More Back Issues
Let’s Fight Sp@m!
NetBEUI and Win XP
Letter Mail Donate
Recommend Scot’s Newsletter to a Friend!
July 18, 2002 - Vol. 2, Issue No. 29
By Scot Finnie
IN THIS ISSUE
Back to the Top
In recent years, Microsoft instituted a Windows life cycle program with three phases: Mainstream, Extended, and Non-supported. During the Mainstream phase, free telephone support is offered. (Windows 98 and Second Edition retail buyers are given two free telephone support incidents in their warranty support.) During the Extended phase, all telephone support is fee-based. In the Non-supported phase, there's typically no telephone support at all, and it may be impossible or at least difficult to buy a copy of that version of Windows. For specific details on Windows life cycle phases and schedules for specific versions, see Microsoft's Product Life Cycle page.
So what's this all mean? Windows 98 users got an extension of free telephone support into the Extended phase. The life cycle of the product is not being extended. It was slated to go into the Extended phase on June 30, 2002, and effectively it did that -- but the company has upgraded the Extended phase to continue free phone support. As was always the plan, Windows 98 and 98 Second Edition will enter the Non-supported phase on June 30, 2003. Still confused? Think of it this way: Microsoft extended the Mainstream phase one year, eliminated the one-year Extended phase, and kept the Non-supported phase just as it always was. Bottom line: We have free telephone support for one year longer, but the product is still headed for the bone pile (as far as Microsoft is concerned) in one year.
I asked Microsoft why it decided to extend Windows 98's free support. Here's the answer that came back:
Microsoft continually evaluates its support options and policies to better reflect how customers are using product support and we extended the warranty support for Windows 98 to ensure we are meeting our customers' needs. Windows 98 is a popular operating system and we wanted to provide continued warranty support for an additional year.
Translation: Microsoft doesn't want to leave Windows Me (whose Mainstream phase expires December 31, 2003, and probably couldn't expire fast enough for Microsoft) as the only freely supported Win 9x OS for the next 18 months. Windows 98 has a huge installed base compared to Windows Me.
The amazing Jim Eshelman, whose content I've connected SFNL readers with numerous times, was the major force behind this SFNL story. He contacted me weeks ago to let me know about it. It took me until recently to get confirmation from Microsoft. On this topic, 90 percent of the work is his. Thanks, Jim. See Jim's E-List News. If you're interested, you can also subscribe to E-List News.
Windows 98 users, see this page for details on Windows 98 warranty support, including phone numbers.
Back to the Top
I can only tell you what I hear directly from Microsoft. This is exactly what they told me late last week: "There isn't too much that's public right now. We remain on schedule to release Windows 2000 SP3 this summer."
No other published reports have much more on the schedule, but I think this CNET story did the best job so far of talking about what we know about SP3 so far.
Windows XP Media Edition
Earlier this week, Microsoft renamed "FreeStyle" to the uninspired name of Windows XP Media Center Edition. The marketing hype reads: "Windows XP Media Center Edition turns your PC into a media center, bringing together rich entertainment experiences with the freedom to access them from anywhere in the room with a simple remote control."
Think of FreeStyle as a sort of Web TV (now "MSN TV")-like remote control for the new "Media Center PC." In beta now, it'll ship in time for the holiday season this year. If you were as rich as Bill Gates, you could put LCD displays on the walls strategically placed all over your house, walk around with a remote control, and point at these LCDs to remotely control your Media Center PC, probably mostly to access the Web or answer email. But even without all the LCD displays, Media Center Edition gives you point-and-click remote-control access to your PC.
Here's the 10-cent Scot’s Newsletter analysis. I think FreeStyle's initial idea was based on a real vision, but I doubt the product will match up with the ideal. Think of it as the 2002 version of Windows Me meets Web TV. Microsoft needs another way to appeal to consumers in an attempt to boost the ever-important holiday sales, especially in a down year. This is what they've come up with.
I haven't tested this product yet. I would like to. But I'm skeptical at the moment that it'll be anything more than a curiosity. If it has additional releases and the company commits to it, I might stand corrected.
Windows Media 9
Also this week, Microsoft announced Windows Media 9, the official name given its "Corona" effort, which I mentioned in a recent InternetWeek.com story. Windows Media 9 is probably being announced now to help Microsoft drown out Apple's MacWorld show in NYC this week. Because, after all, the beta version isn't going to arrive until September 4. (I cannot tell a lie: that analysis isn't really mine but that of a couple colleagues of mine talking in a meeting earlier this week. But since they were probably right, I stole it.)
Windows Media 9 will consist of a new version of the Windows Media Player client, a new streaming server, new audio and video compression, a new encoder, and a new software development kit. Microsoft claims that Windows Media 9 Series will offer significantly improved playback and unparalleled audio and video quality, among other things.
There's really not a whole lot to this announcement right now, it's mostly temperature-enhanced oxygen. The reality may be be somewhat better, but we'll have to wait for September to know for sure.
Back to the Top
Now the same company has just released a product that could become de rigueur on Windows 9x/Me PCs. It's so new I haven't tested it yet, but Paragon NTFS for Win98 is a file-system driver that lets Win 9x/Me PCs access NTFS drives on your PC. From the sounds of it, it could be the perfect tool for Win 9x/Win XP dual-boot machines -- the precise configuration I recommend to people interested in installing Windows XP.
Paragon NTFS for Win98 mounts NTFS volumes from Win 9x; provides full read and write access to NTFS volumes; creates, formats, and deletes primary, logical, or extended partitions; works with all versions of NTFS from Windows NT 4.0 on; and creates, formats, hides, unhides, and deletes partitions. (It does that last set of functions with a mini version of Partition Manager.) And it's available in English, German, French, and Spanish versions.
Paragon NTFS for Win98 is available for $19.95 -- half price -- until August 30, 2002. If you try it, I'd be interested in your experiences.
I can't go another issue without pointing out Sysinternals.com, a freeware software development company that develops several products of interest to SFNL users. In particular, I want to point out NTFSDOS, a utility that lets you access NTFS volumes from DOS, and NTFS for Windows 98, which provides access to NTFS volumes from Windows 98.
Sysinternals offers a long list of other Win 9x and Win NT/2K/XP utilities. Check it out. I may be reviewing one or more of these products in future.
Does your company have a new computer product of interest to this newsletter's readers? Submit it to Product Beat.
Back to the Top
Or to compare it with the free for personal use ZA 3.0, it adds Advanced MailSafe with 46 file types, "WHOIS" hacker tracking, blocked zone, automatic multiple network configuration, and password-protected settings, and costs $39.95. ZoneAlarm Plus 3.1 also adds AlertAdvisor improvements to deliver more detailed and relevant advice and information to users. To get a better sense of how ZoneAlarm Plus stacks up with ZoneAlarm 3.0, check out Zone Labs' comparison page.
The free version of ZoneAlarm 3.1 is due out literally any day now. So, at this point, you might want to hold off and check that first. For this review, I didn't have access to the free version; I tested only ZoneAlarm Plus 3.1. A 3.1 Pro version is coming, but Zone Labs is pretty tight-lipped about that right now. I expect it to have at least one notable new feature, and perhaps several.
The fact that ZoneAlarm Plus lacks ad blocking and cookie control is just fine with me. I don't use either feature. I guess I hate to see it lose what Zone Labs calls Active Content Control, though. That's something I think everyone should have, just because it's the right kind of protection to provide. Although I can understand why Zone Labs left it out. This is one of those features that could potentially get in your way. Or let me put it this way, it has a very high probability of being turned off in annoyance, because 99.44 percent of Web application content is innocuous. Someday, though, that might change. And lately, there have been websites that seem to thrive on "hijaaking" your browser and all that.
ZA Plus in the Real World
Now that you know what ZA Plus 3.1 is, I know you want to know whether it's for you. I installed the new personal firewall on four PCs, and used it with all of them over a period of about a week. Fairly short-term as far as firewall reviews go for SFNL. But, then, I've been using ZoneAlarm 3.0 for months now, and I've occasionally given reports on it. The single best aspect of ZoneAlarm Plus 3.1 is that, like previous versions, it's an excellent pure firewall. Based on my vulnerability testing (anchored by E-Soft's SecuritySpace), nothing else I've tested does firewall functionality better than ZoneAlarm. I prefer it to all others. Read the details about the SFNL Firewall Test Suite and Methodology.
So, from a security perspective, ZoneAlarm Plus 3.1 is first rate. But how well does it live and play with other apps and your operating system? I've chronicled an ongoing problem with ZoneAlarm Pro 3.0 on one of my Windows 98 systems. In a nutshell ZA Pro 3.0 inexplicably, intermittently blocks network file accesses by other computers on my local network, even though they all have full access. ZoneAlarm has been clean installed twice on that machine, and I had another instance of the problem about a week and a half ago, just before I fully removed ZA 3.0 from it and installed ZA Plus 3.1. Since that time, I've had no network connection problems with that Win 98 machine or any machine. But a week and a half is not a long enough time to be able to report that the problem is gone in the new version. What I can say is that ZA Plus 3.1 has many bug fixes over the 3.0 releases. Subjectively, as a long-time software reviewer, it feels better to me. Time will tell, and I'll update you on this in future issues.
I've had one notably negative experience with ZA Plus 3.1 on one PC. The performance of My Toshiba Portege 7200CTe is noticeably slower, to the point of folder and application windows taking longer to open and other similar behaviors, while ZoneAlarm Plus 3.1 is running. (I'm not talking about Internet or network-related activities, either.) There's a history here that's interesting. This computer has dual-boot Windows 98 and Windows XP. I've run ZA 2.6 and 3.0 on the Win 98 side in the past and seen a far worse performance degradation there. This time I installed ZA Plus on the Windows XP side. At first I noticed no performance loss, but after several days of heavy use, it became clear there's an issue under clean-installed Windows XP too. I am not running any of the Toshiba utilities and whizzy things under XP, so that's not the cause. The problem is far less pronounced under XP, but it's there. And it goes away when I unload ZoneAlarm's TrueVector engine.
Another area of contention for me is with PPTP VPN connection. I had some issues with this in ZA 3.0 too, but it's a bit worse under 3.1. Here I had to manually configure a trusted IP address in order to make PPTP VPN work. In 3.0, I found that if I unloaded the ZoneAlarm engine, then ran the VPN client to connection and restarted ZoneAlarm, the firewall would create its own trusted network entry. That little trick doesn't work for me under 3.1.
Lastly, the heavily revised ZoneAlarm user interface that began with 3.0 is not wearing well with me. In the past, I said I didn't like it, and I still don't like it. It reminds me of the half-baked UI attempts that were prevalent in Java programming in 1996-1997. It also has that "HTML feel" that some programmers seem to adore these days. The basic organization of the new UI is pretty good: Overview, Firewall, Program Control, Alerts & Logs, and E-mail Protection. Those make sense (although Application Controls would be better than Program Control). The chief problem is with things that are clickable that don't appear clickable, or in some cases the need to click something when that isn't apparent.
Let me try to explain that. Virtually all graphical elements are clickable, but it's not immediately obvious why you would want to click them or what you would get when you do. Here's one example. The word "Internet," the word "Trusted," and a graphic that conveys "network" are grouped together visually. The network graphic and the two words are each individually clickable (and each depresses visually on the screen when you click it). The implication is that there's something different about them, that there are different configuration areas for each. But they all go to the same place: Firewall Network Zones. As a first-time user, you're left wondering what detail you missed. Other UI faux pas: selectable tabs that don't look clickable, a tiny help button almost buried in a busy area, clickable text that's grayed out, and primary channels that require rollovers to know they're clickable.
Look, I don't think most of us care about the aesthetics. My primary complaint is that it's surprisingly hard to figure out the new ZA interface. And I've been using it since March, when ZA 3.0 was first released. I'm still discovering ways to do things because stuff isn't immediately obvious. There are some improvements over the old interface, yes, but overall it's a step in the wrong direction. True usability starts with excellent interface design and testing. The ZA 3.0 interface looks more like the idea was just to make it *look* different.
Putting a Point on It
I've been critical of this now venerable software product. And elsewhere in this issue, you'll find I also disagree with the direction the company has told me it's heading in (see Q&A). All in all, I've been a lot less happy with ZoneAlarm this year. Last year I recommended it unabashedly, even as I noted that Norton Personal Firewall (one component of Norton Internet Security) was a close second. This year, things have changed. Norton's Internet Security, reviewed in the last issue, provides not only a good value (for more money), but this Swiss Army knife package that includes several non-firewall modules that protect you better than any pure firewall can.
But I keep coming back to this point: ZoneAlarm is the best personal firewall on the market. Its NIS counterpart, Norton Personal Firewall (NPF), will probably be revved later this year. But as it stands now, while it's easier to use than ZoneAlarm, NPF is not as protective as ZoneAlarm. ZoneAlarm 2.1, 2.6, 3.0, 3.1 -- take your pick -- this program has always done a better job of protecting you. As a pure personal firewall, it's unequaled. And for that reason, it remains a Scot’s Newsletter SFNL TOP PRODUCT.
Back to the Top
My StarBand service is still fully functional, and just as good as ever. But the company has been forced to change its distribution channel. It has also separated from EchoStar, which owned 30 percent of StarBand (an Israeli company known as Gilat in other parts of the world).
Believe it or not, this is still a good thing for StarBand. The company will probably emerge from Chapter 11 and it should have direct control of its customers again. The EchoStar deal made StarBand a sort of OEM supplier of two-way satellite broadband, ripping away contact with end users. I always thought that was a bad idea. Perhaps the company can still make hay out of its superior technology. Meanwhile, EchoStar is trying to make its purchase of Hughes happen, giving it control of the DirecWay DirecPC two-way satellite service (among other things). DirecWay is the same technology as Pegasus Express, which I've reported on extensively, and with mixed findings.
I'll let you know if StarBand suddenly goes dead. And more than likely, you can't order it right now. But I don't think you should cross it off your list permanently. StarBand is still good stuff for anyone who has no hope of DSL or cable Internet service.
Back to the Top
Few email programs run well over a network on one PC being accessed from another, although with a hacked together set of routines I've long done just that with Eudora Email in a somewhat vain attempt to be one place while accessing me email somewhere else. One of the things that goes wrong with this little approach is that Eudora tends to hang up after a while. It was never meant for this kind of abuse.
Windows NT, Windows 2000, and Windows XP all offer variations on built-in remote-access functionality. But Windows XP's Remote Desktop Connection feature is improved. It's easy to set up and use, but there are some things you need to know to get it going smoothly:
1. The host PC (the one that will be controlled by the other PC), must be running Windows XP Pro. Windows XP Home Edition cannot host Remote Desktop Connection (RDC). The RDC client program is also backwardly compatible with Windows 2000 and Windows NT 4.0 Terminal Server Edition. When using the Windows XP RDC client to access those older servers, you get the features of the original Terminal Server Client.
2. Literally any version of Windows back to Windows 95 can quickly and easily connect to a Windows XP Pro Remote Connection host. Windows XP (both Pro and Home versions) come with the necessary RDC software onboard. All these earlier versions of Windows -- Windows 95, Windows 98, Windows 98 Second Edition, Windows Me, Windows NT 4.0, and Windows 2000 -- can also function as Windows XP Remote Desktop Connection clients. To do so, they need only install a 3.4MB downloadable RDC client program whose filename is MSRDPCLI.EXE. The RDC 5.1 client software is freely available from the Microsoft website.
You can also find the client program on the Windows XP Pro and Home discs. To install the Remote Desktop Connection client from the CD to an any of those earlier versions of Windows I listed, insert the disc into the client machine's CD drive, select Perform Additional Tasks, and click Install Remote Desktop Connection.
RDC client installation is fast and straightforward. In use, the separately installed client operates exactly the same as under Windows XP. For more information, check these references:
3. The host PC user name (or account name) that serves the Remote Desktop Connection must have a login password. While it is possible to set up a Windows XP user name without a password, such an account cannot be accessed by RDC. You'll get an error message and no connection if the host user account does not have a password enabled.
4. The person sitting at the client PC must have these three bits of information to initiate every new RDC session: The host PC's computer name, user name, and the user name's password.
5. The host PC must be configured to accept Remote Desktop Connection. To do that, right-click My Computer and choose Properties. Then click the Remote tab. Put a check in the box under the Remote Desktop header.
6. In addition to being configured to accept Remote Desktop connections, the user account on the host PC must either be an Administrator or a member of Windows XP Pro's Remote Desktop Users permissions group. If the PC you're setting up as host does not have Administrator privileges, follow these steps to add it to the Remote Desktop Users group:
a. Open Control Panel > Administrative Tools > Computer Management > Local Users and Groups.
b. Double-click Users on the right pane.
c. Double-click the user name you want to enable Remote Desktop host functionality with on the right pane.
d. Click the Member Of tab and then the Add button at the bottom.
e. Click the Advanced button on the Select Groups dialog.
f. Click the Find Now button.
g. Click the Remote Desktop Users entry in the search results field and then click the OK button.
h. Click OK on all remaining open dialogs and close Computer Management.
Note: These steps are for a peer networking environment. It's likely that options will be slightly different in a Windows client/server and Active Directory environment.
7. Finally, when the host PC is behind a firewall, the firewall may need to be configured to permit two-way communication on port 3389, which is the port Remote Desktop uses. Each firewall is different, so I can't tell you how to do that for your environment. It is also possible to change the port that Remote Desktop uses. See Microsoft KnowledgeBase article Q306759, How to Change the Listening Port for Remote Desktop, for more information about that.
Initiating and Using RDC
Once it's configured, you initiate a Remote Desktop connection from the remote or client computer. To do that, go to Start Menu > All Programs > Accessories > Communications > Remote Desktop Connection. If you're running firewall protection, you may want to disable it temporarily to get Remote Desktop started. Another trick is to just type the computer name (not the Windows logon name if they're different) into the Remote Desktop Connection dialog to get it going the first time. When you turn your firewall back on, that software may prompt you to permit a Remote Desktop Connection, and to make it work in future, you'll need to say yes.
For the most convenient operation, make full use of the Remote Desktop Connection dialog, which includes the ability to remember the password and save a desktop icon for the connection. There are also custom controls for display, sound, shared devices, programs, and bandwidth. It's this level of control that makes the experience an especially good one. In fact, once you get it going, Remote Desktop Connection works exceedingly well. I use it constantly, and it has greatly improved my ability to access email remotely via my network. You can access anything, though: files, browser, virtually anything on the target computer. Remote Desktop has a lot of uses.
It takes under five seconds to initiate a Remote Desktop Connection (at least, on my 100Mbps LAN). The target computer's desktop opens up as a maximized desktop that overlaps your screen. But you can resize the window, minimize it, drag and drop stuff between desktops or folder windows on the two computers. RDC can even automatically resize program windows to fit the resolution of the client PC's screen. (Unfortunately, it doesn't put the windows back the way they were when it exits.) Remote Desktop is convenient, reliable, and robust.
Variations on the Theme
There are other permutations of Remote Desktop worth noting. First, it's possible to set up a remote connection via the Internet with a Web browser. That's called Remote Desktop Web Connection, and here's some information about it:
There's also something called Remote Assistance that's essentially a temporary and limited use of Remote Desktop. It works with Win XP Home (even as host) or Pro, and it allows someone more expert with computers to take control via the Internet of a computer that's having a problem -- such as all those family members who call you with cryptic descriptions of their computer problems. If both of you are running Windows XP, it's pretty easy to set up a Remote Assistance connection that allows you to take control of the other person's PC for a limited amount of time. (The access is controlled by a time-limited token passed via email or Windows Messenger.) I might cover this feature separately in a future issue of the newsletter if people are interested.
Here are some additional Microsoft KnowledgeBase articles that may help you configure Remote Desktop Connection:
Back to the Top
MXP 100: The Winner
Larry's recommendation was e.Digital's MXP 100. It's actually quite similar on paper to the Nex II by Frontier Labs, which I mentioned I'd been considering. It uses relatively inexpensive removable CompactFlash cards (now available in 1GB sizes, though they're pricey) or IBM Microdrives (also up to 1GB in size). It's 4.3" x 2.5" x 0.87" (109mm x 64mm x 22mm) in size, and weighs 4.9 oz. It's also got a very advanced Lucent Technologies-based voice-navigation system that's earned pretty good reviews. Being able to select a song by saying its name holds a lot of appeal.
Although a little bigger than Fronter Labs' Nex II player, it has the advantage of built-in lithium-ion batteries, and it's supposed to do well husbanding battery charge with IBM Microdrives, something Frontier Labs can't claim of the Nex II. On the downside, the software for transferring and managing songs sounds pretty rudimentary.
What I like about this product is that it's small and fairly light, provides good battery life, has flexible storage options, and is reasonably priced. Definitely a contender.
Frontier Labs' Nex II is the model I'd found on my own before the poll. It's even smaller and lighter than the MXP 100, but its controls are a bit quirky, and the software is only a notch better than the MXP 100's. The fact that it lacks lithium-ion batteries is a drawback -- especially if you use the IBM Microdrive. On the other hand, if the batteries run down at the gym, you can just plug in fresh AAs. (There's nothing I hate more than finishing my run on a treadmill after my player's batteries give out.) The prices on the Nex II and MXP 100 are about the same, so the MXP 100 has really given me something to think about.
Way Cool for Running: MPIO DMK
Max Raven's contribution is one of the smallest, lightest MP3 players I've ever seen. Max writes: "There is absolutely no better small MP3 player than Digitalway's MPIO DMK player. With 128MB of internal flash memory in a case the size of a lipstick, full controls, and USB connection, this is the one to get ... no matter what anyone else tells you. I use one myself, and have bought several for my friends. This tiny MP3 player holds over 40 of my best tunes and can be placed on a keychain, neck strap, or armband. I am sure this will be the one for you, and to recommend to your readers."
Max has a point. If I were running outside all the time, this would be the one I would get. It weighs just 29 grams and uses a single AAA battery. Except for a couple months a year, most of my running is in the gym, where built-in cup-holders take the heft and jounce of the music-making beast. But maybe I need both .... [Editor's note: Only if he trades in another satellite dish. --Cyndy.]
The Crowd Favorite: Archos Jukebox
Reader Brent Eubanks summed up the opinion of the majority when he wrote: "Scot, I know you're looking for a compact flash MP3 player, but if you at some point decide you're interested in a hard-drive based MP3 player, I recommend the Archos Jukebox instead."
For a lot of uses, perhaps including the gym, the Archos Jukebox USB-hard-drive-based MP3 player has some advantages. But size and weight aren't one of them. The Archos weighs a hefty 12 oz. (almost three times as much as the Nex II) and measures a chunky 4.5" x 3.2" x 1.3" (115 x 82 x 34mm). It's good for the car, connecting to an existing stereo, and is probably a much better all-around portable MP3 player than the lighter models above. It requires 4 AA NiMH batteries (rechargeable) that last up to eight hours. It supports MP3 only. But for $240 you get a 10GB hard drive, and for $300 you get a 20GB hard drive. That's a lot of music. You'll never have to swap cards, plus you can put other kinds of data on this thing, and it plugs in via USB and is instantly recognizable as a hard drive in Windows Explorer (so is the Nex II, by the way).
The Archos Jukebox MP3 Recorder 20 is also USB 2.0 compatible. Note: The Recorder versions cost about $20 to $30 more. Readers report that recording or playback of anything above a 160kbps bit rate can be problematic for the Archos Jukebox. Still, all in all, this product delivers a ton of value for the money.
Come to think of it, maybe I need all three.
Archos Jukebox Picture:
The Best MP3 Websites
As long as we're on the subject, let me ask you another question: What's the best website to buy an MP3 player from? And what websites, such as MP3.com, offer the best information, owner comments, and reviews of MP3 players? Have you done the homework? If so, send me the info. I'll print it for everyone's benefit.
Back to the Top
Firewall vs. Intrusion Detection
Question: I am one of your faithful followers from the Winmag days. Your newsletters continue to hit the crunch areas in personal computing. I am also definitely not a "newbie," but have a simple question of clarification to ask you: What is the specific difference between a "firewall" and "intrusion-detection" as you use the words? I thought they were basically the same. Further, I thought that ZA was already handling both. You mentioned that ZA was headed in a different direction, so I am a little concerned. I am currently running Zone Alarm 2.6.362 and AdSubtract, and am considering Norton Internet Security 2002 to reduce program clutter on my Win XP machine, based on your positive review. --Ken Bush
Answer: Excellent question, Ken. I have covered the difference between a firewall and intrusion detection in the past, but not recently. And it's a worthy topic.
Computer hacking falls into at least two categories. One category is more random, using port-scanning software, many hackers randomly troll the Internet looking for open holes in networks wherever they may be found. Another type of hacking is a concerted, determined attack on a very specific target.
Both firewalls and intrusion detection can help with either of those two forms of attack. But they do so differently. To be sure, the edges are blurred in many products.
Network access to your computer is accomplished through a series of "ports," or network access points. Many Internet activities, such as email, FTP, Internet telephony, IRC, gopher, HTTP (Web), and others, commonly use specific ports. It's possible to use other ports for these functions, but when the activity is interactive, it's often necessary to have expected ports ready to accept certain types of interaction. For example, HTTP transmissions typically use TCP port 80, FTP uses port 21, and email uses ports 25 and 110. There are literally thousands of TCP and UDP ports that could possibly be used for various types of Internet/network interaction.
A firewall is designed to selectively block all these ports to unauthorized inbound and outbound transmission of data. Better firewalls are able to examine potentially unauthorized data transmission based on the current condition of the network, or "state." In other words, in certain settings, the network is being used for X application, and that application calls for the use of Y port. But in another setting, it might not call for the use of the same port. We're bordering on black art here, but this stateful inspection, as it's called, is probably really best described as the beginnings of intrusion detection. Most firewalls aren't all that smart. They're just programmed to do a job.
An intrusion detection system (IDS) is a rules-based program designed to identify specific types of exploits and attacks. Its developers have identified everything from common Trojan malware, to ports such bad apps frequent, to heavy-duty hacker tools, to common system vulnerabilities. They program ways to identify and qualify the presence of intrusion and then sound an alarm. Some of these systems can also block out common types of attacks. But many intrusion-detection systems are really more focused on calling you to action.
That's the 25-cent tour. Now let's talk products. ZoneAlarm is the best personal firewall on the market (see review earlier in this issue). I continue to recommend a hardware router product, such as any of several models with "firewall" features from Linksys, Netgear, SonicWall, and so forth to anyone with more than one PC connected to a broadband connection. Then on each PC, a personal firewall product such as ZoneAlarm is an excellent choice.
In my recent review of Norton Internet Security 2002 Pro, I gave it an SFNL TOP PRODUCT award. Norton Personal Firewall, the firewall included in NIS 2002 Pro, is almost as good as ZoneAlarm. Not quite. But as an overall package, which includes both some basic intrusion-detection features and a very good firewall, NIS 2002 Pro is an excellent value.
The truth is that either ZoneAlarm or NIS has the stuff to keep you protected from a random port scan. Unless someone is determined to hack into your PC specifically, either offers full protection. By the same token, if your attacker knows what he's doing and is specifically after you -- neither one will protect you for long. In that setting, I would prefer NIS 2002 Pro though. Slightly better would be the combination of ZoneAlarm and ISS's BlackICE Defender, although there's no integration between these two packages, and their combination would be harder to manage. (I haven't tried running the latest versions of ZoneAlarm and BlackICE together, but in their previous versions it was possible.)
When I said ZoneAlarm isn't going in the intrusion-detection direction, I was referring to an answer Zone Labs gave me recently on this point. The company does not plan to incorporate an IDS in its product. And right now, the average broadband user doesn't need intrusion detection (at least, nothing more than NIS provides). But I'm not so sure that will be the case two to three years from now. Zone Labs believes that intrusion detection is not the right answer. I believe that concentric rings, or layers, of identification and protection form the best defense. --S.F.
XP and Application Compatibility
Question: I upgraded from Win 98SE to XP Home. Most things work fine, but I've run into a severe performance problem with the game Return to Castle Wolfenstein. Initially it didn't work at all. The XP driver for my ATi Rage 128 video card didn't support OpenGL. I downloaded and installed the OpenGL XP driver from ATi and the game runs. But it runs like it's on a 386 machine. And my machine is a 900MHz Athlon with 256MB RAM and FAT32. Is this common? What do I look for to resolve this? --Ed Paquett
Answer: Windows XP and Windows 98 are very different operating systems. Every single Windows upgrade causes some application compatibility issues. Upgrades of Win 95 to Win 98 to Win Me caused few. And upgrades from NT 4.0 to Win 2K to Win XP also cause few issues. So when you upgrade from 9x to the NT-based Windows XP, you are opening the door on potential app-incompatibility problems. Computer games are among the more likely types of applications to run into issues because they often take hardware to its limits, and that can sometimes mean programming shortcuts. Over the long haul, I remain convinced that XP will be a better game platform than Windows 9x. But some programs written for Win9x just aren't going to run that well under Windows XP, no matter what you do.
Other applications with problems may have fixes on the way, or they may already be fixed. Or there may be ways to adjust them to run better. Search the following pages on the Microsoft site and you may find answers to your questions. This applies to virtually any program anyone might run under Windows XP.
You'll find other links on these pages that can help. -- S.F.
Windows XP Home Edition vs. Pro
Question: I love SFNL. It has been a great reference source for me with Win 98. I'm thinking about upgrading a new system running a 1.2GHz AMD chip to XP. Are there a major differences between the Home Edition and the Professional version of latest Windows? Someone mentioned that the Professional version does not have to be registered or activated. Is that true? --Robert E. Powell
Answer: First, it is patently untrue that the Pro version does not need to be activated. But I'll come back to that point. For starters, you should consult the official list of differences between the Home Edition and Professional version of Windows XP.
Generally speaking, more experienced Windows users will find they really don't want to do without the Pro version. For me, the Remote Desktop feature alone makes Pro a necessity. But there are also controls, such as group policies, that are missing from the Home Edition that I find I need. Anyone who can afford the Pro version should just get it. I recognize that the difference in price isn't trivial, about $100. Still, compared to other things you spend on for your PC, I think the Pro version is worth the extra money.
For more basic information about Windows XP, see Scot’s Newsletter's Get Ready for Windows XP.
What you heard about product activation is false. Both Home and Pro versions must be activated. The only consumer or small business versions of Windows XP that don't have to be activated are the ones that come on new PCs. And actually, that's a misnomer. They still must be activated, but they come pre-activated by your PC maker. All the activation rules still apply on those copies of Windows. --S.F.
Last time I answered a question from Sandra Bates about using a CD-RW drive and discs as a small business incremental back-up system for critical office documents.
I got a lot of grief about my answer. Most people disagreed with my assertion that CD-RW drives don't work like most other drives on your system. In other words, they're not as convenient to drag and drop files to and from, and are really designed more for bulk archival use (where you're copying hundreds of megabytes at a time).
I stand by those comments, folks. I think CD-RW control software and PC operating systems have a long way to go before they make this point and shoot easy -- the way, say, a floppy or Zip Disk drive is. Windows XP adds a level of compatibility, but I still don't think this is ready for prime time for mission-critical business archival.
That said, though, so many people wrote me to tell me that they're doing it now and without trouble that I have no choice but present the opposing point of view. Two software products, Roxio's (Adaptec) DirectCD and Ahead Software's Nero InCD, both accomplish the deed, according to SFNL readers John Howard, Raymond Tau, Paul Wilkie, Robert Plouffe, Larry Stewart, and others. The process uses a technique called packet writing, and it entails a roughly 100MB reduction of usable storage space on each CD-RW disc.
But there's another whole aspect of CD-RWs that keeps me from recommending them in a business environment. CD-RW discs aren't infinitely rewriteable. What's more, unlike Zip disks, which are encased in a pretty sturdy protective sleeve, CD-RW discs are vulnerable to damage.
The person whose opinion I trust most about all things storage is James E. Powell, lead author of The Office Letter newsletter and website. Among other things, Jim was Windows Magazine's storage expert. I asked him about CD-RW limitations, and this was his response:
You are right, CD-RWs aren't infinitely rewritable, really. Technically they are, but most drive and media vendors say you can write to them anywhere from 10,000 to 100,000 times -- the latter number being the one they bandy about the most, of course.
Frankly, I think with the "scratchability" of these things, that's far too optimistic. They'll be scratched (and thus unusable) or otherwise damaged (dropped, Sun damaged, etc.) way before you reach 100,000 writes. While I think they're a good storage medium, I would caution that users rotate CD-RW discs and not depend on, say, an "accounting CD-RW," backing up all their data on the same CD-RW disc over and over. I'd use one disc for this week's data, another for next week's, and so on. Rotate them just as you would Travan tapes (remember those?) or other backup media. With CD-Rs being so cheap (sometimes free after rebate), I'm more likely to use a CD-R anyway (I know it's un-ecological, but it's economic). Writing speed is faster, for one. --James E. Powell
In Search of the Best Analog Modem
Last time I also answered Peggy Tisch's question about which modem to get to ensure the best connection. I got some email about this one too, but with no specific trend. People's experiences are all over the map. But in responding to them, I realized that I left out some points worth making about selecting the right modem. The first is that you'll get the best performance out of the analog modem that most closely matches the modem model being used in your ISP's modem pool. Call your ISP and ask which modem is best. Ask them what they're using.
I'd also like to expand on this comment: "How do you know whether it's a hardware modem? If the specifications say that it can run under DOS, it's a hardware modem." While that's true, there are some winmodems that are capable of working in DOS. So let me put it another way, if the specifications say the modem will work under Linux, then you know you have a hardware modem.
Another point worth passing along: It's not just the wiring in your town. The wiring in your house can make a big difference. I've found that using a line that has a lot of jacks in my house or stringing together several computers to one line, or using RJ-11 (phone line) junctions reduces my connection rate. It's also not uncommon for phone cable to go bad. --S.F.
Send your burning question to the newsletter and look for an answer in a future issue.
Back to the Top
Am I psyched? Sure. Until you have three forms of broadband connection, you're not really living. [Editor's note: Say what?? --Cyndy.] Well, something like that. A lot of you have written to tell me how much I'm going to enjoy my cable Internet connection. Well ... yeah! I had cable Internet service for more than two years in the late 1990s, and gave it up in June of 1999 when I moved to a nearby town that didn't offer the service. So I've been waiting for three ... long ... years to get it back. Is it better than DSL? Nah. But my existing DSL service is slow downstream and fast upstream. There are many flavors of DSL (and cable Internet, for that matter). Some are much faster than others. Technically, the best DSL is better than the best cable Internet service. But in reality, most U.S. cable Internet services outstrip their DSL counterparts in terms of top speeds. DSL has the edge in reliability.
The folks who are doing my service, though branded as AT&T Broadband, are the same folks who did MediaOne in the late 1990s. Performance-wise, MediaOne was probably second only to the @Home network. In other words, until Comcast takes over AT&T Broadband, I should be in for a good deal.
The problem with new cable Internet service, any new cable service, is that it's not as inherently perfect right out of the gate as some people think it is. It can take up to six months to get it right. That's why I'm spending upwards of $1,000 to rewire my home for cable service. My existing coax wiring was probably done in the early 1980s by amateurs -- and is woefully in need of upgrade.
Last time I reported that I was looking into a dual-drop installation to support up to seven (now eight) cable endpoints in my home, including one cable Internet connection. But that's not what's going to happen. I wish I could thank them by name, but several Scot’s Newsletter readers contacted me to say that I might be headed in the wrong direction with the dual drop -- even though I was given that information by an AT&T Broadband (AT&Tb) Construction Dept. representative. An SFNL reader who's an AT&Tb field-service technician working in my region set me straight. While a dual-drop installation is a possibility, it's not the right solution for my situation, and it's not commonplace.
Because of this reader, I tried another avenue to reach a technical person at AT&T (my town's cable committee representative), and I finally got the straight dope. I've been promised that AT&Tb will install a new drop (the line from the street to my house). We'll add a two-way splitter after the line enters my house. One side will go to my cable modem, ensuring that it will have an optimum line level. The other will go to an eight-way splitter feeding the various TVs in my house. It's possible that I'll need an amplification system ($58 from AT&Tb) for the TV part of my lines. The technician will determine whether I need that by taking line levels after I'm hooked up.
My electrician is scheduled to arrive a day in advance of the AT&Tb technician. He'll be installing eight "homerun" lines throughout my house. The term homerun means that there will be no splitters in the attic or elsewhere. Each line will connect directly and independently to the 8-way splitter in the basement.
If all goes well, I could have clear sailing on July 25, when all this is supposed to be done. But this is broadband. Something will almost certainly go wrong. When it does, I'll chronicle it here.
What's your broadband story? Whether it installed like a dream, or became an utter nightmare, tell SFNL readers about it.
Back to the Top
Robin Walker's Cable Modem Pages
Also this week, thanks to reader Colin P. Smith, who wrote me with a link to Robin Walker's Cable Modem pages. Although this site is small, and part of it seems focused on Great Britain's Ntl:Home cable modem system, anyone with a DOCSIS-based cable modem (and that's a rapidly increasing number of cable Internet users), will find services and links on this site very useful. It's one to bookmark. Check it out.
Have you discovered a relatively unknown Windows- or broadband-oriented website that everyone should know about? Please send me the URL, and let me know why you liked it.
Back to the Top
The tip makes Control Panel open like a submenu from the Start Menu, so all your Control Panel applets can be opened and selected very quickly via a menu. Plus you don't have to close Control Panel when you're done. Even better, it only takes a minute to configure.
Leave this newsletter open on your screen to save time. Select the entire line (but not any trailing space) below and press the Ctrl-C keyboard combination to copy it:
Next, right-click the Start button and choose Open. Right-click anywhere on the background area in the Start Menu folder and choose New > Folder. Highlight the New Folder label (if it isn't already), and press Ctrl-V to paste the long name you copied. Press Enter. Open the Start menu to see the new cascading Control Panel submenu.
Note: If you subscribe to the text version SFNL and you use Outlook Express, you may have trouble with the copy and paste aspect of this tip. You may, for example, get an error message that the folder names contain special characters. There's a simple workaround: Copy the special Control Panel folder name string as described, then paste it into an open Notepad window. Then highlight it there, copy it again, and paste it to the new folder label.
This tip works in Win 95, Win 98/SE, NT4, Win 2000, and to an extent XP. But Windows XP and Me users have a better option. Turn on the built-in cascading Control Panel by following these steps:
1. Right-click a blank area of the taskbar and choose Properties.
2. Click the Start Menu tab.
3. Click the Customize button.
4. Click the Advanced tab.
5. Under the Control Panel heading, choose "Display as a menu."
6. Press OK twice to close the dialogs.
Control Panel will now cascade from the right side of the Start Menu.
We Need Your Tips! Do you have a Windows or broadband tip you think SFNL readers will like? Send it along to me, and if I print it in the newsletter, I'll print your name with it.
Back to the Top
Back to the Top
The Fine Print
If you like this newsletter, I need your help spreading the word about it. Please share it with friends and co-workers, and encourage them to sign up! It's free.
Visit the new Scot's Newsletter Forums.
Subscribe, Unsubscribe, Change Email Address or Message Format
You can unsubscribe at any time; I don't believe in captive audiences. The website subscription center is the easiest way to manage your Scot’s Newsletter subscription. Changes take only a minute or two. You must select your message format — Text or HTML — even for address changes or unsubscribes.
To help with the cost of creating and distributing the newsletter, I accept contributions via PayPal and Letter Mail. For more information on donations:
Send comments, suggestions, or questions about this newsletter. Don't be bashful about telling me what you like or don't like. Send emails related to editorial content (only) to firstname.lastname@example.org.
Please address advertising inquires (only) to: email@example.com
How to Link to Scot’s Newsletter
Copyright © 2001-2007 Scot Finnie. All Rights Reserved.
Ten Myths About Copyright Explained.
You are subscribed to Scot's Newsletter HTML EDITION as: $subst('Recip.EmailAddr')