The Chair To Keyboard Interface

The Chair To Keyboard Interface, aka the CKI, is the most essential component in the setup and use of your computer system. A corrupt, or improperly tuned, CKI can cause disasters. Fortunately, a CKI fault (aka PEBCAK) will not cause deadly results, as you might get with a similar fault while driving your car, for instance.

Computer systems are designed to be fault tolerant, in this regard. That does not, however, mean that you should freely operate your computer while heavily under the influence of various factors:



Your computer security, in the end, depends upon you. All the security programs on your computer are challenged, and possibly useless, when you go surfing to websites which you know you don't belong on, or you go out in public, unaware of your surroundings.

Common sense = CKI Optimisation = Protection.

Yesterday's Security Alert

>>Today's Alerts



6/21 Do you shred your confidential financial documents? If you want to depend upon shredding to keep you safe, make sure you know the risks. E-Week Secure Your Shredding describes new technology that makes simple shredding not-so-effective.


6/19 Happy Father Day from your FTC. Don't get hooked by the phishers.


6/16 Last month, I alerted you to how the bad guys are getting personal, in their attempts to deceive you. Now we see how personal, as SecurityFocus Phishers look to net small fry discusses how the phishers are targeting customers of the smaller credit unions and other small businesses. Since your account is in a small credit union that nobody would know about, you're safe, right? Wrong. No longer going after Citibank customers, thy're going after customers of YOUR credit unon. And maybe even YOU.

The good news is, software is being developed to look for deceptive email. And you're getting smarter, too. At least, you read this column.


6/14 Bad news from the home front today. The experts have admitted that the bad guys are winning.

Citing examples like Glieder aka Bagle, and Mytob, SecurityFocus Stealthy Trojan horses, modular bot software dodging defenses provides the opinion that "the battle is one that the good guys are losing", because money drives the bad guys now.

The attackers are well motivated--no longer by fame, but by money, said Amit Yoran, former director of the National Cyber Security Division of the U.S. Department of Homeland Security and now an independent consultant.

Moreover, because the effort to clean an infected computer is much greater than the effort to infect one, PCs claimed by an attacker are much more difficult to restore to a user's control, especially if the user does not understand security issues.

In other words, while the protection provided by Routers and Firewalls, and by AntiVirus and AntiSpyware products are still essential parts of a layered defense, you cannot ignore the importance of Common Sense and Education.

Keep reading this blog, but bookmark the websites that I link. Start exploring those websites too - thats where you will find the details that you need to protect yourself effectively. The future depends upon YOU.


6/13 A couple of weeks ago, I mentioned how insecure WEP is, and how easy it is to crack, and provided links to the Toms Networking WEP Cracking For Dummies, which is now in 3 parts (links to parts 2 and 3 in the referenced article).

Now an unknown benefactor (we think), calling himself Digi, has thoughtfully made WEP Cracking For Dummies: The Video where you can watch an entire WEP crack being done before your very eyes. You may not totally understand it the first time you watch, but you can at least catch the gist of it, and see how simple a WEP crack is to execute, with the right tools.

The example shown uses packet injection, which is an active attack. A properly monitored WLAN would detect a packet injection attack in progress, but the only option upon detecting an attack would be to shut down, and upgrade to WPA. A passive attack would be undetectable, but would take a bit longer.

It's a 25M Flash file, so if you have a slow broadband connection, give it a few minutes and get a cup of coffee while it loads. But it's worth the time spent to download and watch it. Excepting a few typos, it's pretty well done, with good captioning and editing; total watching time is less than 5 minutes. The Flash control provides good video manipulation; besides the standard Play and Pause, you have a slider which lets you (with the video paused) move back and forth one frame at a time, to more easily watch any portion of the process that interests you.

After you watch the video, check out SecurityFocus: WEP: Dead Again (published just 6 months ago), and compare the tools mentioned in that article to what is shown by Digi's video.

Again, folks, if you have a wireless LAN with WEP for "protection", upgrade to WPA. Tomorrow, if not today.


6/10 If you're using software products to protect yourself against malware, as you should be in any layered defense, please be selective about what software you depend upon for protection.

Today, Eric Howes Rogue/Suspect List reached a dubious milestone, in that Eric has now identified 200 anti-malware products that you should absolutely not depend upon.

For those of you who aren't familiar with Eric, he's probably the #1 recognised expert, on useless and harmful anti-spyware products, in the world. Before installing any product that will clean your computer, or remove unwanted software, please consider his advice. And bookmark his website.


6/10 And the hackers keep up with current events. Just recently, hackers used rumours about Osama's capture to spread their products. Now, a massive spam campaign is spreading rumours about Michael Jackson's attempted suicide, and attempts to lure the unwary to a website which will download yet another botnet agent onto your computer.

In my accelerating opinion, using blogs will soon become the only way for friends to communicate about current events.


6/9 A couple weeks ago, I alerted you to the Mytob email worm. The earlier variants of Mytob would arrive as a simple email from a friend, with an attachment. When you would innocently open the attachment, it would infect your computer, and email itself to all of your friends. That's almost too easy to identify - hopefully, any of you would look suspiciously at any email with an attachment, even if it came from me (especially if it came from me).

Well, the authors of Mytob have not been lazy - they've been diligently crafting new versions of their work, for your enjoyment. The Symantec database currently lists over 80 versions of Mytob, with more arriving daily.

The latest variants, according to SecurityFocus Mytob variant hides sting in the tail, have replaced the bulky attachment with a sleek and sophisticated URL. Now arrinving in your Inbox crafted as a notice from your IT department or ISP, you are urged to click on a URL to confirm your account. Just as many phishing emails, the URL that you see contains a hidden URL, that takes your browser not to the apparent server belonging to your IT department, or your ISP, but to a server with malicious code that downloads Mytob to your computer. Your computer then starts distributing Mytob, as previous variants would do, to all of your friends.

Please carefully examine any email from your IT department, or your ISP, before clicking on any URLs in the message.


6/2 The Bagle worm, which has been around many months and has come in so many versions, has now become worse. The new version is more complex, and leaves a more lasting effect on your computer, and one security company has given it a new name.

Glieder, as Computer Associates now calls it, as described in ZDNet Security Bagle variants punch, punch and punch again, combines several elements in a way not seen before. In this staged approach, viruses seed their victims, then disarm them, and then finally exploit them.

Glieder starts as its predecessor Bagle, by emailing itself to all of your address book contacts. But it doesn't stop there.

Glieder then downloads two additional worms, one which blocks antivirus software updates, and Microsoft updates; and a second worm which disables firewalls and antivirus software, and then joins your computer to the latest botnet.

Please make sure that your antivirus software is up to date at all times. Mine has updated itself several times daily this week. If yours doesn't update itself at least daily, please get a new antivirus product. For all your friends sake.


5/29 Have you gotten any interesting email from Microsoft recently? The Gibe worm, which infects by posing as an emailed security update, is apparently still in the wild, and looking for new victims.

The worm will arrive as an email from Microsoft, mentioning security vulnerabilities affecting Internet Explorer and MS Outlook/Express.

And I restate, for those of you who don't know (and there are apparently some who don't): Microsoft does not email security updates.


5/27 Most rabid antispam activists in forums like news . admin . net-abuse . email have been blocking all email from countries like Brazil, China, Nigeria, etc for some time. The rationale behind that was three-fold.

  1. They needed to control the amount of spam hitting their customers email boxes.
  2. Their customers had no legitimate need to get email from any of those countries.
  3. There weren't any real senders of email in those countries - just spam haven ISPs, that were abusing US, by providing safe harbour for OUR spammers.


Now, third world countries, just like the USA etc, use email in business and other daily activities. And, thanks to heavy handed attention by Spamhaus, SPEWS, and other blocklist publishers, developing countries are becoming very abused. See Developing nations losing spam battle, report says for more discussion about this situation.

In short, our economic system (which has employed the spammers for a long time) is providing a hindrance to what could be a major tool in helping third world countries take a step up economically.


5/26 The bad guys are getting personal. They've realised that form letter email, especially written badly, won't get them as many vicitims as personal sounding email. So they're starting out with details about you, and dropping those details into the email so you'll believe that they're legit.

Where do they get those details, like what is your favourite sports team, where do you live, or how do you like to spend your time? Not from hacking some super secret database - they make their own database, based upon the traces that you leave on the Internet.

Stephen H. Wildstrom of BusinessWeek Online invented a person, and registered him in a dozen or so websites. Then found that those websites, popular ones like Major League Baseball, The Post, Victoria's Secret, and L.L. Bean, would happily verify to anybody that the fictious person (email address) had registered with them.

In Leaky Web Sites Tell All About You, he describes how easy it is for the bad guys, with a little automation and network time (both of which the bad guys have in surplus), to find all about you. Once they have the details, they can use your email address to attack you, masquerading as someone who legitimately knows about your preferences.

Once again, can you say "Identity Theft"?


5/25 Two Instant Messenging attacks have been reported today. Users of AOL IM and Yahoo IM may get references to the new Star Wars move, "Star Wars Episode III: Revenge of the Sith", both with links that take the unwary recepient to malicious websites.

The website referenced in the AOL IM attack will try to download a worm to the computer, which will then continjue to propogate itself to those in the Contacts list. The website in the Yahoo IM attack will ask for Yahoo credentials, and mail the provided information to another email address.


5/24 Are your systems up to date with their patches? Here's an example why you should be.

You surf to a malicious website (said website has since been taken offline), which loads malware based upon an exploit that was patched late last year, encrypts some of your key files using a password known to the bad guys, and leaves you a ransom demand. Your money or your data.

This is real life, not a bad late night made for TV movie. Patch your systems, please.


5/24 Good news or bad? You decide.

The U.S. House of Representatives on Monday voted to establish new penalties for purveyors of Internet "spyware" that disables users' computers and secretly monitors their activities.

Superficially, this looks like good news. But,

  • I doubt that our lawmakers can regulate a media that extends outside the borders of the country.
  • The contents of this bill are vulnerable to modification by the lawyers for the industries that will be affected by the bill. It's highly unlikely that the bill will make it into final form in any useful state.
  • Here's what makes me worry. Once there is a bill, effectively defining what is and what isn't spyware, look out. Anything that can't be defined as spyware may have a legal footing, to prevent us from removing it from our computers. This is one case where I think I agree with Microsoft. I just hope we don't get to the point where you have to worry Is Deleting Spyware A Crime?.



5/23 The Sober worm, previously being used to distribute German language political spam related to a German election today, is also scheduled for reactivation today. TechWeb recently published Aggressive, Mass-Mailed Sober.p Worm Poised To Smack Users, which provides a very interesting overview about how cummingly the Sober worm was designed, to allow its creator to update it today without any chance of being detected. Included was an interview with Dmitri Alperovitch, a research engineer with an Alpharetta, Ga.-based security firm CipherTrust.

"He's accumulated a number of machines," said Alperovitch, but he wouldn't hazard even an estimate as to the size of the network of infected machines, also called a "botnet."

Good people, if you don't have a layered protection strategy on your computer right now, please put one in place. The reality of botnets like the Sober one, and the casual way Alperovitch referred to its unknown size, is appalling. The private computer owners of the world have to start taking responsibility for their possessions.


5/23 Be careful when you install any Macromedia products as an extension to Internet Explorer.

Macromedia Flash, and Shockwave, are two common and reliable add-ons for every well known browser, and provide useful content (My personal opinion). You have to be a bit more paranoid than I am to block both from your computer. Unfortunately, it looks like Macromedia is bundling other products that you may not want or need, when you install their products.

When you install a Macromedia product, look carefully at the selections offered. If you don't want Yahoo Toolbar, or Weatherbug, be sure to opt-out during the install process (in other words, look for the screen where installation of the extra product is selected by default).




5/18/2005 The Honeynet Project published Know Your Enemy: Phishing, which describes how devious the phishers are becoming, in hiding their identities, and in using botnets and hijacked servers to conduct their fraudulent activities.

5/13/2005 For an answer to many different questions about malware, check out this PandaLabs Malware Trend and Analysis Report for 1Q2005. It's an Acrobat document enclosed in a .zip folder, but it's worth the effort spent opening it.

5/11/2005 ISC SANS has a series of articles that offer a fascinating look at how malware gets loaded onto an unprotected system. The fifth episode in the series Follow The Bouncing Malware was published today.

4/9/2005 BBC-TV interviewed a reformed hacker, connected an unprotected computer to the internet, and watched as their sacrificial computer was hit by 3 worms in 25 minutes, and crashed before 30 minutes had elapsed. Watch the Video, it is not too technical in detail, it's technically relevant, and only 6 minutes long.

11/22/2003 The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."

The Ping Command


The command utility "ping" is one of the simplest, and most universally useful, utilities used in computer networking. It asks just one question.


Do I have connectivity to a given host?


It answers that question, and possibly one other.

What is the publicly known IP address for that host?


Depending upon whether you specify a host by name or by IP address (and either is useful), and whether that host actually does respond, you may get a series of responses.


You run Ping simply by opening a Command Window, and typing the command. You can:

  • Ping (hostname).
  • Ping (IP address).


>>Top

Ping host by name, host responds.

I enter

ping pchuck1

And I see

Pinging pchuck1 [192.168.100.100] with 32 bytes of data:
Reply from 192.168.100.100: bytes=32 time<1ms TTL=128
Reply from 192.168.100.100: bytes=32 time<1ms TTL=128
Reply from 192.168.100.100: bytes=32 time<1ms TTL=128
Reply from 192.168.100.100: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.100.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

This tells me:

  • Host "pchuck1" is online and responding.
  • It's IP address is 192.168.100.100.


>>Top

Ping host by IP address, host responds.

I enter

ping 192.168.100.100

And I see

Pinging 192.168.100.100 with 32 bytes of data:
Reply from 192.168.100.100: bytes=32 time<1ms TTL=128
Reply from 192.168.100.100: bytes=32 time<1ms TTL=128
Reply from 192.168.100.100: bytes=32 time<1ms TTL=128
Reply from 192.168.100.100: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.100.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

This tells me:

  • Host "192.168.100.100" is online and responding.


>>Top

Ping host by name, host does not respond.

I enter

ping pchuck8

(I only wish I had 8 computers).

And I see

Pinging pchuck8 [192.168.100.107] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.100.107:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

This tells me:

  • Host "pchuck8" is not online, or is not responding.
  • It's thought to exist, and to have an IP address of 192.168.100.107.

Possible problems:


>>Top

Ping host by IP address, host does not respond.

I enter

ping 192.168.100.107

(I only wish I had 8 computers).

And I see

Pinging 192.168.100.107 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.100.107:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

This tells me:

  • Host "192.168.100.107" is not online, or is not responding.

Possible problems:


>>Top

Ping host by name, host is unknown.

I enter

ping pchuck8

(I only wish I had 8 computers).

And I see

Ping request could not find host pchuck8. Please check the name and try again.

This tells me:

  • Host "pchuck8" is unknown.

Possible problems:


>>Top

Corporate Security Policy

Every company that uses computers, and connects to the Internet in some way, needs a Corporate Security Policy.

A Corporate Security Policy can be simple, or complex.


  • It can be as simple as "No surfing the web from company computers".
  • It can be complex, and include multiple sections.

    • A business section, describing why the company needs Internet access, what it trusts its employees to do, and what they must not do.
    • A data protection section, inventorying what essential company data is retained in its computer network, how the data is protected and backed up, and how it will be restored in case of disaster. This is also known as a Business Recovery, or Contingency, Plan.
    • A security section, listing what protective measures are taken, both active and passive, including monitoring to ensure that its employees are using its resources properly.
    • A technical section, inventorying the company network, and describing the network devices and computers.
    • A response section, detailing what steps are to be taken when a problem is detected by its security.
    • A legal section, detailing how employees will be treated when they are determined to be in violation of the other sections.
    • An ongoing assessment section, describing how periodic evaluation of the CSP is to be conducted. Since a CSP is not static, it must be periodically reevaluated.

  • It can include more or less, according to the needs of the company.

A CSP with any degree of complexity needs multiple personnel to develop, and approve, its content.

  • Information Security.
  • Information Technology.
  • Human Resources.
  • Legal.

LSP / Winsock Analysis Using A Log From Autoruns

The LSP / Winsock component in the Internet Protocol network stack is complex. It's used by the Windows OS, and by malware and anti-malware alike, to allow, and to affect, your access to the network.

Problems with the LSP / Winsock layer can be a lot of fun to diagnose. Generally, the problem is termed "corruption", and you are urged to use any of several tools / procedures to simply reset it. But what if you suspect a problem, but a simple reset isn't possible? Or what if you want to make an educated decision about a problem, or to help somebody else do the same?

You might start by enumerating (inventorying) the system components registered in the stack. One tool for doing this is the SysInternals product, Autoruns.

Autoruns, like many SysInternals products, needs no complicated install process. Just download it, and run it. Make sure that "Verify Code Signatures", under Options, is enabled. It will present an incredibly detailed GUI inventory of all of the processes started by your computer automatically, in a tabbed display. One of the tabs, labeled "Winsock Providers", will list all components registered in the LSP / Winsock layer.

If you save an Autoruns log, you can extract the Protocol_Catalog9 portion of the log, which will contain a text based inventory of LSP / Winsock components. Each section of the log is headed by the complete path of the key to its root, in the case of Protocol_Catalog9, that's


HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

Protocol_Catalog9, on my computers, is the next to last section in the log.

Below, in Attachment A, you will find an example of the relevant information, extracted from a log from one of my computers. A log from one of your computers may or may not contain the same entries - and the differences might point us towards a solution to your problem. If your log includes entries that are listed as "(Not verified)", check them out with Online Analysis (free).

If none of these details interest you, you are welcome to simply reset your LSP / Winsock, using any of the 6 recommended procedures and tools. It's your computer, and your dime.


Attachment A - Autoruns Log: LSP / Winsock Enumeration

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ DiamondCS TCP/IP Layer [RAW] dcsws2 (Not verified) DiamondCS c:\windows\system32\dcsws2.dll
+ DiamondCS TCP/IP Layer [TCP] dcsws2 (Not verified) DiamondCS c:\windows\system32\dcsws2.dll
+ DiamondCS TCP/IP Layer [UDP] dcsws2 (Not verified) DiamondCS c:\windows\system32\dcsws2.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AA95793-B5DE-4179-8D2C-2469C3D63D3F}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AA95793-B5DE-4179-8D2C-2469C3D63D3F}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{64409384-CE61-4B92-ADFA-77A210FA4C80}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{64409384-CE61-4B92-ADFA-77A210FA4C80}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D8C1637-F016-494D-B66A-1BD865F1E19F}] DATAGRAM 7 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D8C1637-F016-494D-B66A-1BD865F1E19F}] SEQPACKET 7 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E8A31FA-5327-49A2-8091-E9C207367658}] DATAGRAM 8 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E8A31FA-5327-49A2-8091-E9C207367658}] SEQPACKET 8 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE574BAC-9E75-4917-B07E-EC7CB922CF5D}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE574BAC-9E75-4917-B07E-EC7CB922CF5D}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7E18D15-D9B1-4295-9DAD-C733C695294F}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7E18D15-D9B1-4295-9DAD-C733C695294F}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\mswsock.dll
+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\rsvpsp.dll
+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider (Verified) Microsoft Windows Publisher c:\windows\system32\rsvpsp.dll

Windows Firewall and Windows Networking

Windows Firewall, first provided with Windows XP SP2, is provided so systems running Windows XP will be secure, when setup out of the box. One of the features of Windows Firewall is default blocking of file shares, so the bad guys on the Internet can't see the shared data on your computer.

Unfortunately, a secure system set up out of the box, and plugged in to your network, won't be able to provide shared data to the other computers on your network either. So you may have to configure Windows Firewall, to allow your computer to be accessed by the other computers on your network.


  • Open Security Center from Control Panel.
  • Select Windows Firewall.
  • On the General tab, sake sure Windows Firewall is ON, and clear the selection for "Don't allow exceptions".
  • On the Exceptions tab, enable File and Printer Sharing.
  • With File and Printer Sharing highlighted, select Edit. If the Scope does not show as "Subnet", hit "Change scope" and select "My network (subnet) only".
  • Hit OK as necessary.

If problems persist, continue with Your Personal Firewall..., and then Irregularities In Workgroup Visibility.

>> Top

Windows Explorer

One of the challenges involved in dealing with Microsoft Windows is describing the many objects in Windows - and some objects, though named, do not show a name when they are seen on your screen. Windows Explorer (not to be confused with Internet Explorer) is one of these objects.

Windows Explorer is the applet used to view objects, on your computer and on the network. Windows Explorer does not label itself as such, because its title bar will always reflect what objects it's displaying. A window labeled "My Computer", "My Documents", or "My Network Places", for instance, is an instance of Windows Explorer.

You can start Windows Explorer from any of several ways:


  • Windows Key + "e".
  • Right click on Start, and select "Explore".
  • Doubleclick on either of the "My Computer", "My Documents", or "My Network Places" desktop icons.

(Note): If your computer runs Windows Vista, don't confuse Windows Explorer (which is still a part of Vista, though with a different name) with the Vista Network Map. Both display network resources, though in different ways.

>> Top

Download Software Selectively

Usenet is a useful place to get advice for your technical issues. But accepting advice (which is validated by the other helpers in an open forum, constantly), and downloading software (which can't be easily validated by anybody, at all) are separate issues.

Bad advice, given in any trustable forum, does not remain undisputed very long. The experienced helpers in serious forums know the consequences of allowing bad advice to be given, and not contested. All regular helpers, in any forum, both actively and passively validate the advice given by the others. Software, from an unknown server, can't be validated by the helpers so easily.

Don't see where this is going? Checkout the DSLR Forums discussion Is your PC a drug mule?. In it, one of the posters, who signs himself as B, points out


I've always thought one would have to be a little crazy to trust executable software obtained via those channels. Movies and sounds, sure, but binary code? I don't think so. For all anyone knows those warez Photoshop installations have some nifty sleeping trojans.

This is a valid concern. If I were a bad guy, and wanted to spread my code to thousands of computers easily, I'd get some popular software, patch it with my bad code, and stick it on my server. Then, I'd log in to a help forum somewhere, and when a pigeon asked for help, I'd tell him to download my software. Quite likely, more than the pigeon would read my post, and hundreds of folks would download, and install, my bad software.

This is a lot easier than finding, and exploiting a weakness in network software. Get the pigeons to do the work for you. It's essentially the same strategy which leads to the devlopment of botnets.

So if I tell you to download some free software, like Filemon, Regmon, and Process Explorer (as an example), why should you trust me?

Whenever anybody tells you to download binary code (ie, software) from an unknown web address, do some research first.

  • Checkout the forum where you see the recommendation for the software in question. Don't accept advice only given in dodgy forums.
  • Checkout the link to the software. Google or Yahoo for previous references to the title. See if there are any complaints, or mentions in malware forums, about the link. See if any complimentary comments about that website were made by anybody. NEVER download software, even if it has a good reputation, from a dodgy or unknown website.
  • Checkout the person recommending the software. Checkout prior posts, and coorelate them. See if there are any other posts by the same person, where that person was busted for giving bad advice. Make sure there ARE prior posts by that person - and check prior posts for a match in style and content. See if any complimentary comments about that person were made by others. Don't download software that's only recommended by dodgy or unknown persons.
  • Checkout the software itself, by title. Again, Google or Yahoo. See if there are any complaints, or mentions in malware forums, about the title. See if any complimentary comments about that product were made by anybody. Don't download dodgy software.

My theory is that serious recommendations, by trusted helpers, in serious forums, probably points to safe software. If I see something mentioned in alt.comp.freeware, on the other hand, I consider the software itself, but I research before downloading.

In some cases, an AntiTrojan and AntiVirus scan of anything downloaded, before installing, is a good idea too. Since you'd be doing a one-time scan of an individual file, even an online multi vendor scan would not be a needless precaution. Better an hour wasted researching, before installing software, than a couple days wasted diagnosing a damaged system or network.

How To Not Be Seen



Caption on screen: 'HM GOVERNMENT, PUBLIC SERVICE FILM NO. 42 PARA 6. "HOW NOT TO BE SEEN"�

Cut to a wide-angle shot of hedgerows, fields and trees.

VOICE OVER (John Cleese): In this picture there are forty people. None of them can be seen. In this film we hope to show you how not to be seen.

VOICE OVER: In this film we hope to show how not to be seen. This is Mr. E.R. Bradshaw of Napier Court, Black Lion Road London SE5. He can not be seen. Now I am going to ask him to stand up. Mr. Bradshaw will you stand up please

In the distance Mr Bradshaw stands up. There is a loud gunshot as Mr Bradshaw is shot in the stomach. He crumples to the ground.

VOICE OVER: This demonstrates the value of not being seen.




Cut to another location - an empty area of scrubland.

VOICE OVER: In this picture we cannot see Mrs. B.J. Smegma of 13, The Crescent, Belmont. Mrs Smegma will you stand up please.

To the right of the area Mrs Smegma stands up. A gunshot rings out, and Mrs. Smegma leaps into the air, and falls to the ground dead.






Cut to another area, however this time there is a bush in the middle.

VOICE OVER: This is Mr Nesbitt of Harlow New Town. Mr Nesbitt would you stand up please. (after a pause - nothing happens) Mr Nesbitt has learnt the value of not being seen. However he has chosen a very obvious piece of cover.

The bush explodes and we hear a muffled scream.






Cut to another scene with three bushes.

VOICE OVER: Mr. E.V. Lambert of Homeleigh, The Burrows, Oswestry, has presented us with a poser. We do not know which bush he is behind, but we can soon find out.






The left-hand bush explodes, then the right-hand bush explodes, and then finally the middle bush explodes. There is a muffled scream.

VOICE OVER: Yes it was the middle one.


Cut to a shot of a farmland area with a water butt, a wall, a pile of leaves, a bushy tree, a parked car, and lots of bushes in the distance.

VOICE OVER: Mr Ken Andrews, of Leighton Road, Slough has concealed himself extremely well. He could be almost anywhere. He could be behind the wall, inside the water barrel, beneath a pile of leaves, up in the tree, squatting down behind the car, concealed in a hollow, or crouched behind any one of a hundred bushes. However we happen to know he's in the water barrel.

The water barrel just blows up in a huge explosion. Cut to a panning shot from the beach huts to beach across the sea.

VOICE OVER: Mr. and Mrs. Watson of Ivy Cottage, Worplesdon Road, Hull, chose a very cunning way of not being seen. When we called at their house, we found that they had gone away on two weeks holiday. They had not left any forwarding address, and they had bolted and barred the house to prevent us from getting in. However a neighbour told us where they were.

The camera pans around and stops on a obvious looking hut, which blows up. Cut to a house with a Gumby standing out front.

VOICE OVER: And here is the neighbour (he blows up, leaving just his boots. Cut to a shack in the desert) Here is where he lived (shack blows up - cut to a building) And this is where Lord Langdon lived who refused to speak to us (it blows up). so did the gentleman who lived here....(shot of a house - it blows up) and here.....(another building blows up) and of course here.....(a series of various atom and hydrogen bomb explosions.)

Links

These are links to websites of my friends, and some of my personal activities.


  • The American Red Cross wants to help you to be prepared for disasters.
  • Budowzone is information on how to keep your system running smooth, and to help with Windows security.
  • Chuck's Kitchen is a small, but growing, collection of my favourite recipes. If you come checkout my church, you may get to try one. I'm a Methodist, and Methodists love to cook.
  • Chuck's Miscellaneous Musings are Miscellaneous Thoughts About Local and World Events and Trends, from a techie viewpoint.
  • Crooked Spire is a Celtic music band, that performs in the Bay Area.
  • HowFunky is a place with useless technical content, from an MVP that lives in my area.
  • Jeffrey�s Ruminations is The Thoughts and Musings of Jeffrey Randow, another Networking MVP, about Networking.
  • Martinez Music Forum Gift to the Community was a joyful celebration of the Christmas season, including both secular and spiritual music, including both Crooked Spire and Martinez UMC Choirs. We'll have more during the year - so watch this space!
  • Martinez United Methodist Church is a small yet very active community church, in the East Bay suburbs of San Francisco CA. Drop by sometime, if you're in the area.
  • Mom's Trip To Russia is a pair of blogs - mine and Mom's - about my Mom's trip to Pytagorsk, Russia as a member of a VIM team.
  • MoonLake CyberSmiths WebHosting is a business part owned by a friend at DSLR Forums, and a possible future MVP.
  • Nitecruzr As A Hacker is a rambling tale of my college years, including one very memorable episode where I might have been expelled but for some fortunate circumstances.
  • Nitecruzr Miscellaneous Musings are miscellaneous musings from a techie perspective.
  • Pacific IT Pros, previously known as the San Francisco Networking Technologies Users Group, SFNTUG, is an independent non-profit organization for IT Professionals.
  • The Sounds Of Words is a revolutionary process for teaching reading, to students with special needs, developed by my sister.
  • Where's George? is an intriguing study into where that dollar bill in your pocket has been, and wondering where it will go next. It's free, and fun.


>> Top

Protect Yourself - Restrict Your Privileges

One of the advantages of having your own computer is all the things that you can do with it. From surfing the web, and holding instant audio / video conferences with friends and family, to paying your bills and maintaining data used in your various hobbies, your computer lets you do marvelous things.

Unfortunately, what your computer can do, the bad guys can use, if you don't stop them. Would you want unknown persons having access to lists of your bank accounts? Would you want unkown persons having the ability to create files and folders on your system, without you knowing about them? How about if somebody were to encrypt the contents of your system, and provide the ability for YOU to use what's on YOUR computer, only after you pay them?

Back when the web was just getting started, a browser (like Internet Explorer) was used to display text documents, that used hypertext to reference other documents. Then somebody added the ability to display pictures. Every web page needs at least a picture or two - look at the upper right portion of this windows - do you see the MVP logo? That's a picture (and one that I'm pretty proud of too). Click on the logo, and you can see my picture too.

Unfortunately, with every ability given to your browser, comes the ability of the bad guys to use that ability against you.

Are you using Internet Explorer right now? Download one of the absolutely neatest utilities that you can get for Windows NT based (NT, 2000, 2003, XP) operating systems. Process Explorer will tell you 100 times as many details as the native Windows Task Manager will. Process Explorer is free, and does not require any installation process - just drop it into an available folder. Please don't drop it into the root of C:, or anywhere into the C:\Windows structure - create a folder for it, such as "C:\Utilities", or "C:\Program Files\Process Explorer".

Now Process Explorer, and other utilities like it, is provided to us by SysInternals and Mark Russinovich, the guy who caught Sony with their pants down. You can trust anything from SysInternals (my professional opinion anyway). And you can trust anything else that I tell you about - really. I don't recommend any products - free or otherwise - that I don't use myself. But please don't indiscriminately download software from the web.

So, did you just download Process Explorer? Did you do that using Internet Explorer? If so, you used a scripting program known as ActiveX. That window, like a small Windows Explorer, that popped up asking you where to put the file being downloaded is written in ActiveX. A lot of small programs (we call them applets generally) are written in ActiveX. Unfortunately, the mini-Explorer applet, like most ActiveX scripts, can be used by you locally, or thru your browser.

What happens if you surf to Hackerz-R-Us, and download one of the games there? Do it using Internet Explorer, and you may find yourself Owned. An ActiveX script that has system level capabilities, and can be called from your browser, has enormous potential to do you harm.

Having said that, it would NOT be in your interest, even if you could, to delete the ActiveX libraries. Nor can you even remove ActiveX totally from Internet Explorer. Windows Update, which you absolutely better use regularly, depends upon ActiveX to update your system.

Short of something stupid, you can do several things.



Use The Browser As A Restricted User
Knowing that Internet Explorer would be essential to your using Windows, Microsoft built into it the ability for you to designate some websites (such as WindowsUpdate) as absolutely trustworthy, and others (such as Hackerz-R-Us) as absolutely untrustworthy. And you can disable ActiveX, and other dangerous browser features, for untrusted websites.

One of the best known security experts on the web, Eric Howes, explains how to do this, and provides a regularly updated database of known dangerous websites.

Don't Surf To Dangerous Websites
Right. Do't go there. Stay away from http://www.hackerzrus.org! Unfortunately, this may not be an effective strategy. A DNS hijack, whether local (using your Hosts file), or networked (using your DNS server), could redirect traffic for windowsupdate.microsoft.com to www.hackerzrus.org.

Use The Computer As A Restricted User
How often do you install software? Most useful software requires you to close all open applications, and / or forces you to restart the system after installing. If you're like me, you install once / day, or once / week.

So why should you login to your computer as an adminstrator routinely? If you do all of your web surfing as a non-adminstrator, and you accidentally (yeah right) surf to http://www.hackerzrus.org, don't run any scripts there. View the pictures, and read the text, just don't run any of their programs.

But what if you surf to a malicious website, but one with a benevolent name? How about http://www.sys1nternals.com?

One of the best ways to protect yourself is to NOT use Internet Explorer, by policy, except when doing Windows Updates. When you're surfing the web, sign in as a user, and a user with non-adminstrative privilege.

Aaron Margosis, a Microsoft security expert, has a very dynamic blog discussing the pros and cons of running with limited privilege. And Derek Melber, of WindowsSecurity, has Using Dual Accounts for Administrators.

Sys1nternals

This could be a website with malicious content. You never know.

As I say separately, in my professional opinion, you can trust anything provided by http://www.sysinternals.com. SysInternals has been providing powerful, and free, system utilities for years. But, as you become well known, you need to watch out for imitators. I would not be surprised to hear, one day, of the bad guys registering domain Sys1nternals, and providing malware to anybody surfing to http://www.sys1nternals.com.

So be careful, and anytime you see a web site address, check it carefully for intentional misspellings like this.

Hackerz-R-Us

This summary is not available. Please click here to view the post.

Lost Ability To Create New Network Connections

When you use the Windows XP System Restore, you have to remember not to restore to a state preserved before a major system update. You can cause major problems, if you try a scenario like:


  1. Upgrade XP to SP2.
  2. Attempt System Restore to a point before the SP2 upgrade.

One of the known consequences of the above scenario is loss of functionality in the New Network Connections wizard. You might observe any of these symptoms:

  • One or more of the selections in the New Connection Wizard may be grayed out (unavailable).
  • The Network Connections folder may be empty.
  • You may receive an error like

    Cannot load Remote Access Connection Manager. Error 711.


When this happens, the only valid recovery is to reapply SP2. After that, you will have to rerun Windows Update, and reapply all upgrades applicable after that procedure.

But what if this isn't the case? What if SP2 wasn't recently applied, or if a system restore to a point before the SP2 upgrade wasn't done? There is one thing you can check. The Remote Access Auto Connection Manager, and Remote Access Connection Manager, services must both be running. If you have this problem, check the Services Wizard, and make sure that those services, and all those that they depend upon, are running (Started and Automatic).

For more information, see these Microsoft articles.

Virtual Memory and The Thing King

Are you somewhat confused by virtual systems? Do you understand them but have a hard time explaining how they work? Then the following explanation, developed by Jeff Berryman, a Systems Programmer at the University of British Columbia (UBC) Computer Center, and originally published in the UBC Computer Center Newsletter, may help.

THE PAGING GAME
Rules


  1. Each player gets several million things.
  2. Things are kept in crates that hold 2048 things each. Things in the same crate are called crate-mates.
  3. Crates are stored either in the workshop or warehouse. The workshop is almost always too small to hold all the crates.
  4. There is only one workshop but there may be several warehouses. Everybody shares them.
  5. Each thing has its own thing number.
  6. What you do with a thing is to zark it. Everybody takes turns zarking.
  7. You can only zark your things, not anybody else's.
  8. Things can only be zarked when they are in the workshop.
  9. Only the Thing King knows whether a thing is in the workshop or in a warehouse.
  10. The longer a thing goes without being zarked, the grubbier it is said to become.
  11. The way you get things is to ask the Thing King. He only gives out things in multiples of eight. This is to keep the royal overhead down.
  12. The way you zark a thing is to give it thing number. If you give the number of a thing that happens to be in a workshop it gets zarked right away. If it is in a warehouse, the Thing King packs the crate containing your thing back into the workshop. If there is no room in the workshop, he first finds the grubbiest crate in the workshop, whether it be yours or somebody else's, and packs it off with all its crate-mates to a warehouse. In its place he puts the crate containing your thing. Your thing then gets zarked and you never knew that it wasn't in the workshop all along.
  13. Each player's stock of things have the same numbers as everybody else's. The Thing King always knows who owns what thing and whose turn it is, so you can't ever accidentally zark somebody else's thing even if it has the same number as one of yours. (VS/2)

Notes

  1. Traditionally, the Thing King sits at a large, segmented table and is attended to by pages (the so-called "table pages") whose job it is to help the king remember where all the things are and who they belong to.
  2. One consequence of Rule 13 is that everybody's thing numbers will be similar from game to game, regardless of the number of players.
  3. The Thing King has a few things of his own, some of which move back and forth between workshop and warehouse just like anybody else's, but some of which are just too heavy to move out of the workshop.
  4. With the given set of rules, oft-zarked things tend to get kept mostly in the workshop while little-zarked things stay mostly in a warehouse. This is efficient stock control.
  5. Sometimes even the warehouses get full. The Thing King then has to start piling things on the dump out back. This makes the game slower because it takes a long time to get things off the dump when they are needed in the workshop. A forthcoming change in the rules will allow the Thing King to select the grubbiest things in the warehouses and send them to the dump in his spare time, thus keeping the warehouses from getting too full. This means that the most infrequently-zarked things will end up in the dump so the Thing King won't have to get things from the dump so often. This should speed up the game when there are a lot of players and the warehouses are getting full. (Not applicable to VS/1)

LONG LIVE THE THING KING

---------------------------------------------------
Dr. Michael R. Williams
Editor-in-Chief, Annals of the History of Computing
Department of Computer Science
University of Calgary
Calgary, Alberta

Don't Lose Sight Of The Mission

This army officer didn't, but you have to read the whole letter.


Gentlemen,

Whilst marching from Portugal to a position which commands the approach to Madrid and the French forces, my officers have been diligently complying with your requests which have been sent by H.M. ship from London to Lisbon and thence by dispatch to our headquarters.

We have enumerated our saddles, bridles, tents and tent poles, and all manner of sundry items for which His Majesty's Government holds me accountable. I have dispatched reports on the character, wit, and spleen of every officer. Each item and every farthing has been accounted for, with two regrettable exceptions for which I beg your indulgence.

Unfortunately the sum of one shilling and ninepence remains unaccounted for in one infantry battalion's petty cash and there has been a hideous confusion as the the number of jars of raspberry jam issued to one cavalry regiment during a sandstorm in western Spain. This reprehensible carelessness may be related to the pressure of circumstance, since we are war with France, a fact which may come as a bit of a surprise to you gentlemen in Whitehall.

This brings me to my present purpose, which is to request elucidation of my instructions from His Majesty's Government so that I may better understand why I am dragging an army over these barren plains. I construe that perforce it must be one of two alternative duties, as given below. I shall pursue either one with the best of my ability, but I cannot do both:

  1. To train an army of uniformed British clerks in Spain for the benefit of the accountants and copy-boys in London or perchance:
  2. To see to it that the forces of Napoleon are driven out of Spain.

-- Duke of Wellington, to the British Foreign Office,
London, 1812

Windows XP - Which Edition Should I Choose?

The choice of whether to choose Windows XP Home or Professional, or any other edition, or any similar edition of Windows Vista, varies - and not always strictly according to network environment, or to intended use. Many small businesses can get by quite well with XP Home, yet many professionals wouldn't have anything less than XP Pro in their home LAN.

Based on help requests, I'd guess that the most relevant distinctions, between the various editions of XP are:

  • Choice of file sharing. A computer running XP Home will only use Simple File Sharing.
  • Domain membership. A computer running XP Home cannot join a domain.
  • Number of simultaneous incoming connections. XP Home limits you to 5 simultaneous incoming connections, while XP Pro will limit you to 10.
  • Remote access to the desktop. XP Pro provides Remote Desktop, which integrates tightly into the Windows structure. For XP Home, and for other operating systems, you will need VNC, or a similar product.
  • Remote access to the operating system. A computer running XP or Vista Home can't be managed remotely, nor can its problems be diagnosed remotely.
  • Token based access. A computer running XP Pro will use token based access. You'll authenticate once (possibly automatically) to a server, the client will setup a token, and use that token in the future. With XP Home, you'll authenticate each time that you create a connection to a server.


As always, Your Mileage May Vary.

NOTE: There is a third, odd member of the Windows XP trio. XP Media Center Edition has the XP Pro kernel. The early versions of MCE had all of the functionality of XP Pro, plus the multimedia capabilities. Starting with the 2005 version, XP MCE (KB887212): lost the ability to join a domain, though it still has many other components of XP Pro.

If you have a computer with either XP Home or XP MCE 2005, and you need it to access domain resources, please read File Sharing Under Windows XP - Windows XP In A Domain.

If you want to make a detailed comparison, and look at other decision making possibilities, you may want to read additional articles:


Identify Your Edition Of Windows XP
  • Right click on My Computer.
  • Select Properties.
  • On the General tab, look under System:. If you have Windows XP, it will say either:
    • XP Home.
    • XP Media Center (which has the file sharing abilities of XP Professional).
    • XP Professional.
    • XP Tablet (which has the file sharing abilities of XP Professional).
    • XP Professional x64.


>> Top

Irregularities In Individual Share Accessibility

When I talk about strategies for diagnosing network problems, one of the principles that I recommend is Relational Pattern Analysis. Look for computers that have the same problem, and other computers that don't. When you have problems that can't be solved easily, when you use one of my troubleshooting guides like Irregularities In Workgroup Visibility, the larger your network, the better. You need computers that don't have the problem, and computers that do, so you can identify the common thread between each set of computers, and then identify the problem itself.

Sometimes, though, your problem may be more complex. Instead of all shared folders on your server being invisible or inaccesible, maybe some are accessible, but others aren't. Maybe only some are even visible. Now what do you do?

Visibility, and accessibility, of individual shared files and folders are controlled by Access Control Lists, or ACLs. The RestrictNullSessAccess setting can affect access to individual shares, if your server is authenticating with the Guest account.

The easiest way for your shares to differ in visibility is to have improperly differing ACLs. The easiest way to resolve this is to identify, and correct, the differences between the ACLs.

With Windows 2000, and Windows XP Pro, the solution here is simple. Edit the ACLs. Your can do this by the obvious (but more time consuming) way, by using the GUI in Windows Explorer. Or you can do this by the less obvious, but more efficient scriptable way of using CACLS. Both procedures are discussed in Server Access Authorisation techniques.

With Windows XP Home, you can't use the GUI in Windows Explorer. Windows XP Home, and Simple File Sharing, set all permissions the same (supposedly). They don't give you any way of changing any permissions, short of global settings where you identify each share, and allow (or disallow) network users to change the contents. With XP Home (or with XP Pro, if you prefer), you may use alternate Server Access Authorisation techniques.

But, having identified the above possibilities, and carefully read and followed all instructions, sometimes you still can't get things working just right. There are known problems which can't be solved by simple ACL editing.

If you want to provide a secure computer, one of the recommendations is to keep the operating system updated, religiously. Microsoft issues monthly operating system updates, with patches of varying criticality. In most cases, it is beneficial to apply all critical patches. In some cases, like yours, it isn't.

In this case, patch KB885250, as referenced in bulletin MS05-011, has been recently identified as the culprit in odd file sharing scenarios. The Microsoft article (KB895900): You cannot save a file from your Windows XP-based or Windows 2000-based computer..., and a subsequent article (KB896427): After you install security update 885250, both describe the symptoms of this problem. Symptoms caused by application of patch 885250 can, and have been known to, cause file sharing scenarios of varying complexity.

  • "Error = 5", aka "Access denied".
  • "Error = 58", aka "Bad network response".
  • Access to some folders, but not to others.
  • Apparently empty folders, when you know there are files in there.
  • "File not found".


In your case, there are 2 possible solutions:

The Static Route Table

Every networking device that uses or passes Internet Protocol traffic, and operates at OSI Layer 3 and above, uses a static route table. A static route table defines the networks, the destinations on those networks, and how the destinations can be reached.

To get the static route table for immediate examination, simply type "route print" into a command window.

If you want the data so it is easily compared between computers, you need to export the data into a text file.


  • Type "route print >c:\route.txt" (less the "") into a command window.
  • Then,

    • Type "notepad c:\route.txt" (less the "") into the same command window, for immediate examination.
    • Or, copy file c:\route.txt to another computer, for comparative examination.


Once you have the static route data in front of you, check out Joe Davies Understanding the IP Routing Table for details on how to interpret it, and to modify it.

Setting Up A WiFi LAN

Are you new to networking, or have you setup a few networks in the past? Networking looks really complicated (it can look that way), but it's basically just hooking up a few wires, and praying real well.

Setting up an Ethernet LAN is pretty simple, but it contains one annoying detail. With a wired LAN, unless the computer and router are right next to each other, you have to figure out how to locate the Ethernet cable that connects them. With a wired LAN, you have cables everywhere.

A WiFi LAN lets you remove the cables. With more work in the beginning, you're freer in the end. Without a simple physical cable, which you can see and touch, you have to setup a wireless connection, that you can't see or touch. But know, and understand, the limitations of WiFi.



Make It Easy For Yourself - Design The Installation Properly
Purchase The Right Equipment. You can setup a WiFi network without using a router / WiFi access point - this is called ad-hoc WiFi. But setting up an ad-hoc WiFi network is more complicated, and less secure, than an infrastructure (router / WAP based) network.

Plan The Installation
Read The Manual. Having carefully selected your WiFi Access Point / Router, and your WiFi Client Adapters, you hopefully spent some time acquainting yourself with their features. Now, spend some time perusing the guides and instruction manuals. Doing so is a good investment of your time.

Test As You Go. If this is the first time you've setup WiFi equipment, you may benefit from testing as you setup. Having 2 computers is a very good idea
  1. Connect one by Ethernet to the AP, and use it to make changes in the AP settings.
  2. Connect a second by WiFi, and use it to test the changes to the AP.
Having 1 computer, doing dual duty, can be done; but having 2 computers is a lot less stressful.

Stage The Installation. Setting up a WiFi LAN can be pretty stressful - it's 3 or 4 times as complicated as setting up an Ethernet LAN. If you plan, and setup in stages, you can reduce your stress level significantly.

Setup The Access Point / Router
You still need an Ethernet cable when you setup the access point / router. Whenever you make configuration changes to a router (wired or wireless), the router may have to restart itself. When that happens, you will lose connectivity. Reestablishing connectivity with a wired connection is bad enough; reestablishing a wireless connection in some cases (if, for instance, you get the WPA key wrong) will be impossible. Always connect by Ethernet, if not absolutely impossible, when making changes.

Even though you may have bought the router that afternoon, it may have been sitting in the store for a while, and the vendor may have issued firmware updates for it since it was shipped from the factory. Check with the vendor, and see if any firmware updates are available.

  • Setup your computer as a DHCP client.
  • Install an Access Point / NAT router, and give it power.
  • Connect an Ethernet cable to the router, and to your computer.
  • Power your computer up.
  • Connect your computer to the router thru your browser.
  • Install any available firmware updates to the router.
  • Make all the necessary IP and WiFi settings to the router.


NOTE: Most access points and routers, wired or wireless, will come with installation guides and configuration utilities, and some will offer to install software on your computer. If you plan your installation properly, no additional software should be necessary. Your Windows system has a browser, and that should be all the software that you need to connect to your access point or router. Don't install unnecessary software.

The changes to a WiFi access point / router include Internet Protocol settings (like a wired NAT router), and WiFi settings. WiFi settings include:

  • Connectivity settings.

    • Channel. You need a channel with no other devices within range, to get maximum bandwidth.

      • You can choose from any channel number 1 - 11 (in the USA). To minimise interference, and maximise satisfaction between WiFi neighbours, we choose between 3 non-overlapping channels 1, 6, and 11.



        Non Overlapping Channels
        Bottom ("1")
        Middle ("6")
        Top ("11")


      • With 802.11g-super, there is no channel choice. If a channel number is displayed, it will be "6", and be unselectable.
      • If there is any other network within range, using any channel which your router may use, you won't get maximum bandwidth. You will have to share the channel with your neighbor.

    • Interoperability. What standard will you use - 802.11b, 802.11b/g, 802.11g, or the newest (and currently not complete) 802.11n?

      • With 802.11b, you'll get a maximum bandwidth of 11M (half duplex).
      • With 802.11b/g (having a combination of 802.11b and 802.11g devices on your LAN), you will get between 11M and 54M (probably substantially less than 54M though). (Again, half duplex).
      • Only with 802.11g will you have a prayer of getting a full 54M (and that's with no 802.11b networks anywhere visible). (And still, half duplex).
      • If you have 2 802.11Super-G devices, from the same vendor, and no other WiFi devices are within range, you might be able to get 108M.
      • If you get 802.11n equipment, and have no other networks within range, you might get 108M or higher. This simply can't be objectively predicted, for any location, though.



  • Security settings.

    • Authentication. How will the wireless clients identify themselves to the router?
    • Encryption. How will the wireless clients keep your communications, between themselves and the router, private?
    • Logging. How will YOU know what is happening on your WiFi LAN?
    • Visibility. Hiding the SSID will not help you, and may hurt network performance. Setup a unique, yet not personally identifying SSID. If you have multiple APs, use the same SSID on each AP, to enable roaming by the clients.
    • The issue of Security is covered, in detail, in my article Setting Up A WiFi LAN? Please Protect Yourself!. Please note the above details.



Setup The Clients
Having made the necessary changes, you are free to turn the radio portion of the router on, and to setup the wireless clients. If your main computer also has a WiFi adapter, you can now remove the Ethernet cable between that computer and the router (but keep the cable handy for any future changes that you may make).

Setting up a wired LAN is simple - you connect the cables, things you can see and touch. With WiFi, you have the access point(s) out there - but you can't see or touch them. With WiFi, you setup the WiFi Client, which is a program provided by several vendors. Depending upon your setup, you may have any or all of these clients.

  • The computer manufacturer.
  • The WiFi adapter manufacturer.
  • Microsoft.
  • NetStumbler.

Before you install the WiFi adapter on your computer, check with the vendor, and see if any driver updates are available. This may include an update to the vendor's WiFi client.

Your access point can have only one WiFi Client managing it; having more than one Client active can cause conflicts. Conflicts can cause erratic performance, loss of connectivity, even the WiFi adapter may turn itself off. Know the possibilities, and only run one WiFi Manager at a time. If you choose to use the native Windows product - Wireless Zero Config aka WZC, consider applying the Wi-Fi Protected Access 2 / WPS IE (updated January 2007) update.

Each WiFi Client will present you with a list of visible access points. You choose, by signal strength, channels, and name, with which access points you wish to associate. The access points that you choose become your Preferred Access Points. The WiFi Client may periodically scan the spectrum for the strongest access point, and connect your computer to that access point. Note that this behaviour may be subject to SSID Visibility.

Any access points that you do not choose are still available for your use. Your WiFi Client probably has a selection to this effect - "Automatically connect to non-preferred networks", for instance, is a selection with the Windows Wireless Zero-Config Client. Make sure that this selection is not enabled automatically. You do not want your client to connect to your neighbors WLAN unexpectedly.

Some Clients also let you prioritise the preferred access points - so you make a list, then you order the list, from top (most preferred) to bottom (least preferred). Your client will then automatically connect you, at any time, to the more preferred access point that is available.

With any access point of interest, if it uses any authentication or encryption, you will have to enter the appropriate information. Your client will create a profile for that access point, and keep that profile available for the future. When you remove an access point from your preferred list, you will delete the profile. You will then have to re enter the profile information later.

Without the correct profile information, you cannot connect to the network provided by the access point. If your client tells you that you are connected (however strong the signal), but you have no IP configuration, check the profile. If in doubt, delete and re enter the profile.

Whenever you setup a WiFi client profile, make sure that you select the appropriate authentication options. Selecting 802.1x authentication, without the complete infrastructure, will cause problems.

When you setup the WiFi client, you'll be using the setup wizard provided by the vendor (or Microsoft). Understanding the above issues, and reading the instruction manual or guide for the WiFi equipment, is essential. See, for instance, Windows Cable Guy Windows XP Wireless Auto Configuration.

Tune The Wireless Setup
Having done the Initial Setup, and having Secured your WiFi LAN, you may want to tune the physical setup. Maximum bandwidth is based upon maximum signal strength. There are a few things that you can do, when installing the equipment, that will prevent you from getting maximum signal strength.

Having completed all of the above tasks, enjoy the freedom.

>> Top

Hidden Uninstall Wizards In Windows XP and 2000

Occasionally, you may need to remove an application from Windows, like Windows Messenger. Windows Messenger does come with an uninstall wizard, but the wizard is not normally accessible thru the Add / Remove Programs applet. First, you have to make the wizard visible.


  • Open folder "C:\Windows\inf", using Windows Explorer.
  • Locate and open file "sysoc.inf", using Notepad or another text editor. If "sysoc.inf" isn't visible, you'll need to configure Windows Explorer.

    • Select Tools - Folder Options.
    • On the View tab, under Advanced settings, enable "Show hidden files and folders".

  • With sysoc.inf open in Notepad, look for (in this example) "msmsgs".

    msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7

  • Change the substring ",hide," to ",,".

    msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,,7

  • Save the file, and close Notepad.
  • Restart Add / Remove Programs, and the previously hidden applet should be visible.

Now, just start the wizard. Soon, no more Windows Messenger.

Interactive Problem Resolution and Thread Length

When I work on a networking problem in person, I can generally ask the owner / primary user of the computer a few questions. Based upon the answers received (or not), and having the computers involved in front of me, I can frequently do some investigative testing, and arrive at a diagnosis.

When I work on a problem remotely, the diagnosis generally takes longer. Then, I must ask the Original Poster (OP) to perform simple tasks for me. Generally, even then, with results from the investigative processes made available to me in real time (as the diagnosis is being performed), I can ask for additional investigative tasks; with enough patience and persistence (from both of us), a diagnosis is not impossible.

When I work on a problem asynchronously and remotely, as is the general case when advising in online forums, this problem becomes a bit more challenging. Latency becomes a factor, as does distractions from other helpers. The longer the investigative process takes, there is more chance that another helper will contribute an alternate diagnosis, which sometimes contradicts or interferes with the investigation at hand.


  • Factors affecting me.

    • Distractions by other tasks, including $payjob.
    • Ignorance of the situation being investigated (which generally decreases, as the investigation continues).
    • Ignorance of the subject involved (I try not to let this become a factor, by trying to focus on subjects which I have experience in).
    • Latency between posts. The longer I have to wait, after posting advice, for the OP to respond, the less I remember about the situation. This leads to longer time for me to respond to subsequent posts by the OP, leading, in turn, to decreased attention by the OP.

  • Factors affecting the second party - ie the owner of the computer, or the Original Poster (OP).

    • Distractions by other helpers.
    • Distractions by other tasks, including $payjob.
    • Ignorance of my methodical diagnostic procedures.
    • Ignorance of the situation being investigated (which generally decreases, as the investigation continues).
    • Ignorance of the subject involved.

  • Factors affecting any third parties - ie additional helpers.

    • Distractions by other tasks, including $payjob.
    • Ignorance of my methodical diagnostic procedures.
    • Ignorance of the situation being investigated.
    • Ignorance of the subject involved.



Are you a fan of American baseball? Have you ever watched American baseball? It's more than a bunch of guys hitting a ball around, and another bunch of guys trying to keep the first bunch from hitting the ball too much. There's a lot of strategy there.

Have you ever watched the Infield players (defense team) preventing an Infield Hit? The batter hits the ball to the shortstop (or other infield player, such as pitcher, second baseman, or third baseman), who grabs it, tosses it to the first baseman, and the batter is out. Simple - no strategy - just do the best you can to get the batter out.

Wrong. I was once on a corporate softball team, and the manager of the team arranged for an ex-pro baseball player (retired) to give us a small bit of strategic instruction. Just that small procedure - batter to shortstop to first base - is a quadratic equation carried out in real life. Watch sometime.

The shortstop and first baseman act as a single, coordinated unit, and maximise the time allowed them, before the batter gets to first base. How many times have you seen that the batter hits the ball, the shortstop fields it, and gets it to the first baseman when the batter is merely a third of the way to first base? Not that many times, I'd bet.

  • If the batter hits the ball really hard, the shortstop may have to really scramble to even stop the ball. When he gets up, he has to really hurry to get the ball to first base, where the batter is almost there.

    Since the shortstop is taking a while to get the ball to first base, and since he will possibly not be in exact control (he's scrambling, remember), the first baseman is covering first base at a stretch, with his toe on the bag, and moving in an arc around the bag, from the home plate side, to the outfield side. This gives the shortstop a 10 foot target to aim for (watch the first baseman stretch sometimes, he can get a good 5 feet stretch from his toe to his glove).

    As the shortstop throws the ball, in a hurry and from an uncomfortable position, the first baseman notes whether he is throwing straight towards first base, or to its infield or outfield side, and moves in the stretch arc accordingly. Shortstop throws ball, first baseman moves quickly to position himself, catches the ball, batter out.

  • OK, let's say the batter hits the ball really hard, and the shortstop is properly positioned, to grab the ball without even moving. His positioning, before the ball was hit, is not random; but we leave that for another discussion.

    The shortstop now has the ball in his hand, and he's standing and ready to throw the ball. Does he throw it to the first baseman immediately? No, because he's waiting for the first baseman to get into position. He'll probably toss it into his glove, and grab it again to get a really good grip for throwing.

    While the shortstop is positioning the ball for an accurate and hard throw, the first baseman is getting into position. The shortstop throws the ball like a bullet, right to the first baseman, and the batter is out.

  • Now for the third possibility. The batter hits the ball really weakly, so it just rolls. The shortstop charges towards the ball, and grabs it farther infield. He'll probably charge it to the right of its path, so when he gets it in his hand, he'll be facing the first baseman. Again, he's positioned just right, and in control.

    This time, he has less time to throw (he had to charge towards the ball, and the batter is running). Since he charged towards the ball, and at an advantageous angle, he comes up with the ball ready to throw immediately, maybe even from a bare handed grab. The first baseman, having already gotten into position, is waiting. The shortstop throws the ball, the first baseman catches it, and the batter is out.


So I know you're asking yourself "So what the heck does this have to do with network problem resolution?".

Well, I'm like the shortstop. Or maybe the first baseman, or a combination.

  • If the ball comes quickly (as in a problem report from the OP, with lots of good detail), I have a good chance of giving a quick snappy (mysterious) answer as to what to do about the problem.
  • If the ball comes slowly (as in the OP posts simply "My computers don't network"), I take my time, and ask a few questions, to try and get to know the OP, and the network. This looks like nothing useful to the other helpers. So the longer I take in my diagnostic procedure, the more chance that another helper may come up with alternate advice, or sometimes a quick fix. The alternate advice may, or may not, resolve the problem.

    1. If the alternate advice resolves the problem, it may be a solution that I did not anticipate. In that case, I have just learned something, and I may include it in one of my diagnosis and troubleshooting articles.
    2. If the alternate advice resolves the problem, it may be a solution that I did anticipate, and may have been mentioned in one of the many articles that I ask for the OP to Please Read. But the second helper, in a shotgun approach, or instinctively, may offer the solution without any diagnosis. Oh well, that happens.
    3. If the alternate advice does not resolve the problem, it may create complications that make it harder to fix the problem. So I have to watch carefully what the other helpers are suggesting, and if they come up with a procedure that may be a problem, I have to convince the OP to avoid that advice.
    4. If I come up with lots of advice, or articles to Please Read, the OP has lots to do. If I provide too much advice in the beginning, I may waste the OPs time, and his eyes may glaze over and he will ignore my advice. If I don't provide enough advice, the other helpers, again, may get involved.
    5. If I take my time, and ask just the right questions, I can lead the OP thru the problem diagnosis, and he / she can diagnose, and correct, the problem on her / his own, or from reading my articles, and maybe learn a bit from all the reading.

    Either way, getting the problem diagnosed and resolved is like getting the batter out. Sometimes it happens, other times it doesn't. And sometimes, the shortstop throws past the first baseman, and the batter ends up on second base, or farther.

    But out or safe, there is a strategy in there. You just have to know that it's there, and play with it.