Sorcerer Software Users Newsletter Issue 0205 Welcome to our monthly newsletter, covering the latest updates, tips, and user questions about our software programs. If you have an issue or question you would like to see addressed in a future newsletter, either by me or by your fellow users, please email me and I'll include it. -------------------------------------------------------------------------------- May 31, 2002 CONTENTS: My descent into the 7th circle of (computer) hell... -------------------------------------------------------------------------------- First, I would like to apologize for being a week late with the newsletter. Unfortunately I sustained a rather malignant attack by the dreaded KLEZ worm, resulting in an obligatory reformatting of my hard drive and reinstallation of both the operating system and my application software. I'm sure some of you have been there before. This isn't my first time, but eventually we should all learn something from these experiences. So I thought that I would tell you about my adventure and the steps I took to prevent similar mishaps in the future. I suggest you view this month's newsletter as addressing a security issue and take a long look at what steps you are taking to protect your computer. In the course of this newletter I made some recommendations based upon my experiences. My computer was probably infected during the course of some rather routine internet work, such as gathering email or web browsing. At first my wife thought it was her fault because she received -- but didn't open -- a suspicious email that she thought might contain a virus. I doubt if she let a worm or virus in the door if that's all she did, but you never know. And that's the problem... opening attachments is probably the easiest and most common way to infect a computer. Which leads me to my first recommendation: I. GO OUT AND BUY ANTIVIRUS SOFTWARE. TODAY. Maybe you already have such software installed. If so, good for you. If not then permit me a few observations. I have been playing with 3 different antivirus software packages over the last several months, but didn't have any of them functioning when my demise occurred. Antivirus software can work a few diffent ways. First it can sit vigilant in your computer, constantly scanning for infections and dealing with them when they occur or are discoverd. Second, the software can be configured to scan your email as it comes in so that you don't inadvertently open an infected file or email that someone sent you. And third, the software can be run like any other program -- start it and let it scan your computer's memory and hard drive, and then deal with any infection it finds. Typically your computer becomes infected by transmission from another computer (that's why they call them viruses!). Your computer can also be infected by other agents, such as worms. But in every case they have to get to your computer from another computer, such as via floppy disk, CD, or internet. And when your computer becomes infected, the damage may be trivial or it can wipe out an entire hard drive. So this is a bad thing. The first program I looked at was Norton Antivirus (NAV). Several years ago the Norton line of utility software was bought by a company named Symantec, and generally they make good products. You can buy this software boxed in a store, or download it from the web. When you download it you get a registration key, much like our own software products, but if their software becomes corrupted or is deleted, they charge you again to download another copy -- a terrible policy (and one which we don't subscribe to with our software products). The NAV program seemed to work fairly well. I tried it for a few weeks and it would pick up the occassional virus from incoming email. Seemed to work fine, but for an unknown reason at one point it just stopped working. Perhaps it became infected. Who knows. My second trial was with McAfee's antivirus program. You can log on to their web site and scan your computer online, and there's no charge. That's good PR, and a good service. This software also worked fine, but I never downloaded and tried it on my computer. This was a rather limited venture, but the software and company both enjoy good reputations, and I was satisfied with the online scans I performed. I then went to Trend Micro's PC-Cillin web site. They too will let you scan your computer online (as many times as you want) free. This is an excellent service and good marketing. You can also download a free 30 day trial version of their product, register it online, and then download the full, registered version of the program so that you can re-install in the future if need be (unlike Norton). This was quite timely as the need to do so happened to me. While I had the PC- Cillin antivirus program running, another worm attack occurred and corrupted the PC-Cillin program. So I went to Trend's web site to disinfect my computer online, and then reinstalled the PC-Cillin software. It was about as painless as one could hope for under the circumstances. It made me a believer in their product, and at $39 it's the cheapest of the three I tried. Verdict: I liked best and bought PC-Cillin. But it doesn't matter so much what antivirus software you end up using. Just make sure and use something. Download trial versions or try the online service from: Norton at http://www.norton.com McAfee at http://www.mcafee.com PC-Cillin at http://www.antivirus.com II. BACKUP YOU IMPORTANT DATA. FREQUENTLY. I've always been pretty good about this. Since my hard drive holds the source code for the software we create, I back this data up in triplicate just to make sure. In addition I keep all my installation CDs for the development programs I use, and print out or write down all my passwords, unlock codes, and other vital statistics. I would recommend that our customers follow this practice and: 1. write down the unlock code to any of our products you own; 2. keep a copy of the installation program of our software that you use. These are all available on our web site. Everyone has their own favorite way of backing up. Some users prefer Zip of Jaz drives, some like to use CD burners, and some even install a 2nd hard drive and just copy the entire contents of their working hard drive onto this 2nd, or mirror, drive. Once again, it doesn't matter so much which method (and there are many more) you use. Just make sure and back up your important and sensitive data. Recently I've been using a USB Zip drive to back up my irreplaceable data. Zip drives use disks of either 100 or 250 MB (depending on which kind of Zip drive you have), and for me, this is sufficient to back up data and individual projects. Then once a month, I perform a large and more complete backup to a writeable CD using my CD burner. Those of you who use your computer in your business (and a lot of our users are small business owners who must be responsible for their data... we small business owners rarely have our own IT department) MUST have a backup plan. Just think of this: what would happen if your company's (or your personal) financial data, such as bank records, accounting data, etc., just disappeared on day? III. TRY GOBACK If you haven't heard of GoBack, you will. It's an idea whose time has come, especially in this era of computer infections and corruption. Basically GoBack is a software program that you install on your computer, and it monitors and records what's going on. It periodically takes a snapshot of the files on your computer. If you then run into problems, such as from a virus infection or hard drive crash, you tell GoBack to restore your computer to a previous state. You could tell it, for example, to restore your computer's files and hard drive to the state they were in 24 hours previously. I downloaded a trial version (free!) of GoBack and installed it on my computer right after cleaning up my infectious mess. The next morning, while re- configuring some new and recently installed software, all my internet software stopped working. I told GoBack to restore my computer to its condition of approximately 2 hours previously (before everything went wrong), and it worked like a charm. Made a believer out of me. I don't work for this company (nor for any of the antivirus companies, or anyone else I mentioned in this newsletter), but I definitely recommend their product. You can read more about it and download a trial version of the program (about 8 MB) from their web site at: http://www.roxio.com/en/products/goback/index.jhtml IV. GET THOSE MICROSOFT SECURITY UPDATES click the "Start" button in the lower left corner of your Windows screen, and at the top of the Start menu you will see an entry named "Windows Update". If you click on it, you will be taken to the Windows Update site online. Here you can download (free again!) Windows critical updates, security updates, patches, service packs, Windows enhancements, updates and patches to other Microsoft products (like Office), and much more. You should take advantage of this offer from Microsoft, and do so often. It's not often they give you something for nothing (well... sort of). One could argue that if their products were made correctly in the first place, there would be no need for service packs and security updates. But I'm a software developer and you can take it from me: no software is perfect and works 100% correctly all the time. Not small, compact products like ours and not a behemoth of a program like Windows or Office. So the lesson here is to use the update service. I do, and I check back there often to see what's new and what I'm missing. You should, too. Microsoft's update site is located at: http://windowsupdate.microsoft.com V. CONSIDER USING A PERSONAL FIREWALL If you are connected to the internet all the time, such as by cable or DSL, you are especially prone to attacks from the outside world. These can be quite benign, but I wouldn't count on it. Because of that the installation of a software firewall can protect your computer from crackers, hackers, and zit infested adolescent boys* (and those that act like them). A firewall sits between your computer and the rest of the internet, and won't let anyone into your computer without your permission. The firewall experts tell me that a firewall is not usually necessary if you use a dial-up service (like over 50% of internet users), but it can't hurt. If you have a broadband connection, and especially if your connection is on all the time, you should seriously consider a firewall. A firewall product named ZoneAlarm is available free to personal users, and you can read about it and download their program from: http://www.zonelabs.com/ And as an added bonus, PC-Cillin (see above section) comes with a firewall as part of the software package. So now you're all out of excuses. AND IN THE END... Like the Phoenix, my computer eventually rose from the ashes and began a new life. I finally got it up and running, complete with antivirus protection, GoBack, and a serious backup scheme, and with all my patches and security upgrades installed. I recommend you do the same. The forces of evil are out there like a Stephen King novel. So be forewarned and be prepared. If you would like to read a fictional account of the problem of hacking into computers and the chaos and disaster it can create, I recommend "The Blue Nowhere" by Jeffrey Deaver. He's a good author (who also wrote about a famous fictional crime scene investigator made popular in the movie "The Bone Collector") and the book's fun, but scary, read. On the other hand if all this talk spooks you a little bit and you're just not into the technology, go out and see a movie. There are plenty of interesting ones to choose from this time of year... -------------------------------------------------------------------------------- That's all folks, and thanks for listening. Look for our next newsletter in about 3 weeks. I hope. -- Bill bill@sorcerersoftware.com Sorcerer Software http://www.sorcerersoftware.com To read all the old newsletters, go to: http://www.sorcerersoftware.com/archives.htm To be removed from our mailing list, send me an email with the word "unsubscribe" in the subject line. -------------------------------------------------------------------------------- * Don't get all exercise about my rather polically incorrect terminology. After all, I once was one. And now my teenage daughters constantly bring them to my house!