The JVIEW command only talks to one JVM, the Microsoft one. A computer with other Web browsers (besides MSIE) installed is very likely to be using multiple JVMs. There can be multiple JVMs installed in a single OS instance and each Web browser can be using a different one. To see which version of Java is really used in a Web browser, use the test page at JavaTester.org.

    Back to the Top


    Q&A
  • For Unrepentant Win 98 Users
  • Web Printing and Ditching XP's Log Off

    For Unrepentant Win 98 Users
    Question: In your last issue you advised that Windows 98 would soon become an especially insecure OS. Is this because users will no longer be able to obtain security patches by means of the Windows Update facility? If so, what remedies are available to unrepentant Win 98 users who resist the XP upgrade? I have since trawled the Net in an attempt to find an answer to this question, but with no success. I would greatly appreciate your comments on this matter. --Mike James

    Answer: Yes, it's because eventually Win 98 will not be supported with security patches. It is still being supported right now, and we'll have to wait and see. But whenever Microsoft does stop supporting it with security patches (and they will), there really is NOT a good alternative source of these patches. If you don't want XP, how about Win2000? That would be my best recommendation. --S.F.


    Web Printing And Ditching Log Off
    Question: I have two questions. I bought a new Compaq Presario 6000 with Windows XP and connected my Lexmark Z82 and it works fine. But recently when printing pages from a specific set of websites the PC locks up and I have to reboot. Do you have any suggestions? Also I would like to know how to get rid of the Log On/Off feature on the Start Menu. --A. Runnels

    Answer: Printing problems like the one you're having are pretty common when printing Web pages. Unfortunately, they can be caused by a variety of things. One thing I would try is widening the margins. Make them .25 inch or .5 inch on the sides. You can do this in your browser, usually File > Page Setup. I would write to the webmasters of the sites in question for their advice if that doesn't work.

    The easiest way to disable the Log Off option on XP's Start Menu is with Tweak UI for Windows XP. You must download and install this little utility. For more information about that, see Scot’s Newsletter's Installing Tweak UI page.

    Once Tweak UI is installed, you'll find it in the PowerToys folder under Start > All Programs. Open Tweak UI and click the Explorer item on the left side. Then remove the check beside "Allow Logoff..." on the right side. --S.F.

    Send your burning question to the newsletter and look for an answer in a future issue.

    Back to the Top


    Link of the Week: DSL/Cable Webserver
    So, you want to setup your own Web server and host your own website? Boy do I have a cool website for you. Brian Lee runs DSL/Cable Webserver as a labor of love, and the love part shows because he's gone into deep detail with Step-by-Step articles about everything from getting a domain name, choosing a broadband connection, domain name server (DNS) questions, routing, requirements, firewalls, server hardware and software, and even troubleshooting.

    Brian's advice is sound, reasoned, well thought out, and he links to things as he goes, giving you quick access to support materials. And setting up a Web server is just the start. There's a lot more to check out on this site. Definitely bookmark it.

    Thanks to Mark David McCoskey -- who set up his own Web server and is in process of configuring a Web-based email server -- for suggesting this valuable Link of the Week site.

    I need your help! Have you discovered a relatively unknown Windows or broadband related website that's a little or a lot amazing? Please send me the URL so I can check it out and let everyone know about it.

    Back to the Top

    Windows and Broadband Information You Can Use!


    Tip of the Week: How to Install Win2K's NetBEUI in XP
    Published Jan. 21, 2003, Scot’s Newsletter. Revised March 3, 2003.

    This tip provides fully researched information and steps for installing NetBEUI under Windows XP. A number of people are having difficulty with utilizing NetBEUI on small multiple-Windows-version networks. And I can understand why. In doing the research for this article, I ran into several NetBEUI roadblocks. But after many hours of trial-and-error testing with two networks, I was able to make both the Windows XP and Windows 2000 versions of NetBEUI work. What I found is that the way you install NetBEUI -- as well as how you uninstall a previous version of it before installing it a different version -- makes all the difference as to whether it will work properly or not.

    The directions that follow have been revised more than once since they were originally posted on January 21, 2003 to reflect new knowledge gained on this subject. The steps detailed here work, and they've been validated by over 100 others who tried them. In case you're wondering: It has become clear to me that the Windows 2000 version of NetBEUI is preferable to the version included on the Windowx XP retail disc. Even Microsoft has admitted that possibility.

    NetBEUI has two advantages. The first is as an alternative to TCP/IP used on small networks. By using it instead of TCP/IP, you make it harder for people to hack into your network. This isn't foolproof security, but it's an excellent starting point. Another networking protocol included in Windows, IPX/SPX with NetBIOS, offers the same benefit though. The second advantage of NetBEUI is that it is claimed by some (including me) to do a better job than IPX/SPX with NetBIOS of helping various Windows versions inter-network.

    With the introduction of Windows XP, Microsoft made it harder to install NetBEUI. It's no longer a standard networking option. Instead, it's located in a special legacy folder on the Windows XP CD. How to install and use the NetBEUI protocol found on the Windows XP disc is the subject of an earlier Scot’s Newsletter tip. After I printed those instructions in November 2002, Doug Knox, a Microsoft MVP -- and someone who has contributed excellent tips to Scot’s Newsletter in the past -- emailed to say we would all be better off using Windows 2000's version of NetBEUI in Windows XP.

    The best way to acquire the Windows 2000 version of NetBEUI is to take the two files involved from your standard retail version of the Windows 2000 XP. And I'm about to tell you how to do just that. But not everyone has the Windows 2000 CD. So a past Scot’s Newsletter Link of the Week award winner, Ted Mieske, proprietor of Teds Tech Site, has provided this download link for the Win 2000 NetBEUI files. I checked the files myself (in March 2003) and the version numbers, dates, and information I could read all match NetBEUI from Win2K.

    The directions that follow integrate input from a variety of sources and are probably your best guide to converting your small Windows network to NetBEUI in a mixed Windows environment. If you have anything to add to them from your experience, I would be interested in your feedback.

    How to Install Windows 2000 NetBEUI Under Windows XP
    To ensure proper operation of your network, please follow these directions precisely.

    1. If Windows XP PCs on your network have ever had the Win XP version of NetBEUI installed on them, you must fully remove that first to ensure a proper Win2K NetBEUI installation. The steps for carrying out this Win XP NetBEUI removal are more complex than you might expect -- more complex than installing W2K NetBEUI. They are summarized at the end of this tip. IMPORTANT: If this applies to you, please read through, but don't execute, all the other steps first, then uninstall the XP version and return to this spot.

    2. NetBEUI consists of two files, Nbf.sys and Netnbf.inf. You'll find both files in compressed form on the Windows 2000 CD. They are located in the CD's \i386 directory, and they are contained in these compressed files:

    Nbf.sy_
    Netnbf.in_

    You may also directly download them in .ZIP format with this Teds Tech Site link.

    If you get them from the Win 2000 CD, there are two relatively easy ways to uncompress the files. Most versions of Windows have the Extract utility available to them. To use Extract, open a Command prompt and type these two lines, pressing Enter after each:

    extract {CD Drive Letter}:\i386\netnbf.in_ {dest. path}\Netnbf.inf
    extract {CD Drive Letter}:\i386\nbf.sy_ {dest. path}\nbf.sys

    You'll need to replace the descriptions surrounded by {brackets} with drive/path information specific to your PC.

    The second way to uncompress the files requires you to have Nico Mak's WinZip (I tested with the 8.1 version) or a similar utility. With WinZip installed, you should be able to double-click Netnbf.in_ and Nbf.sy_ in turn, and use the "Select the program from a list" option to direct WinZip to open the file. Then use WinZip's Extract function to extract the files contained to the location described in the next step.

    3. Create a folder called "NetBEUI for Win2K" and copy the extracted files into it. (You might also want to add a Favorites shortcut to this Web page if you use IE.) Copy the folder to all the PCs on your network.

    4. Copy the extracted files to these locations on the drive Windows XP is installed to:

    Copy Nbf.sys to your \Windows\System32\Drivers folder.
    Copy Netnbf.inf to your \Windows\Inf folder.

    NOTE: If you can't find your \Windows\Inf folder, click Start > Run > type Explorer > press Enter. Then click Tools > Folder Options > View tab. Under Advanced Settings, click "Show hidden files and folders" under the "Hidden files and folders" folder.

    5. IMPORTANT: Restart your computer. Although Windows XP is not supposed to require a reboot after making network changes, I found that doing this prevented later problems. Your experiences may be different, but these directions are written to avoid problems that at least some people may have.

    6. Open the Control Panel called "Network Connections." There are several ways to do that, only some of which may apply to you depending on interface settings you chose in past. You can right-click either My Network Places if it's visible on your desktop or the Network icon if it's visible on the system tray and then choose Properties. If neither of those methods works, click Start and open the Control Panel. Find and double-click the "Network Connections" icon.

    Next, right-click the network connection icon to which you want to add NetBEUI and click Properties. (The default name for the connection is "Local Area Connection.")

    7. On the General tab, click Install. Next click Protocol > Add.

    8. Click to select the NetBEUI protocol from the list and then click OK.

    9. Restart your computer if you receive a prompt to complete the installation.

    10. Once every PC on your network has NetBEUI installed, there are two additional chores you should carry out. The first is to remove IPX/SPX and NetBIOS from all your PCs (if they have it). Every network protocol and service you add to Windows has the potential to slow down its operation and boot times. Plus, you just don't need both of these protocols on a peer network. To remove IPX/SPX and NetBIOS, Click Start > Control Panel > double-click Network Connections. Right-click the network connection name (the default name is "Local Area Connection") you want to add NetBEUI to and click Properties. Select "NWLink IPX/SPX/NetBios Compatible Transport Protocol." Click the Uninstall button. You also have the option of disabling IPX/SPX with NetBIOS by selecting each of the following items in turn and removing the check marks beside them:

    NWLink NetBIOS
    NWLink IPX/SPX/NetBIOS Compatible Transport Protocol

    11. TCP/IP file and printer sharing should be turned off on all of your computers to separate the Internet from your network. Under Windows 9x/Me machines, this is accomplished in the Network Control Panel. Double click the TCP/IP entry that represents the LAN adapter you use to network with other PCs on your LAN. Click the Bindings tab. Remove the check mark beside "File and printer sharing for Microsoft Networks."

    Under Windows 2000/XP, open the Control Panel called "Network Connections" under Windows XP or "Network and Dial-Up Connections" in Windows 2000. There are several ways to do that, only some of which may apply to you depending on interface settings you chose in past. You can right-click either My Network Places if it's visible on your desktop or the Network icon if it's visible on the system tray and then choose Properties. If neither of those methods works, click Start and open the Control Panel. Find and double-click the "Network Connections" or "Network and Dial-Up Connections" icon.

    Once Network Connections is open, choose the Advanced menu and select "Advanced Settings." On the "Adapters and Bindings" tab, under "Bindings for [your network connection name]," remove the check mark beside "Internet Protocol (TCP/IP)" and click OK.

    12. The next and last step is sometimes the most ticklish. Reboot all your PCs and check that they are able to connect to one another (not just the workstations, but also the drives or folders). Specific folders or volumes need to be shared from My Computer on each PC in order to run these checks. On Windows 2000/XP, the Guest account will need to be turned on or the names of the other workstations added to Users and Groups. In tests, I found NetBEUI a little sticky at this point. After opening Network Neighborhood or My Network Places and forcing that tool to find all available workstations on the network, you sometimes get an error message the first two or three times. This is especially true of Windows XP. Don't give up right away; keep trying. Once it connects the first time, it usually connects reliably after that -- if it has been installed properly.

    Switching from Win XP NetBEUI to W2K NetBEUI
    You can adapt the steps above to remove the Windows XP version of NetBEUI and replace it with the Win 2000 version. Start with Click Start > Control Panel > double-click Network Connections. Right-click the network connection you want to add NetBEUI to and click Properties. Select the NetBEUI entry and click the Uninstall option. Reboot your PC. Once back in Windows XP, select Start > Search. You need to configure Search options so that it uses the Advanced setting (three levels deep in the options screens) and also searches for All Files and Folders. Under More Advanced Options, it also needs check marks beside "Search system folders," "Search hidden files and folders," and "Search subfolders." Next, click on the "Look in" drop down and choose Browse. Navigate to the \Windows folder on the drive Windows XP is installed on (it may be the \Winnt folder if you upgraded from NT or Win 2000). There are two fields you can search with. One searches for filenames and the other for a text string found within a file. Run these three searches, in this order:

    Filename: nbf.sys:
    Delete any nbf.sys file you find in your Windows subfolders

    Filename: netnbf.inf:
    Delete any netnbf.inf file you find in your Windows subfolders

    Text in a file: NetBEUI:
    Delete any file you find that is named Oem??.inf, where the question mark(s) represents a numeral. Leave all other files intact.

    Note: You can delete files right in the search results window by right-clicking them and choosing Delete.

    All steps above were written for Windows XP, which is similar to Windows 2000. Although the concepts are the same under earlier versions of Windows, the steps and terminology differ in several ways. All previous versions of Windows also come with their own versions of NetBEUI; you should not try to install the Windows 2000 version of NetBEUI to those Windows installations. All PCs on the network must be running NetBEUI installed from their own protocol sets in order for NetBEUI to work.

    Finally, a big thanks to SFNL reader Jack Rattok for helping to research and for extensive notes comparing on the NetBEUI issue. Jack maintains a website with networking information on topics like NetBEUI and wireless networking you may want to check out. I'd also like to thank Fred Langa, who has used his LangaList newsletter (to which I've long subscribed) to point to this document and help out a lot of folks in the process. Fred has also written about this subject in past, and has long been a proponent of using NetBEUI.

    Do you have a Windows or broadband tip you think SFNL readers will like? Send it along to me, and if I print it in the newsletter, I'll print your name with it.

    Back to the Top


    SFNL Errata
    Talk about accidental spam-like behavior, I made a mistake with the last issue of the newsletter that only a couple of people called me on. Thanks to Rick Nakronshis and Terry L. Smith for their emails on the point.

    Some subscribers to the text version of the newsletter may have noticed that the From: field on the newsletter email used their own domain name in the From field. So instead of "Scot’s Newsletter," as the From field for all previous issues of the newsletter has read, you may have gotten a message from "Scot’s.Newsletter@." It was a little eerie. I experienced the problem myself, but only with some of my accounts.

    Here's why it happened. My newsletter distributor upgraded to a new version of Lyris list server software with numerous changes. The change in question is actually designed to prevent the list software from being used to send spam by requiring a valid email address be placed in the outgoing newsletter's From field. That's a good thing. The problem is, I didn't know about it, and the user interface I work with didn't explain it to me. So I just did what the previous Lyris version of the software required.

    I hope that this problem has been rectified with this issue. The newsletter should come to you from scot@scotsnewsletter.com. Please let me know if it does not.

    Another Error
    In the Results of the 3rd Annual Broadband Reader Poll article last time, I made a passing reference to power-line based broadband Internet connections. I asked people to send me email to tell me about their experiences with such a solution if they're using it. Unfortunately, two letters were transposed in the email response link I provided, rendering the link unusable. I fixed the link of the website version of the newsletter, which is here. And if you just want to send me email now about your power-line-based broadband Internet connection, please use this amended version of the link.

    Sorry for the inconvenience.

    Back to the Top


    Scot’s Newsletter Schedule
    The next issue of the newsletter is tentatively slated for Monday, February 3. There's a potential detour between then and now, so if it doesn't arrive on the third, and you're curious about it, check the Scot’s Newsletter website for the updated issue date. You can't miss it.

    Back to the Top


    The Fine Print
    If you like this newsletter, I need your help spreading the word about it. Please share it with friends and co-workers, and encourage them to sign up! It's free.

    Visit the new Scot's Newsletter Forums.

    Subscribe, Unsubscribe, Change Email Address or Message Format
    You can unsubscribe at any time; I don't believe in captive audiences. The website subscription center is the easiest way to manage your Scot’s Newsletter subscription. Changes take only a minute or two. You must select your message format — Text or HTML — even for address changes or unsubscribes.

  • Unsubscribe
  • Unsubscribe Help and Options
  • Subscribe
  • Change Email Address or Message Format (HTML or Text)

    Contributions
    To help with the cost of creating and distributing the newsletter, I accept contributions via PayPal and Letter Mail. For more information on donations:

  • Sign-up for PayPal (if you don't already have it)
  • Option #1: Donate via PayPal
  • Option #2: Donate via Letter Mail

    Contact
    Send comments, suggestions, or questions about this newsletter. Don't be bashful about telling me what you like or don't like. Send emails related to editorial content (only) to scot@scotsnewsletter.com.

    Please address advertising inquires (only) to: sales@scotsnewsletter.com



    Sign-up for PayPal.

    Support this Newsletter by Donating Today.
    Or donate via Letter Mail.

    How to Link to Scot’s Newsletter

    Copyright © 2001-2007 Scot Finnie. All Rights Reserved.
    Ten Myths About Copyright Explained.


    You are subscribed to Scot's Newsletter HTML EDITION as: $subst('Recip.EmailAddr')