CHAOS MANOR MAILMail 128 November 20 - 26, 2000 |
||
CLICK ON THE BLIMP TO SEND MAIL TO ME The current page will always have the name currentmail.html and may be bookmarked. For previous weeks, go to the MAIL HOME PAGE. FOR THE CURRENT VIEW PAGE CLICK HERE If you are not paying for this place, click here... IF YOU SEND MAIL it may be published; if you want it private SAY SO AT THE TOP of the mail. I try to respect confidences, but there is only me, and this is Chaos Manor. If you want a mail address other than the one from which you sent the mail to appear, PUT THAT AT THE END OF THE LETTER as a signature. I try to answer mail, but mostly I can't get to all of it. I read it all, although not always the instant it comes in. I do have books to write too... I am reminded of H. P. Lovecraft who slowly starved to death while answering fan mail.
Search: type in string and press return.
or the freefind search
|
||
If you subscribed: If you didn't and haven't, why not? Highlights this week:
Search: type in string and press return.
|
||
This week: | Monday
November 20, 2000
We have a lot of mail in response to last week's inquiry about Virus Scan problems. The report as published is the only one I have seen with broad circulation, think it was on one of the Topica forums I first saw it. No problems in my experience, moot in any case with at least DAT file 4106 out. The engine 4.0.70 is months and months old and continues to be available. The 4 and 5 series software uses the same engine and DAT files for virus detection. I like the 4 series software for user interface which is another issue. Update to 5 series software may be the issue here. The 5 series software creates a logical disk on installation and backs up "essential" files to it. The reported problems may be with these or other pieces of the software. Similarly In Norton System Works System Doctor uses a lot of resources beyond the virus checking and is the default installation. Notice that Symantec too had problems reported by a writer who failed (no fault) to keep his on-line (Live) update current and later had the update process fail with annoying results. Too bad today's pace does not allow full regression testing before installation of even a DAT file. The lag between first report of a threat and local distribution has fallen to almost nothing. Clark Meyers I can more than confirm this--it dragged my 400+ person organization to its knees earlier this week. One prone to seeing conspiracies might have determined malice in McAfee releasing something this brutal during the week when the geeks were all guaranteed to be out of town at Comdex. Inadvertantly, I discovered how perfectly normal professionals and executives can become sniveling, foul-mouthed and basically irrational (as if yelling is going to make the problem solving happen faster--personally, I slow WAY DOWN when someone starts yelling at me). Sigh. ...cheers...KCL... Keith C. Langill Principal Engineer, Stellcom === Dear Jerry, You may already have more information on the problem reported in your mail: The fix is simple, and works: update to 4105 or later (4106 as of a few days ago). They seem to have nailed the problem. Regards, Fred Williams === Hi Dr. Pournelle, We seem to have the same problem here in the office. A PII 333 running Win98 never recovered from an update involving 4105. Beginning with the post-installation re-boot, the system will lock up during the boot. Sometimes starting in safe mode will work, usually not. We're unable to uninstall VirusScan, and cannot run 'zztop' (Dell's last resort to reset the computer to factory new condition. It would mean reloading anything not factory installed, but it would work.)Any suggestions from anyone, would be appreciated!
Marc H. Heller Product Manager ToCAD America, Inc. mheller_at_tocad.com www.tocad.com It is not clear to me whether you have tried the latest from MacAffee or other sources. I have not had the problem, and I am mostly reporting what readers tell me. I will add more to this discussion as I get it.
AND more on the QAZ Situation: Greetings Jerry, I just read your article about the QAZ virus and thought I might add something helpful (I think). I had the QAZ virus until my ISP e-mailed me about it. The only connection I have to the internet is through this dial up provider and I don't think I got the virus from email. I do though spend great amounts of time dialed online downloading newsgroups files. Right before I was notified about the virus I had just been online downloading a game for about 3 continuous days. I assume someone probed my machine and uploaded the virus like that since I do not have any type of firewall software. It is also possible that it was in one of the files I downloaded. By the way, I am using Norton Anti-Virus 2001 and it did not detect the virus until I did a full hard-drive scan, even with the latest definitions at the time. It did not detect it when it actually infected my machine. I hope this is informative and keep up the great work on BYTE. Miles Turney To which I can only say thanks for the information. I am sure that didn't happen to us. We seem to have got it from email. But perhaps not: I can think of one way it could have happened here. I'll have to look into that. Dear Jerry, With regards to Miles Turney's email about the QAZ worm, I can confirm that it can infect PCs directly. Not necessarily via email or downloads. In Summer I was running a single PC - no firewall - on a dial-up connection at our beach house. Two or three times while connected Viruscan popped up a window announcing that it had intercepted the QAZ worm. One of those times the PC was just sitting there idle while we were having supper. Incidentally, give Viruscan its due. It caught the bug before it did any damage at all. Once I was back home and firewalled: no more QAZ problems. On the subject of viruses and malicious code, does anybody know of a virus or worm which will wipe Netscape, Microsoft Office and MP3 files, among others, off a system while leaving Windows and Internet Explorer unharmed? It happened yesterday to somebody who was also running Macaffee and a program called Lockdown 2000. Other symptoms, possible unrelated, include the printer and webcam being disabled. David Cefai
Jerry, About a year ago I wrote to you about a problem with the Windows NT 4.0 registry, where it began to grow about 30 MB or more. Nothing that was suggested was able to reduce the size of the registry on my machine, other than a complete wipe and reinstall of Windows. I've been using Windows 2000 since it came out, and I'm running Service Pack 1, and this version of Windows is also experiencing an exploding registry problem. Currently, my registry is at 85,936 KB, is of type Local, and growing! This is the number that's reported from the "WinKey+Pause | User Profiles" tab. I guess it's getting close to the time where I have to wipe and reinstall, but yuck... -= Scott =- I couldn't figure out what file was growing without limit here, and I asked Bob Thompson to look into this. Here's what he says: This is not something I've experienced or even heard about before. Certainly, the registry grows as you use the system--adding software and so on--but I've never heard of one spiraling out of control like that. I suppose it could be caused by a virus or by a rogue piece of hardware, but I'm not really sure how. I did a quick search on the MS web site and couldn't find anything about this problem. The NT4 registry doesn't really exist as a file per se. When you use Regedit, you're getting a virtualized view of data that actually exists in several so-called "hives". The hives exist as actual files in the \winnt\system32\config folder, named system, software, Security, Sam, and so on. There are also backups of those files, with extensions like .alt and .sav. When you view or edit the NT4 registry, you're actually working with data pulled from multiple hives, arranged in a logical order and presented as a composite view. If what you're trying to do is edit the NT4 registry, use File->Run and then type either regedit or regedt32. The former is Win9X-like and offers global searching. The latter has poor searching but allows you to do stuff (like setting access control on registry keys) that regedit doesn't. Robert Bruce Thompson thompson@ttgnet.com For What It is Worth: When I look at the User Profile tab I see the size of the user profile not the registry. Has Scott looked at the Windows Root\Profiles directory to determine where the space is actually going? Two possible culprits are Internet related temporary files and cookies, or document files in the default personal and desktop directories. In addition, if he has many small files (as the cookies, shortcuts, etc.) tend to be, the file system overhead will be fierce. On my system 33MB of files takes up 120MB of actual disk space. -Steve For the resolution of this see below
Dr. Pournelle, Here's the latest (11/20/2000) from CERT on the QAZ Worm - no need to click anything to get this. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 5. QAZ Worm For several weeks, the CERT/CC saw an increase in the number of NETBIOS Session (139/tcp) probes and a corresponding increase in reports of QAZ infected machines. The QAZ worm scans networks for unprotected Windows Networking Shares similar to the behavior of the network.vbs worm disussed in IN-2000-02. When launched, the QAZ worm replaces the Notepad.exe file and modifies the registry to ensure that it is run when Windows restarts. This trojan also allows an intruder to upload files to the system, or execute any file on the system. Sites are encouraged to follow the advice in IN-2000-02 to secure Windows Networking Shares, and update anti-virus software definitions to prevent infection. CERT Incident Note IN-2000-02, Exploitation of Unprotected Windows Networking Shares http://www.cert.org/incident_notes/IN-2000-02.html Additional information about this virus can be found by visiting the sites listed on our Computer Virus Resources page. Computer Virus Resources http://www.cert.org/other_sources/viruses.html >>>>>>>> Don McArthur http://www.mcarthurweb.com Thanks!
|
This week: | Tuesday, November
21, 2000
Sir, Scott believed that the size of his "registry" was 30 MB and growing, but this is not correct. The number he saw by looking at "WinKey+Pause | User Profiles" was the size of his "user profile", not the registry. The size of any files in his "My Documents" folder would be included in this number and other applications keep per-user data in the user profile. As an example, Outlook keeps the .pst files in the user profile. So, the size of the user profile can be very large while the registry is still quite small. As an example, on my own Win2k system my user profile is 665MB but my registry is only 17MB. So Scott has nothing to worry about! John Sloan And the Final Denouement Steve got it right - I was interpreting the "System Properties | User Profiles" tab as the size of the registry. I knew that the registry was made up of hives, but I assumed (there the problem... right there) that the User Profiles tab indicated the "total size" of the registry including all the different hives. In fact, I had several extremely large database files in the My Documents directory, and when I deleted them, the size of my profile dropped to 6.8 MB, and I haven't cleaned out the rest of the junk in there, yet. So, chalk one up for the good guys! I was thinking I was going to have to wipe and reinstall Win2K, and that usually sets me back a week or more. Now I'm not going to have to do that, so I'm pretty happy. Hope you feel better! -= Scott =- Dear Mr. Pournelle: I've enjoyed your posts on IntellectualCapitol.com, but that e-zine seems to have declined since being acquired by SpeakOut.com. Is there another forum where your work and that of other former IC columnists can be found? Geoffrey E. Fagan Broadband Office Sales Engineer PS: I thought you might like to know that you are my favorite author (fave book = Oath of Fealty) and have strongly influenced my personal philosophy through you essays. If I realize any of my dreams in the fields of science or science fiction, I will owe my success in some measure to your inspiration. The new owners of IC have not invited me to participate; indeed I do not believe I have heard from them in any way. They have bought the non-exclusive right to the material I wrote for the previous magazine and are entitled to leave my stuff up. I have thought of asking them to take my name off the masthead, but that would be a fair amount of work for them, and would make it harder for those who want to find my past material to do so, so I have done nothing. I also don't read IC any more, but that's largely because I am not in it. As to where I should be doing those monthly formal essays on the state of the world I have not decided. One temptation is to write them up and send them email to subscribers as a kind of bonus. It will be an interesting test to see (1) how many subscribers read this and say something, and (2) how many new subscribers I get who cite this possibility as the reason for subscribing. To subscribe.
Following is from a subscriber. My reply is I fear a bit long, but that is my privilege: I'd appreciate the opportunity to rant from your soapbox. First an apology: to make my biases clear, I've always been what they call a "yellow dog" Democrat: i.e., given a choice between any Republican and a yellow dog, I'd pick the dog 10 times out of 10. This time I almost didn't do that. I finally voted for Gore in the (possibly vain) hope that four more years of the Drug Wars would be less damaging under him than under Bush. Beyond that, the differences between the two candidates' abilities to defend the interests of the Republic and the liberties of the people do not amount to the value of a can of cold spit, in my opinion. The general dearth of statesmanlike behavior from either since Election Day should suffice to prove that. No reasonable person can possibly maintain that their positions are not purely matters of political convenience, which would not be reversed if the shoe were on the other foot. Having said that, I believe that Bush is guilty of more despicable behavior that Gore. His policy has been to railroad the results on the pretext that the matter must be decided quickly. There are reasons why we have a delay of almost six weeks between the popular election and the voting by the Presidential electors. Surely one such reason is to allow for disputes about the selection of electors. Are there reasonable grounds for such a dispute in Florida? I believe the answer must be "yes." In fact, I argue that the result in Florida is a tie. Consider that an election is an insturment for measuring public opinion. Like all real insturments, its accuracy and precision are imperfect. How imperfect? I don't know, but I suspect that the precision is not better than two significant figures. If I'm right about that, the 0.16% difference between the two candidates' vote totals is rather less than a fifth as large as the smallest measurable victory margin. Now, with regard to the recounts, it should be observed that automated counting procedures are not the paragons of accuracy that James Baker would have us think. If the news organizations are to be believed, one could feed Palm Beach County's ballots through the machines however many times one wanted, never getting the same results twice. Again, there are reasons why the law allows for manual counting of ballots. One wonders, if the current circumstances don't justify a recount, what would? Not that I expect the recounts to give either side the 6,000 or so vote lead it would take to make measurable victory. Probably the fairest resolution at this point would be for the winner to be decided by a coin toss. n.b. It appears that military absentee ballots are not being rejected on narrow technical grounds. In particular, the absence of postmarks on ballots coming from military posts apparently is not being used as a pretext to reject them. Wade L. Scholine The news media have been making a point of saying that since the Democrats took a huge public popularity hit by excluding the military ballots, they have rescinded their decision. Those aren't my words, or even those of the only Republican newscaster I know. Whatever the reason, we can rejoice. Regarding hand recounts: most states have laws regarding partially punched ballots. In California as I understand it, one corner punched is NOT counted as a punch; two or three are. This is set by law beforehand, and is the criterion to be used in a hand recount. Given some explicit criterion such as that, a hand recount, while tedious, can be somewhat more accurate than simply running the ballots through the machine again. (Running them through the machine the first time probably got rid of the chads hanging by one corner anyway, so they'll be counted the second time.) It is when the rules keep changing that the matter seems unfair. When one party on election night sends fifty lawyers, each asking for a remedy more extreme than the last, and the counting rules change daily, that matters become serious. In every election I have been involved in -- and at one time I did campaign management so I have been through a few -- the results of a recount merely confirm what happened before. The winner wins a little bigger in precincts that he won in the first place. This is reasonable, and assumes equal intelligence among voters in both parties. If we assume that one party is more likely to make mistakes than the other, then it's possible that a new count will change things in that party's favor. The question then is how far do we go in trying to divine intentions? It may be obvious to some that a "dimpled" ballot is one that a voter intended to punch but did not; but the fact is that the voter did not punch that slot. He may have changed his mind. He may have been unable to follow instructions. Someone else may have "dimpled" the ballot, it being a lot easier to "dimple" one than to actually make a punch (assuming that one is being watched). What is not obvious to reasonable people is that this vote ought to count. It has become clear that on any set of rules that would have been agreed to before the election, there will not be enough votes to overcome Bush's lead. I know of no one, no one at all, who seriously proposed that "dimples" should be counted -- not even in the first day after the election was that proposed. It is not a rule that would have been agreed to before the election. As to the "butterfly ballot", that WAS agreed to by ALL parties BEFORE the election. This is unambiguous since it was designed by a Democrat and circulated among all parties, and samples were mailed to the voters. No one objected then, as no one objected when the same kind of ballot was used in other elections. Perhaps it is faulty and perhaps it should be changed, but the changes must be agreed to before an election, not in order to decide an election already held. And that, I think, is the rule to apply on "pregnant chad" and "dimpled chad" ballots. Most states have rules regarding hand counts, and while they differ over "one corner torn" -- California does not count them, some states do -- I think no legislature ever voted to count "dimpled chad"; and proposing to do that now, after two manual recounts failed to yield enough votes to give Mr. Gore a victory, will not be seen as fair by the losers, and probably not be seen as fair by the winners. And that is what is really at stake: a Republic can exist only so long as the losers are willing to lose and the winners to win. Mary Beard, widow of Charles Austin Beard, has written an little-noticed book on what happened to the Roman Republic. In her view -- and in mine -- the real collapse came when winning the Consulship and the title of First Citizen (Princeps) was equivalent to the mastery of the world. The losers were no longer safe from the winners. If one did not win, one had little to nothing. We have not yet come to that point; but we have made the office of President far too important in our domestic lives. We can live with conferring the mastery of the world on a President; it does not affect OUR lives. Whether the rest of the world will be content to let us do that without their getting a vote I cannot say. But we cannot continue to invest the President with extraordinary powers, with commanding an army of investigators who can use the machinery of justice to dig up dirt on political opponents, who can have a disgraced private detective in the White House with access to a thousand FBI files on most of the president's political opponents; who can with Executive Orders bankrupt half the firms in the land, who can encourage lawsuits and investigations, who wants and often gets the power for his agents to tap telephones without going to the telephone company so that the only people who have ever seen the warrant are -- the agents themselves. That is power that should not be given to ANYONE of ANY Party. But it has been given, and when the stakes get high enough the losers decline to lose the game, and will contest it by other rules. The danger of excluding the Army votes was that the Army might think itself deprived of a legitimate say in the outcome. The danger of having any great number of the populace believe that the government is no longer legitimate, but merely a regime like Fascism or National Socialism is extreme. I would be prepared to accept the outcome of this election if decided by any set of rules agreed to before the election. It looked for a while as if that were going to happen. Now I don't know. It may all be moot anyway: apparently the hand counts aren't producing the results Gore hoped for, while the absentee ballots did produce the results Bush hoped for. If so the question is moot, the election will be "close" but decided in a way consistent with what was agreed to before the election, and I think all will be well. Thank you for your letter. I doubt I will be saying much more on this subject.
|
This week: |
Wednesday,
Lying in.
|
This week: |
Thursday,
THANKSGIVING. God Save the United States and our honorable courts.
|
This week: |
Friday, November
24, 2000
|
This week: | Saturday,
|
This week: | Sunday,
I have been overwhelmed by something worse than a cold but perhaps not as bad as the flu. Mail accumulates. See next week.
|