The Spyware Crisis
September 3, 2002
I don't use the upstairs TV much, but it is connected to the cable, and sometimes at night before I go to bed, I'll look at the news or surf through looking for movies that I meant to see in theaters but missed; and once in a while there's a pretty good space opera, and I like those. (Call it a busman's holiday.) I also have some old movies like Caesar and Cleopatra that I can play on the VCR, but once again there's no urgency. We have VCRs for both the downstairs TVs too.
So when the upstairs TV died, I was in no hurry to replace it and months went by. I keep meaning to go out to Fry's or over to the Good Guys to get another, and one day I will, but as it happened, I got a new VCR tape—a Randolph Scott western if you must know—that I wanted to watch, and decided to experiment with Darth and the ATI All In Wonder Radeon 8500 video card (with 128 MB of on-board memory).
Darth is an Intel 2.53-GHz system running Windows XP Professional. You'd expect a powerful system like that to be able to play DVD movies, and it can, but oddly enough WinDVD plays them with jerks and hesitations and sound glitches, although the same movie shows fine with PowerDVD.
The ATI All In Wonder card has a coax cable input for TV, and comes with TV software. It also has built-in DVD software and that works at least as well as PowerDVD. To get TV on screen, I moved the VCR from my dead TV to the All In Wonder card. I also had to connect the sound output from the card to the auxiliary audio input on the Intel motherboard. After that, it was a matter of inserting a tape into the VHS and clicking on the TV button on the ATI software. VCR tapes played just fine.
Next step was to put the input from the digital cable decoder into the VCR. Note that the ATI All In Wonder has a TV Tuner, but I only need that to tune it to Channel 3 since the Adelphia cable decoder box takes care of the rest. It works, though I noticed the cable box also has Video Out, so I could use that, too. I can now watch all the channels on my digital cable, plus VCR, on the monitor of a 2.53-GHz Windows XP Professional PC.
It's not a preferred way to watch television. The colors are different, the contrast is hard to adjust, and the pixels aren't the same as they are on a TV set. Oddly enough, VCR tapes look better than the TV channels. Neither is all that bad, but a normal TV is better. Alex says this is a matter of tweaking the gamma curves: The ATI board lets you do that. It still won't look as good as a TV, but it can be improved considerably over what you get right out of the box.
Of course, it's a waste of a fast computer to use it as a complicated TV set. On the other hand, if you want a small TV window on your PC—say to watch news or financial events or even a ball game while you work—the All In Wonder will do that for you. It will even function as a tuner if you don't already have one.
One last point I haven't tried yet: The Hauppauge Board is still the world's most popular High Definition TV set because a computer, DVD drive, good resolution monitor, ATI Radeon, and Hauppauge board will all together cost less than a High Definition TV just now, and of course, a good monitor will have higher resolution than the High Def TV set.
The ATI board with Windows XP ClearType gives really nice on-screen text, a pleasure to work with. It plays EverQuest and every other game I know just fine. All told, the ATI Radeon 8500 is an excellent board, with or without the All In Wonder features.
I have also received the new ATI Radeon 9000, which has even more advanced features: More on that next month. There's also a new version of the ATI Catalyst software package, and another to come when Microsoft releases SP1 for XP. Not too long ago, there was NVIDIA with GeForce and everyone else a long way back. No more. ATI is very much back in the graphics game, with some very cool stuff.
I've mentioned these key fob nonrotating nonvolatile disk "drives" before: They look like a key ring with a small object the size of your thumb attached. There's a USB connector at one end. Plug that into the USB port on a Windows machine, and in seconds you have a new disk drive. They come in various sizes: I now have one that's a full 512 MB, which is a bit astonishing when you remember that we revolutionized the way they stored asteroid data at the Lowell Observatory with a Priam 300-MB drive back in the '80s. Prior to that Priam, they had to store asteroid and comet orbital data on enormous 32-MB DEC disk cartridges.
Anyway this is 512 nonvolatile megabytes you can carry in your pocket. I have put all kinds of files on mine, and carried it in the same pocket as my car keys and wallet, and there has been no problem. One of the devices came unglued to show me its tiny little PC card and chips, and I glued it back together: It still works. These things are wonderful.
Belkin also makes what they call a USB Flash Drive: The one I have is 16 MB, and rather than a key ring it has a pocket clip like a pen. It works fine, of course. DiskOnKey was the original, and still the cheapest source of these pocket disk drives, and I've used them for months. They're getting cheap enough that you can afford to carry a couple for backing up critical files: I always have one when I travel now. And I still marvel: Half a gigabyte on a device no larger than my thumb. Silicon still isn't cheaper than iron, but it's a lot cheaper than iron used to be…
SmartMedia and CompactFlash
My Olympus cameras use both SmartMedia and CompactFlash cards. My wonderful NEC MobilePro 780 (a PocketPC laptop with a usable keyboard; I love it; now replaced by the 790) uses CompactFlash. My equally wonderful Dragon NaturallyMobile (now from ScanSoft) pocket speech recorder uses SmartMedia. Both SmartMedia and CompactFlash have become amazingly cheap—64-MB cards cost less than 8-MB cards did when I got those gadgets. As a result, it's not nearly as critical that I transfer all my pictures, or spoken notes, or text written on the MobilePro from the devices to my laptop: I am not likely to run out of digital "film" or "tape" "drive space" for my camera, recorder, and MobilePro. On the other hand, the pictures and text won't be of much use until I can get them into a computer.
Transferring files from CompactFlash is simple enough: There's a small gadget that accepts a CompactFlash card and inserts into the PCMCIA slot on my laptop. The laptop sees that as another disk drive, and files can be copied to and from it with any file manager including Windows Commander. I don't have a similar device for SmartMedia, so I ended up with a USB cable with a SmartMedia slot on one end. I have a similar cable for CompactFlash, largely because sometimes the PCMCIA slots are in use for something else.
Carrying all that seemed like wretched excess, especially since I ended up with another USB cable for MemoryStick. Belkin's USB Dual Media Reader/Writer lets me cut out a couple of those. This is a cable with USB at one end, and a place to insert SmartMedia or CompactFlash at the other. Like every other Belkin product I've tried, it just works. And the other day, I got 128-MB SmartMedia cards on sale for some ridiculously low price. It's astonishing how many high resolution pictures you can put on a 128-MB SmartMedia card. I can also use these cards as emergency backup safety drives to protect creative text and copies of pictures I particularly want to keep. You can even mail them.
Of the three memory forms, CompactFlash is the most versatile and useful, but they all work pretty well. Do be sure your older equipment can make use of the much larger capacity available on SmartMedia; some older SmartMedia devices are limited in how much memory they can access. Given a choice, go with CompactFlash. My latest Olympus camera uses both.
Spyware and the Virus Panic
Roberta has two systems that share a keyboard, mouse, and video monitor through a Belkin KVM switch. The one she uses most is called "Seattle;" it's a Pentium III 550 with 128 MB of memory running Windows 98. I keep insisting this isn't very much machine and offering to replace it, but she says it's good enough for what she does, and she's used to it. She mostly uses it for web browsing and e-mail, and I suppose she's right: Except for startup times—long if you are used to Windows XP, not so long if you use Windows 2000—nothing she does is limited by the processor speed.
Everything changed a couple of weeks ago. She reported that the machine wasn't working at all. It wouldn't even finish booting up before she started getting error messages, and when she went to open Outlook 2000 the machine would just sit there, trundling away with nothing happening. It was pretty grim, and shutting down and rebooting did no good at all.
"So what was happening for the last week before it locked up?" I asked. "Was it getting slower and slower?"
And indeed it had. It had also begun to accumulate a plethora of really disgusting pornographic web sites that would pop up uninvited whenever she opened Internet Explorer. "It's enough to gag you. With a long handled spoon," she said.
I took this as an opportunity to set up a new system for her, and began work on a 2-GHz Pentium 4 with a gigabyte of memory and a 60-GB hard drive. Seattle was working well enough that I could use the network to transfer files over to the new system.
I set up the new machine to run Windows 2000. Doing that taught me a lot about the User Account system on Windows 2000, and we'll come back to that later. Meanwhile, I was able to set up the new machine for her, except for the Pretty Good Privacy and the authentication system for accepting credit-card orders for her reading program (see www.readingtlc.com). I knew I could transfer those, because I had done it before, even if I have forgotten how.
Of course, the authentication system wants to work through a direct dialup modem rather than through the local network and out through the satellite; "Seattle" knows how to do that, using the LAN for Outlook and Internet Explorer, but using the direct dial modem when she wants to authenticate credit-card orders. I vaguely remembered that it had been a bit tricky to get that working properly.
To find out how I'd set Seattle up to use the LAN for one kind of communication and the US Robotics modem for another, I needed to get Seattle running well enough to let me have a look: That was one sick machine. I could reach it through the LAN by never logging in on Seattle at all, but when we tried to log on, the machine didn't want to tell me anything. It just wanted to sit there and complain.
So. While I was prepared to drain the swamp by setting her up with a new machine, I first had to fight the alligators. First thing, then, was to bring up Seattle in Safe Mode, and run Norton Anti-Virus. All that did was reassure us: It didn't detect any actual virus or Trojan running or resident on the hard drive. Next, I fired up StartUp Manager to see just what programs were running on startup. There were a lot of them. The version of StartUp Manager I have is pretty old; there's a much later one on the web site. On the other hand, the one already on her machine works just fine; I used it to turn off everything nonessential including Windows Critical Updates, the various Norton utilities, Silicon Prairie's memory manager, and other stuff. When I rebooted I didn't get all the error messages as before, and I was actually able to get control of the system. Sort of.
It was still clogged up, and opening Internet Explorer got a pornographic popup window, reminding me that I have to put Popup Stopper on Roberta's machine. I also noted that the disk was filling up with junk, and most of the 128-MB of system memory were used up running processes not connected to any programs that StartUp Manager could find. Next step, then, was Internet Explorer/Tools/Internet Options, and delete all the cookies and temporary Internet files. There were a lot of them: Roberta didn't remember ever doing this in the year or two this machine had been operating. The same tool let us clear the history.
This got rid of some of the garbage, but not all. Moreover, there was an enormous— 700 MB—file called index.dat in the Internet Explorer Temp Files directory. It's associated with the Internet browsing history of the machine, and that file can't be deleted by Windows Explorer or Norton Windows Commander. It just sits there getting bigger and bigger. Since this was a Windows 98 machine, I rebooted it in DOS, and used Norton Commander to erase that index.dat file. That gave us a lot more disk space.
Now when we brought up Seattle, it was operating well enough that we could log in. It was still very sluggish, but operating well enough that I was able to download aaw.exe from Lavasoft. That's the installation file for a freeware program called Ad-aware, and if you don't have it on your Windows system, go get it right now, install it, and run it. We installed Ad-aware and let it scan both the registry and the hard drives on Seattle. It found 31 processes that shouldn't have been there. There was Gator, which is a web tracker. There were five different web browser hijack programs (which were the cause of the rain of pornographic spam). Three spyware programs. Every one of those was trying to run in background, and the result was that her system was so clogged up with this junk that it wouldn't run.
I let Ad-aware delete all of those from both memory and disk drives and rebooted—and Seattle was running just fine. In fact, the system is running so well that Roberta wants to keep it, and won't let me replace it with the new Pentium 4 I'd built up for her. Moreover, we cleaned so much junk off her hard drive that she's got plenty of disk space.
We tried to reconstruct just how she'd got into the pornographic hell. Part of the problem is that if you're doing educational research, you visit a lot of web sites, and many of them aren't what they seem to be. Then things really got acute when she did a Google search on "Barbizon," which is the brand name of a slip she wanted to replace. It turns out that a lot of porn sites have the name Barbizon associated with them. She may also have been led to a couple of porn sites through similarity of names; once you get to one of those places, it instantly attaches itself to you with spyware, Gator, browser hijackers, popups, and a whole host of weapons, and if they all run at once, they can overwhelm the system—as they had Roberta's.
My associates tell me that the first moral of this story is to get rid of Internet Explorer and go to Opera or Mozilla, opening IE only when necessary. Not only do these work, but they have text zooming features that make it easier to read small print. I can't say that's a bad idea, but Roberta isn't interested at all, and as for me, I do a lot of silly things so you don't have to: I'll keep Internet Explorer, if only to be able to tell Microsoft what's wrong this time.
The second moral of this story is, get Ad-aware and use it early and often. I just went down and ran it on Seattle again tonight: It found 4 processes that shouldn't have been there, two of them web hijackers. I also ran it on Regina, my web surfing machine, and while the registry was clean, it found a Doubleclick cookie had snuck in. Note that Norton Anti-Virus didn't find these things, because technically, they are neither viruses nor Trojans.
I think Norton ought to consider adding an Ad-aware function to their anti-virus software. After all, these may not technically be Trojans, but they are definitely hostile attacks and constitute a Denial of Service attack on your system, and I'd think the people infecting our systems with this junk should be liable to both civil and criminal penalties under any sane legal system. (This is clearly not a "drag chute" we want, is it?) Alas, much of this is associated with web commerce, and is protected in the same way that spamming is protected. The Direct Mail Association has a lot more clout with our Congressional Finest than you or I. Fortunately, Ad-aware doesn't take long to run, and is pretty good at clearing out this cruft.
Thirdly, if you run Internet Explorer, go through and clear out the temporary internet files at reasonable intervals, and if you're running Windows 98, boot up in DOS and clear out the Temporary Internet Files index.dat file while you are at it. (There may be other index.dat files associated with other programs, so be sure to kill only the proper one.) In Windows 2000 you can boot up in Safe Mode, log in as Administrator, and delete the huge index.dat files from the search window. In Windows 2000 those don't grow nearly as fast as they do in Windows 98 systems, but I got rid of them anyway, and I haven't missed them at all.
Run Ad-aware often, and periodically clean up your Temporary Internet Files including index.dat. Your system will run better for it.
One caution: I advise cleaning up by hand, using Error Scan and other such programs, rather than the disk cleanup utility built into Windows. That one can take literally hours and eat up all the CPU time: A real drag chute. If you decide to run it, run it overnight.
Popup Stopper is another essential bit of freeware. It attaches to your Internet Explorer, and when a web site tries to launch a popup window, you get a slight buzzing sound as warning but nothing else happens. Since most of those popups are ads you didn't want to see anyway, this is all to the good.
Once in a while you'll find a site where you want popups. Some news sites open a new window every time you click for a new story. Some registration sites, like Go Daddy, pop up new windows for credit-card information. The result is that you don't get what you asked for, and you may find yourself wondering why. I've found, though, that between the buzz and the unexpected nonhappening, I am able to figure out that I need to turn off Popup Stopper and try again. Turning it off is simple: There's a toggle button in the tool bar.
I'm aware of half a dozen programs that do what Popup Stopper does. Bob Thompson greatly prefers WebWasher, which has more features, but for me, Popup Stopper is Good Enough. Recommended.
Jerry Pournelle, Ph.D., is a science-fiction writer and Byte.com's senior contributing editor. Contact him at email@example.com. Visit Jerry's Chaos Manor at www.jerrypournelle.com. Reader letters can be found at Jerry's letters page.
For more of Jerry's columns, visit Byte.com's ChaosManor Index page.