October 1, 2003
By Scott Lewis
As promised last month I really wanted to cover these topics. When we finally got a new laptop to replace the wonderful Sony laptop that unfortunately died, I wanted to get a number of things going. Let's see what fun I had this month.
Blaster Worm Virus
I am not an expert at security... and I am lax about the security I employ on my home network. I rely pretty well on my Linksys router/hub as a firewall, and I run anti-virus software on my desktop and laptop. I have yet to install anti-virus software on my server, but I think I may do that soon... just in case.
Anyway, the reason I want to rant a bit was because during late August to early September I was getting a lot of e-mails containing viruses. At least half a dozen a day. And, surprisingly, none of them were from anyone I new. All of the e-mails were stripped of the virus before it even reached my inbox, not by my anti-virus software, but but my ISP, Road Runner. I am glad that RR is doing such a good job. They use Symantec's Norton Anti-Virus. I can see that when I read through the stripped messages using Notepad. BTW... always use notepad if you ever have to look into an e-mail you suspect contains a virus. Notepad is actually one of the few things Microsoft has even produced that is complete immune to a virus attach. The easies way to use Notepad for this is to copy the "unread" e-mail message to your desktop then right-click on it and select Open With... and choose Notepad from the dialog box that pops up. For some versions of Windows you need to hold down the shift key while you right-click.
I have my wife well trained to do this with e-mails with file attachments. The first and last time we were infected with a virus was over three years ago. I feel pretty safe.
Back to the massive onslaught of e-mails with stripped viruses. More than half of them (and I am talking at least a half dozen a day over a two to three week period) had subject lines and return addresses that showed them being from ISPs that were bouncing them back to me... as if I sent them first. I blew this off and assumes that someone finally started using a little more intelligence in sending a virus. People may be more apt to open a mail message with a "failure to deliver" subject line even though it had an attachment, because many ISPs attach the original e-mail in their reply. So it should have an attachment.
After a while I started thinking it might actually be me. So I did the only logical thing. I went on the hunt for viruses on my system. I did a complete virus scan. Nothing. I ran Shields UP! to probe all the ports it can probe. Nothing. I downloaded and ran the program to detect whether I had installed the Worm Blaster patch. It showed I had did not have the patch. I downloaded and installed the patch. I ran the detection program again and all was fine. I downloaded Symantec's tool to remove the Worm. Nothing to remove.
Darn, I was almost hoping I was infected. This means I still have to deal with all these Worm related e-mails since I am not the cause.
So it is with life on the Internet. At least I am safe... for a while.
Relaxing with pcAnywhere
I had previously installed pcAnywhere on my server (host) and my desktop (remote). This month I installed the client access on our new laptop. I set it up so I can just double-click an icon and I am taken to the "desktop" of my server. On the server's desktop are a handful of shortcuts to playlists for WinAmp. I also leave WinAmp running continuously.
I have the output of the server's sound card plugged into a stereo, the stereo has its speaker wires run to a volume control in the kitchen, and finally there are standard speaker wires running from the volume control to speakers on the back porch. All this allows me to select "CD" on the the stereo (where I plugged the sound card into) and have the server's sound output feed into the stereo for listening on the back porch... and the pool.
If I dare to risk bringing the laptop out by the pool (when the deck is finished I can keep the laptop far enough away from the water that there will be no risk), I can relax in the back and control the music. If I set the volume level high enough on the stereo and the wall mounted volume control then I can use the sound output level in the computer to adjust the volume. It all works quite well, and is very enjoyable. Life is good!
To initially get pcAnywhere working I had to create a user ID and password on the server. Unfortunately, I forgot the password. That's not like me. I have at least a dozen passwords in my head at any moment, and probably two dozen if I actually counted all the passwords I know. It is not like me to forget one. To solve this problem I had to delete the ID off of the server and recreate it. Hopefully I won't forget the password this time. And no... I don't write down passwords. I am approaching the big 4-0, so maybe my memory is finally weakening.
Now, I am well aware that I will get a lot of flak for these next few paragraphs, but bare with me. When I setup my wireless network initially I tried to turn off SSID broadcasting, and installed a 40-bit WEP key. You can read all about that here. After a power failure I had trouble bringing everything up on my network. To eliminate problems I reset my wireless router/hub to the factory defaults and started over.
I never did put back those security measures. And I may be lax about doing it for some time. A little while ago a friend came to town for a class in Cisco equipment. He came over my house the day I brought home my wife's laptop. While I was trying to set up the laptop he decided to see if he could hack into my wireless network.
I made it easy for him. I told him my SSID, though I don't think he would have needed that. I also told him the IP address of my router/hub. Just for fun I let him hack away. Keep in mind a couple of things 1) My friend is NOT a security expert just a networking expert, but he does know some ways around security. 2) My friend just pulled a laptop out of his bag and he didn't have all his best tools to hack into my network. 3) I know that the level of security I am about to mention is not perfect, but it is good enough for my purposes. Read on.
Within a couple of minutes (maybe less, I was paying more attention to trying to get my wife's laptop up and running) he was on my network and surfing the web. That means he can easily steal my cable modem bandwidth... if he was close enough to my house to be seen (I live on 1.1 acres and can't get a signal at the outer parts of my property... yet).
But even when I told him the names of a couple of my computers, including the name of my server, he couldn't get to anything on my network. I use Windows 2000 Server and the only way I could get it to do what I wanted was to use password authentication. So, all the clients on my network are using IDs and passwords that are on my Win 2K Server. Without that information, and the name of my workgroup, my friend was stuck trying to find anything on any of the computers on my network.
So, am I safe? Not from a pro. But I am safe enough for the time being. I may play around with the broadcasting of the SSID thing again, though that doesn't really provide any real security at all. I may also play around with WEP keys again, this time with 128-bit encryption. And finally, I may setup my router/hub to only allow connections from known MAC addresses. This is probably the best thing I could do. If only my computers... with known MAC addresses (the MAC address is a unique address to every network card) can connect, then it should be impossible for outsiders to intrude. But that is overkill for my current needs. I am considering a booster to give me a better signal on the deck for the laptop. At that point I will rethink security.
My new laptop's specs claimed 802.11a/b built-in wireless. My router/hub is 802.11g which is backward compatible with 802.11b. I know everyone should know this, but I will state it... 802.11b is rated at 11 Mbps, 802.11g is rated at 54 Mbps and each of them are on the 2.4GHz frequency. 802.11a is also rated at 54 Mbps, but runs at 5GHz frequency. So 802.11a is not compatible with the other two, though vendors can make equipment that can do all of them. I won't get into that here. For me, I wanted the faster speed of 802.11g on my laptop.
But a strange thing happened. At some point I noticed that my laptop wireless network status was stating 54 Mbps with the built-in 802.11a/b antenna. How can this be? I set my router/hub to mixed g/b environment, and assumed I was connecting with 802.11b rated at 11Mbps. So how come it was telling me I was connected at 54 Mbps?
Of course, I did a little testing. I tried to copy a large file while moving around the house. Previously I would see the connected speed vary as I did this. This time it was stuck on 54 Mbps, even though it indicated a weak signal. The file copy became painfully slow when I went out to the back porch.
Unfortunately, I don't know how I fixed this problem. I ignored it for a little while.
It took a while to get my wireless G PC Card to work. I would try again and again, but it would not be recognized by the laptop as a valid card. Eventually I downloaded the latest drivers for the card from Linksys's web site. At this point I was able to install the card quickly with minimal pain. I connected at a real 54 Mbps. If I moved around the house I could still see performance degradation, yet the status indicator still read 54 Mbps. Hmmm!
Next I installed my anti-virus software and some part of the Linksys software claimed it was missing files. I had to uninstall the drivers for the PC Card, and reinstall them. All was well, except this time the Linksys driver install created a "bridge" of all my network connections. I assumed it would use which ever one was available. Cool! If I took the PC Card out it should be able to use the built in 802.11b antenna, and if I had an Ethernet cable plugged in it could use that.
No such luck. I unplugged the PC Card and reboot the laptop. It would connect to the Internet, but it would not connect to the shared drives I had mapped from my server. I plugged the PC Card in and reboot. Same thing, it would see the Internet but not my Server.
I had to remove the network bridge and disable the internal wireless connection to get the PC Card to connect fully to my network.
And now all it good and fast in wireless land. I do get great speed most of the time. My speed out on the deck by the pool was so bad that I could not connect to my network. I had to move up to the back porch. But I noticed that the speed indicator actually showed the correct speed. I was able to get 18 Mbps on the back porch... which is where I did my install of pcAnywhere. Back on the deck it indicated a speed of 1.0 Mbps, but alas it must have been slower than that. I could not even get on the Internet.
So, all of a sudden the speed indicator started working correctly. But what did it? I will never know. I did so many things to the laptop during those couple of days, I can't possibly know if any one item fixed it.
I am glad it is fixed. Now I know I will need a booster for my Linksys router/hub to extend the range a few more feet off the back of my house. My deck is still not finished. I know, I have been saying I would finish it for a couple of months now. I have been too busy, and since the deck is plenty usable as it is, I have not had the incentive to put in the labor. But when I get it done, and we put a proper table with a big umbrella out there... Oh how sweet it will be to be computing on the deck. Once again... life is good!
I must apologize. I wanted to burn a DVD-R disc, but did not have time to do it. Maybe next month.
Until next time...