I recently bought a computer magazine, it had an article I was interested in, so I decided, what the heck, let's buy this issue of this magazine. I paid $6.99 for it and I thought, well, look how thick it is, has to have a lot of information in it and I'll probably end up enjoying it because it is a computer related magazine, so what the heck, I mean, it's only $6.99.
I decide to read the magazine later, I was busy updating this webpage and a bunch of other webpages I'm the webmaster of, so I was busy, but finally I complete my work for the day and I settle down to read this article. It Was a very good article, 2 pages long, had some interesting information in it, but it only took me a few minutes to read. I turn my attention to the rest of the magazine, starting at page one, working my way through each page. It only took me about 30 minutes to read through what I thought to be a thick magazine with lots of content. I could have just thought, "You're a genius, who needs those speed reading courses," but I wasn't feeling that egotistical and I started to think back to what I read.
Page one, Table of Contents, Page 2 advertising, page 3 the beginning of a tech article, Page 4 another advertisement.....The light bulb went off...it wasn't the fact that I read fast or retained the information so quickly, I suddenly realized it wasn't my intellectual prowess at all, no, it was the fact that this thick magazine I paid for was just littered with advertising, in fact, there were as many pages of advertising as there were pages of information.
This "thick" magazine, suddenly started to look really thin to me, and that $6.99 I paid for it, suddenly started to seem like a lot of money. The few pages of content in this magazine wasn't even left completely alone, instead there was a series of small almost "banner" like ads on the pages that contained the stories. If you removed all the advertising from the magazine, set up the pages just with content, the magazine would have been about 10 pages long, instead of the whopping 203 pages it turned out to be. I paid $6.99 for 10 pages of content...it gets worst, trust me it does.
How does it get worst, well, this magazine was doing a review of hardware, the advertisers that were in the magazine were computer companies. It started to get me thinking about the honesty of the reviews. After all, if you were computer company would you promote in a magazine that said your computer was awful? Would this computer magazine bite the hand that feeds it? Well, these are all questions that came into my mind and suddenly the value of the 10 pages of content came into question for me. Did I just pay $6.99 for a biased 10 pages of content? Umm, lets go over why this is wrong:
• I paid for content not for advertising
• So much advertising biased the articles in the computer magazine - why would I trust someone's opinion on hardware or software when the advertisers are the very companies getting reviewed?
• The magazine is double-dipping, making the reader pay, making advertisers pay, they're getting paid twice for the same useless content.
I feel as if that $6.99 was thrown away, I could have given it away and I would have had a better feeling about it. The thing is, if that was a magazine that had 200 pages of content, I would have probably paid $10 maybe more for it, because it would have been worth it, but this, just was such an egregious example of someone trying to squeeze out as much money as they can for 10 pages of useless biased content!
From now on, I only stick to internet based information, you could find it all online and you can get it free at least. I can live with advertising on a webpage because I don't have to pay to get into the webpage, a win win situation there, but the second I start paying for something I don't want to see one ad!
Sunday, January 20, 2008
PC vs. Apple Computers
Apple makes some really good software, OS X has proven that, with its FreeBSD base giving it Unix stability, but still making it easy enough for the average person to use it...so you might ask, "Why does he hate Apple Computers?" Well, the plain and simple fact of the matter is this, when you buy a Mac, you're stuck with a Mac. Apple software always has to be married to Apple Hardware and for me, if I'm going to spend over a thousand dollars for a computer, I want to be able to run any damn operating system I want on it. Even if OS X can walk on water and turn water into wine, it doesn't stop me from wanting to try out new things, new operating systems, and I'll be damned if anyone limits me to just one choice in that area.
Often people confuse this debate as Apple Computers vs. Microsoft, and that's just not the case. When you own a pc you can pretty much run any flavor of operating system you want, from Microsoft to any number of distributions of Linux, to any number of Unix OS, and about any other crazy operating system that comes down the line, trust me, I should know, I've tried tons of them. To me, this is the way a computer should be, it shouldn't be dependent on one software package. If you pay for a computer it should be as flexible as it possible can be.
There is another thing, how many people build their own computers? I do, I know lots of my friends do, and why? Most of the times it's:
• Cheaper to build your own
• You can put quality parts in and customize to your liking
• If it breaks down you could fix it, you're not some gelatinous mass that's too scared to open the case.
• You can upgrade indefinitely, I should know, I used the same case for 4 motherboard upgrades.
Build an Apple Computer, go on, build one...I'm sure that there are some techies that could do it, but why would you want to go through the hassle of dual processors when Intel is putting out computer chips that blow anything Apple has out of the water.
It's a simple matter of choice...I want to be able to upgrade my computer on my own, not have a computer go out of date that I can only make a planter out of it later on. I've upgraded motherboards, processors, and I've always found it cheaper then buying new. With Apple you just can't build your computer, if you buy it and don't like the Apple OS, guess what, you're stuck with it.
Apple users are more loyal then pc users, well DUH, they have to be, because they can't go, OS X sucks, let me format this and use Win XP....oops, no, sorry you can't, because you're still stuck with an Apple hardware that only wants to run apple software.
If Apple stops its megalomania and creates an OS X that works on the PC, I'll completely retract this article...but I doubt those money grubbing, anal retentive, corporate weasels, will ever give up their choke hold on the mindless sheep that buy a Mac.
Lots of people complain about Microsoft and yes, they deserve to get slammed from time to time for their practices, but if I don't like MS, I ditch them and go Linux, or FreeBSD...I don't have to be loyal to Microsoft because my hardware isn't loyal to one company, unlike Apple Computers.
So, my basic statement here, OS X is a good OS, but they should put it out in a PC Version and set Mac users free of hardware restrictions. There are emulators out there, but why bother, if you hate Windows, get a pc and put Linux on it...trust me, just as good as OS X.
Ahh that rant felt good...enjoy :o)
Often people confuse this debate as Apple Computers vs. Microsoft, and that's just not the case. When you own a pc you can pretty much run any flavor of operating system you want, from Microsoft to any number of distributions of Linux, to any number of Unix OS, and about any other crazy operating system that comes down the line, trust me, I should know, I've tried tons of them. To me, this is the way a computer should be, it shouldn't be dependent on one software package. If you pay for a computer it should be as flexible as it possible can be.
There is another thing, how many people build their own computers? I do, I know lots of my friends do, and why? Most of the times it's:
• Cheaper to build your own
• You can put quality parts in and customize to your liking
• If it breaks down you could fix it, you're not some gelatinous mass that's too scared to open the case.
• You can upgrade indefinitely, I should know, I used the same case for 4 motherboard upgrades.
Build an Apple Computer, go on, build one...I'm sure that there are some techies that could do it, but why would you want to go through the hassle of dual processors when Intel is putting out computer chips that blow anything Apple has out of the water.
It's a simple matter of choice...I want to be able to upgrade my computer on my own, not have a computer go out of date that I can only make a planter out of it later on. I've upgraded motherboards, processors, and I've always found it cheaper then buying new. With Apple you just can't build your computer, if you buy it and don't like the Apple OS, guess what, you're stuck with it.
Apple users are more loyal then pc users, well DUH, they have to be, because they can't go, OS X sucks, let me format this and use Win XP....oops, no, sorry you can't, because you're still stuck with an Apple hardware that only wants to run apple software.
If Apple stops its megalomania and creates an OS X that works on the PC, I'll completely retract this article...but I doubt those money grubbing, anal retentive, corporate weasels, will ever give up their choke hold on the mindless sheep that buy a Mac.
Lots of people complain about Microsoft and yes, they deserve to get slammed from time to time for their practices, but if I don't like MS, I ditch them and go Linux, or FreeBSD...I don't have to be loyal to Microsoft because my hardware isn't loyal to one company, unlike Apple Computers.
So, my basic statement here, OS X is a good OS, but they should put it out in a PC Version and set Mac users free of hardware restrictions. There are emulators out there, but why bother, if you hate Windows, get a pc and put Linux on it...trust me, just as good as OS X.
Ahh that rant felt good...enjoy :o)
Security Tips and Tricks
I wanted to give a brief, yet hopefully informative, little guide on internet security and how to protect yourself online. There are four major areas that I'm going to cover:
1. Updating Windows
2. Firewalls
3. Antivirus Software
4. Email
Updating Windows is the first suggestion that I would have for you. When you installed your brand new Windows operating system they didn't have all the bugs worked out of it and they issue updates for your operating system. These updates will fix many of the security holes that were found in the original operating system. So, how do you go about updating your Windows? Go to http://windowsupdate.microsoft.com/ and click on the link that says product update to the left. Microsoft will quickly scan your computer, see what version of Windows you have and what patches you have missing. It will give you a long list of files that have to be updated and its a long tedious task to update, trust me, lots of installing, rebooting, going back to the website, getting the next element, etc. This however is the most important thing you can do to increase the security of your computer. These updates will fix known exploits or holes in your system. Trust me, they know about these holes in the system because hackers have found the holes and used them in various exploits. So Update! Update! Update!
Next suggestion is a firewall, with the ever increasing number of people with a broadband connection and 24/7 connectivity it becomes even more important that you put a firewall on you computer. Your computer has a series of ports that are either opened or closed to receive and send information onto the net. If someone attacks these ports with D.O.S. (Denial of Service) attack they can shut your connection to the net off, but that's not that bad, but they can also look at these open ports and find openings in your computer. This is serious because they can gather information on you, can look into you hard drive, and do all sorts of malicious activities. Go to the Firewall section of the website to download one of the free software programs there. They will make your computer even more safe then it was with the security updates you just completed.
The third and final suggestion is Antivirus software. Viruses can range in severity from something simple and annoying to viruses that will wipe your hard drive clean. So you need to get an Antivirus software program. AVG is a free virus scanner that works excellently at protecting your computer. Read more about the antivirus software at the Antivirus section of this website. Antivirus software will also help prevent Trojans from getting on you computer. Trojans allows a user to have remote access to your computer, yes, just like the trojan horse it sits on your computer waiting for the person that put it there to use it...so antivirus software will work wonders on your computer. Make sure you keep the virus definitions up to date! Also avoid downloading email attachments, downloading files from an untrustworthy site, and make sure you frequently scan you hard drive.
Email - No reputable place will ask for you to fill in your credit card information in an email, delete it or sending it to your ISP to point out this danger. If you get an email from EBAY or AOL or any other big company and there is this link in the email asking you to update your credit card info, don't do it, it's a scam, don't do it, they just make a webpage that looks like Ebay or AOL. This is a quick way to get your credit information stolen...so basically use some commonsense when you're reading your emails.
These four basic steps will secure your computer and make your time on the internet a pleasurable one and not a headache. Happy Safe Surfing!
1. Updating Windows
2. Firewalls
3. Antivirus Software
4. Email
Updating Windows is the first suggestion that I would have for you. When you installed your brand new Windows operating system they didn't have all the bugs worked out of it and they issue updates for your operating system. These updates will fix many of the security holes that were found in the original operating system. So, how do you go about updating your Windows? Go to http://windowsupdate.microsoft.com/ and click on the link that says product update to the left. Microsoft will quickly scan your computer, see what version of Windows you have and what patches you have missing. It will give you a long list of files that have to be updated and its a long tedious task to update, trust me, lots of installing, rebooting, going back to the website, getting the next element, etc. This however is the most important thing you can do to increase the security of your computer. These updates will fix known exploits or holes in your system. Trust me, they know about these holes in the system because hackers have found the holes and used them in various exploits. So Update! Update! Update!
Next suggestion is a firewall, with the ever increasing number of people with a broadband connection and 24/7 connectivity it becomes even more important that you put a firewall on you computer. Your computer has a series of ports that are either opened or closed to receive and send information onto the net. If someone attacks these ports with D.O.S. (Denial of Service) attack they can shut your connection to the net off, but that's not that bad, but they can also look at these open ports and find openings in your computer. This is serious because they can gather information on you, can look into you hard drive, and do all sorts of malicious activities. Go to the Firewall section of the website to download one of the free software programs there. They will make your computer even more safe then it was with the security updates you just completed.
The third and final suggestion is Antivirus software. Viruses can range in severity from something simple and annoying to viruses that will wipe your hard drive clean. So you need to get an Antivirus software program. AVG is a free virus scanner that works excellently at protecting your computer. Read more about the antivirus software at the Antivirus section of this website. Antivirus software will also help prevent Trojans from getting on you computer. Trojans allows a user to have remote access to your computer, yes, just like the trojan horse it sits on your computer waiting for the person that put it there to use it...so antivirus software will work wonders on your computer. Make sure you keep the virus definitions up to date! Also avoid downloading email attachments, downloading files from an untrustworthy site, and make sure you frequently scan you hard drive.
Email - No reputable place will ask for you to fill in your credit card information in an email, delete it or sending it to your ISP to point out this danger. If you get an email from EBAY or AOL or any other big company and there is this link in the email asking you to update your credit card info, don't do it, it's a scam, don't do it, they just make a webpage that looks like Ebay or AOL. This is a quick way to get your credit information stolen...so basically use some commonsense when you're reading your emails.
These four basic steps will secure your computer and make your time on the internet a pleasurable one and not a headache. Happy Safe Surfing!
Intalling CGI Scripts
For many new webmaster this is probably one of the most daunting tasks they'll need to do. Mainly because you're not used to the UNIX environment, but also because you have to edit some perl scripts to make the script work. Here are the basic things you need to install CGI-Scripts.
1. You need a web host that gives you a cgi-bin, most free hosting companies won't give you a cgi-bin because of security reasons. If you're on a free web host and you want to add things like a guestbook or message boards, I would suggest you use a service like www.bravenet.com they have codes that you just cut and paste. Good thing, it's easy, bad thing, it has advertising and it generally makes your page look a little less professional.
2. You'll need the script itself. You can download almost any cgi-script for free at www.cgi-resources.com this is where I go to get any scripts that I'll need for the websites I write.
3. You'll need a plain text editing program. If you're in a windows operating system Notepad would be fine to edit perl / cgi scripts. (Don't use Word, Wordpad or any other "rich text" type program, it will screw up the script).
4. You'll need an ftp program, this is a program that will upload your page to your server. I like WS_FTP Pro, you an use the lite version of this program, which is free, but this pro version offers more features and easier to use I think.
Okay, so that's what you'll need, now here is the important things you'll need to know about installing the scripts:
1. Always read the included installation instructions. All scripts come with a readme.txt file or some form of installation instructions. Read these carefully, because they'll tell you how and what you need to do for this script.
2. Knowing the perl path for your server. In all cgi scripts the script itself will need to know where the perl kernel is. In most cases the perl path is /usr/bin/perl and most people that write scripts will point it here, contact your web host if you're unsure of where the path to your perl kernel is
3. Make sure to upload the .cgi files to the cgi-bin on your server. Almost all the servers I've been on makes you upload your scripts to a separate folder called the cgi-bin. If you upload your script elsewhere it just won't work (note, on some servers they do allow you to put the cgi-scripts in any directory, but it's been my experience that most have the separate cgi-bin).
4. When uploading CGI, make sure that you upload it in ASCII, not BINARY, if you upload it in Binary the script will not work. Binary is for photos and regular pages, but for scripts you'll need to upload it in ASCII format.
5. Know the root to your cgi-bin and also the public_html files. Most of the times the path will look like /home/username/domain name/public_html and the root to your cgi-bin will look like /home/username/domain name/cgi-bin - Once again, you'll need to contact your web host if you're unsure. Also, some scripts will point to the cgi script by having the url and not the root, pay attention to what the script asks, because sometimes it will be the url where the script is located, like, http://www.yourdomain.com/cgi-bin/scriptname.cgi
6. Knowing your sendmail path. This is for scripts that will allow users to email or perhaps if the program emails you if someone posts messages etc. The send mail path is usually /usr/lib/sendmail once again, if you don't know contact your web host or check their FAQ, they usually give this information there.
7. Knowing how to chmod or set permissions to files and directories. All the scripts you download will tell you to set permissions to your scripts and files, you must do this! If they say to set the permission to a certain number, you must do so! If you don't, the script won't work! In the different ftp programs there are different ways to set permissions, usually most will have where you can right click on the file and there will be a permissions button or a chmod button and then you can set the permissions that way.
8. Contact your Web host if you have trouble...always remember that you're paying for a service and most places offer technical support, don't be too shy to ask for help, that's what technical support is there for and especially if you're paying for the service you should use the service as much as you can!
These are the basics you need to know, each script is different, some programmers really go out of their way to make the script easy to install, some programmers write great scripts but give lousy instructions, so, just try out some scripts, don't be scared of them, and don't give up on them, because the first few times, you'll almost always get errors, trust me, I should know!
One other thing, I found with my own webhosting company that they weren't that willing to give cgi help, I think that's sort of lame to tell you the truth. A company that offers services should be knowledgeable on such topics, but you often find tech support usually knows less than you and that you're on your own most of the times.
I've installed lots of scripts now and there are a few that I'll use over and over again because they're just so easy to install and really work great. If you want some help in this area I can point you to the easiest to install cgi-scripts, just tell me what your looking for or I'll write a tutorial on what scripts to use. Have fun, don't get frustrated, and don't give up, you'll get the hang of the cgi-scripts soon enough :o) If not, email me and I'll try and help out.
1. You need a web host that gives you a cgi-bin, most free hosting companies won't give you a cgi-bin because of security reasons. If you're on a free web host and you want to add things like a guestbook or message boards, I would suggest you use a service like www.bravenet.com they have codes that you just cut and paste. Good thing, it's easy, bad thing, it has advertising and it generally makes your page look a little less professional.
2. You'll need the script itself. You can download almost any cgi-script for free at www.cgi-resources.com this is where I go to get any scripts that I'll need for the websites I write.
3. You'll need a plain text editing program. If you're in a windows operating system Notepad would be fine to edit perl / cgi scripts. (Don't use Word, Wordpad or any other "rich text" type program, it will screw up the script).
4. You'll need an ftp program, this is a program that will upload your page to your server. I like WS_FTP Pro, you an use the lite version of this program, which is free, but this pro version offers more features and easier to use I think.
Okay, so that's what you'll need, now here is the important things you'll need to know about installing the scripts:
1. Always read the included installation instructions. All scripts come with a readme.txt file or some form of installation instructions. Read these carefully, because they'll tell you how and what you need to do for this script.
2. Knowing the perl path for your server. In all cgi scripts the script itself will need to know where the perl kernel is. In most cases the perl path is /usr/bin/perl and most people that write scripts will point it here, contact your web host if you're unsure of where the path to your perl kernel is
3. Make sure to upload the .cgi files to the cgi-bin on your server. Almost all the servers I've been on makes you upload your scripts to a separate folder called the cgi-bin. If you upload your script elsewhere it just won't work (note, on some servers they do allow you to put the cgi-scripts in any directory, but it's been my experience that most have the separate cgi-bin).
4. When uploading CGI, make sure that you upload it in ASCII, not BINARY, if you upload it in Binary the script will not work. Binary is for photos and regular pages, but for scripts you'll need to upload it in ASCII format.
5. Know the root to your cgi-bin and also the public_html files. Most of the times the path will look like /home/username/domain name/public_html and the root to your cgi-bin will look like /home/username/domain name/cgi-bin - Once again, you'll need to contact your web host if you're unsure. Also, some scripts will point to the cgi script by having the url and not the root, pay attention to what the script asks, because sometimes it will be the url where the script is located, like, http://www.yourdomain.com/cgi-bin/scriptname.cgi
6. Knowing your sendmail path. This is for scripts that will allow users to email or perhaps if the program emails you if someone posts messages etc. The send mail path is usually /usr/lib/sendmail once again, if you don't know contact your web host or check their FAQ, they usually give this information there.
7. Knowing how to chmod or set permissions to files and directories. All the scripts you download will tell you to set permissions to your scripts and files, you must do this! If they say to set the permission to a certain number, you must do so! If you don't, the script won't work! In the different ftp programs there are different ways to set permissions, usually most will have where you can right click on the file and there will be a permissions button or a chmod button and then you can set the permissions that way.
8. Contact your Web host if you have trouble...always remember that you're paying for a service and most places offer technical support, don't be too shy to ask for help, that's what technical support is there for and especially if you're paying for the service you should use the service as much as you can!
These are the basics you need to know, each script is different, some programmers really go out of their way to make the script easy to install, some programmers write great scripts but give lousy instructions, so, just try out some scripts, don't be scared of them, and don't give up on them, because the first few times, you'll almost always get errors, trust me, I should know!
One other thing, I found with my own webhosting company that they weren't that willing to give cgi help, I think that's sort of lame to tell you the truth. A company that offers services should be knowledgeable on such topics, but you often find tech support usually knows less than you and that you're on your own most of the times.
I've installed lots of scripts now and there are a few that I'll use over and over again because they're just so easy to install and really work great. If you want some help in this area I can point you to the easiest to install cgi-scripts, just tell me what your looking for or I'll write a tutorial on what scripts to use. Have fun, don't get frustrated, and don't give up, you'll get the hang of the cgi-scripts soon enough :o) If not, email me and I'll try and help out.
Protecting ur kids Online with Web Filters
You have kids, you have a computer with an internet connection, the two put together = trouble! I don't mean to understate this point, because when it comes down to it, you, the parents, are the the one that has to take responsibility for your children and what they view. I'm generally pretty harsh on parents that think that nothing can happen on the internet...while the internet feels "safe" because it's in your house, what bad thing could happen? Well, read the newspapers and see what can happen with the "safe" internet. If you're going to have a net connection you need to be responsible and make sure your kids are safe online. So, here are some programs that will help you monitor what your kids are up to:
iProtectyou - This is one of the best programs on the net at the moment to stop your kids from seeing objectionable material and unmonitored chat and email sessions. This program is FREE so download it. This program allows you to control which websites your kids are allowed to visit, which programs can have internet access, blocking email, chat, instant messages that would have objectionable words in it...it will also gather information about what your children are doing online...you can also set up a schedule when your child can be online. I just can't say how great of a program this is and if you're a parent and you want to help your kids be safe, this is the program for you. It is password protected, so as long as your kids don't have the password, they can't change the settings. Really, take responsibility for you children's online life. If I get enough requests I'll write a tutorial for this program that will show you the steps for setting this program up. You can download this program here http://www.softforyou.com/
We-Blocker - This is a very effective web filtering tool that will stop objectionable websites. It has some very nice features including multiple accounts so you can set up different settings for different age groups or different age groups. A very good web filtering tool, I still like iProtectyou a little more because you can limit access to certain programs and chatrooms, IM's, and other venues should be restricted...so this is good if you just want to filter web pages. You can download this program at http://www.we-blocker.com/index.php
AOL and MSN, and many other Internet service providers have some form of internet blocking and restricted zones you can set so you can limit the access of your children on the net. It will limit emails, IM's and things like that...but I think parents are too often drawn into a false sense of security with these settings...if you minimize AOL and open a browser like Mozilla the filters will be gone, and you know those kids will find ways around simple defenses.
In closing, the best way to make sure you kids are safe online is to surf with them...kids, especially young kids, shouldn't be left on the computer without parental supervision. If however you can't be with your kids while they surf, please download iProtectyou and make sure you set it up to block areas that would be dangerous for them. No matter how many laws the government passes to protect children, it will always be up to you, the parent to proactively protect your children.
Bash Shell Commands
Well, I've been dreading writing this section of the website because I don't feel like an "expert" in this area, but it's part of my online knowledge and I thought that maybe a newbie could help other newbies with Linux. With most of the current distributions of Linux you have an xwindow system that looks remarkably easy to understand...umm, but eventually you have to go to a shell...eventually...yes...you have to face the evil that is the command line. Now don't worry, this is okay, just breathe deep, there you go, keep breathing deeply, continue, come on, getting lightheaded yet? Soon you'll be in that state of euphoria where you'll be game enough to start putting in some commands.
Okay, it isn't that bad, the thing you have to do is remember back to the days of DOS and Microsoft and when you had to type in commands to get anything done. Basically that's the best way to describe it to Windows users. Okay, so you're at a terminal and you don't know any commands, here are a few (the list will expand as I learn more).
cd - this basically works like the old MSDOS command, this stands for Change Directory and basically you can change the directory your in with this command.
cp - this is the copy command. Basically you can use this command if you want to copy the contents of a file to some other place. Not so different from the Copy command in MSDOS. You can use this to copy the content to other folders, etc.
ls - This is the list command, very similar to the MSDOS Command Dir. Basically it lists all the contents in a directory or a folder. This had a bunch of wildcards you can add to it, like ls -l will list the file in it's long format... ls -a will allow you to see all the files in a directory including hidden files.
mkdir - This command will make a directory. The command would look something like mkdir testfolder and this would create a directory with the name testfolder.
mv - this stands for move...basically this allows you to move files from one directory to another or you can move it within the same folder.
rm - this stands for remove. This will allow you to delete files without confirmation. Okay a delete command, basically you can delete files but also important ones you didn't mean to delete, umm, well, yeah, okay you know how I know this fact.
rmdir - This will allow you to remove a directory, if you add rmdir -r the directory doesn't have to be empty before deleting it.
passwd - if you type in passwrd it will allow you to change your password. It will ask for you old one and then make you type in the new one twice...the password has to be at least 6 characters long.
Okay, this is it for now because I don't have my linux box open at the moment and I'm not exactly pleased with what I wrote here, hmm, okay so this tutorial is at best so so...I'll need to work on this more and get back to you. If there are any Linux pros out there that would like to write articles for this website, just drop me an email...trust me, I'm humble, I don't pretend to be anything but a newbie.
iProtectyou - This is one of the best programs on the net at the moment to stop your kids from seeing objectionable material and unmonitored chat and email sessions. This program is FREE so download it. This program allows you to control which websites your kids are allowed to visit, which programs can have internet access, blocking email, chat, instant messages that would have objectionable words in it...it will also gather information about what your children are doing online...you can also set up a schedule when your child can be online. I just can't say how great of a program this is and if you're a parent and you want to help your kids be safe, this is the program for you. It is password protected, so as long as your kids don't have the password, they can't change the settings. Really, take responsibility for you children's online life. If I get enough requests I'll write a tutorial for this program that will show you the steps for setting this program up. You can download this program here http://www.softforyou.com/
We-Blocker - This is a very effective web filtering tool that will stop objectionable websites. It has some very nice features including multiple accounts so you can set up different settings for different age groups or different age groups. A very good web filtering tool, I still like iProtectyou a little more because you can limit access to certain programs and chatrooms, IM's, and other venues should be restricted...so this is good if you just want to filter web pages. You can download this program at http://www.we-blocker.com/index.php
AOL and MSN, and many other Internet service providers have some form of internet blocking and restricted zones you can set so you can limit the access of your children on the net. It will limit emails, IM's and things like that...but I think parents are too often drawn into a false sense of security with these settings...if you minimize AOL and open a browser like Mozilla the filters will be gone, and you know those kids will find ways around simple defenses.
In closing, the best way to make sure you kids are safe online is to surf with them...kids, especially young kids, shouldn't be left on the computer without parental supervision. If however you can't be with your kids while they surf, please download iProtectyou and make sure you set it up to block areas that would be dangerous for them. No matter how many laws the government passes to protect children, it will always be up to you, the parent to proactively protect your children.
Bash Shell Commands
Well, I've been dreading writing this section of the website because I don't feel like an "expert" in this area, but it's part of my online knowledge and I thought that maybe a newbie could help other newbies with Linux. With most of the current distributions of Linux you have an xwindow system that looks remarkably easy to understand...umm, but eventually you have to go to a shell...eventually...yes...you have to face the evil that is the command line. Now don't worry, this is okay, just breathe deep, there you go, keep breathing deeply, continue, come on, getting lightheaded yet? Soon you'll be in that state of euphoria where you'll be game enough to start putting in some commands.
Okay, it isn't that bad, the thing you have to do is remember back to the days of DOS and Microsoft and when you had to type in commands to get anything done. Basically that's the best way to describe it to Windows users. Okay, so you're at a terminal and you don't know any commands, here are a few (the list will expand as I learn more).
cd - this basically works like the old MSDOS command, this stands for Change Directory and basically you can change the directory your in with this command.
cp - this is the copy command. Basically you can use this command if you want to copy the contents of a file to some other place. Not so different from the Copy command in MSDOS. You can use this to copy the content to other folders, etc.
ls - This is the list command, very similar to the MSDOS Command Dir. Basically it lists all the contents in a directory or a folder. This had a bunch of wildcards you can add to it, like ls -l will list the file in it's long format... ls -a will allow you to see all the files in a directory including hidden files.
mkdir - This command will make a directory. The command would look something like mkdir testfolder and this would create a directory with the name testfolder.
mv - this stands for move...basically this allows you to move files from one directory to another or you can move it within the same folder.
rm - this stands for remove. This will allow you to delete files without confirmation. Okay a delete command, basically you can delete files but also important ones you didn't mean to delete, umm, well, yeah, okay you know how I know this fact.
rmdir - This will allow you to remove a directory, if you add rmdir -r the directory doesn't have to be empty before deleting it.
passwd - if you type in passwrd it will allow you to change your password. It will ask for you old one and then make you type in the new one twice...the password has to be at least 6 characters long.
Okay, this is it for now because I don't have my linux box open at the moment and I'm not exactly pleased with what I wrote here, hmm, okay so this tutorial is at best so so...I'll need to work on this more and get back to you. If there are any Linux pros out there that would like to write articles for this website, just drop me an email...trust me, I'm humble, I don't pretend to be anything but a newbie.
Setting ur Home page
These steps are pretty similar for most of the browsers out there, I'll show you how to set your home page in Internet Explorer (this is the page the first opens up when you launch your browser), but basically you can find this option in the settings of all the browsers out there. Here is how to set your IE homepage.
First go to Tools and then Internet Options
The general tab will be where you would want to change the settings, in the Home Page section where it says Address: you can either fill in a web address that you want to have as a homepage or you can hit the Use Blank which will make no page load when you first open your browser.
In Mozilla and Netscape you would go to:
Edit ---->Preferences
Then go to the Navigator branch to the left and it will open up this display, you can either click Blank Page, Home page (that will be the page url listed where it says Home Page) or you can use the last page you visited.
There you have it, how to set your home page in IE and in Netscape and Mozilla.
First go to Tools and then Internet Options
The general tab will be where you would want to change the settings, in the Home Page section where it says Address: you can either fill in a web address that you want to have as a homepage or you can hit the Use Blank which will make no page load when you first open your browser.
In Mozilla and Netscape you would go to:
Edit ---->Preferences
Then go to the Navigator branch to the left and it will open up this display, you can either click Blank Page, Home page (that will be the page url listed where it says Home Page) or you can use the last page you visited.
There you have it, how to set your home page in IE and in Netscape and Mozilla.
The Great Browser Question – Which to use.
What is a browser? Simplest possible terms it's the program that allows you to surf web pages. For most people that use Windows their browser of choice is Internet Explorer, but why? Well, simple answer to that is that it comes built in with your Windows system and it's highly integrated (perhaps too much so) into the Windows operating system. For most people IE is just fine and you don't really need another browser, but did you know that there are other browsers out there? Did you know some of them have really cool features? Well, there is this brave new world of browsers out there and it's time that you take a look and test drive other browsers, after all, just because you have Windows doesn't mean that you have to use IE. Here is the breakdown of what's out there at the moment
Mozilla - Oh, you gotta love open source, it sometimes produces the best programs out there and Mozilla is a happy result of this open source community. So, let's do a brief little history on Mozilla...many years ago in a galaxy far far away there was a browser that competed with Dark Empire (also known as Microsoft)...this brave browser was called Netscape Navigator. Well, years of struggle, and finally Netscape on deaths door does something that few expected, it gave away its source code and made it open source and asked a band of rebels to take the challenge of making a better browser than IE...lo and behold MOZILLA was born...yes Mozilla, the first distribution of it basically made this loud thudding sound...oh god was it bad, but still it kept growing, getting better, and soon became THE BEST BROWSER. Yes, it's grown so big now that it will be stepping on Tokyo soon and the cries of, "Mozilla is coming, Mozilla is coming" will be dubbed with an out of sync English accent. Seriously though, Mozilla is faster than any browser out there, it meets almost all the internet standards perfectly, and it's a very stable browser. For my money it's the best value, oh and it's free, yes I mentioned that right? Yes, well it is free. You can download Mozilla here www.mozilla.org . Many Linux users will be familiar with this browser since it comes as standard fair in most of the Linux distributions now.
Internet Explorer - Okay, so, this is the one most people use. Internet Explorer has come a long way and it's in many ways one of the things Microsoft succeeded with by paying attention to the internet standards that are currently out there. I find that Internet Explorer meets many of the HTML, CSS, XML, ASP, PHP, and pretty much any other webpage standard you want to throw at it...why is this good? Well, it means that the webpage will be displayed as the author intended it to be displayed. So, it is a very good web browser, however, I find on older systems like Win 95, 98, ME, if you screw up your IE, you screw up your whole damn operating system. This is where IE is just too integrated into the operating system and this is where you could end up in a little bit of trouble.
Opera - The innovative little browser that could. What makes this browser interesting is the features it adds beyond the basics of web browsing. One thing I like is the popup blocker included in the program. Yes those annoying popup ads are bye bye and they stay that way. It's a small, relatively fast browser, and generally I like it. It is web compliant, umm, mostly compliant, okay so I have used it and gotten some funky looking pages from time to time. The Con's of this browser - It costs, umm, $30 the last time I checked...if you don't pay you can have a freeware version that's supported with advertising. It sort of makes me cringe to pay anything for a web browser, mainly because the best browser is free, but I can't fault Opera for wanting to make money, not every program can be open source. I think Opera will have it's market in Palm devices because of it's ability to render pages small and to still make them look like web pages. Give it a download here www.opera.com if you want to give it a try.
Avant - This is more of an add-on to Internet Explorer, so it won't get really that big of a write up. Originally it was called IE Opera, umm, yeah good name considering there was already a browser named Opera, but anyway, so they became Avant. Pluses about this browser, it has a very effective popup blocker and some quick mouse gesture things, so it's more of an add-on to IE and it does work rather nice, but, it's still basically Internet Explorer.
Netscape Navigator - I put this browser last, because, well, basically Mozilla and Netscape are indistinguishable at the moment. Netscape is basically Mozilla only they make you register to use the browser, which isn't that bad, but still it's basically Mozilla or is Mozilla basically Netscape. The line is getting blurred a bit. The positives about Netscape, well, I used them loyally for years, so I'll always have a bit of loyalty towards them. Second, I liked that they knew when they needed help and opened their source code. One other pro is that their email client that comes attached with the browser will accept AOL mail, so if you want an email client for you AOL account this is the way to go (AOL bought out Netscape a few years ago). Basically Netscape is Mozilla that you have to register to use...but still, it is a good browser and has some interesting integrations in it, like ICQ, AIM, etc.
So that's the list, did I miss some browsers, umm, yeah, probably I did, but I'll make this list longer as new browsers come out. Which browsers do I use, I like Mozilla, it is the fastest most stable...that would be my choice, but any of the browsers listed will do a good job, you just have to pick a browser that's best for you. Mozilla is coming...oops, sorry, I couldn't resist.
Mozilla - Oh, you gotta love open source, it sometimes produces the best programs out there and Mozilla is a happy result of this open source community. So, let's do a brief little history on Mozilla...many years ago in a galaxy far far away there was a browser that competed with Dark Empire (also known as Microsoft)...this brave browser was called Netscape Navigator. Well, years of struggle, and finally Netscape on deaths door does something that few expected, it gave away its source code and made it open source and asked a band of rebels to take the challenge of making a better browser than IE...lo and behold MOZILLA was born...yes Mozilla, the first distribution of it basically made this loud thudding sound...oh god was it bad, but still it kept growing, getting better, and soon became THE BEST BROWSER. Yes, it's grown so big now that it will be stepping on Tokyo soon and the cries of, "Mozilla is coming, Mozilla is coming" will be dubbed with an out of sync English accent. Seriously though, Mozilla is faster than any browser out there, it meets almost all the internet standards perfectly, and it's a very stable browser. For my money it's the best value, oh and it's free, yes I mentioned that right? Yes, well it is free. You can download Mozilla here www.mozilla.org . Many Linux users will be familiar with this browser since it comes as standard fair in most of the Linux distributions now.
Internet Explorer - Okay, so, this is the one most people use. Internet Explorer has come a long way and it's in many ways one of the things Microsoft succeeded with by paying attention to the internet standards that are currently out there. I find that Internet Explorer meets many of the HTML, CSS, XML, ASP, PHP, and pretty much any other webpage standard you want to throw at it...why is this good? Well, it means that the webpage will be displayed as the author intended it to be displayed. So, it is a very good web browser, however, I find on older systems like Win 95, 98, ME, if you screw up your IE, you screw up your whole damn operating system. This is where IE is just too integrated into the operating system and this is where you could end up in a little bit of trouble.
Opera - The innovative little browser that could. What makes this browser interesting is the features it adds beyond the basics of web browsing. One thing I like is the popup blocker included in the program. Yes those annoying popup ads are bye bye and they stay that way. It's a small, relatively fast browser, and generally I like it. It is web compliant, umm, mostly compliant, okay so I have used it and gotten some funky looking pages from time to time. The Con's of this browser - It costs, umm, $30 the last time I checked...if you don't pay you can have a freeware version that's supported with advertising. It sort of makes me cringe to pay anything for a web browser, mainly because the best browser is free, but I can't fault Opera for wanting to make money, not every program can be open source. I think Opera will have it's market in Palm devices because of it's ability to render pages small and to still make them look like web pages. Give it a download here www.opera.com if you want to give it a try.
Avant - This is more of an add-on to Internet Explorer, so it won't get really that big of a write up. Originally it was called IE Opera, umm, yeah good name considering there was already a browser named Opera, but anyway, so they became Avant. Pluses about this browser, it has a very effective popup blocker and some quick mouse gesture things, so it's more of an add-on to IE and it does work rather nice, but, it's still basically Internet Explorer.
Netscape Navigator - I put this browser last, because, well, basically Mozilla and Netscape are indistinguishable at the moment. Netscape is basically Mozilla only they make you register to use the browser, which isn't that bad, but still it's basically Mozilla or is Mozilla basically Netscape. The line is getting blurred a bit. The positives about Netscape, well, I used them loyally for years, so I'll always have a bit of loyalty towards them. Second, I liked that they knew when they needed help and opened their source code. One other pro is that their email client that comes attached with the browser will accept AOL mail, so if you want an email client for you AOL account this is the way to go (AOL bought out Netscape a few years ago). Basically Netscape is Mozilla that you have to register to use...but still, it is a good browser and has some interesting integrations in it, like ICQ, AIM, etc.
So that's the list, did I miss some browsers, umm, yeah, probably I did, but I'll make this list longer as new browsers come out. Which browsers do I use, I like Mozilla, it is the fastest most stable...that would be my choice, but any of the browsers listed will do a good job, you just have to pick a browser that's best for you. Mozilla is coming...oops, sorry, I couldn't resist.
Firewall Installation
Firewalls are important to prevent trojans, DOS attacks, and hackers from getting into your system. Read more about this in the Security Tips Section. At the moment there are lots of free downloadable firewalls, all of which will do a better job than the pre-installed Windows XP firewall. Which is the best? Which is the Easiest to Install? Which do I recommend? For years I used Tiny Personal Firewall, but I've switched to Sygate personal firewall and I think it's the best free firewall on the market at the moment. Many people use ZoneAlarm and originally this section was going to be a ZoneAlarm demonstration, but I had to weigh which one I found better and which one I would install on someone's computer if they asked me...the clear choice for me was Sygate's Personal Firewall. It runs like most firewalls, but I found it to be more stable than ZA, less of a resource hog, and while it gives up some things in the way of an easy display, it works effectively and doesn't crash on me, which I've had ZA do on more than one occasion. So, I'm going to recommend Sygate Firewall and give some brief instruction on how to install and operate it.
• First you need to download it here : Sygate Personal Firewall
• It will be a file named spf.exe, just double click this program and it will install and then reboot
• Once you reboot you'll have Sygate on your system as your firewall. They ask that you fill in a registration form, just do it, it's freeware, so I figure a free registration isn't that much to ask. (Note if you don't want mail, etc from them, use a free email account that you should have set up for internet things).
Now here are a few screens you'll have to become familiar with and that you should know what they mean. The way this firewall works is by asking you which programs you want to allow to have access to your computer. So for example:
This is the window that popped up when I opened my Mozilla Web Browser...the firewall basically asked, "Hey, stupid, do you want this program to have access to the internet" I wanted this program to have access so I clicked the "Remember my answer, and do not ask me again for this application" box and I hit Yes. By checking the box the firewall knew that his was an application that I would always want to allow internet access...so it created a rule that allows this program to always access the internet when I launch it.
During the first day of having a firewall, any firewall, you'll have to answer a number of these type questions, that's alright though, because the firewall will remember which applications you approve of and which you don't want to run. If you get a warning like the one above for a program you don't want accessing the net, you just click the box and hit NO and then a rule will be created to prevent that program from accessing the net.
The firewall will rest in your system tray near the clock on your taskbar and it's icon will look like this when you double click this icon in the system tray you'll open up the control panel for the program and that will look something like this:
There is lots of things you can do here but I'll give you a brief rundown of the most important functions:
• If you want to stop all internet traffic, basically meaning to shut off all the incoming and outgoing information, click Block All
• The Applications button basically will give you a list of applications that you've allowed to have access to the internet, in this section you can change the settings for particular applications. So if you accidentally blocked Internet Explorer you can go here to unblock it.
• The Logs button will give you a listing of the recorded attacks or traffic that happened to your computer...this is good if you want to look at a detailed report of what came in and out and what was blocked.
• Test button will take you to the Sygate website where you can have them scan your ports to see if this firewall is working. You can also go to www.grc.com and try the Shields Up Test...Steve Gibson runs this webpage and really does a good job in making people aware of security risks. I've run the leaktest from grc.com on this firewall and it passed...but you might want to try the leak test yourself.
• The cool looking graph thing, umm, is just a cool looking graph thing...just like a heart monitor shows the incoming and outgoing traffic in a blip blip blip type display. I have to prevent myself from screaming, "Oh my god, my computer has flatlined" umm, okay, sorry for the rambling thought.
• Running applications shows you what programs are currently accessing or trying to access the internet...as you can see I have IE and Mozilla running and I have Realplayer blocked, okay so, umm, I did that just as an example, but I hate realplayer so it was fun to block them.
• The "Show Message Console" shows you the messages that Sygate sent you...so for example if someone attacked my computer Sygate would say something like, "Port blocked.." blah blah blah.
That's the basics of Sygate Firewall...they have a good help section if you have any questions and you can do advanced rules by going to Tools ----> Advanced Rules and then you can write personal rule sets for this firewall. Example would be to block a specific IP, that you can do in the advanced rules area. A really nice feature that you won't find on the free ZoneAlarm.
So, install your firewall and save yourself from the big mean old nasty people on the net :o)
• First you need to download it here : Sygate Personal Firewall
• It will be a file named spf.exe, just double click this program and it will install and then reboot
• Once you reboot you'll have Sygate on your system as your firewall. They ask that you fill in a registration form, just do it, it's freeware, so I figure a free registration isn't that much to ask. (Note if you don't want mail, etc from them, use a free email account that you should have set up for internet things).
Now here are a few screens you'll have to become familiar with and that you should know what they mean. The way this firewall works is by asking you which programs you want to allow to have access to your computer. So for example:
This is the window that popped up when I opened my Mozilla Web Browser...the firewall basically asked, "Hey, stupid, do you want this program to have access to the internet" I wanted this program to have access so I clicked the "Remember my answer, and do not ask me again for this application" box and I hit Yes. By checking the box the firewall knew that his was an application that I would always want to allow internet access...so it created a rule that allows this program to always access the internet when I launch it.
During the first day of having a firewall, any firewall, you'll have to answer a number of these type questions, that's alright though, because the firewall will remember which applications you approve of and which you don't want to run. If you get a warning like the one above for a program you don't want accessing the net, you just click the box and hit NO and then a rule will be created to prevent that program from accessing the net.
The firewall will rest in your system tray near the clock on your taskbar and it's icon will look like this when you double click this icon in the system tray you'll open up the control panel for the program and that will look something like this:
There is lots of things you can do here but I'll give you a brief rundown of the most important functions:
• If you want to stop all internet traffic, basically meaning to shut off all the incoming and outgoing information, click Block All
• The Applications button basically will give you a list of applications that you've allowed to have access to the internet, in this section you can change the settings for particular applications. So if you accidentally blocked Internet Explorer you can go here to unblock it.
• The Logs button will give you a listing of the recorded attacks or traffic that happened to your computer...this is good if you want to look at a detailed report of what came in and out and what was blocked.
• Test button will take you to the Sygate website where you can have them scan your ports to see if this firewall is working. You can also go to www.grc.com and try the Shields Up Test...Steve Gibson runs this webpage and really does a good job in making people aware of security risks. I've run the leaktest from grc.com on this firewall and it passed...but you might want to try the leak test yourself.
• The cool looking graph thing, umm, is just a cool looking graph thing...just like a heart monitor shows the incoming and outgoing traffic in a blip blip blip type display. I have to prevent myself from screaming, "Oh my god, my computer has flatlined" umm, okay, sorry for the rambling thought.
• Running applications shows you what programs are currently accessing or trying to access the internet...as you can see I have IE and Mozilla running and I have Realplayer blocked, okay so, umm, I did that just as an example, but I hate realplayer so it was fun to block them.
• The "Show Message Console" shows you the messages that Sygate sent you...so for example if someone attacked my computer Sygate would say something like, "Port blocked.." blah blah blah.
That's the basics of Sygate Firewall...they have a good help section if you have any questions and you can do advanced rules by going to Tools ----> Advanced Rules and then you can write personal rule sets for this firewall. Example would be to block a specific IP, that you can do in the advanced rules area. A really nice feature that you won't find on the free ZoneAlarm.
So, install your firewall and save yourself from the big mean old nasty people on the net :o)
Shutting off ur computer
Okay, so here is a beginner tip that seems obvious and even too simple to write about, but I thought that very new computer users might be unfamiliar with the proper shutdown sequence. Who here has shut off their computer by flipping the power switch off? Well, yes, I'm even guilty of that offense from time to time, but you should always use the shutdown command in the start menu, so here is what you do:
• First, save anything that you were working on, yes, just because you shutdown your computer doesn't mean that it will save everything you've been working on. So, make sure you save anything that is important before you shutdown.
• Go to the Start Button in the lower left of your computer and click it.
• Now depending on what version of windows you have this step will look a little differently for each. In Windows ME, 98, and 95, you can click the shutdown button. In Windows XP and 2000 you have to click Turn Off Your Computer
That's it and the reason why this is necessary is because your operating system, basically the program that runs the whole computer, will shut itself down in a sequence so that no information or data is lost. So remember, shutdown your computer properly and don't just pull the plug on it.
• First, save anything that you were working on, yes, just because you shutdown your computer doesn't mean that it will save everything you've been working on. So, make sure you save anything that is important before you shutdown.
• Go to the Start Button in the lower left of your computer and click it.
• Now depending on what version of windows you have this step will look a little differently for each. In Windows ME, 98, and 95, you can click the shutdown button. In Windows XP and 2000 you have to click Turn Off Your Computer
That's it and the reason why this is necessary is because your operating system, basically the program that runs the whole computer, will shut itself down in a sequence so that no information or data is lost. So remember, shutdown your computer properly and don't just pull the plug on it.
Changing ur Clock Time
I'm sure this has happened to everyone once and awhile, where your computer clock isn't set at the right time or date, well, here is what you do to set your computer clock, trust me, it's easier to change than the VCR clock that's always blinking 12:00
• Move your mouse over the clock
• Double Click using the left mouse button
• A little box with time and a small calendar will come up
• Change the time by going over to time box and clicking on the time.
• Click Ok
There you have it, much easier than setting a VCR clock.
• Move your mouse over the clock
• Double Click using the left mouse button
• A little box with time and a small calendar will come up
• Change the time by going over to time box and clicking on the time.
• Click Ok
There you have it, much easier than setting a VCR clock.
Formatting Hard Drive
Sometimes you just have to format. I equate it to a baptism for your computer, you are washing away all the sins from it, making it new, fresh, giving it a new beginning. I know people feel formatting can be a traumatic experience, but if it's any comfort to you, most computer pros format their computers more often then most beginners. The difference is: Computer Geeks can get their computer up and running in an hour after a format (maybe less time than that) and a beginner might get it up and running in 4 to 5 hours (sometimes longer). So let me walk you through the important things you should do before, during, and after a format:
Pre-Format steps (The stuff before you go nuts and format):
• Backup your important data - Just because you have to format doesn't mean you have to lose everything on your computer. Backup outlook, important documents, downloads, just about anything you can burn to a disk that will make your computer like home again. Just think of this step as if you're moving...you pack up all the junk you want before you move into the new place.
• Startup Disk - Make a bootable startup disk, in Windows 98, ME, 2k, and XP they have where you can make a startup disk. So, get yourself a startup disk.
• Go to your device manager and write down the hard drive components you have on your computer. This will make it easier if you can't find the drivers you need, you'll be able to get them off the net or the original CD's that came with your computer or components.
FDisk - Getting the partition ready (SKIP THIS STEP IF YOU WANT TO KEEP YOUR EXISTING PARTITIONS)
If you already have a partition on your hard drive you can skip this step. I personally like to make a new partition and really have a clean start when installing an operating system or if I want to manage the partition size of a large hard drive. So here are the steps:
• Insert the startup disk that you made in the first part of this tutorial. Restart your computer and your computer will boot from the floppy disk drive. In Windows (98 and ME) you'll get a question asking if you want cd support or not, go ahead and scroll down to: "Start Computer Without CD-Rom support"
• At the command prompt type fdisk
• If your hard drive is bigger than 512 mb (ugh, like who's isn't now) It will ask if you want large disk support. Type in Y or yes
You'll then see an option menu that contains the follow choices:
1. Create DOS partition or Logical DOS Drive
2. Set Active Partition
3. Delete Partition or Logical DOS Drive
4. Display Partition information
5. Change current fixed disk drive
Once you get to this you'll have a few options and there are a few things you need to know. If you already have a DOS partition and you want to delete it then you go to 3. Delete Partition or Logical DOS Drive and you'll select to delete this drive.
To create a new partition on your hard drive you select 1. Create DOS Partition or Logical DOS Drive then press enter. Then on the next menu select 1. Create Primary DOS Partition and then press Enter. After you do this you'll get the message "Do you wish to use the maximum available size for primary DOS partition?" That basically is assigning how much space you want on the partition (only for Fat38 or NTFS if you want to install using a FAT 16 you'll have to follow a few different steps not covered in this tutorial...mainly because I haven't formatted anything in FAT16 in such a long time I forgot off the top of my head). If you have a large hard drive you might want to break it up into smaller partitions. For now let's say you just want to use the whole hard drive space for this partition. You'll type Y and then Enter. After doing this you'll hit Esc and then Esc to quit Fdisk.
This will create one large partition hard drive...(if you've wanted to make multiple partitions you would basically not assign all the space to the one partition and then go 1. Create DOS Partition or Logical DOS Drive and then on the second menu you would hit choice 2. Create Extended DOS Partition and then you can create another partition with the remaining space.)
Formatting your Hard Drive
• Insert Start Up Disk
• Get to the command prompt
• Type Format C: (or whatever letter is assigned to the drive you want to format) **Note if you get a message like "Bad command or file name" you'll have to extract the format.com file to do this just type: extract ebd.cab format.com at the command prompt and then type Format C:
• The startup disk will ask you "WARNING, ALL DATA ON NON-REMOVABLE DISK DRIVE C: WILL BE LOST!
Proceed with Format (Y/N)?" Now once you hit Y everything on your hard drive will be deleted. Type Y
• After the format is complete it will ask "Volume label (11 characters, ENTER for none)?" Either put a name in or just hit enter
• There you have it a formatted hard drive!!! Ready for you to install an operating system on...so get going and install one already.
Pre-Format steps (The stuff before you go nuts and format):
• Backup your important data - Just because you have to format doesn't mean you have to lose everything on your computer. Backup outlook, important documents, downloads, just about anything you can burn to a disk that will make your computer like home again. Just think of this step as if you're moving...you pack up all the junk you want before you move into the new place.
• Startup Disk - Make a bootable startup disk, in Windows 98, ME, 2k, and XP they have where you can make a startup disk. So, get yourself a startup disk.
• Go to your device manager and write down the hard drive components you have on your computer. This will make it easier if you can't find the drivers you need, you'll be able to get them off the net or the original CD's that came with your computer or components.
FDisk - Getting the partition ready (SKIP THIS STEP IF YOU WANT TO KEEP YOUR EXISTING PARTITIONS)
If you already have a partition on your hard drive you can skip this step. I personally like to make a new partition and really have a clean start when installing an operating system or if I want to manage the partition size of a large hard drive. So here are the steps:
• Insert the startup disk that you made in the first part of this tutorial. Restart your computer and your computer will boot from the floppy disk drive. In Windows (98 and ME) you'll get a question asking if you want cd support or not, go ahead and scroll down to: "Start Computer Without CD-Rom support"
• At the command prompt type fdisk
• If your hard drive is bigger than 512 mb (ugh, like who's isn't now) It will ask if you want large disk support. Type in Y or yes
You'll then see an option menu that contains the follow choices:
1. Create DOS partition or Logical DOS Drive
2. Set Active Partition
3. Delete Partition or Logical DOS Drive
4. Display Partition information
5. Change current fixed disk drive
Once you get to this you'll have a few options and there are a few things you need to know. If you already have a DOS partition and you want to delete it then you go to 3. Delete Partition or Logical DOS Drive and you'll select to delete this drive.
To create a new partition on your hard drive you select 1. Create DOS Partition or Logical DOS Drive then press enter. Then on the next menu select 1. Create Primary DOS Partition and then press Enter. After you do this you'll get the message "Do you wish to use the maximum available size for primary DOS partition?" That basically is assigning how much space you want on the partition (only for Fat38 or NTFS if you want to install using a FAT 16 you'll have to follow a few different steps not covered in this tutorial...mainly because I haven't formatted anything in FAT16 in such a long time I forgot off the top of my head). If you have a large hard drive you might want to break it up into smaller partitions. For now let's say you just want to use the whole hard drive space for this partition. You'll type Y and then Enter. After doing this you'll hit Esc and then Esc to quit Fdisk.
This will create one large partition hard drive...(if you've wanted to make multiple partitions you would basically not assign all the space to the one partition and then go 1. Create DOS Partition or Logical DOS Drive and then on the second menu you would hit choice 2. Create Extended DOS Partition and then you can create another partition with the remaining space.)
Formatting your Hard Drive
• Insert Start Up Disk
• Get to the command prompt
• Type Format C: (or whatever letter is assigned to the drive you want to format) **Note if you get a message like "Bad command or file name" you'll have to extract the format.com file to do this just type: extract ebd.cab format.com at the command prompt and then type Format C:
• The startup disk will ask you "WARNING, ALL DATA ON NON-REMOVABLE DISK DRIVE C: WILL BE LOST!
Proceed with Format (Y/N)?" Now once you hit Y everything on your hard drive will be deleted. Type Y
• After the format is complete it will ask "Volume label (11 characters, ENTER for none)?" Either put a name in or just hit enter
• There you have it a formatted hard drive!!! Ready for you to install an operating system on...so get going and install one already.
Twick ur Windows settings
These are a list of programs to help you mess around with you registry settings. Before you do anything remember these programs could really mess up your system and I don't want you complaining to me if you do. These programs are 1. For advanced users 2. People that know how to get themselves out of trouble when they do get themselves in trouble. There is my disclaimer before you try any of these programs...so don't complain to me, because your pleas will fall on deaf ears. Gee, I sounded so nasty there...I mean, I'll try to help you if you screwed things up, but don't send me a bill. Now I'm not sure if I should even include this section...ahh what the heck, mayhem can be fun and it makes you grow as a person.
Fresh UI - This has lots of basic hacks that will make your system run a little more like you want it too. It's what I consider it a "safe" program. Has lots of things that you can change, you shouldn't get into trouble using this program. Lots of changes you can make to your system and you really don't have to worry about destroying your computer with it...it's also a freeware download, so no harm in downloading it and giving it a try.
Tweak UI - This is part of the Power Toys Microsoft puts out but doesn't really support. Basically Microsoft is saying, "Here's this program, it's cool, can do lots of stuff, but if you screw up don't come crying to us". There are two versions of this program, one for Win XP and one for Win 98, 95, ME...Download the right one.
These are the two programs I've tried, if you have any that you like just drop me an email and I'll check it out. I'll be writing registry hacks for this site where you go directly into regedit and do the changes yourself...but it's late tonight while I write this and I'll continue and add more as this website gets a little bit older and gets more visitors.
Fresh UI - This has lots of basic hacks that will make your system run a little more like you want it too. It's what I consider it a "safe" program. Has lots of things that you can change, you shouldn't get into trouble using this program. Lots of changes you can make to your system and you really don't have to worry about destroying your computer with it...it's also a freeware download, so no harm in downloading it and giving it a try.
Tweak UI - This is part of the Power Toys Microsoft puts out but doesn't really support. Basically Microsoft is saying, "Here's this program, it's cool, can do lots of stuff, but if you screw up don't come crying to us". There are two versions of this program, one for Win XP and one for Win 98, 95, ME...Download the right one.
These are the two programs I've tried, if you have any that you like just drop me an email and I'll check it out. I'll be writing registry hacks for this site where you go directly into regedit and do the changes yourself...but it's late tonight while I write this and I'll continue and add more as this website gets a little bit older and gets more visitors.
Backing up ur Registory
Why backup your registry? Because you really can mess up your system editing your registry. I generally tell novice people to stay away from registry editing. Generally registry editing is for people with too much time on their hands and this real desperate urge to mess with their computer, mwhahaha, so lets gets started, umm, but first lets make a backup of the registry:
• Close all programs running on your desktop
• Then go to Start
• Go to Run and type regedit and hit okay. This will open this program:
• Go to File --->Export...This will open a box where you can save this backup registry file.
• Give it a file name and save it to a folder, hard drive, zip disk, backup hard drive, anywhere that this registry will be safely stored. Make sure the Export range is selected as ALL
• Click Save
• Then make sure to send me large quantities of money (this is an optional step).
Now that you have it backed up its very easy to restore, just do everything you did but when you want to restore it, just go to File--->Import--->Select the backup file and click okay...this will restore you registry back to the default.
• Close all programs running on your desktop
• Then go to Start
• Go to Run and type regedit and hit okay. This will open this program:
• Go to File --->Export...This will open a box where you can save this backup registry file.
• Give it a file name and save it to a folder, hard drive, zip disk, backup hard drive, anywhere that this registry will be safely stored. Make sure the Export range is selected as ALL
• Click Save
• Then make sure to send me large quantities of money (this is an optional step).
Now that you have it backed up its very easy to restore, just do everything you did but when you want to restore it, just go to File--->Import--->Select the backup file and click okay...this will restore you registry back to the default.
Disabling Built in Fireball
One of the lamest attempts at a firewall I've seen in a long time. This little thing that Microsoft threw in almost as an afterthought serves little purpose but happens to be buried so deep that most people wouldn't even know where to find the stupid thing. Is it better than nothing, yes, but not much better...so shut this off and get a real firewall, check the Freeware Downloads of this website to get a real firewall. Now on to shutting this stupid thing off:
Go to the Control Panel and then to Network Connections...select your network connection and you'll get something like this:
Okay you get this Window above and then you click Properties...just as a sidenote, yes my computer has been on 6 days straight connected to the internet and my connection is oh so nice. Now back to disabling the firewall. Click on Properties and you'll get here:
Now click on the advanced tab at the top and then uncheck the "Protect my computer and network by limiting or preventing access to this computer from the internet". Once you do this Win XP's lame firewall will be off! Good, now get a real firewall in the freeware section. One other thing, don't think of running this firewall and another software firewall. Two software firewalls almost always cause conflicts with each other and never really serve much of a purpose...they end up canceling each other out in the end. You can have a hardware firewall and a software firewall, but I'll write about this in the future and which combo is best to use.
Go to the Control Panel and then to Network Connections...select your network connection and you'll get something like this:
Okay you get this Window above and then you click Properties...just as a sidenote, yes my computer has been on 6 days straight connected to the internet and my connection is oh so nice. Now back to disabling the firewall. Click on Properties and you'll get here:
Now click on the advanced tab at the top and then uncheck the "Protect my computer and network by limiting or preventing access to this computer from the internet". Once you do this Win XP's lame firewall will be off! Good, now get a real firewall in the freeware section. One other thing, don't think of running this firewall and another software firewall. Two software firewalls almost always cause conflicts with each other and never really serve much of a purpose...they end up canceling each other out in the end. You can have a hardware firewall and a software firewall, but I'll write about this in the future and which combo is best to use.
System Restore
Windows XP when it was first released had such a positive buzzzzzz around it that you thought it would be able to leap small buildings in a single bound, that it would be able to run faster than a locomotive, that it would have a girlfriend named Lois!!!! Once you installed XP it basically looks like a fancy version of Windows 98...alright so you don't know what's so good about it and I remember the first day I installed XP I stopped and thought, "This is what everyone was screaming about?" It took me a week before I started to see what was so great about Windows XP and I think that the best feature in Windows XP would be the System Restore function.
Most Windows XP users probably haven't had the opportunity to try System Restore, or for that matter, they probably didn't even realize Windows XP came with such a function. So, what is System Restore? Basically it's a time machine for you computer. Let me explain, say your computer was working just fine a few days ago, but alas today it doesn't work at all...could it have been that download you installed? EGAD, what can you do to fix this...well you use System Restore. Basically System Restore takes a daily snapshot of your computer and stores it there. If your computer should suddenly not work one day all you have to do is go to System Restore and pick a day or a restore point for your computer (basically a day where your computer was working) and then the computer will reboot and be like new again or at least like a day ago when it was working. So, here's what you do:
Step 1:
Go to Start--->All Programs---->Accessories--->System Tools--->System Restore
Once you do this it will open up program that looks like this:
There will be two options on this first page:
1. Restore my computer to an earlier time
2. Create a restore point
If you want to restore you computer make sure you have that filled in and click next. The second option is good if you want to manually create a restore point before doing something dramatic to your system. So, there are two important options here, but, lets continue with restoring you computer back to a previous day. Click Next...after doing so you'll get a window that looks like this:
Oh cool, a calendar, yes that has a listing of all the restore points, basically you can restore your computer to weeks earlier, but I don't recommend that, especially if you've installed a lot of software in that time. Basically pick a day or two before, this will get you back to a working computer without having the hassle of installing lots of software again. Then you click Next...it will ask you if you want to restore and then it will reboot your computer...once your computer reboots it will be rebooting to what your computer looked like a few days ago. There you have it!!! Now isn't that cool? I mean if there is any feature that I tell people about XP it's the System Restore function. I've used it once already after I installed some flaky software a friend recommended, ughhh, but System Restore had me smiling in just one reboot. It's a good thing...gee I suddenly feel like Martha Stewart, hmm, you think I should try some illegal stock dealings now? hehe, umm, never mind.
Most Windows XP users probably haven't had the opportunity to try System Restore, or for that matter, they probably didn't even realize Windows XP came with such a function. So, what is System Restore? Basically it's a time machine for you computer. Let me explain, say your computer was working just fine a few days ago, but alas today it doesn't work at all...could it have been that download you installed? EGAD, what can you do to fix this...well you use System Restore. Basically System Restore takes a daily snapshot of your computer and stores it there. If your computer should suddenly not work one day all you have to do is go to System Restore and pick a day or a restore point for your computer (basically a day where your computer was working) and then the computer will reboot and be like new again or at least like a day ago when it was working. So, here's what you do:
Step 1:
Go to Start--->All Programs---->Accessories--->System Tools--->System Restore
Once you do this it will open up program that looks like this:
There will be two options on this first page:
1. Restore my computer to an earlier time
2. Create a restore point
If you want to restore you computer make sure you have that filled in and click next. The second option is good if you want to manually create a restore point before doing something dramatic to your system. So, there are two important options here, but, lets continue with restoring you computer back to a previous day. Click Next...after doing so you'll get a window that looks like this:
Oh cool, a calendar, yes that has a listing of all the restore points, basically you can restore your computer to weeks earlier, but I don't recommend that, especially if you've installed a lot of software in that time. Basically pick a day or two before, this will get you back to a working computer without having the hassle of installing lots of software again. Then you click Next...it will ask you if you want to restore and then it will reboot your computer...once your computer reboots it will be rebooting to what your computer looked like a few days ago. There you have it!!! Now isn't that cool? I mean if there is any feature that I tell people about XP it's the System Restore function. I've used it once already after I installed some flaky software a friend recommended, ughhh, but System Restore had me smiling in just one reboot. It's a good thing...gee I suddenly feel like Martha Stewart, hmm, you think I should try some illegal stock dealings now? hehe, umm, never mind.
Scan Disk
This is something that Windows 98 users will use from time to time to help fix errors on their disk, thankfully Windows XP has improved enough where the scandisk will only happen during serious failures and only happen during startup...mainly this is because of the NTFS file format, but, you don't need to know that at the moment. If you're in Windows 98 this is how you do a scandisk:
Go to Start--->Accessories---->System Tools--->Scandisk...once you do this you'll open up a program that will give your computer a quick scan in order to find a file format problem, lost clusters, corrupt clusters, etc. You can run a standard which will check the files and a thorough that will scan the hard disk for physical errors.
If you're a Windows 98 user and you run into hard drive troubles or any computer troubles remember to give scandisk a try, it might solve the problem. I underline might because I used Win 98 for years and scandisk only solved the problem once, so...keep in mind that it is not the be all and end all to computer repair.
Go to Start--->Accessories---->System Tools--->Scandisk...once you do this you'll open up a program that will give your computer a quick scan in order to find a file format problem, lost clusters, corrupt clusters, etc. You can run a standard which will check the files and a thorough that will scan the hard disk for physical errors.
If you're a Windows 98 user and you run into hard drive troubles or any computer troubles remember to give scandisk a try, it might solve the problem. I underline might because I used Win 98 for years and scandisk only solved the problem once, so...keep in mind that it is not the be all and end all to computer repair.
Defragging ur hard drive
A fight broke out between two computer geeks and this line was said in anger, "Go Defrag yourself!" Whoooah, can you believe that geeks could be so brutal with each other...well, Defragging isn't a bad thing, it's a good thing, really it is. When you install and delete programs on your computer it stores it in different areas, the more you install or delete the more fragmented your hard drive is...this basically means that instead of all the information and computer programs being in one neat place, there are bits of data all over the place (over simplified, but for the sake of everyone understanding that's what happens). When your drive is fragmented it will make it slower, make it run a little sluggish, and could even cause some computer problems. So, we're going to learn how to defrag a hard drive (basically neaten up where everything is stored).
Quick way to get to defrag program:
First you want to click on the Start button (located in the lower left of your screen)...now depending on what operating system you're using this next step might be a tiny bit different for you, but its pretty much the same...go to All Programs if you're in XP then select Accessories and then system tools....in the system tools you'll find the defrag program which will look like this:
Now, you can click the Analyze button and that will tell you if your hard drive needs to be defragged...if it doesn't you don't have to, if it does you click on the Defragment button. Then the program will begin defragging your hard drive.
These steps are almost exact for Windows 98, just click on Start, Accessories, System tools and you'll find your defrag program there. The defrag will look similar to the XP one, only not as good looking :o) Just proceed and defrag hard drive. It's just that simple.
You can also access the defrag program by going to my computer and right clicking on the hard drive and then clicking properties and then going to the tool menu.
Defragging might take awhile depending on how fast your system is and how big your hard drive is...also note that in windows 98 you might have to exit out of your Virus Scanning program if you can't defrag. Sometimes the virus scanner will cause troubles with win 98's defrag program...I haven't had this problem on Windows XP or 2k...so I believe it is a Win 98 and 95 problem.
So, as we began this article, when someone says, "Go defrag yourself" do it, you'll feel better for it and your computer will thank you!
Quick way to get to defrag program:
First you want to click on the Start button (located in the lower left of your screen)...now depending on what operating system you're using this next step might be a tiny bit different for you, but its pretty much the same...go to All Programs if you're in XP then select Accessories and then system tools....in the system tools you'll find the defrag program which will look like this:
Now, you can click the Analyze button and that will tell you if your hard drive needs to be defragged...if it doesn't you don't have to, if it does you click on the Defragment button. Then the program will begin defragging your hard drive.
These steps are almost exact for Windows 98, just click on Start, Accessories, System tools and you'll find your defrag program there. The defrag will look similar to the XP one, only not as good looking :o) Just proceed and defrag hard drive. It's just that simple.
You can also access the defrag program by going to my computer and right clicking on the hard drive and then clicking properties and then going to the tool menu.
Defragging might take awhile depending on how fast your system is and how big your hard drive is...also note that in windows 98 you might have to exit out of your Virus Scanning program if you can't defrag. Sometimes the virus scanner will cause troubles with win 98's defrag program...I haven't had this problem on Windows XP or 2k...so I believe it is a Win 98 and 95 problem.
So, as we began this article, when someone says, "Go defrag yourself" do it, you'll feel better for it and your computer will thank you!
Desktop short cuts and folders
Most people know how to do this and it is a rather simple process, but this article is for the beginner and I thought it would be helpful to those not in the know. So, if you've been using the computer for a bit, you probably know how to do this, so skip over this article and go to one of the more difficult ones. This will work on Windows XP, 98, ME, 95, and I think 3.1 (but I don't have that handy to make sure)
First off, what is a desktop shortcut? When you boot your computer and Windows opens up, you have the desktop...the first screen you see. In this area you can create shortcuts to your favorite or most used programs, websites, pictures, etc. These shortcuts are easy to create and you should make a few to the programs you use the most. So, here it is:
Step 1:
In the desktop area of your computer right click with the mouse. That will open up a box that looks like this:
Picture 1
This box has a few useful things in it, but since we're only dealing with creating a shortcut all you have to do is scroll down to New > and this will open a second box that looks like
Picture 2
Now you want to go to the shortcut section, click on it and it will open yet another box that looks something like this:
Picture 3
Now in this section you hit the browse button and you search your hard drive for the software, picture, file, that you would want to create a shortcut with, then once you find the program, etc. that you want as a shortcut you hit Next, then name the shortcut, and then hit Finish. Now you'll see a desktop shortcut that leads directly to the file or program you specified. It's just that simple!!!
**There is another thing you can do, in picture two you see where it says, Folder....well that allows you to create a folder on your desktop, now why is this good? Well, I happen to have lots of shortcuts, just because of all the programs I used during the day. Now these folders could be a wonderful way to organize your desktop. I happen to have 5 folders on my desktop that I use to organize my programs. Just create a folder and then drag the shortcuts over the folder and drop them in the folder. Now your shortcut is still on the desktop and you have it organized into a folder with similar programs. This is just a useful tip if you happen to be like me and happen to have lots of shortcuts.
There are other ways to create shortcuts, but I find this way to be the easiest for people to understand. So make some shortcuts now!!
First off, what is a desktop shortcut? When you boot your computer and Windows opens up, you have the desktop...the first screen you see. In this area you can create shortcuts to your favorite or most used programs, websites, pictures, etc. These shortcuts are easy to create and you should make a few to the programs you use the most. So, here it is:
Step 1:
In the desktop area of your computer right click with the mouse. That will open up a box that looks like this:
Picture 1
This box has a few useful things in it, but since we're only dealing with creating a shortcut all you have to do is scroll down to New > and this will open a second box that looks like
Picture 2
Now you want to go to the shortcut section, click on it and it will open yet another box that looks something like this:
Picture 3
Now in this section you hit the browse button and you search your hard drive for the software, picture, file, that you would want to create a shortcut with, then once you find the program, etc. that you want as a shortcut you hit Next, then name the shortcut, and then hit Finish. Now you'll see a desktop shortcut that leads directly to the file or program you specified. It's just that simple!!!
**There is another thing you can do, in picture two you see where it says, Folder....well that allows you to create a folder on your desktop, now why is this good? Well, I happen to have lots of shortcuts, just because of all the programs I used during the day. Now these folders could be a wonderful way to organize your desktop. I happen to have 5 folders on my desktop that I use to organize my programs. Just create a folder and then drag the shortcuts over the folder and drop them in the folder. Now your shortcut is still on the desktop and you have it organized into a folder with similar programs. This is just a useful tip if you happen to be like me and happen to have lots of shortcuts.
There are other ways to create shortcuts, but I find this way to be the easiest for people to understand. So make some shortcuts now!!
Making Win XP look like classic window
So you have Windows XP and think it's great, but you long for the old days, yes, you want your Win XP to look like Windows 98. There are some benefits to this, well, it makes you feel comfortable when you start using Win XP, it doesn't seem as foreign to you and you're able to find things a little easier. Okay, so this is for people who really don't like change and I have to admit, for the first week of Win XP I wanted my old Win 98 layout. Well, here is how you go about doing it.
Step 1
Well the first is to change the desktop theme for you computer. Thankfully Microsoft figured that some people like the old way of doing things and included a Windows Classic Theme. So here is what you do, go to Start--->Control Panel---->And then to display. You'll see this box:
All you have to do here is go to themes...the theme that is currently selected would be Windows XP. Just scroll down in the box and select Windows Classic and then hit okay. The computer will reset and look like Classic Windows.
Step Two:
Okay, it wouldn't be classic windows without your old start bar back to the way it was...none of this new fangled start menu...you want the old menu back. Okay this can be done, but more steps than you would think...here is what you do...click the start button and in the blue box area RIGHT CLICK and you'll see a properties box like this:
Once you click on the properties box another window will open that looks like this:
Now we hit the simple part, click the Start Menu tab at the top of this box then scroll down and fill in the "Classic Start Menu" and then click okay. There you have it, take a look at your start menu, just like old times when you were happy with your Windows 98 system, but now you have the look of Win 98 but the improved features of Windows XP...so you get the both of best worlds. If you have a technophobic person in your house this is a great way to make them feel comfortable with the new Windows XP operating system. Have fun :o)
Step 1
Well the first is to change the desktop theme for you computer. Thankfully Microsoft figured that some people like the old way of doing things and included a Windows Classic Theme. So here is what you do, go to Start--->Control Panel---->And then to display. You'll see this box:
All you have to do here is go to themes...the theme that is currently selected would be Windows XP. Just scroll down in the box and select Windows Classic and then hit okay. The computer will reset and look like Classic Windows.
Step Two:
Okay, it wouldn't be classic windows without your old start bar back to the way it was...none of this new fangled start menu...you want the old menu back. Okay this can be done, but more steps than you would think...here is what you do...click the start button and in the blue box area RIGHT CLICK and you'll see a properties box like this:
Once you click on the properties box another window will open that looks like this:
Now we hit the simple part, click the Start Menu tab at the top of this box then scroll down and fill in the "Classic Start Menu" and then click okay. There you have it, take a look at your start menu, just like old times when you were happy with your Windows 98 system, but now you have the look of Win 98 but the improved features of Windows XP...so you get the both of best worlds. If you have a technophobic person in your house this is a great way to make them feel comfortable with the new Windows XP operating system. Have fun :o)
Changing skin resoluation
This is a quick and easy tip, but since someone emailed me this question I thought that it might be useful to more than just one person. Changing screen resolution is as simple as pie, basically screen resolution just deals with how much is shown on your monitor and how much space you have. So, lets say you go for a resolution of 1024 x 786 Pixels. Well things will look a bit smaller, but you'll have more work area, if you have a screen resolution of 800 x 600 the icons will appear bigger and you'll have less space on your desktop. Screen resolution can be limited based on your video devices, some monitor / adapters can't go higher than 800 x 600, but I haven't seen one in a while :o) Here is the steps:
Step 1
Right click on your desktop and you'll get this box:
Click on the properties box and a second Window will open:
Click on the tab that says Settings at the top. Move to the slider that says Screen resolution...moving the slider to the right will make the screen resolution greater, moving it to the left will make it less. Note you can also change the color quality in this box. Click okay, the screen resolution will change and Windows will ask if you want to keep this resolution and you hit OK. There you have it, your screen resolution is changed!
Step 1
Right click on your desktop and you'll get this box:
Click on the properties box and a second Window will open:
Click on the tab that says Settings at the top. Move to the slider that says Screen resolution...moving the slider to the right will make the screen resolution greater, moving it to the left will make it less. Note you can also change the color quality in this box. Click okay, the screen resolution will change and Windows will ask if you want to keep this resolution and you hit OK. There you have it, your screen resolution is changed!
Getting rid of KLEZ
Klez is a real pain in the butt, because it tries to circumnavigate the antivirus programs that you have on your computer. The best way to remove Klez is by using Symantec's Klez fix, yes the maker of Norton Antivirus, put out a freeware program that removes Klez from your system. Yes, they're giving it free because Klez is such an annoying pain in the butt. You can download the Klez fix at: Klez removal tool. I suggest this as the universal fix at the moment, because it's the easiest for me to explain :) Well, I mean that this will work on all Windows systems and each of the Antivirus programs give different instructions for the removal of Klez.
Fortunately, I've never been infected with Klez, because I have a virus scanner that scans attachments and I also don't open attachments. Symantec gives a nice little instruction page with this Klez removal tool. You'll have to start your computer in safe mode and do this from a command prompt, but you would have to do this with all the current antivirus programs, because the nature of Klez is to get around antivirus programs you have to apply the fix at the command prompt.
You can do all this manually and edit the registry removing the file and other such things, but it's just easier to do it this way and I trust Symantec to produce a good product that's easy to understand. Please download this and check your comp, Klez will only go away once people start fixing this problem.
Fortunately, I've never been infected with Klez, because I have a virus scanner that scans attachments and I also don't open attachments. Symantec gives a nice little instruction page with this Klez removal tool. You'll have to start your computer in safe mode and do this from a command prompt, but you would have to do this with all the current antivirus programs, because the nature of Klez is to get around antivirus programs you have to apply the fix at the command prompt.
You can do all this manually and edit the registry removing the file and other such things, but it's just easier to do it this way and I trust Symantec to produce a good product that's easy to understand. Please download this and check your comp, Klez will only go away once people start fixing this problem.
Shut of auto start programs
So you want to speed up your booting process, well here's a tip for you to shut off those programs that start in your system tray when you first turn on your computer. There are a few reasons why you would want to do this:
• Speed up your boot time
• The system tray programs won't be running in the background taking up your processor speed
• Don't you just hate it when a program does that without your permission, grrrr, I mean, really!
Here's the quickest and easiest way to shut off those annoying programs. Here are the steps:
• Click Start
• Go to Run
• Type in the box msconfig. It will open this Window.
• Click on the Startup tab at the top, this will show a listing of programs that auto start when your computer is first booted. If you uncheck the box the program will no longer auto start and sit in your system tray when you boot. You'll need to reboot before this takes effect.
There are some programs that you definitely want to launch when you launch your computer, like your Antivirus software, you're firewall, and things like that. Programs like MSN, Realplayer, and things like that, I would uncheck, unless you really like those programs.
Another way to do this would be to go to the program that is in your system tray and you can find the settings to remove them from the auto start, most programs have this listed in the properties section, just another way you can do this. Right click and go to properties, sometimes these setting are buried in the program, so the way above is just a quicker way of doing it.
• Speed up your boot time
• The system tray programs won't be running in the background taking up your processor speed
• Don't you just hate it when a program does that without your permission, grrrr, I mean, really!
Here's the quickest and easiest way to shut off those annoying programs. Here are the steps:
• Click Start
• Go to Run
• Type in the box msconfig. It will open this Window.
• Click on the Startup tab at the top, this will show a listing of programs that auto start when your computer is first booted. If you uncheck the box the program will no longer auto start and sit in your system tray when you boot. You'll need to reboot before this takes effect.
There are some programs that you definitely want to launch when you launch your computer, like your Antivirus software, you're firewall, and things like that. Programs like MSN, Realplayer, and things like that, I would uncheck, unless you really like those programs.
Another way to do this would be to go to the program that is in your system tray and you can find the settings to remove them from the auto start, most programs have this listed in the properties section, just another way you can do this. Right click and go to properties, sometimes these setting are buried in the program, so the way above is just a quicker way of doing it.
Alphabetising ur Start menu
If you're like me you've probably installed lots of programs, so many in fact that if you go to try and find a program its actually becoming really hard because they're not alphabetized, new programs are stuck on the end, so forth and so on, well, this is a really quick, reallllly easy tip to organize your start menu in Windows XP (I think this also works in Win 98, but I'm upgrading my comp that has Win 98 and can't verify it). Here are the steps:
1. First click on the start button
2. Move your mouse to "All Programs"
3. Move your mouse to any of the folders there
4. Right Click
5. A box will open up, scroll to "Sort By Names" and click
Like magic all the folders and programs will be alphabetized. This is one of those simple but useful things that will help you organize your computer, unless you really like searching around for programs (bet you also used to enjoy Where's Waldo when you were growing up). That's it for this tip, give it a try :o)
1. First click on the start button
2. Move your mouse to "All Programs"
3. Move your mouse to any of the folders there
4. Right Click
5. A box will open up, scroll to "Sort By Names" and click
Like magic all the folders and programs will be alphabetized. This is one of those simple but useful things that will help you organize your computer, unless you really like searching around for programs (bet you also used to enjoy Where's Waldo when you were growing up). That's it for this tip, give it a try :o)
Select multiple files using cntlr key
Let's say you open a file on your computer and you want to copy 10 files to another area, but there are 100 files in that one folder. What do you do? You can't use select all, because you don't want to move all 100 files. This is what you do, using the friendly little ctrl key you can select multiple files or deselect files. This is a very simple process. Here's what you do:
• Click on the first file you want to move
• Go to the second file you want to select before clicking this file, hold down the ctrl key and then click. You'll notice that both files are now selected
• Repeat this process for as many files as you want to select at once
It's just that simple :o) If you accidentally select a file that you don't want included, just go back to it and hit it again while holding the ctrl button down. This way you deselect that one file. This little tip comes in handy when you're trying to organize you computer. It also works in programs like Photoshop, say you want to open a bunch of pictures at once, just do the above and hit okay. Photoshop will open all the photos you selected. This tip also works on web pages with forms that allow you to pick multiple options. So that's how the Ctrl key can help you move around files.
• Click on the first file you want to move
• Go to the second file you want to select before clicking this file, hold down the ctrl key and then click. You'll notice that both files are now selected
• Repeat this process for as many files as you want to select at once
It's just that simple :o) If you accidentally select a file that you don't want included, just go back to it and hit it again while holding the ctrl button down. This way you deselect that one file. This little tip comes in handy when you're trying to organize you computer. It also works in programs like Photoshop, say you want to open a bunch of pictures at once, just do the above and hit okay. Photoshop will open all the photos you selected. This tip also works on web pages with forms that allow you to pick multiple options. So that's how the Ctrl key can help you move around files.
Off the autoplay feature in XP
The Autoplay CD feature in Win XP launches every time you put a cd in and each time it will ask you, which application or which way you would want to view this cd you installed. Now, this is a great function if you just use your CD occasionally, but when I was installing all my programs on my Win XP box, the Autoplay thing got on my nerves in a big way. Here's the best way to handle the Autoplay situation...it also allows you to customize how Autoplay will function.
• Go to "My Computer"
• Go to your CD Rom Drive
• Right Click and go to properties
• The window above will open, click the autoplay tab
• Once there they give you a number of options. In the box just below "Select a content type..." you can select the various file types that autoplay will run for. This is good if you want to customize your autoplay. If for example whenever a music cd is put in you want it to play automatically you just fill in the box that says: Select an action to perform---> Select play--->Hit Apply. Now whenever you put in a music cd it will autoplay in Windows Media player. If you don't want XP to take any action, just select "Take No Action" hit apply, and do that for all the media types that's available in that box.
This is the way you could customize your autoplay features. The only thing that I use autoplay for is blank cds, whenever I put on it it opens Nero for me, but all the other autoplay features are off on my comp. If you want to restore it, just follow the same steps and hit restore defaults. There you have it, how to turn on / off and customize your Autoplay in Windows XP.
• Go to "My Computer"
• Go to your CD Rom Drive
• Right Click and go to properties
• The window above will open, click the autoplay tab
• Once there they give you a number of options. In the box just below "Select a content type..." you can select the various file types that autoplay will run for. This is good if you want to customize your autoplay. If for example whenever a music cd is put in you want it to play automatically you just fill in the box that says: Select an action to perform---> Select play--->Hit Apply. Now whenever you put in a music cd it will autoplay in Windows Media player. If you don't want XP to take any action, just select "Take No Action" hit apply, and do that for all the media types that's available in that box.
This is the way you could customize your autoplay features. The only thing that I use autoplay for is blank cds, whenever I put on it it opens Nero for me, but all the other autoplay features are off on my comp. If you want to restore it, just follow the same steps and hit restore defaults. There you have it, how to turn on / off and customize your Autoplay in Windows XP.
Changing ur mouse pointer
This is sort of a stupid, frivolous, useless little tip, but hey, who said I was always going to give you Earth Shattering tips? Well here is one that will hardly rock the world, heck, it will hardly rock a rock...but here we go. Have you ever wanted a different mouse pointer? Perhaps a finger instead of a pointer? Well here is how you do it:
1. Go to the control panel
2. Go to Printers and Other Hardware
3. Go to Mouse
4. Go to the tab that says "Pointers"
5. Hit the pull down menu under "Schemes"
6. You'll find a large collection of different pointers for you to use or you can browse and pick other graphics to use as pointers
7. Click Okay
There you have the completely silly hardly important tip of how to change your mouse pointer! Enjoy...and personal preference for me is 3d-White.
1. Go to the control panel
2. Go to Printers and Other Hardware
3. Go to Mouse
4. Go to the tab that says "Pointers"
5. Hit the pull down menu under "Schemes"
6. You'll find a large collection of different pointers for you to use or you can browse and pick other graphics to use as pointers
7. Click Okay
There you have the completely silly hardly important tip of how to change your mouse pointer! Enjoy...and personal preference for me is 3d-White.
Turning off the hibernation
For most people this function might be good, but personally, I leave my computer on all the time, it's always downloading, or working at something, and it isn't practical for my computer to take a little sleep. So, here is how you shut off this little hibernation feature:
1. Go to your Control Panel
2. Go to Performance and Maintenance
3. Click on the Power Supply Option
4. Click on the tab that says, "Hibernate"
5. Unclick the box that says "Enable Hibernation"
6. Click Okay
That's all there is to it and now your computer won't go into hibernation mode when you're away from it. No sleeping computer for you!
1. Go to your Control Panel
2. Go to Performance and Maintenance
3. Click on the Power Supply Option
4. Click on the tab that says, "Hibernate"
5. Unclick the box that says "Enable Hibernation"
6. Click Okay
That's all there is to it and now your computer won't go into hibernation mode when you're away from it. No sleeping computer for you!
On Screen KeyBoard in XP
This might seem like a silly tip or even a silly function, but I've already found a use for it once and I'm sure that you'll be able to use it at some point. Windows XP comes with a built in on screen keyboard. Basically a graphic of a keyboard comes up and acts like your keyboard, you can use your mouse to hunt and peck around. What uses does this have and what did I use it for? Well, it's good for people with disabilities, where it would be easier to use a mouse than trying to type or it's great to use when your keyboard goes loco on you. Yes, we've all had our keyboard go nuts. Here is how you launch it:
• Go to start
• Go to run and type OSK
• Then the keyboard comes on
It's just that simple. It's best to make a desktop icon for it or a shortcut, because if your keyboard should go out on you, it would be handy to have it. All you do to create the shortcut is to:
• Right click on the desktop
• Click the new shortcut button
• Type osk, click next twice, and there you have it.
• Go to start
• Go to run and type OSK
• Then the keyboard comes on
It's just that simple. It's best to make a desktop icon for it or a shortcut, because if your keyboard should go out on you, it would be handy to have it. All you do to create the shortcut is to:
• Right click on the desktop
• Click the new shortcut button
• Type osk, click next twice, and there you have it.
Closing error reporting
Error reporting, what is it and why does Microsoft want you to have it on? Basically whenever your computer crashes Win XP makes a little report of what went wrong and then sends it to Microsoft so they can improve the Windows Operating System. Generally it sounds like a nice idea, but do you really want to be sending reports about your computer to Microsoft? I personally don't and they allow you to shut off this feature. Here's how you do it:
1. Open your control panel
2. Click on Performance and Maintenance
3. Then click on System
4. Go to the Advance Tab
5. Click on the Error Reporting button at the bottom
6. Select Disable Error Reporting
7. Click the "But notify me when a critical error occurs"
8. Click Ok Twice.
You can leave out step 7, but I like my operating system to tell me when its had a major error, mainly because I can look up the cause of the error and hopefully find a solution to it on the net or at Microsoft. There you have it, error reporting to Microsoft is off and you don't have to worry about sending a report to Bill Gates.
1. Open your control panel
2. Click on Performance and Maintenance
3. Then click on System
4. Go to the Advance Tab
5. Click on the Error Reporting button at the bottom
6. Select Disable Error Reporting
7. Click the "But notify me when a critical error occurs"
8. Click Ok Twice.
You can leave out step 7, but I like my operating system to tell me when its had a major error, mainly because I can look up the cause of the error and hopefully find a solution to it on the net or at Microsoft. There you have it, error reporting to Microsoft is off and you don't have to worry about sending a report to Bill Gates.
Moving the task bar
I bet you didn't know that you could move your taskbar if you wanted. Mostly I leave mine at the bottom, like the rest of the population, but occasionally I feel like going wild and have the taskbar at the top of my computer. The Taskbar is that thin bar at the bottom where you can see all your open programs, the start menu, the clock, etc. Now, in WinXP they made it very nice to move it. This is how:
• Right Click on the Taskbar
• Click, Lock the Taskbar, until there is no check there
• Left Click on the task bar and move it to where you want it...it will always rest up against an edge, so top, left or right.
• Then click, Lock the Taskbar, again and it won't move from that spot.
These are the same instructions for Windows 98, ME, 2k, only you don't have to unlock the taskbar, you just left click on it and move...this was easier, but also you sometimes accidentally moved the task bar when you didn't want it to move, ugh. Well, there you have it, now put your taskbar to the top and see if you like it.
• Right Click on the Taskbar
• Click, Lock the Taskbar, until there is no check there
• Left Click on the task bar and move it to where you want it...it will always rest up against an edge, so top, left or right.
• Then click, Lock the Taskbar, again and it won't move from that spot.
These are the same instructions for Windows 98, ME, 2k, only you don't have to unlock the taskbar, you just left click on it and move...this was easier, but also you sometimes accidentally moved the task bar when you didn't want it to move, ugh. Well, there you have it, now put your taskbar to the top and see if you like it.
Why Security?
What is “computer security”? Broadly speaking, security is keeping anyone from doing things
you do not want them to do to, with, on, or from your computers or any peripheral devices. This
definition is, of course, much too broad. Nevertheless, it does lead us to some very important
questions that must be answered by anyone who wishes to deploy an effective security mechanism.
The first such question is “What resources are we trying to protect?” The answers are not
always obvious. Is it the CPU cycles? At one time, that made a great deal of sense; computer
time was very expensive. That is no longer true in most situations, supercomputers being a
notable exception. More seriously, a CPU—or rather, a CPU running certain software with certain
configuration files—has a name, an identity, that lets it access other, more critical resources. These
are often more sensitive than CPU time. A hacker who compromises or impersonates a host will
usually have access to all of its resources: files, storage devices, phone lines, etc. From a practical
perspective, some hackers are most interested in abusing the identity of the host, not so much to
reach its dedicated resources, but to launder further outgoing connections to other, possibly more
interesting, targets. Others might actually be interested in the data on your machine, whether it is
sensitive company material or government secrets.
The answer to this first question will, in general, dictate the host-specific measures that are
needed. Machines with sensitive files may require extra levels of passwords or even (in rare
cases) file encryption. Similarly, if the target of interest is the outgoing connectivity available,
the administrator may choose to require certain privileges for access to the network. Possibly, all
such access should be done through a daemon that will perform extra logging.
Often, of course, one wants to protect all such resources, in which case the obvious answer is
to stop the attackers at the front door, i.e., not let them into the computer system in the first place.
Such an approach is always a useful start, although it tacitly assumes that one’s security problems
originate from the outside.
This leads us to our second major question: “Against whom must the computer systems be
defended?” Techniques that suffice against a teenager with a modem are quite useless against
3
4 Introduction
a major intelligence agency. For the former, enhanced password security might do the trick,
whereas the latter can and will resort to wiretapping and cryptanalysis, monitoring spurious
electronic emissions from your computers and wires, and even “black-bag jobs” aimed at your
machine room. Computer security is not a goal, it is a means toward a goal: information security.
When necessary and appropriate, other means should be used as well. The strength of one’s
computer security defenses should be proportional to the threat from that arena; other defenses,
though beyond the scope of this book, are generally needed as well.
Figure 1.1 shows two measures of the growth of the Internet. The top shows a count of hosts
detected by automated sweeps of the Internet. The counts for recent years are certainly on the
low side of the actual number: there is no reliable technology available to count all the computers
connected to a large internet. The lower plot shows the number of networks registered on NSFnet
over the past few years. Please note: the vertical scale on both charts is logarithmic. These
growths are exponential. If there are two million hosts registered, how many people have access
to those computers? How many would like to try their hand at hacking, perhaps even as a career?
The third question one must answer before deploying a security mechanism represents the
opposite side of the coin: how much security can you afford? Part of the cost of security is direct
financial expenditures, such as the extra routers and computers to build a firewall gateway. Often
the administrative costs of setting up and running the gateway are overlooked. But there is a more
subtle cost, a cost in convenience and productivity, and even morale. Too much security can hurt
as surely as too little can. Finding the proper balance is tricky, but utterly necessary—and it can
only be done if you have properly assessed the risk to your organization from either extreme.
One more point is worth mentioning. Even if you do not believe you have valuable assets, it is
still worth keeping hackers out of your machines. You may have a relaxed attitude, but that may
not be evident to the attackers. There are far too many cases on record of systems being trashed
by hackers who thought they had been detected.
you do not want them to do to, with, on, or from your computers or any peripheral devices. This
definition is, of course, much too broad. Nevertheless, it does lead us to some very important
questions that must be answered by anyone who wishes to deploy an effective security mechanism.
The first such question is “What resources are we trying to protect?” The answers are not
always obvious. Is it the CPU cycles? At one time, that made a great deal of sense; computer
time was very expensive. That is no longer true in most situations, supercomputers being a
notable exception. More seriously, a CPU—or rather, a CPU running certain software with certain
configuration files—has a name, an identity, that lets it access other, more critical resources. These
are often more sensitive than CPU time. A hacker who compromises or impersonates a host will
usually have access to all of its resources: files, storage devices, phone lines, etc. From a practical
perspective, some hackers are most interested in abusing the identity of the host, not so much to
reach its dedicated resources, but to launder further outgoing connections to other, possibly more
interesting, targets. Others might actually be interested in the data on your machine, whether it is
sensitive company material or government secrets.
The answer to this first question will, in general, dictate the host-specific measures that are
needed. Machines with sensitive files may require extra levels of passwords or even (in rare
cases) file encryption. Similarly, if the target of interest is the outgoing connectivity available,
the administrator may choose to require certain privileges for access to the network. Possibly, all
such access should be done through a daemon that will perform extra logging.
Often, of course, one wants to protect all such resources, in which case the obvious answer is
to stop the attackers at the front door, i.e., not let them into the computer system in the first place.
Such an approach is always a useful start, although it tacitly assumes that one’s security problems
originate from the outside.
This leads us to our second major question: “Against whom must the computer systems be
defended?” Techniques that suffice against a teenager with a modem are quite useless against
3
4 Introduction
a major intelligence agency. For the former, enhanced password security might do the trick,
whereas the latter can and will resort to wiretapping and cryptanalysis, monitoring spurious
electronic emissions from your computers and wires, and even “black-bag jobs” aimed at your
machine room. Computer security is not a goal, it is a means toward a goal: information security.
When necessary and appropriate, other means should be used as well. The strength of one’s
computer security defenses should be proportional to the threat from that arena; other defenses,
though beyond the scope of this book, are generally needed as well.
Figure 1.1 shows two measures of the growth of the Internet. The top shows a count of hosts
detected by automated sweeps of the Internet. The counts for recent years are certainly on the
low side of the actual number: there is no reliable technology available to count all the computers
connected to a large internet. The lower plot shows the number of networks registered on NSFnet
over the past few years. Please note: the vertical scale on both charts is logarithmic. These
growths are exponential. If there are two million hosts registered, how many people have access
to those computers? How many would like to try their hand at hacking, perhaps even as a career?
The third question one must answer before deploying a security mechanism represents the
opposite side of the coin: how much security can you afford? Part of the cost of security is direct
financial expenditures, such as the extra routers and computers to build a firewall gateway. Often
the administrative costs of setting up and running the gateway are overlooked. But there is a more
subtle cost, a cost in convenience and productivity, and even morale. Too much security can hurt
as surely as too little can. Finding the proper balance is tricky, but utterly necessary—and it can
only be done if you have properly assessed the risk to your organization from either extreme.
One more point is worth mentioning. Even if you do not believe you have valuable assets, it is
still worth keeping hackers out of your machines. You may have a relaxed attitude, but that may
not be evident to the attackers. There are far too many cases on record of systems being trashed
by hackers who thought they had been detected.
Picking a Security Policy
Even paranoids have enemies.
—ANONYMOUS
A security policy is the set of decisions that, collectively, determines an organization’s posture
toward security. More precisely, a security policy determines the limits of acceptable behavior,
and what the response to violations should be. Naturally, security policies will differ from
organization to organization. An academic department in a university has different needs than a
corporate product development organization, which, in turn, differs from a military site. But every
organization should have one, if only to let it take action when unacceptable events occur.
In this book, we are not much concerned with how to respond to incidents; that is covered quite
well in other works, such as [Holbrook and Reynolds, 1991]. But defining the limits of acceptable
behavior is fundamental to the operation of a firewall.
Picking a Security Policy 5
Hosts
detected
on the
Internet
100
1,000
10,000
100,000
1,000,000
10,000,000
81 82 83 84 85 86 87 88 89 90 91 92 93 94
Source: nic.merit.edu:/nsfnet/statistics/history.hosts
Total nets
(solid)
and non-U.S.
nets (dotted)
registered on
NSFnet
1988 1989 1990 1991 1992 1993 1994
10
100
1,000
10,000
100,000
Source: nic.merit.edu:/nsfnet/statistics/history.netcount
Figure 1.1: Internet growth.
6 Introduction
The first step, then, is to decide what is and is not permitted. To some extent, this process is
driven by the business or structural needs of the organization; thus, there might be an edict that
bars personal use of corporate computers. Some companies wish to restrict outgoing traffic, to
guard against employees exporting valuable data. Other aspects may be driven by technological
considerations: a specific protocol, though undeniably useful, may not be used, because it cannot
be administered securely. Still others are concerned about employees importing software without
proper permission: the company doesn’t want to be sued for infringing on someone else’s rights.
Making such decisions is clearly an iterative process, and one’s answers should never be carved
in stone or etched into silicon.
1.2.1 Stance
The moral of this story is, anything you don’t understand is dangerous until you do
understand it.
Beowulf Schaefer in Flatlander
—LARRY NIVEN
A key decision in the policy is the stance of the firewall design. The stance is the attitude of the
designers. It is determined by the cost of the failure of the firewall and the designers’ estimate
of that likelihood. It is also based on the designers’ opinions of their own abilities. At one end
of the scale is a philosophy that says, “we’ll run it unless you can show me that it’s broken.”
People at the other end say, “show me that it’s both safe and necessary; otherwise, we won’t run
it.” Those who are completely off the scale prefer to pull the plug on the network, rather than
take any risks at all. Such a move is too extreme, but understandable. Why would a company
risk losing its secrets for the benefits of network connection? One can best appreciate just how
little confidence the U.S. military has in computer security techniques by realizing that connecting
machines containing classified data to unsecured networks is forbidden.
In general, we lean toward the paranoid end of the scale (for our corporate environment, we
should stress). We’ve tried to give our firewalls a fail-safe design: if we have overlooked a
security hole or installed a broken program, we believe our firewalls are still safe. Compare this
approach to a simple packet filter. If the filtering tables are deleted or installed improperly, or if
there are bugs in the router software, the gateway may be penetrated. This nonfail-safe design
is an inexpensive and acceptable solution if your stance allows a somewhat looser approach to
gateway security.
We do not advocate disconnection for most sites. Our philosophy is simple: there are no
absolutes. (And we believe that absolutely__ .) One cannot have complete safety; to pursue
that chimera is to ignore the costs of the pursuit. Networks and internetworks have advantages;
to disconnect from a network is to deny oneself those advantages. When all is said and done,
disconnection may be the right choice, but it is a decision that can only be made by weighing the
risks against the benefits.
Picking a Security Policy 7
We advocate caution, not hysteria. For reasons that are spelled out below, we feel that firewalls
are an important tool that can minimize the danger, while providing most—but not necessarily
all—of the benefits of a network connection. But a paranoid stance is necessary for many sites
when setting one up, and we can prove it.
Axiom 1 (Murphy) All programs are buggy.
Theorem 1 (Law of Large Programs) Large programs are even buggier than their size would
indicate.
Proof: By inspection.
Corollary 1.1 A security-relevant program has security bugs.
Theorem 2 If you do not run a program, it does not matter whether or not it is buggy.
Proof: As in all logical systems, false
_
true
___
true.
Corollary 2.1 If you do not run a program, it does not matter if it has security holes.
Theorem 3 Exposed machines should run as few programs as possible; the ones that are run
should be as small as possible.
Proof: Follows directly from Corollaries 1.1 and 2.1.
Corollary 3.1 (Fundamental Theorem of Firewalls) Most hosts cannot meet our requirements:
they run too many programs that are too large. Therefore, the only solution is to isolate them
behind a firewall if you wish to run any programs at all.
Our math, though obviously not meant to be taken seriously, does lead to sound conclusions.
Firewalls must be configured as minimally as possible, to minimize risks. And if risks do not
exist, why run a firewall? We forbear to label it an axiom, but it is nevertheless true that some
paranoids have real enemies.
We can draw other conclusions as well. For one thing, we feel that any program, no matter
how innocuous it seems, can harbor security holes. (Who would have guessed that on some
machines, integer divide exceptions1 could lead to system penetrations?) We thus have a firm
belief that everything is guilty until proven innocent. Consequently, we configure our firewalls to
reject everything, unless we have explicitly made the choice—and accepted the risk—to permit it.
Taking the opposite tack, of blocking only known offenders, strikes us as extremely dangerous.
Furthermore, whether or not a security policy is formally spelled out, one always exists. If
nothing else is said or implemented, the default policy is “anything goes.” Needless to say,
this stance is rarely acceptable in a security-conscious environment. If you do not make explicit
decisions, you have made the default decision to allow almost anything.
It is not for us to decree what services are or are not acceptable. As stated earlier, such decisions
are necessarily context-dependent. But the rules we have given are universal.
1See CERT Advisory CA-92:15, July 21, 1992. Information on obtaining CERT advisories is given in Appendix A.
—ANONYMOUS
A security policy is the set of decisions that, collectively, determines an organization’s posture
toward security. More precisely, a security policy determines the limits of acceptable behavior,
and what the response to violations should be. Naturally, security policies will differ from
organization to organization. An academic department in a university has different needs than a
corporate product development organization, which, in turn, differs from a military site. But every
organization should have one, if only to let it take action when unacceptable events occur.
In this book, we are not much concerned with how to respond to incidents; that is covered quite
well in other works, such as [Holbrook and Reynolds, 1991]. But defining the limits of acceptable
behavior is fundamental to the operation of a firewall.
Picking a Security Policy 5
Hosts
detected
on the
Internet
100
1,000
10,000
100,000
1,000,000
10,000,000
81 82 83 84 85 86 87 88 89 90 91 92 93 94
Source: nic.merit.edu:/nsfnet/statistics/history.hosts
Total nets
(solid)
and non-U.S.
nets (dotted)
registered on
NSFnet
1988 1989 1990 1991 1992 1993 1994
10
100
1,000
10,000
100,000
Source: nic.merit.edu:/nsfnet/statistics/history.netcount
Figure 1.1: Internet growth.
6 Introduction
The first step, then, is to decide what is and is not permitted. To some extent, this process is
driven by the business or structural needs of the organization; thus, there might be an edict that
bars personal use of corporate computers. Some companies wish to restrict outgoing traffic, to
guard against employees exporting valuable data. Other aspects may be driven by technological
considerations: a specific protocol, though undeniably useful, may not be used, because it cannot
be administered securely. Still others are concerned about employees importing software without
proper permission: the company doesn’t want to be sued for infringing on someone else’s rights.
Making such decisions is clearly an iterative process, and one’s answers should never be carved
in stone or etched into silicon.
1.2.1 Stance
The moral of this story is, anything you don’t understand is dangerous until you do
understand it.
Beowulf Schaefer in Flatlander
—LARRY NIVEN
A key decision in the policy is the stance of the firewall design. The stance is the attitude of the
designers. It is determined by the cost of the failure of the firewall and the designers’ estimate
of that likelihood. It is also based on the designers’ opinions of their own abilities. At one end
of the scale is a philosophy that says, “we’ll run it unless you can show me that it’s broken.”
People at the other end say, “show me that it’s both safe and necessary; otherwise, we won’t run
it.” Those who are completely off the scale prefer to pull the plug on the network, rather than
take any risks at all. Such a move is too extreme, but understandable. Why would a company
risk losing its secrets for the benefits of network connection? One can best appreciate just how
little confidence the U.S. military has in computer security techniques by realizing that connecting
machines containing classified data to unsecured networks is forbidden.
In general, we lean toward the paranoid end of the scale (for our corporate environment, we
should stress). We’ve tried to give our firewalls a fail-safe design: if we have overlooked a
security hole or installed a broken program, we believe our firewalls are still safe. Compare this
approach to a simple packet filter. If the filtering tables are deleted or installed improperly, or if
there are bugs in the router software, the gateway may be penetrated. This nonfail-safe design
is an inexpensive and acceptable solution if your stance allows a somewhat looser approach to
gateway security.
We do not advocate disconnection for most sites. Our philosophy is simple: there are no
absolutes. (And we believe that absolutely__ .) One cannot have complete safety; to pursue
that chimera is to ignore the costs of the pursuit. Networks and internetworks have advantages;
to disconnect from a network is to deny oneself those advantages. When all is said and done,
disconnection may be the right choice, but it is a decision that can only be made by weighing the
risks against the benefits.
Picking a Security Policy 7
We advocate caution, not hysteria. For reasons that are spelled out below, we feel that firewalls
are an important tool that can minimize the danger, while providing most—but not necessarily
all—of the benefits of a network connection. But a paranoid stance is necessary for many sites
when setting one up, and we can prove it.
Axiom 1 (Murphy) All programs are buggy.
Theorem 1 (Law of Large Programs) Large programs are even buggier than their size would
indicate.
Proof: By inspection.
Corollary 1.1 A security-relevant program has security bugs.
Theorem 2 If you do not run a program, it does not matter whether or not it is buggy.
Proof: As in all logical systems, false
_
true
___
true.
Corollary 2.1 If you do not run a program, it does not matter if it has security holes.
Theorem 3 Exposed machines should run as few programs as possible; the ones that are run
should be as small as possible.
Proof: Follows directly from Corollaries 1.1 and 2.1.
Corollary 3.1 (Fundamental Theorem of Firewalls) Most hosts cannot meet our requirements:
they run too many programs that are too large. Therefore, the only solution is to isolate them
behind a firewall if you wish to run any programs at all.
Our math, though obviously not meant to be taken seriously, does lead to sound conclusions.
Firewalls must be configured as minimally as possible, to minimize risks. And if risks do not
exist, why run a firewall? We forbear to label it an axiom, but it is nevertheless true that some
paranoids have real enemies.
We can draw other conclusions as well. For one thing, we feel that any program, no matter
how innocuous it seems, can harbor security holes. (Who would have guessed that on some
machines, integer divide exceptions1 could lead to system penetrations?) We thus have a firm
belief that everything is guilty until proven innocent. Consequently, we configure our firewalls to
reject everything, unless we have explicitly made the choice—and accepted the risk—to permit it.
Taking the opposite tack, of blocking only known offenders, strikes us as extremely dangerous.
Furthermore, whether or not a security policy is formally spelled out, one always exists. If
nothing else is said or implemented, the default policy is “anything goes.” Needless to say,
this stance is rarely acceptable in a security-conscious environment. If you do not make explicit
decisions, you have made the default decision to allow almost anything.
It is not for us to decree what services are or are not acceptable. As stated earlier, such decisions
are necessarily context-dependent. But the rules we have given are universal.
1See CERT Advisory CA-92:15, July 21, 1992. Information on obtaining CERT advisories is given in Appendix A.
Strategies for a Secure Network
1.3.1 Host Security
To some people, the very notion of a firewall is anathema. In most situations, the network is not
the resource at risk; rather, it is the endpoints of the network that are threatened. By analogy, con
artists rarely steal phone service per se; instead, they use the phone system as a tool to reach their
real victims. So it is, in a sense, with network security. Given that the target of the attackers is the
hosts on the network, should they not be suitably configured and armored to resist attack?
The answer is that they should be, but probably cannot. Theorem 3 shows that such attempts are
probably futile. There will be bugs, either in the network programs or in the administration of the
system. It is this way with computer security: the attacker only has to win once. It does not matter
how thick are your walls, nor how lofty your battlements; if an attacker finds one weakness—say, a
postern gate (backdoor), to extend our metaphor—your system will be penetrated. Unfortunately,
that is not the end of your woes.
By definition, networked machines are not isolated. Typically, other machines will trust them
in some fashion. It might be the almost-blind faith of rlogin, or it might be the sophisticated
cryptographic verification used by the Kerberos authentication system [Bryant, 1988; Kohl and
Neuman, 1993; Miller et al., 1987; Steiner et al., 1988], in which case a particular user will be
trusted. It doesn’t matter—if the intruder can compromise the system, he or she will be able to
attack other systems, by taking over either root, and hence the system’s identity, or some user
account.
It might seem that we are unduly pessimistic about the state of computer security. This is
half-true: we are pessimistic, but not, we think, unduly so. Nothing in the recent history of either
network security or software engineering gives us any reason to believe otherwise. Nor are we
alone in feeling this way.
Consider, for example, the famous Orange Book [DoD, 1985a]. The lists of features for each
security level—auditing, access controls, trusted path, and the like—get all the attention, but the
higher levels also have much more stringent assurance requirements. That is, there must be more
reason to believe that the system actually functions as designed. Despite those requirements, even
the most trusted system, with an A1 evaluation, is not trusted with the most sensitive information
if uncleared users have access to the system [DoD, 1985b]. Few systems on the Internet meet
even the C2 requirements; their security is not adequate.
Another challenge exists that is totally unrelated to the difficulty of creating secure systems:
administering them. No matter how well written the code and how clean the design, later human
error can negate all of the protections. Consider the following sequence of events:
1. A gateway machine malfunctioned on a holiday weekend, when none of the usual system
administrators was available.
2. The backup expert could not diagnose the problem over the phone and needed a guest
account created.
3. The operator added the account guest, with no password.
Strategies for a Secure Network 9
4. The expert neglected to add a password.
5. The operator forgot to delete the account.
6. Some university students found the account within a day and told their friends.
Unlikely? Perhaps, but it happened to one of our gateways. The penetration was discovered only
when the unwanted guests happened to trigger an alarm while probing our other gateway machine.
Our firewall machines are, relatively speaking, simple to administer. They run minimal
configurations, which in and of itself eliminates the need to worry about certain things. Off-theshelf
machines have lots of knobs, buttons, and switches with which to fiddle, and many of the
settings are insecure. Worse yet, many are shipped that way by the vendor; given that higher
security generally makes a system less convenient to use and administer, some manufacturers
choose to position their products for the “easy-to-use” market. Our internal network has many
machines that are professionally administered. But it also has many departmental machines that
are unpacked, plugged in, and turned on, and thereafter all but ignored. They run old releases of
the operating system, with bugs fixed if and only if they directly affect the user population. If the
system works, why change it? A reasonable attitude, much of the time, but a risky one, given the
intertwined patterns of transitive network trust.
1.3.2 Gateways and Firewalls
’Tis a gift to be simple,
’Tis a gift to be free,
’Tis a gift to come down where we ought to be,
And when we find ourselves in the place just right,
It will be in the valley of love and delight.
When true simplicity is gained,
to bow and to bend, we will not be ashamed
To turn, turn, will be our delight,
’Til by turning, turning, we come round right.
—SHAKER HYMN
By this point, it should be no surprise that we recommend using firewalls to protect networks. We
define a firewall as a collection of components placed between two networks that collectively have
the following properties:
All traffic from inside to outside, and vice-versa, must pass through the firewall.
Only authorized traffic, as defined by the local security policy, will be allowed to pass.
The firewall itself is immune to penetration.
10 Introduction
Boom!
Not all security holes are merely bad. Some go all the way to truly horrendous.
We use a “bomb” symbol to indicate a particularly serious risk. That doesn’t mean
you can be sanguine about the others—the intruders don’t care much how they get
in—but it does give some rough guidance about priorities.
We should note that these are design goals; a failure in one aspect does not mean that the collection
is not a firewall, simply that it is not a very good one.
That firewalls are desirable follows directly from our earlier statements. Many hosts—and
more likely, most hosts—cannot protect themselves against a determined attack. Firewalls have
several distinct advantages.
The biggest single reason that a firewall is likely to be more secure is simply that it is not
a general-purpose host. Thus, features that are of doubtful security but add greatly to user
convenience—NIS, rlogin, etc.—are not necessary. For that matter, many features of unknown
security can be omitted if they are irrelevant to the firewall’s functionality.
A second benefit comes from having professional administration of the firewall machines. We
do not claim that firewall administrators are necessarily more competent than your average system
administrator, but they may be more security conscious. However, they are almost certainly better
than nonadministrators who must nevertheless tend to their own machines. This category would
include physical scientists, professors, and the like, who (rightly) prefer to worry about their own
areas of responsibility. It may or may not be reasonable to demand more security consciousness
from them; nevertheless, it is obviously not their top priority.
Fewer normal users is a help as well. Poorly chosen passwords are a serious risk; if users and
their attendant passwords do not exist, this isn’t a problem. Similarly, one can make more or less
arbitrary changes to various program interfaces if that would help security, without annoying a
population that is accustomed to a different way of doing things. One example would be the use
of hand-held authenticators for logging in (Chapter 5). Many people resent them, or they may be
too expensive to be furnished to an entire organization; a gateway machine, however, should have
a restricted-enough user community that these concerns are negligible.
More subtly, gateway machines need not, and should not, be trusted by any other machines.
Thus, even if the gateway machine has been compromised, no others will fall automatically. On
the other hand, the gateway machine can, if you wish (and if you decide against using hand-held
authenticators), trust other machines, thereby eliminating the need for most passwords on the
few accounts it should have. Again, something that is not there cannot be compromised. (Other
components of the firewall can shield vulnerable services on the gateway machine; see Chapter 3.)
Strategies for a Secure Network 11
Gateway machines have other, nonsecurity advantages as well. They are a central point for
mail and FTP administration, for example. Only one machine need be monitored for delayed
mail, proper header syntax, return-address rewriting (i.e., to Firstname.Lastname@ORG.DOMAIN
format), etc. Outsiders have a single point of contact for mail problems and a single location to
search for files being exported.
Our main focus, though, is security. And for all that we have said about the benefits of a
firewall, it should be stressed that we neither advocate nor condone sloppy attitudes towards host
security. Even if a firewall were impermeable, and even if the administrators and operators never
made any mistakes, the Internet is not the only source of danger. Apart from the risk of insider
attacks—and in some environments, that is a serious risk—an outsider can gain access by other
means. In at least one case, a hacker came in through a modem pool, and attacked the firewall
from the inside [Hafner and Markoff, 1991]. Strong host security policies are a necessity, not a
luxury. For that matter, internal firewalls are a good idea, to protect very sensitive portions of
organizational networks. AT&T uses them; we leave to your imagination exactly what is being
protected.
1.3.3 Protecting Passwords
__________ _ ___ _________
(Speak, friend, and enter.)
“What does it mean by speak, friend, and enter? asked Merry.
“That is plain enough,” said Gimli. “If you are a friend, speak the password, and the
doors will open, and you can enter.”
__
“But do not you know the word, Gandalf?” asked Boromir in surprise.
“No!” said the wizard__ . “I do not know the word—yet. But we shall soon see.”
Lord of the Rings
—J.R.R. TOLKIEN
1
System bugs are the exciting way to crack a system, but they are not the most common
attack. That honor is reserved for a rather mundane feature: user passwords. A high
percentage of system penetrations occur because of the failure of the entire password
system.
We write “password system” because there are several causes of failure. However, the most
common problem is that people tend to pick very bad passwords. Repeated studies have shown that
password-guessing is likely to succeed; see, for example, [Klein, 1990] or [Morris and Thompson,
1979]. We are not saying that everyone will pick a poor password; however, enough people will
that password-guessing remains a high-probability approach for an attacker.
Password-guessing attacks take two basic forms. The first involves attempts to log in using
known or assumed user names and likely guesses at passwords. This succeeds amazingly often;
12 Introduction
root:DZo0RWR.7DJuU:0:2:0000-Admin(0000):/:
daemon:*:1:1:0000-Admin(0000):/:
bin:*:2:2:0000-Admin(0000):/bin:
sys:*:3:3:0000-Admin(0000):/usr/v9/src:
adm:*:4:4:0000-Admin(0000):/usr/adm:
uucp:*:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:*:10:10:0000-uucp(0000):/usr/spool/uucppublic:/usr/lib/uucp/uucico
ftp:anonymous:71:14:file transfer:/:no soap
research:nologin:150:10:ftp distribution account:/forget:/it/baby
ches:La9Cr9ld9qTQY:200:1:me:/u/ches:/bin/sh
dmr:laHheQ.H9iy6I:202:1:Dennis:/u/dmr:/bin/sh
rtm:5bHD/k5k2mTTs:203:1:Rob:/u/rtm:/bin/sh
adb:dcScD6gKF./Z6:205:1:Alan:/u/adb:/bin/sh
td:deJCw4bQcNT3Y:206:1:Tom:/u/td:/bin/sh
Figure 1.2: The bogus /etc/passwd file in our anonymous FTP area.
sites often have account-password pairs such as field-service, guest-guest, etc. These pairs
often come out of system manuals! The first try may not succeed, nor even the tenth, but all too
often, one will work—and once the attacker is in, your major line of defense is gone. Regrettably,
few operating systems can resist attacks from the inside.
This approach should not be possible! Users should not be allowed an infinite number of login
attempts with bad passwords, failures should be logged, users should be notified of failed login
attempts on their accounts, etc. None of this is new technology, but these things are seldom done,
and even more seldom done correctly. Many common mistakes are pointed out in [Grampp and
Morris, 1984], but few developers have heeded their advice. Worse yet, much of the existing
logging on UNIX systems is in login and su; other programs that use passwords—ftpd, rexecd,
various screen-locking programs, etc.—do not log failures on most systems.
The second way hackers go after passwords is by matching guesses against stolen password
files (/etc/passwd on UNIX systems). These may be stolen from a system that is already
cracked, in which case the attackers will try the cracked passwords on other machines (users
tend to reuse passwords), or they may be obtained from a system not yet penetrated. These are
called dictionary attacks, and they are usually very successful. Make no mistake about it: if your
password file falls into enemy hands, there is a very high probability that your machine will be
compromised. Klein [1990] reports cracking about 25% of the passwords; if that figure is accurate
for your machine, and you have just 16 user accounts, there is a 99% chance that at least one of
those passwords will be weak.
A third approach is to tap a legitimate terminal session and log the password used. With this
approach, it doesn’t matter how good a password you have chosen; your account, and probably
your system, is compromised.
We can draw several conclusions from this. The first, of course, is that user education in how
to choose good passwords is vital. Sadly, although almost 15 years have passed since Morris and
Thompson’s paper [Morris and Thompson, 1979] on the subject, user habits have not improved
much. Nor have tightened system restrictions on allowable passwords helped that much, although
there have been a number of attempts, e.g., [Spafford, 1992b; Bishop, 1992]. Others have tried
Strategies for a Secure Network 13
To some people, the very notion of a firewall is anathema. In most situations, the network is not
the resource at risk; rather, it is the endpoints of the network that are threatened. By analogy, con
artists rarely steal phone service per se; instead, they use the phone system as a tool to reach their
real victims. So it is, in a sense, with network security. Given that the target of the attackers is the
hosts on the network, should they not be suitably configured and armored to resist attack?
The answer is that they should be, but probably cannot. Theorem 3 shows that such attempts are
probably futile. There will be bugs, either in the network programs or in the administration of the
system. It is this way with computer security: the attacker only has to win once. It does not matter
how thick are your walls, nor how lofty your battlements; if an attacker finds one weakness—say, a
postern gate (backdoor), to extend our metaphor—your system will be penetrated. Unfortunately,
that is not the end of your woes.
By definition, networked machines are not isolated. Typically, other machines will trust them
in some fashion. It might be the almost-blind faith of rlogin, or it might be the sophisticated
cryptographic verification used by the Kerberos authentication system [Bryant, 1988; Kohl and
Neuman, 1993; Miller et al., 1987; Steiner et al., 1988], in which case a particular user will be
trusted. It doesn’t matter—if the intruder can compromise the system, he or she will be able to
attack other systems, by taking over either root, and hence the system’s identity, or some user
account.
It might seem that we are unduly pessimistic about the state of computer security. This is
half-true: we are pessimistic, but not, we think, unduly so. Nothing in the recent history of either
network security or software engineering gives us any reason to believe otherwise. Nor are we
alone in feeling this way.
Consider, for example, the famous Orange Book [DoD, 1985a]. The lists of features for each
security level—auditing, access controls, trusted path, and the like—get all the attention, but the
higher levels also have much more stringent assurance requirements. That is, there must be more
reason to believe that the system actually functions as designed. Despite those requirements, even
the most trusted system, with an A1 evaluation, is not trusted with the most sensitive information
if uncleared users have access to the system [DoD, 1985b]. Few systems on the Internet meet
even the C2 requirements; their security is not adequate.
Another challenge exists that is totally unrelated to the difficulty of creating secure systems:
administering them. No matter how well written the code and how clean the design, later human
error can negate all of the protections. Consider the following sequence of events:
1. A gateway machine malfunctioned on a holiday weekend, when none of the usual system
administrators was available.
2. The backup expert could not diagnose the problem over the phone and needed a guest
account created.
3. The operator added the account guest, with no password.
Strategies for a Secure Network 9
4. The expert neglected to add a password.
5. The operator forgot to delete the account.
6. Some university students found the account within a day and told their friends.
Unlikely? Perhaps, but it happened to one of our gateways. The penetration was discovered only
when the unwanted guests happened to trigger an alarm while probing our other gateway machine.
Our firewall machines are, relatively speaking, simple to administer. They run minimal
configurations, which in and of itself eliminates the need to worry about certain things. Off-theshelf
machines have lots of knobs, buttons, and switches with which to fiddle, and many of the
settings are insecure. Worse yet, many are shipped that way by the vendor; given that higher
security generally makes a system less convenient to use and administer, some manufacturers
choose to position their products for the “easy-to-use” market. Our internal network has many
machines that are professionally administered. But it also has many departmental machines that
are unpacked, plugged in, and turned on, and thereafter all but ignored. They run old releases of
the operating system, with bugs fixed if and only if they directly affect the user population. If the
system works, why change it? A reasonable attitude, much of the time, but a risky one, given the
intertwined patterns of transitive network trust.
1.3.2 Gateways and Firewalls
’Tis a gift to be simple,
’Tis a gift to be free,
’Tis a gift to come down where we ought to be,
And when we find ourselves in the place just right,
It will be in the valley of love and delight.
When true simplicity is gained,
to bow and to bend, we will not be ashamed
To turn, turn, will be our delight,
’Til by turning, turning, we come round right.
—SHAKER HYMN
By this point, it should be no surprise that we recommend using firewalls to protect networks. We
define a firewall as a collection of components placed between two networks that collectively have
the following properties:
All traffic from inside to outside, and vice-versa, must pass through the firewall.
Only authorized traffic, as defined by the local security policy, will be allowed to pass.
The firewall itself is immune to penetration.
10 Introduction
Boom!
Not all security holes are merely bad. Some go all the way to truly horrendous.
We use a “bomb” symbol to indicate a particularly serious risk. That doesn’t mean
you can be sanguine about the others—the intruders don’t care much how they get
in—but it does give some rough guidance about priorities.
We should note that these are design goals; a failure in one aspect does not mean that the collection
is not a firewall, simply that it is not a very good one.
That firewalls are desirable follows directly from our earlier statements. Many hosts—and
more likely, most hosts—cannot protect themselves against a determined attack. Firewalls have
several distinct advantages.
The biggest single reason that a firewall is likely to be more secure is simply that it is not
a general-purpose host. Thus, features that are of doubtful security but add greatly to user
convenience—NIS, rlogin, etc.—are not necessary. For that matter, many features of unknown
security can be omitted if they are irrelevant to the firewall’s functionality.
A second benefit comes from having professional administration of the firewall machines. We
do not claim that firewall administrators are necessarily more competent than your average system
administrator, but they may be more security conscious. However, they are almost certainly better
than nonadministrators who must nevertheless tend to their own machines. This category would
include physical scientists, professors, and the like, who (rightly) prefer to worry about their own
areas of responsibility. It may or may not be reasonable to demand more security consciousness
from them; nevertheless, it is obviously not their top priority.
Fewer normal users is a help as well. Poorly chosen passwords are a serious risk; if users and
their attendant passwords do not exist, this isn’t a problem. Similarly, one can make more or less
arbitrary changes to various program interfaces if that would help security, without annoying a
population that is accustomed to a different way of doing things. One example would be the use
of hand-held authenticators for logging in (Chapter 5). Many people resent them, or they may be
too expensive to be furnished to an entire organization; a gateway machine, however, should have
a restricted-enough user community that these concerns are negligible.
More subtly, gateway machines need not, and should not, be trusted by any other machines.
Thus, even if the gateway machine has been compromised, no others will fall automatically. On
the other hand, the gateway machine can, if you wish (and if you decide against using hand-held
authenticators), trust other machines, thereby eliminating the need for most passwords on the
few accounts it should have. Again, something that is not there cannot be compromised. (Other
components of the firewall can shield vulnerable services on the gateway machine; see Chapter 3.)
Strategies for a Secure Network 11
Gateway machines have other, nonsecurity advantages as well. They are a central point for
mail and FTP administration, for example. Only one machine need be monitored for delayed
mail, proper header syntax, return-address rewriting (i.e., to Firstname.Lastname@ORG.DOMAIN
format), etc. Outsiders have a single point of contact for mail problems and a single location to
search for files being exported.
Our main focus, though, is security. And for all that we have said about the benefits of a
firewall, it should be stressed that we neither advocate nor condone sloppy attitudes towards host
security. Even if a firewall were impermeable, and even if the administrators and operators never
made any mistakes, the Internet is not the only source of danger. Apart from the risk of insider
attacks—and in some environments, that is a serious risk—an outsider can gain access by other
means. In at least one case, a hacker came in through a modem pool, and attacked the firewall
from the inside [Hafner and Markoff, 1991]. Strong host security policies are a necessity, not a
luxury. For that matter, internal firewalls are a good idea, to protect very sensitive portions of
organizational networks. AT&T uses them; we leave to your imagination exactly what is being
protected.
1.3.3 Protecting Passwords
__________ _ ___ _________
(Speak, friend, and enter.)
“What does it mean by speak, friend, and enter? asked Merry.
“That is plain enough,” said Gimli. “If you are a friend, speak the password, and the
doors will open, and you can enter.”
__
“But do not you know the word, Gandalf?” asked Boromir in surprise.
“No!” said the wizard__ . “I do not know the word—yet. But we shall soon see.”
Lord of the Rings
—J.R.R. TOLKIEN
1
System bugs are the exciting way to crack a system, but they are not the most common
attack. That honor is reserved for a rather mundane feature: user passwords. A high
percentage of system penetrations occur because of the failure of the entire password
system.
We write “password system” because there are several causes of failure. However, the most
common problem is that people tend to pick very bad passwords. Repeated studies have shown that
password-guessing is likely to succeed; see, for example, [Klein, 1990] or [Morris and Thompson,
1979]. We are not saying that everyone will pick a poor password; however, enough people will
that password-guessing remains a high-probability approach for an attacker.
Password-guessing attacks take two basic forms. The first involves attempts to log in using
known or assumed user names and likely guesses at passwords. This succeeds amazingly often;
12 Introduction
root:DZo0RWR.7DJuU:0:2:0000-Admin(0000):/:
daemon:*:1:1:0000-Admin(0000):/:
bin:*:2:2:0000-Admin(0000):/bin:
sys:*:3:3:0000-Admin(0000):/usr/v9/src:
adm:*:4:4:0000-Admin(0000):/usr/adm:
uucp:*:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:*:10:10:0000-uucp(0000):/usr/spool/uucppublic:/usr/lib/uucp/uucico
ftp:anonymous:71:14:file transfer:/:no soap
research:nologin:150:10:ftp distribution account:/forget:/it/baby
ches:La9Cr9ld9qTQY:200:1:me:/u/ches:/bin/sh
dmr:laHheQ.H9iy6I:202:1:Dennis:/u/dmr:/bin/sh
rtm:5bHD/k5k2mTTs:203:1:Rob:/u/rtm:/bin/sh
adb:dcScD6gKF./Z6:205:1:Alan:/u/adb:/bin/sh
td:deJCw4bQcNT3Y:206:1:Tom:/u/td:/bin/sh
Figure 1.2: The bogus /etc/passwd file in our anonymous FTP area.
sites often have account-password pairs such as field-service, guest-guest, etc. These pairs
often come out of system manuals! The first try may not succeed, nor even the tenth, but all too
often, one will work—and once the attacker is in, your major line of defense is gone. Regrettably,
few operating systems can resist attacks from the inside.
This approach should not be possible! Users should not be allowed an infinite number of login
attempts with bad passwords, failures should be logged, users should be notified of failed login
attempts on their accounts, etc. None of this is new technology, but these things are seldom done,
and even more seldom done correctly. Many common mistakes are pointed out in [Grampp and
Morris, 1984], but few developers have heeded their advice. Worse yet, much of the existing
logging on UNIX systems is in login and su; other programs that use passwords—ftpd, rexecd,
various screen-locking programs, etc.—do not log failures on most systems.
The second way hackers go after passwords is by matching guesses against stolen password
files (/etc/passwd on UNIX systems). These may be stolen from a system that is already
cracked, in which case the attackers will try the cracked passwords on other machines (users
tend to reuse passwords), or they may be obtained from a system not yet penetrated. These are
called dictionary attacks, and they are usually very successful. Make no mistake about it: if your
password file falls into enemy hands, there is a very high probability that your machine will be
compromised. Klein [1990] reports cracking about 25% of the passwords; if that figure is accurate
for your machine, and you have just 16 user accounts, there is a 99% chance that at least one of
those passwords will be weak.
A third approach is to tap a legitimate terminal session and log the password used. With this
approach, it doesn’t matter how good a password you have chosen; your account, and probably
your system, is compromised.
We can draw several conclusions from this. The first, of course, is that user education in how
to choose good passwords is vital. Sadly, although almost 15 years have passed since Morris and
Thompson’s paper [Morris and Thompson, 1979] on the subject, user habits have not improved
much. Nor have tightened system restrictions on allowable passwords helped that much, although
there have been a number of attempts, e.g., [Spafford, 1992b; Bishop, 1992]. Others have tried
Strategies for a Secure Network 13
How Long Should a Password Be?
It is generally agreed that the eight-character limit that UNIX systems impose is inadequate
[Feldmeier and Karn, 1990; Leong and Tham, 1991]. But how long should a password be?
Part of the problem with the UNIX system’s password-hashing algorithm is that it uses
the seven significant bits of each typed character directly as an encryption key. Since the
algorithm used (DES; see Chapter 13) permits only 56 bit keys, the limit of eight is derived,
not selected. But that begs the question.
The 128 possible combinations of seven bits are not equally probable. Not only do most
people avoid using control characters in their passwords, most do not even use characters
other than letters. Most folks, in fact, tend to pick passwords composed solely of lowercase
letters.
We can characterize the true value of passwords value as keys by using information
theory [Shannon, 1949]. For ordinary English text of 8 letters, the information content is
about 2.3 bits per letter, perhaps less [Shannon, 1948, 1951]. We thus have an effective
key length of about 19 bits, not 56 bits, for passwords composed of English words.
Some people pick names (their own, their spouse’s, their children’s, etc.) for passwords.
That gives even worse results, because of just how common certain names are. Experiments
performed using the AT&T online phone book show that a first name has only about 7.8
bits of information in the whole name. These are very bad choices indeed.
Longer English phrases have a lower information content per letter, on the order of 1.2
to 1.5 bits. Thus, a password of 16 bytes is not as strong as one might guess if words from
English phrases are used; there are only about 219 to 224 bits of information there. The
situation is improved if the user picks independent words, to about 238 bits. But if users
fill up those bytes with combinations of names, we have not helped the situation much.
To enforce password security through retroactive checking [Muffett, 1992]. But perversity always
tends toward a maximum, and the hackers only have to win once.
If you cannot keep people from choosing bad passwords, it is vital that the password file itself
be kept out of enemy hands. This means that one should
carefully configure the security features for services such as Sun’s NIS,
restrict files available from tftpd, and
avoid putting a genuine /etc/passwd file in the anonymous FTP area.
(There is room for fun, of course. Our ftpd will happily deliver /etc/passwd file to you
(Figure 1.2), complete with passwords crackable by trying words from a dictionary [Klein, 1990].
They come to “why are you wasting your time”. The first of these, nominally for root,
has shown up on a hacker bulletin board, which says something about hacker quality control.)
Some UNIX systems provide you with the ability to conceal the hashed passwords from even
legitimate users. If your system has this feature (sometimes called a “shadow” or “adjunct”
password file), we strongly urge you to take advantage of it. Many other operating systems wisely
hash and hide their password files.
Encryption is often touted as the ultimate weapon in the computer security wars. It is not. It is
certainly a valuable tool (see Chapter 13), but it, like everything else, is a tool toward an ultimate
goal. Indeed, if encryption is used improperly, it can hurt the real goals of the organization.
Some aspects of improper use are obvious. One must pick a strong enough cryptosystem for
the situation, or an enemy might cryptanalyze it. Similarly, the key distribution center must be
safeguarded, or all of your secrets will be exposed.
Other dangers exist as well. For one thing, encryption is best used to safeguard file transmission,
rather than file storage, especially if the encryption key is generated from a typed password. Few
people bequeath knowledge of their passwords in their wills; more have been known to walk in
front of trucks. There are schemes to deal with such situations (e.g., [Shamir, 1979; Gifford, 1982;
Blaze, 1994]), but these are rarely used in practice. Admittedly, you may not be concerned with
the contents of your files after your untimely demise, but your organization—in some sense the
real owner of the information you produce at work—might feel differently.
Even without such melodrama, if the machine you use to encrypt and decrypt the files is
not physically secure, a determined enemy can simply replace the cryptographic commands with
variants that squirrel away a copy of the key. Have you checked the integrity of such commands
on your disk recently? Did someone corrupt your integrity-checker?
Finally, the biggest risk of all may be your own memory. Do you remember what password
you used a year ago? (You do change your password regularly, do you not?) You used that
password every day; how often would you use a file encryption key?
If a machine is physically and logically secure enough that you can trust the encryption process,
encryption is most likely not needed. If the machine is not that secure, encryption may not help.
The Ethics of Computer Security 15
There is one exception to our general rule: backup tapes. Such tapes rarely receive sufficient
protection, and there is never any help from the operating system. One can make a very good case
for encrypting the entire tape during the dump process—if there is some key storage mechanism
guaranteed to permit you to read the year-old backup tape when you realize that you are missing a
critical file. It is the information that is valuable; if you have lost the contents of a file, it matters
little if the cause was a hacker, a bad backup tape, a lost password, or an errant rm command.
[Feldmeier and Karn, 1990; Leong and Tham, 1991]. But how long should a password be?
Part of the problem with the UNIX system’s password-hashing algorithm is that it uses
the seven significant bits of each typed character directly as an encryption key. Since the
algorithm used (DES; see Chapter 13) permits only 56 bit keys, the limit of eight is derived,
not selected. But that begs the question.
The 128 possible combinations of seven bits are not equally probable. Not only do most
people avoid using control characters in their passwords, most do not even use characters
other than letters. Most folks, in fact, tend to pick passwords composed solely of lowercase
letters.
We can characterize the true value of passwords value as keys by using information
theory [Shannon, 1949]. For ordinary English text of 8 letters, the information content is
about 2.3 bits per letter, perhaps less [Shannon, 1948, 1951]. We thus have an effective
key length of about 19 bits, not 56 bits, for passwords composed of English words.
Some people pick names (their own, their spouse’s, their children’s, etc.) for passwords.
That gives even worse results, because of just how common certain names are. Experiments
performed using the AT&T online phone book show that a first name has only about 7.8
bits of information in the whole name. These are very bad choices indeed.
Longer English phrases have a lower information content per letter, on the order of 1.2
to 1.5 bits. Thus, a password of 16 bytes is not as strong as one might guess if words from
English phrases are used; there are only about 219 to 224 bits of information there. The
situation is improved if the user picks independent words, to about 238 bits. But if users
fill up those bytes with combinations of names, we have not helped the situation much.
To enforce password security through retroactive checking [Muffett, 1992]. But perversity always
tends toward a maximum, and the hackers only have to win once.
If you cannot keep people from choosing bad passwords, it is vital that the password file itself
be kept out of enemy hands. This means that one should
carefully configure the security features for services such as Sun’s NIS,
restrict files available from tftpd, and
avoid putting a genuine /etc/passwd file in the anonymous FTP area.
(There is room for fun, of course. Our ftpd will happily deliver /etc/passwd file to you
(Figure 1.2), complete with passwords crackable by trying words from a dictionary [Klein, 1990].
They come to “why are you wasting your time”. The first of these, nominally for root,
has shown up on a hacker bulletin board, which says something about hacker quality control.)
Some UNIX systems provide you with the ability to conceal the hashed passwords from even
legitimate users. If your system has this feature (sometimes called a “shadow” or “adjunct”
password file), we strongly urge you to take advantage of it. Many other operating systems wisely
hash and hide their password files.
Encryption is often touted as the ultimate weapon in the computer security wars. It is not. It is
certainly a valuable tool (see Chapter 13), but it, like everything else, is a tool toward an ultimate
goal. Indeed, if encryption is used improperly, it can hurt the real goals of the organization.
Some aspects of improper use are obvious. One must pick a strong enough cryptosystem for
the situation, or an enemy might cryptanalyze it. Similarly, the key distribution center must be
safeguarded, or all of your secrets will be exposed.
Other dangers exist as well. For one thing, encryption is best used to safeguard file transmission,
rather than file storage, especially if the encryption key is generated from a typed password. Few
people bequeath knowledge of their passwords in their wills; more have been known to walk in
front of trucks. There are schemes to deal with such situations (e.g., [Shamir, 1979; Gifford, 1982;
Blaze, 1994]), but these are rarely used in practice. Admittedly, you may not be concerned with
the contents of your files after your untimely demise, but your organization—in some sense the
real owner of the information you produce at work—might feel differently.
Even without such melodrama, if the machine you use to encrypt and decrypt the files is
not physically secure, a determined enemy can simply replace the cryptographic commands with
variants that squirrel away a copy of the key. Have you checked the integrity of such commands
on your disk recently? Did someone corrupt your integrity-checker?
Finally, the biggest risk of all may be your own memory. Do you remember what password
you used a year ago? (You do change your password regularly, do you not?) You used that
password every day; how often would you use a file encryption key?
If a machine is physically and logically secure enough that you can trust the encryption process,
encryption is most likely not needed. If the machine is not that secure, encryption may not help.
The Ethics of Computer Security 15
There is one exception to our general rule: backup tapes. Such tapes rarely receive sufficient
protection, and there is never any help from the operating system. One can make a very good case
for encrypting the entire tape during the dump process—if there is some key storage mechanism
guaranteed to permit you to read the year-old backup tape when you realize that you are missing a
critical file. It is the information that is valuable; if you have lost the contents of a file, it matters
little if the cause was a hacker, a bad backup tape, a lost password, or an errant rm command.
Subscribe to:
Posts (Atom)
