Dave’s rules for safe e-mail usage

Dave’s rules for safe e-mail usage. Please feel free to copy and paste and save this for future use. Print it out and hang copies next to your users’ monitors if you want. Make a poster out of it, I don’t care.
1. Don’t execute unexpected attachments. There’s a lot of cutesy stuff going around out there. Do you know where it came from? Do you know that the person who sent it to you scanned it for viruses? Five bucks says they didn’t. Happy99.exe is a good example–it shot off nice fireworks, then proceeded to e-mail itself to people for you and replace a critical system file. How nice of it. I don’t care how funny or how cute some attachment is, I don’t run it. Period. I don’t have time to scan it for viruses, so I can’t run it safely, and I certainly don’t have time to recover from a formatted hard drive, so I delete all unexpected attachments. Usually I make time to mail the user who sent it and tell them not to send me that crap.

2. Think twice before double-clicking on attachments, expected or unexpected. Do you know what it is? If you can’t tell a GIF or a JPEG from a Word document or an executable, you have no business double-clicking on attachments. Delete whatever it is. It’s better to miss the joke than to end up with a formatted hard drive (which you don’t have time for–see #1).

3. When in doubt, ask questions. Don’t be afraid to shoot back an e-mail message asking what an unexpected piece of mail is before opening it. You think if my editor sent off an unexpected piece of mail saying O’Reilly’s cancelled my new book, I wouldn’t ask questions? Why should an unexpected attachment from him be any different?

4. Change your stationery. On one of my work computers, where I have to use Outlook (company policy–maybe that’ll change now), I changed my stationery. In addition to my name and title and contact info, I include a line that reads, “This message should have arrived without attachments. If there are attachments, DON’T OPEN THEM!” I have to remember to delete that line manually on the rare occasions when I do send attachments. But if a virus ever hits and I do inadvertently run it, at least its cargo goes out with a warning.

5. Don’t send people executable attachments. Better yet, don’t send them unarchived Word and Excel documents either. Zip them up first. They’ll transfer faster because they’re smaller when they’re zipped, and the person on the receiving end can have better peace of mind, because viruses generally don’t send out zipped copies of themselves, and infecting a zip file is much more difficult than infecting an unarchived file.

6. Avoid using attachments whenever you can. You have network drives at work? Use them. Save it to the network, then send a message telling your coworkers where to find it. Just found a hot new shareware program? Send the world a link to it, rather than the program itself. Involving fewer computers in the file transfer speeds up the transfer and lowers risks.

7. If you must view Word, Excel, and other MS Office attachments, do so with something other than Office. View Word documents in WordPad. Yes, WordPad is slow and dumb. That’s the point. It’s too dumb to let the virus do anything. Microsoft provides Excel and PowerPoint viewers. Download them and use them to view attached e-mail. Those viewers are too dumb to let viruses do anything too.

8. Fight the machine. The more you deviate from the norm (Windows 98, Outlook and the rest of MS Office, Internet Explorer), the less susceptible you are to viruses. Why do virus writers target MS Office on Windows? Well, besides it being the second-best virus toolkit in existence, it’s also extremely common. If I’m a bored loser who wants to hear about my own exploits on the news, I’m going to aim for the largest audience possible. That happens to be Windows/Office/IE. I can’t avoid MS Word, but I’ll take my computers to the pawn shop before I use Outlook and IE exclusively.

Alternative applications and OSs aren’t just trendier, they’re safer. If StarOffice or WordPerfect Office running under Linux will let you get your work done, think about it. You may be in the minority, but you’re a lot safer.

LoveLetter ruins my day

I hate viruses. So. I stumble in to work Thursday. I make the mistake of checking my mail before I’ve had my coffee. Mail from a VIP. “Please kindly check this …” I read no further. I spy an attachment, so I do exactly–in my mind–what it asks. I open the attachment in Notepad and look at it. Hmm. A VBscript program written by someone who doesn’t like school. Hmm. Wait, why’s this thing messing with the registry? Why’s this thing making copies of some files and deleting others? Crap! This is a virus! Who else did she send this to? Meanwhile a neighbor’s jabbering away at me about something or another. “Shuddup!” I tell him as I print it out. I print the code (4 pages I think), grab it, circle a couple of offending lines of code, then rush upstairs. Yep, you’ve got it. We were infected with the now-notorious “Iloveyou” virus.
Yeah, loser. I love you too, but only because Jesus says I have to love my enemies. So, God bless you, whoever you are. You’re gonna need that and more. Bad.

I located two infected computers, then I called the wisest, coolest head in the organization (our Unix ubermeister) for advice on how to proceed. This was a good 2-3 hours before Symantec had a fix posted on its Web site. He said he and one of our ace programmers had dissected the code and determined all of the changes it makes. He had registry entries to fix and files to look for. Armed with that info, I was able to put out the fire pretty quickly (silently reminding myself that using Netscape and Eudora instead of Internet Exploiter and Outlook sometimes really has its advantages), but it turned into a very draining day.

Selecting a mass storage medium

Thursday, 5/4/00
CD-RW vs. Zip vs. Superdisk. Mail from India.

I am writing from New Delhi, India.

I read your comments on the site concerning ‘super floppies’. I would be very grateful if you could help me in this matter.

I have been thinking for some time about whether to buy a CDR drive or a ZIP drive. Recently my computer was hit by the CIH virus. Some of my data was lost.

I am a graphic designer as well. Consequently I need to transfer heavy files of an average of 10-15 MB to the printers or to show to my clients. I have been using file splitting softwares of late — but now I feel the need of alternative means of carrying the data for them.

Also some people say that CDRW cannot be read by some CD ROMs. I primarily need the drives for data back-up and transferring 10-15 MB files b/w printers, clients and my office.

Should I be buying an HP CDR or an Iomega 250 MB zip drive ?

I would be extremely helpful, if you could help me in my decision.

Thanking you,

Anshuman Bhargava.

First off, I’m sorry to hear about CIH getting you. We really need to find other ways to amuse 15-year-olds.

You are correct that some CD-ROM drives won’t read CD-RW discs. It’s a sure bet that any drive more than about three years old (pre-1997) won’t. Drives made since 1997 are supposed to be able to read them, but that doesn’t always happen. But with CD-R discs selling for peanuts, at least in the United States, that’s not too much of a concern. I’m usually willing to spend 75 cents on a CD-R I only use once. (I try to think of it as wasting 75 cents, rather than wasting 600 megs when I use a CD-R to transport a 20-meg file. Somehow that seems less wasteful.)

I had a conversation at work about Zips vs. Superdisk vs. CD-R/CD-RW the other day. I have a Zip drive, and I use it exclusively for installing Windows on computers I can’t easily connect a CD-ROM drive to. That’s it. I don’t trust it with any data I value. I’ve just seen too many of them fail. I know graphic designers swear by Zips when they aren’t swearing at them, but I’ve seen too many disks and drives fail. The Superdisk looks good, and Imation is on more solid financial ground than Iomega so I’m much more confident that Imation will be around in 5 years than I am about Iomega, but the LS-120 superdisk is much less common, and its capacity is lower.

If I were in your position, I’d get a CD-RW drive (I like Yamaha and Plextor, though I’ve also used HP, Sony and Philips drives) along with a spindle of CD-Rs and CD-RWs. Once you have a good idea which of your clients can handle CD-RWs and which ones have to use CD-Rs, you’ll be in good shape.

From an archival standpoint, CD-Rs make me a lot less nervous than either Zip or LS-120, because they’re optical rather than magnetic. I have plenty of 15-year-old floppy disks still floating around, but I’m not very confident many of them are still readable. Longevity varies greatly depending on the quality of the media, but you should be able to expect a couple of decades at least from quality CD-R (Kodak, Taiyo Yuden, and Mitsui discs are the safest; Kodak is the easiest of the three to find), plus they’re cheap, plus they can’t be damaged by viruses or user error. I periodically burn everything that matters to me to CD.

I hope this helps.

Fixing Outlook address book problems

Outlook 97/98 Problems. First, some background. Some of my users at work discovered that groups within contact lists created in Outlook 97 couldn’t be edited after an upgrade to Outlook 98. I searched around for answers and didn’t find anything. At one point, I posted a question on Usenet, but never received an answer. Finally, one of my coworkers called Microsoft. Their suggestion didn’t work, but it led us to something that did. So, here’s the mail.


I saw your post from 02/02/2000 concerning Address Book group problems with Outlook 98. We have discovered the same thing and are looking for a fix. All our Outlook 98 installations are upgrades from Outlook 97.

I would be very grateful if you could tell if you have got a fix for this.

With warm regards from Finland,

Kirmo Uusitalo

Yes. Install Internet Explorer 5 and Outlook Express 5. Outlook uses a lot of IE code and even some OE code, and evidently there are bugs in IE/OE4 that prevent Outlook 97->98 upgrades from working properly that were fixed in IE5.

Troubleshooting Windows keyboard shortcuts

A friend of mine who uses Win98 has an irksome problem I don’t quite understand. Maybe you can shed some light on the matter.

Whenever he boots up, all the launch keyboard shortcuts defined in his desktop icon shortcuts are gone. He can manually select each one and redefine them (O for Outlook, W for Word and so on), but the next time he starts up (reboots), they’re all gone again.

These are stored in registry…?

/ Bo

Bo Leuf
Leuf fc3 Consultancy

I’ve seen that problem in 95, 98, and NT4. It appears that if Windows Explorer is the currently active application, they’ll work, but if some other app has focus, keyboard shortcuts on desktop icons won’t work. The only workaround I’ve found for this is to store keyboard shortcuts in the start menu. Those seem to work all the time.

I don’t think they’re stored in the registry, but I’m not sure where they’re stored. Win3.x had keyboard shortcuts too. If I had to hazzard a guess, I’d say they’re probably stored in the shortcut files in 9x/NT and in the program group files in Win3.x.

An easy firewall for Linux

Saturday, 4/29/00
PMFirewall. I recommended this firewall-builder for Linux a couple of weeks ago (from www.pointman.org). InfoWorld’s resident Linux guru, Nick Petreley, gives it his seal of approval this week here.

As for making it a standard part of distributions, I e-mailed Jacques Le Marois, president of Mandrakesoft, inquiring just about that possibility. (As an aside, wanna know one reason why I like Linux? Le Marois answers my mail! And sometimes he mails me! Meanwhile, I know neither Gates nor Ballmer give a rat’s behind about anything I think or say.) Le Marois had a team look into it, but informed me that it could be tough to integrate. I’m wondering if maybe it shouldn’t be integrated into the control panel, rather than as part of the setup process (it’s specialized, after all). Hmm. Maybe it’s time to mail him again…

[E-mail him I did. And I have no idea if my lobbying had anything to do with this or not, but Control Panel-based firewalling soon became a standard feature in Mandrake and other Linux distributions. –DF, 5/23/02]

Identifying the motherboard in a mystery system

Wednesday, 4/26/00
I had to identify the type of memory a system in a remote location uses today. This technique won’t always work as smoothly as it did for me, but it gives you a fighting chance.

Life’s much easier with name-brand systems: go to Crucial, tell it you’ve got a Compaq Presario 660, and it gives you the Crucial/Micron part number. This wasn’t that easy. The system was built by Budget Computers, a clone shop in St. Charles, Mo. So, here’s how I identified it. I had the owner shut down, unplug the keyboard, and power back up. Up pops the dumbest of error messages–“Keyboard not present, press F1 to continue.” The good thing is, the BIOS code is there in plain view. In this case, it was i430VX-W877-2A59GPA9C-00.

I headed to motherboards.org, clicked on Spot (their board search engine), punched in the letters PA, since that’s the manufacturer code for Award BIOSes (they tell you how to extract the code from AMI BIOS strings as well), and found out it was an EPoX board. Good deal. I punched the part number code into their search engine and got a fat goose egg. Hrumph. I headed to EPoX’s site at www.epox.com, and found a list of EPoX BIOS codes in their knowledgebase. Cool. It turns out that i430VX-W877-2A59GPA9C-00 is the code for the EPoX P55-TV. Crucial doesn’t have a parts listing for the P55-TV, but EPoX’s site has the manual online in PDF form. I viewed the manual, and whaddya know, it’s got four SIMM sockets and a DIMM socket, and it supports FPM, EDO, and SDRAM, up to 128 MB. I happen to know that the 430VX chipset doesn’t cache more than 64 MB, so the utility of putting 128 megs in it is questionable (unless you’re going to make a 64 MB RAM disk under Windows 9x). I don’t know if that’s mentioned in the manual or not. I was mostly interested in whether it had DIMM sockets capable of taking SDRAM, because SIMMs are priced like highway robbery these days in comparison.

Head back to Crucial, tell it I want pricing on an SDRAM DIMM, and immediately I know the pricing on 32, 64, and 128 MB modules. Total time invested: 15 minutes.

And I had a college professor try to tell me once that the Internet isn’t a legitimate research tool. Well, legit or not, it gave me all the information I needed in slightly more time than it would have taken for me to disassemble the system and look for myself, assuming I was close enough to the system to actually lay hands on it (I wasn’t).

Why Linus Torvalds is more popular than RMS

Quote of the day. This one made me laugh out loud–probably because I have a journalism degree, I’ve seen journalism professors show up for class sloshed, a good number of my friends are journalists, and, technically, I’m a journalist myself.
“I know how journalists work. They drink too much and they search for interesting stories.” –Linus Torvalds, in the Spring 1999 issue of Linux Magazine.

As for Torvalds, his mom, dad, grandfather, sister, and uncle are all journalists. Yikes!

Stallman on the warpath. My chance to be divisive, I guess. As a journalist, I mustn’t shy away from it. Hey, we’re supposed to look for these opportunities. So…

GNU/Linux is a horrible name. Stallman’s efforts should be commended, yes. I believe they have been. Stallman’s not exactly a household name yet, but certainly more people know who he is now than a year ago. If he wants GNU and his Free Software Foundation to be known, he needs to borrow more pages from Eric Raymond, or even better yet, Torvalds.

As an aside, I had a conversation with a friend and one of his friends the other night over coffee, and the whole Linux/Open Source/Free Software/whatever topic came up (probably because he introduced me as, “Dave, my friend who wrote a book about Windows and now he’s writing a book about Linux.”). I was trying to explain Stallman, and finally I just said, “He’s so libertarian he doesn’t believe in capitalism.” She stopped for a minute. “Libertarians don’t believe in capitalism?” Sure they do, usually fanatically so. But capitalism puts certain limits on your liberties, and if those liberties mean more to you than capitalism, you can start to disdain capitalism. It’s strange, but remember, in the 1930s the leaders of Germany, Italy, Japan, and Spain took conservatism to such an extreme that it led to a form of socialism. The boundaries blur at the edges.

End aside. Raymond and Torvalds are better known than Stallman partly because they’re nicer and more reasonable people. Want proof? OK. Here’s an interview with Stallman, here’s one with Torvalds, and here’s one with Raymond.

It’s pretty clear from reading these interviews why Torvalds is the most popular of these guys, and why he’s become a bit of a media darling. Yes, he looks more like the anti-Gates than RMS or Raymond, but there’s more to it than just that: He’s more charismatic, he’s less intellectual (though he’s obviously a brilliant guy, he’s much more apt to laugh or crack a joke than try to convince you he knows more than you do), and he’s considerably more humble. He’s a likable guy. More likeable than Stallman or Raymond, and more likable than Gates.

Harping the GNU/Linux thing isn’t going to accomplish much. People have a hard enough time figuring out what Linux is supposed to be. And where do we draw the line? Sure, Linux isn’t very useful without some set of utilities (and the GNU utilities are the most commonly used). But what about XFree86? That didn’t come from GNU. But if it weren’t for XFree86, very few people would be interested in either GNU or Linux. And what about KDE? Stallman hates KDE because it dares to use the Qt library, which wasn’t always GPL. But it’s largely thanks to KDE that we’re not stuck using the often-convoluted interfaces that shipped with early Linux distributions. Without KDE, there probably wouldn’t have been a GNOME in response. OK, so now we’re up to GNU/Linux/XFree86/KDE. Oh yeah. A lot of the daemons people use with Linux (minor details like Sendmail and BIND–just the building blocks of the Internet, nothing to get worked up about) came not from GNU but from the BSD project. GNU/BSD/Linux/XFree86/KDE, anyone?

This becomes a convoluted mess. Maybe “Linux” isn’t the best name (if we named all OSs after the kernel, Windows 9x would still be called DOS), but it’s the name people recognize. My goal in writing is to communicate as clearly as possible. That means using the popular name.

A makeover for Stallman. I’m already in trouble, so I might as well get in a lot of trouble. We find out early in that interview that Stallman lived in is office for 13 years or something. He had a bed in his office! What, did he sleep there, wake up, code for 16 hours a day, except for breaks for meals and a break for a shower whenever he felt like it? As Torvalds says, journalists look for interesting stories. Here’s an eccentric guy. Let’s find out more about his eccentricism. Find out about the eccentricism, you learn about the dedication. It sounds like this guy just might be more dedicated and fanatic about software than Martin Luther was about Jesus. How can that be?

In fact, Stallman may have logged 16-hour days at the keyboard. He alludes to it in the interview, when he says he suffered carpal tunnel syndrome from too much coding. But he didn’t talk about it.

Stallman has this ridiculous folk song he plays about how hackers need to follow him, and they’ll be free. He alludes to folk music in the interview, how one person can take a song someone took from someone else, and it becomes a rich thing. What if Stallman brought his acoustic guitar to this interview, said, “Like this!” and played his ridiculous song, then said, “Hmm. Maybe not.” A little self-depracating humor works sometimes. Especially when you have a reputation for being pompous and arrogant. Just ask Linus.

People have to have a compelling reason to listen to you. Giving them a bunch of free stuff is a good start, I’ll admit. Though he speaks about word processors in a demeaning manner, which may make some programmers born and bred on text editors stand up and cheer, but I’m not sure I like the tool of my trade looked down upon in that way. I’m sure my mom doesn’t. The tools we need are different from the tools rms needs, and he needs to recognize that.

So, the difference between my mom and me. I have to listen to Stallman, I have to at least feign interest in who he is and what he’s doing (and to be honest, I don’t have to try all that hard) because I’m being paid to write a book that’s almost as much about him and his work as it is about Torvalds and Gates. But why should my mom give a rip about this guy? And therein lies the problem. With years of retraining, my mom could get her job done with a Linux (or better yet, Hurd, so Stallman and GNU can get all the credit) box running GNU Emacs. Hey, it’s a text editor, it’s a Web browser, it’s a programming environment, it’s a dessert topping, it’s a floor wax! And at the end of this retraining, I could then look her in the eye and say, “You’re free.” And you know what she’d tell me? She’d give me a dirty look and tell me it wasn’t worth it.

Stallman’s attitude is, “I’ll sacrifice a little (or a lot of) convenience in order to be free.” Torvalds? He freely admits his mom uses a Mac, his dad uses Windows, and his sister uses Windows. Then he corrects himself. “No, she [his sister] uses Microsoft Works. Windows is nothing more than a program loader to her. She doesn’t care how these computers work.”

I think the contrasting attitudes have a lot to do with why Torvalds feels he has too much attention and Stallman not enough. People more readily identify with Torvalds.

What to do when defrag won’t finish

Optimizing a DX4/75. Talk about bottom fishing! But I do what I have to. This DX4/75 was driving me batty because it was taking a minute and a half to boot, and 30 seconds to load Word. Hard to believe this was once considered acceptable, even good, performance for Win95. But I couldn’t do much about it because with 16 MB RAM, Defrag kept getting interrupted. I fixed that. I opened win.ini, found the line that read shell=Explorer.exe, changed it to read shell=defrag.exe, rebooted, then defragged. Defrag was able to run without interruption, and significantly faster since it wasn’t competing for limited CPU cycles and physical memory.
When it finishes, the quickest way to get regular old Windows back is to hit Ctrl-Esc to bring up Task Manager, hit File–>New Task, type Explorer.exe, then edit win.ini and change the default shell back to Explorer.

But if you gotta get a system defragged absolutely as fast as possible, try the shell replacement trick. I’ve never seen this documented anywhere, and to tell you the truth, I thought of it in a moment of desperation. But it worked.

A freeware (GPL) boot manager

Want to boot multiple versions of Windows 9x, DOS, NT, Linux, and BeOS on the same machine? (Hey, there’s use for that 40-gig drive after all!) Potentially, you can use XOSL to do that. The screenshots look really slick–this could be a System Commander killer.
I’ll have to put a fresh drive in a machine and experiment with it this weekend. Use at your own risk–the version numbers suggest it’s stable, but I only point it out because it sounds interesting, not because I’ve tried it. (I usually try things out before posting links, but this seems too cool to keep to myself, and I’m short of time.)

David L. Farquhar, computer security professional, train hobbyist, and landlord