Technical PC information on hardware and software issues and problems

CONTENTS

Click on the heading to view that article

The personal experiences of rip-off victims

How to create a bootable startup floppy disk/CD for Windows 95/98/Me/2000/XP

A utility that can tweak many hidden BIOS settings

Kernel32.dll error messages

PCI IRQ issues - IRQ Steering

Dial-Up Networking issues - the TCP/IP protocol

An in-depth look at IDE hard-disk-drive technology

How to use FDISK to set up dual-boot Windows 98/NT4 system

A gaming PC subject to periodic system freezes

Discovering a modem's manufacturer

How to create a Hosts file to speed up Internet access

An encounter with a Trojan virus (plus other virus information)

Ways of improving your PC's

HOW TO CREATE A BOOTABLE STARTUP FLOPPY DISK/CD FOR WINDOWS 95/98/Me/2000/XP

If you create a bootable startup disk in Windows 98 by opening Add/Remove Programs and clicking the Startup Disk tab, the startup disk it creates contains all of the files that allow access to the CD/DVD drive from the floppy disk drive from which the Window's setup program can be run to reinstall the operating system in the event of irrecoverable corruption.

However, this is not the case for all of the versions of Windows 95. The startup floppy disk you can create using the Start-up Disk facility in the Add/Remove Programs utility found in the Control Panel, does not copy the software drivers or the commands that make the CD-ROM drive accessible from the A: drive. Unfortunately, this has to be done manually, and autoexec.bat and config.sys files have to be created on the startup disk to load the required drivers.

Here are the steps to create a startup disk that will give access to a CD-ROM drive -

MSCDEX.EXE /D:CD-ROM

Now use the menu option File/Save as to name the file as autoexec.bat, and save it to (the startup disk in) the floppy disk drive.

You will only be able to use a mouse in MSDOS mode if you have a real mode mouse driver loaded, otherwise you will have to use the Alt Gr and Enter keys to navigate the menus.

To create the config.sys file, exit, restart, and enter the following two lines consecutively and flush with the margin in the MS Editor's window:

DEVICE=HIMEM.SYS

DEVICE=MYDRIVER.SYS /D:CD-ROM

You now have a bootable startup disk that will give you access to the CD-ROM drive. To test it, restart your computer with the startup disk in the floppy drive. When the A:/> prompt comes up, enter D: if that is its drive letter, and the D:\> prompt should replace the A:\> prompt. Windows 95 can now be reinstalled by entering setup with the Windows 95 CD in the drive. Note: if you are not interested in making your own startup disk for Windows, you can download them ready made from: http://www.bootdisk.com. If you choose to download one, try booting with it and see what happens. It might not come with autoexec.bat and config.sys files, or might not work for some other reason.

That said, Windows 95 comes with two Registry backup utilities that will allow you to restore your system in the event of the corruption of one of the several configuration files.

The path to the Configuration Backup tool on the Windows CD is: D:\Other\\Misc\Cfgback, where D: is your CD-ROM drive, and the Emergency Recovery Utility is at: D:\Other\Misc\Eru.

Create folders for each of them on your hard disk drive, making the name for the latter something like ERU so that the long-file-name issue does not have to be taken into account (DOS cannot handle long file names unless the path to them is enclosed within double inverted commas). The backup files that the ERU (eru.exe) creates can be copied to a Startup Disk (created in the Add/Remove Programs under the Start-up Disk tab), or to a folder on the hard disk drive (that it creates itself and calls ERD) at C:\ERD. The recovery utility itself is the erd.exe file, and it can only be run from the DOS command prompt outside Windows (not from a DOS window within Windows), but using the floppy disk alternative makes the ERU copy the file to the Start-up Disk, so that the utility runs automatically when the disk is used to boot the system. But don't try running the Configuration Backup tool from DOS, because it can only be run from within Windows, making it useless if Windows itself will not boot for some reason or another. Running the cfgback.exe file places a Registry backup file the first of which is called Regback1.rbk, and which is stored in the C:\Windows folder. Up to nine backups can be made, making it possible to backtrack restorations until a particular problem has been eliminated. You should make a new backup every time you add or remove a program or piece of hardware, because any change alters the Registry, and if an addition or removal makes Windows fail, you will have to revert to a former version of the Registry.

How to make a boot disk for Windows Me

Windows Me no longer reads the MSDOS.SYS file on a floppy disk. So, you don't need to copy that file. Here are the directions for making a simple Windows Me (DOS) system disk:

Use Windows Me to format a floppy disk. Then copy the IO.SYS and COMMAND.COM files from C:\Windows\Command\EBD to the floppy drive.

How to make a boot disk for Windows 2000

1. Format a floppy disk under Windows 2000 with FORMAT A:

Note that the formatting has to be done from Windows 2000. The disk will not boot if the formatting is done using DOS, Windows 95, or Windows 98.

2. Copy the following files to the floppy disk:

NTDETECT.COM

BOOT.INI

BOOTSECT.DOS

NTLDR

NTBOOTDD.SYS (if it exists on your system)

The system should boot with such a floppy disk.

Note: the Registry is not copied to the disk because it is far too large. You should make backup copies of the Registry (see under Help for the necessary information).

How to create a boot (startup) CD for Windows XP

BartPE - an essential recovery and repair utility

BartPE (Bart's Preinstalled Environment) is a free utility that loads its essential files into RAM memory and allows you to create a bootable Windows XP startup CD that operates from the CD completely independently of an installed version of Windows, allowing you to troubleshoot and repair an ailing installation of Windows.

BartPE is a wizard-style utility that runs on Windows 2000/XP/Server 2003. It automates most of the creation of a bootable copy of Windows on a recordable CD or DVD. The utility assembles the correct files and settings. You must provide a Windows XP (SP1 or later) installation/setup CD, because the files are copied from it. The utility's creator, Bart Lagerweij, says that it is possible to use a preinstalled version of Windows XP (without a CD) as a source for building a copy of BartPE. Bart says, it's "...a complete Win32 environment with network support, a graphical user interface (800x600) and FAT/NTFS/CDFS file system support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on. This will replace any DOS bootdisk in no time!"

Instruction 2. on the page provided below reads as follows: "Start PE Builder (pebuilder.exe). At the main PE Builder dialog, enter the source path to your original Windows XP/2003 Installation/Setup CD. You can use the "..." button to navigate. If your Windows XP is not integrated with service pack 1 or 2, you must slipstream your files first. Please read Slipstreaming files from the help files to do this."

Clicking that last link leads to some confusing information. Click here! to go to information on this site on how to slipsteam Windows XP. For more information on the utility and how to use it to create the bootable CD visit Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD. - http://www.nu2.nu/pebuilder/

When I followed the instructions, the utility created an ISO file called pebuilder.iso in the folder it created for itself during its installation. But after the ISO file was created, the CD writer's drawer opened and then closed before I could take the Windows CD out and replace it with a CD-R disc. The utility tried to burn the ISO file to the Windows CD, but couldn't because it is a CD-ROM disc. The utility left a message saying that the burning had failed. At the bottom of the list of what it had done there was another message saying that there was one error, press the << and >> to go to it. The message warned that the file name for an ISO file should not exceed 31 characters or a buffer overrun could result. There was no option to enter a file name, it used its own name for the ISO file, so it made no sense to me. To burn the ISO file to a CD-R disc, I opened Nero Express, chose the option to burn a Disk Image, chose the file type that had iso in it, and the ISO burned to the CD-R disk, which could be run from within Windows, or be used as a boot CD if the CD-ROM drive was set as the first boot device in the BIOS. If you boot the system with the BartPE CD, you can run the programs installed on the hard drive, but you have to enter the registration details for those programs that require them, because the boot CD hasn't loaded Windows, just its own files and its collection of Windows files into RAM memory, not on to the hard drive. Therefore, the programs behave as if they haven't been registered. By loading its files into RAM, the boot CD allows you to test the hard drive. You'll also know soon enough if the RAM is at fault if the BIOS can be accessed, but the boot process fails.

[Using the "Bart PE Builder"] - Windows In Your Pocket -

"All it takes is a minor error in the Windows Registry or a virus infection, and your operating system can become unbootable. But with a properly configured USB flash drive on hand, you'll always have a compatible replacement no further away than your pocket or keychain. In addition, the flash drive can also provide a secure browser and virus scanner, and lets you take your favorite DVD burning and Office software with you wherever you may go. All that's needed is a bootable USB Flash drive with at least 256 MB of storage capacity and a Windows Setup CD. Using the program Bart PE Builder (Freeware), you can install Windows XP on the flash drive, along with other software as needed (and as available space permits)." -

http://www.tomshardware.co.uk/windows-in-your-pocket,review-1427.html

Here are some alternative methods of recovering Windows XP:

Windows XP a Goner? First Aid for your Windows PC -

Deals with the Windows XP Recovery Console and using a bootable Knoppix Linux CD to recover Windows XP.

http://www.tomshardware.co.uk/windows-xp-a-goner,review-1174.html

[Windows] XP On Your Thumb Drive - http://www.informationweek.com/showArticle.jhtml?articleID=177102101

Visit Recovering Windows XP on this site for information on all of the main methods of recovering Windows XP.

A UTILITY THAT CAN TWEAK MANY HIDDEN BIOS SETTINGS

Many settings in the BIOS setup program are hidden from the user, even when the BIOS is supposed to offer the user as much access to the settings as possible.

Below is a screenshot of the tweakable settings of the IDE Controller, saved to file from the named utility. The registered version costs $20, and both versions are available from:

http://www.miro.pair.com/tweakbios/index.html

TweakBIOS Freeware Version 1.53

/==============================================================================\

| | Vendor : VIA |

| Bus Mastering * Enabled | Device : C586 |

| Latency Timer * 64 | Type : IDE Controller |

| | |

| Primary IDE Channel-------------* Enabled

| Secondary IDE Channel-----------* Enabled | Revision : 6 |

| Primary IDE Prefetch Buffer...............* Disabled

| Primary IDE Post Write Buffer---* Disabled | Using IRQ : None |

| Secondary IDE Prefetch Buffer---* Disabled | 66MHz Capable : No |

| Secondary IDE Post Write Buffer-* Disabled | Bus Master : Yes |

| Primary/Secondary FIFO Config---* 8/8

| FIFO Threshold for Primary------* 1/2

| FIFO Threshold for Secondary----* 1/2-------------[HELP INFORMATION FOR

-----------------------------------------------------SELECTED ITEM]

| Master Read Cycle WS------------* 1 WS-------------|Enabled is faster.|

| Master Write Cycle WS-----------* 1 WS

| FIFO Output Data Advance--------* Disabled

| Status Register Read Retry------* Enabled

| Primary Read DMA FIFO Flush-----* Enabled

| Secondary Read DMA FIFO Flush---* Enabled

| P End-of-Sector FIFO Flush------* Disabled

| S End-of-Sector FIFO Flush------* Disabled

| Max DRDY# Pulse Width-----------* No Limit

| PM Active Pulse Width-----------* 4

| PM Recovery Time----------------* 2

| PM Address Setup Time-----------* 1T

| PM UDMA-33 Cycle Time-----------* 2T

| PS Active Pulse Width-----------* 11

| PS Recovery Time----------------* 9

| PS Address Setup Time-----------* 1T

| PS UDMA-33 Cycle Time-----------* 2T

| SM Active Pulse Width-----------* 4

| SM Recovery Time----------------* 2

| SM Address Setup Time-----------* 1T

| SM UDMA-33 Cycle Time-----------* 2T

| | F1: Help __: Select Item |

| SS Active Pulse Width-----------* 11 | F2: Save Home/End: Top/Bottom |

| SS Recovery Time----------------* 9 | F3: Load PU/PD: Modify |

| SS Address Setup Time-----------* 1T | F5: Reset/Orig ESC: Exit |

| SS UDMA-33 Cycle Time-----------* 2T | F6: Reset/HW |

| |F10: Apply F4: Screenshot |

\========================================================================

Most of the above settings are not shown in an ordinary BIOS Setup program, probably because the motherboard manufacturer wants to leave as little room for experimentation as possible in order to avoid support costs when things go wrong. The BIOS settings that you are presented with when you enter your BIOS Setup are probably the essential ones. However, as you can see from the screenshot above, there are many more that once enabled can enhance system performance.

Each setting is highlighted as you press the up and down arrow keys and a help item appears giving advice on what the setting does and/or if performance is improved if it is enabled. When I took the screenshot, the Primary IDE Prefetch Buffer * Disabled was highlighted and the help item associated with it was Enabled is faster.

The utility has tweakable settings for the IDE Controller, and for the motherboard's chipset, video card, and CPU, if they are supported. The website advises to check future versions if any of your hardware is not supported in the commercial version.

This program can tune probably all computers (running DOS or Windows 95) with one of the following chipsets, CPUs or video cards, regardless of your BIOS:

Intel chipsets: Triton 1, 2 & 3 (FX, HX, VX), 430TX, 440LX, 440BX, 440EX, 440FX (Natoma), 450KX/GX, 430MX, 430LX/NX, 420ZX, 440GX, 440ZX, 450NX, i810, i820, i840

VIA Chipsets: VP-1, VP-2, VP-3, MVP-3 and Apollo Pro

AMD Chipsets: AMD-640 and AMD-750

SiS Chipsets: 5511/12/13, 5571, 5581/2, 5591/2, 5595, 5596, 5597/8, 85C501/2/3, SiS 496, 530, 540, 5600, 600, 620

OPTi Viper & Vendetta

ALi Aladdin II, III, IV and V UMC 881 ITE 8330G

Cyrix CPUs: 5x86, 6x86, 6x86MX

Tseng Labs ET6000 based graphics cards

Matrox Mystique graphics cards

Intel i740 based graphics card.

The first screen the utility brings up is a menu of the hardware it supports and does not support. Clicking on the supported items brings up the setup screens for each. Unfortunately, you have to purchase the commercial product if you want to save the settings and have them automatically loaded at system startup. This means that if you want to use the freeware version you have to enter the settings manually for every session. However, it is worthwhile downloading the freeware version for the information it can provide, even if you do not want to tweak your BIOS settings.

KERNEL32.DLL ERROR MESSAGES

There are many free sites that provide information on Windows error messages, such as BootDisk.com and Bud's Troubleshooter, to name just two.

Click here! to visit Troubleshooting KERNEL32.DLL Errors. There are many links to other sites that provide additional information about these error messages.

To find others enter a search phrase such as "Windows XP " + "error messages" in the Google search box at the top of this page (enable the Web Search option on the first search page). Adapt it to reflect your version of Windows.

An excellent way to locate information about a particular error message is to search Google Groups, which is an archive of the postings to the ALT Newsgroups, by using the error message as the search phrase. You have to enter the name of a Windows newsgroup,some of which are provided on the Newsgroups page of this site.

For example, a common error message displayed by Windows 98 is:

EXPLORER caused an invalid page fault in the module KERNEL32.DLL at 0177:bff711be

This is accompanied by an incomprehensible stream of letters and numbers.

Explorer in this case is Windows Explorer, NOT Internet Explorer, and this kind of error message can be caused or be brought to light by any application program, including one within Windows itself, such as the Control Panel.

These errors are usually caused by some kind of file corruption that has occurred at a low level within Windows. An expert can identify the file that is most likely to have caused the fault from the information contained in the error message. For example, the above error message - at 0177:bff711be - indicates the probable corruption of the Applog folder.

This folder keeps track of the number of times each application is used so that the Windows 98 defragmentation utility can optimise the hard disk drive in order to be able to load the most used programs as quickly as possible. Since this is a log file, it merely has to be deleted and Windows 98 will start generating a new one. Since the Applog folder is usually hidden to Windows Explorer, you have to set Windows to Show all files (Start => Settings => Folder Options => View) and then use Find => Files and Folders to locate it for deletion.

Ken Colburn of Data Doctors answers Lynn, who wonders:

Q: I get a "has caused an error in Kernel32.dll" message a lot. I get it when using the Window Cleanser on my temporary internet file folder. What's up with this kernel thing?

A: The KerneYou referred to a third-party "Cleanser" that I suspect is the cause, because most of these types of programs try to force Windows into making system changes that it wouldn't normally make. l32.dll is a 32-bit "dynamic link library" (dll) file that is found in Windows 95, Windows 98, or Windows Me. Dynamic link library files, in general, are called upon by your programs to address specific components. There are literally hundreds of these files on your system that can be called upon at any time instead of having to be pre-loaded in the system memory.

The Kernel32.dll file handles memory management, input/output operations and interrupts, which are used to address hardware components.

It's an essential core component of Windows that acts as a traffic cop for controlling your primary hardware interface.

Unlike most DLL files, Kernel32.dll is loaded into a "protected memory space" when Windows is started up, because it is called upon constantly and so it can not be disturbed by other programs.

When you get a message that an error has occurred in Kernel32.dll, something has attempted to use the protected memory space it occupies. The portion of the error that comes before the "has caused an error" will point to the offending program.

There is a long list of potential causes of this error that include: viruses, low disk space, third-party software that is damaged or incorrectly installed, registry damage, bad memory (RAM), overheating CPU, bad power supply, bad hard disk controller, failing hard disk, damaged swap files, damage to the file allocation table, improper BIOS settings, incorrect hardware drivers, or a whole host of file corruption issues.

As you can start to see, the task of tracking down the exact cause can be daunting. The two most helpful bits of information for beginning your trek are the program name in the error message that caused the error and if you can recall when the problem began.

I am not a big fan of third-party utilities that claim to 'make Windows run better' because they seem to cause more problems than they solve. We constantly see customers bringing systems in that "worked just fine until I installed XXX" and often require quite a bit of work to repair the damage created by these programs.

Windows has plenty of utilities that are built-in that do a fine job of maintaining the system, so I would recommend learning what is already there.

Try uninstalling the "Cleanser" program to see if the errors go away. If you recently added memory (RAM), you may want to temporarily remove it to see if that has any effect. If you recently added a new printer and installed the software that came with it, try uninstalling it or anything that you can recall that was added since the error began.

Kernel32.dll errors generally mean that you have a serious stability problem because something is attacking the core of the Windows operating system, so addressing the problem is important.

THE PERSONAL EXPERIENCES OF RIP-OFF VICTIMS

"One Size Doesn't Fit All (Rant)" - from the Lockergnome Windows Daily newsletter - http://www.lockergnome.com/. [Note that the Lockergnome newsletters have been revamped and some of them have new names now (November 2003]

Scribbled by John Belanger

I steer people away - far away - from the mass-marketed, 'one size fits all' computers in the stores today. Everything is proprietary. Hardware; the graphics adapter is a cheap chipset built onto the proprietary motherboard, as is a sound chipset and a $3 modem. It's all hardwired, and it's hard to upgrade. Operating System; with most (if not all) of these systems, you get a "Recovery Disk" or a "Restore Disk" that puts your computer back to its "out of the box" configuration. You get the computer manufacturer's version of the OS as they think it should be. In many cases, Microsoft doesn't even acknowledge it. In fact, when you call Microsoft for support (if you have an "OEM" product ID), you get sent right back to the original manufacturer. So, what you really have is Company X's Windows, NOT Microsoft's.

Configuration; oh, this is another joy. I recently set up a BIG BRAND NAME computer for a friend - who spent almost $3000 on a complete system from one of the BIG CHAIN STORES. Tower, monitor, mouse, keyboard, scanner, CD burner, printer (all made by the same company). All of the software was preloaded and pre-configured - ready to go (as they say). NOT! As soon as I ran the Internet Connection Wizard and opened Internet Explorer, I got a Blue Screen Of Death. WOW! Right out of the box, too. I checked the Task Manager. Jeez! The list [of open programs] went on for days. Free Resources? 43% free on a machine with 128 Megs of RAM.

Go to the "corner" computer store, develop a relationship with them, and then have them build you a computer from scratch. Some stores even have classes that will teach you how to build your own computer using parts you buy from them. They don't always have the greatest selection, nor do they always have the cheapest prices, but I guarantee this: you will be further ahead than the 'one size fits all' victims. PC Club has stores all over the country. When I'm on vacation, they will ship stuff to me at my vacation location without a lot of hemming and hawing. Beats the hell out of a chain store where most customers know infinitely more than the hungry (oft commissioned) salesperson.

I find it sad; Packard Bell (the all-time junky machine leader) was finally done in by its mediocrity. It went away, only to be replaced by companies who've built their name on high-end business machines. Consumers assume they are getting the quality these big names are noted for.

CASE 1

Hewlett-Packard and its ilk - the tricks of the trade

I spoke to H-P's technical support about the possibility of upgrading my Hewlett-Packard Pavillion 4420 from a 366MHz Intel Celeron to a 500MHz Celeron. I was told that the MEB-VM motherboard in this PC is made by Asus and only supports Celeron CPUs up to 400MHz. Being in an H-P machine means that the motherboard is categorised as OEM, which means that Asus do not give it any direct support; this is H-P's responsibility while the PC is under guarantee or warranty. But this fact does not prevent me from using the Asus website. I downloaded the user manual for the board and then examined mine to find out how the jumpers were configured to run my 366MHz Celeron. Guess what I found? - ALL OF THE JUMPERS THAT CONFIGURE THE CLOCK MULTIPLIER AND BUS FREQUENCY SETTINGS WERE MISSING! In fact there is no way for me to fit jumpers to the board other than soldering some links across the pins. So it looks as if the only way I will be able to run a 500MHz CPU is by buying a new motherboard, and perhaps a new case, if the H-P colour-coordinated case does not accept a standard motherboard. Do you know anything about this PC, and, if so, could you advise me on what I should do?

Answer

Unfortunately, it is not unusual for some of the major PC manufacturers to build machines for the consumer market that have severely reduced or non-existent expansion possibilities. OEM motherboards, for instance, often differ markedly from the retail version that come with the board's manufacturer's technical support. In this case, H-P have removed the jumpers and have hard-wired the settings, most probably to prevent inexperienced users from experimenting and creating support problems. In any case, note that Celerons of 366MHz and above have the clock-multiplier setting set internally within the CPU itself; any motherboard settings are ignored, so it would be possible just to install a 500MHZ Celeron into your board.

While Pentium II CPUs use a 100MHz bus frequency for 350MHz and faster processors, the Celerons were marketed for some time as using a 66MHz bus frequency, with a maximum clock-multiplier setting of 6x66, or 400MHz. But, as any overclocking newsgroup or website will tell you, Celerons can be overclocked to run much faster than their default speed. However, since the clock-multiplier has been hard set inside the CPU itself, the only way to overclock a Celeron is by increasing the setting of the front-sided bus (FSB). Something that is inadvisable, since the components on the motherboard, such as the voltage regulator, may only be able to run Celerons with stability at the settings set by Intel. Anyhow, this is not something that can be attempted in this case, because the front-side bus setting has been hardwired at 66MHz on the motherboard. This also means that you would not be able to run the PC100 SDRAM at the 100MHz bus frequency required to run a 500MHz Celeron. You would probably also have to update the BIOS so that the PC can run and report the correct CPU at startup, and such a BIOS would have to be specifically tailored by H-P for that motherboard. Clearly something that it will not have attempted, since the company did not intend the motherboard to be upgraded in the first place.

Unfortunately, apart from the fact that you could not have purchased a PC with a motherboard capable of running a CPU at 800MHz when you bought yours, this is the only good news. - The Asus MEB-VM is a standard micro-ATX form factor motherboard, which uses the PC98 specification for the port colours and port positioning, so it would be easy to obtain a replacement that fits your ATX case. All the same, the upgrade that you have in mind is still not recommended, because an increase from 366MHz to 500MHz , even if you could increase the bus frequency to 100MHz, would scarcely be noticeable. To be of any noticeable significance, you would, at the very least, need to double the processor's speed. So, if I were you, I would make do with your current machine until 800Mhz AMD Athlon CPUs become available at reasonable or bargain prices. Then you can purchase a micro-ATX Athlon motherboard, the Athlon CPU itself, and the optimal amount of RAM (probably 128Mb by then), which will almost certainly be much cheaper than it is at present.

CASE 2

My PC (a 3 1/2 year old Packard Bell purchased in January 1996) seems to match many of the bad points. The motherboard (manufactured by Packard Bell and described as being a 'Hillary' motherboard) used a Socket 5 architecture at a time when Socket 7 was the new technology. As a P100 is the fastest available Socket 5 processor, when it came to replacing this it required a special upgrade processor from Evergreen. When fitting it, the instructions stated that the CPU multiplier should be set to '3x or the highest available'. Hence, it had to be set to 2x. The BIOS recognises it as a P120, even though it runs (in theory) at 240 MHz. It doesn't use a SiS chipset(have you ever heard of a Triton chipset? A riser card was used in the motherboard (with one PCI slot, two ISA slots and one PCI/ISA slot - of these, ISA cards had been placed in one ISA slot and the PCI/ISA slot).

My video was integrated onto the motherboard (although it does use
its own memory, not the system memory). However, finding the memory upgrade chips for it is nigh on impossible (despite Packard Bell describing them as 'cost effective and widely available'). The Packard Bell documentation (supplied in book form to US purchasers) comes in PDF format on CD. While this is all very well, they neglect to tell you which file relates to your computer. The different files relate to the 450, 520, 550, 570, Spectria and MiniTower models. Too bad that they don't tell you that the 'Legend' is a hybrid of the 550 and 570. It also means that all instructions for fitting new hardware (e.g. jumper settings) have to be printed out before you start. The PC came with a one-year on-site warranty. After six months or so, the modem/soundcard (they are on the same expansion card) ceased to function. Packard Bell's initial response was that there must be a problem with the software set up. "Use the European Master CD," they said. "What European Master CD?" "The one that came with your computer." There wasn't one, but Packard Bell insisted that we must have lost it, and charged £30 for a replacement. This came without the crucial floppy disk, which we had to borrow from the retailer from whom we bought the PC. Of course, this didn't fix the problem. "You must have a faulty European Master CD," said Packard Bell. "That will be another £30 please." So, another European Master CD came, this time complete with floppy disk. No, it didn't work. At this point the retailer was getting very annoyed with Packard Bell, and phoned them up to complain. Packard Bell were very apologetic and said, "Phone us back on the freephone number for retailers tonight and we will be happy to sort your problem out." The response received was "Who told you to phone this number?" They wouldn't believe that they had, sand so we phoned them back on their usual national rate number. After a combined total of five or six hours on the phone, Packard Bell eventually agreed to send out an engineer to replace the part. It took two weeks and several more phone calls to obtain an engineer. Instead of being employed by Packard Bell, he was subcontracted by them. Upon arrival, he took one look at the computer and said, "This is going to be a new experience for me. I've never done a desktop PC before." Further questioning revealed that he usually worked with UNIX servers. Still, he fitted the replacement part and it is still working to this day. Anyway, to make matters worse, Packard Bell have now changed their technical support number. The old 0990 number (national rate) which must have helped them to make a fortune is now only available for users whose PCs are less than twelve months old. Telephoning this will result in being told in no uncertain terms to get off the line. The new number for PCs older than one year is an 0906 number, and is charged at 75 pence per minute, with an average hold time of five minutes and staff that treat you as if you have an IQ of -20. Mistakes tend to result from bad line (imagine talking to someone six feet away while standing next to an aeroplane taking off and you'll get some idea of what it's like to speak to a Packard Bell technician over the phone. They also insist on doing everything again that you would think is obvious.

Typical call:

You - My computer won't boot.
Technician - Is it turned on?
You - Yes.
Technician - OK then, can you go into Control Panel and double-click the
little icon labelled System.
You - But it won't boot. It doesn't get as far as Windows.

I'll leave the rest to your imagination.

Thankfully I rarely need the helpline now, as I am now experienced enough to fix most problems. However, please understand that this was a first PC, and so at the time when most of these problems occurred (with the exception of the CD Writer, but don't get me started on that) I had no idea how to fix them. But I still think that after spending over £1,800 on a PC I have received poor customer service. The CD Writer had me trying for months to get it running. Guess what - Adaptec had sold many SCSI cards with faulty BIOS chips. Their eventual conclusion was that the best thing to do was remove the chip from the card. That's it. No replacement chip, just remove it. It works, but I still think that this is poor customer service for a £150 SCSI card. I will stop complaining now, and apologise for such a long reply (PC customer support is rather a sore point in my mind, and will remain so until Packard Bell prove that they can provide proper service to customers). I would like to thank you for sending me the address to that page. I did visit it, and will use it in future if I buy another PC. My sympathy goes out to those who have recently bought and are still buying Packard Bell PCs. Little do they know what they're in for. I am sure, however, that they are not the only people treating their customers so badly. Your web site mentions Time Computers [went out of business in July 2005]. I wasn't planning to buy a Time PC, but now I know not to in the future.

CASE 3

I used to build and sell PCs back when the 386 was a hot processor, but I got out of it for a while and used name-brand pre-built systems. The last pre-built system I bought that I was happy with was a Micron P-150 that is still in service, albeit running the Linux operating system.

I have a Compaq right now, which I absolutely hate. It was preloaded with tons of garbage that I couldn't care less about, and the Recovery CD makes it impossible to revert to a clean, bare-bones Windows 98 configuration. The case (a mini-tower) is a piece of junk; has almost no room for expansion, and is a royal PITA to work in. This machine is about to be demoted to a gaming machine for the kids.

Now I'm back into home-building. In progress now is an Intel P3-600 with a midi-tower case that will become my primary work machine. (I'm a software consultant and depend upon my machines for my livelihood). Building it myself has allowed me to get exactly what I want, and ONLY what I want. - PC Power & Cooling case & turbocool, 300 watt Power Supply, Asus P3B-F motherboard, 128Mb RAM, Quantum 13Gb DM+ 7200 rpm, UDMA/66 hard disk drive, Acer 50X CD-ROM drive, etc). For example, I don't need a keyboard, mouse, and monitor because I run multiple machines off a KVM switch. I don't need fancy sound or 3D graphics because this isn't a game machine. Speed, reliability, and disk performance are my main requirements.

I did shop around for a name brand model before deciding to build this machine, but found nothing that fitted the bill. On a high-end system like this, I am saving several hundred dollars over a name-brand model with equivalent components, but that wasn't my main reason for building it myself.

CASE 4

Because of rumours about Packard Bell going out of business and the lousy after-sales service, I just bought a new Gateway 500MHz computer. It has ALL the programs on CD's, instead of on one of Packard Bell's infamous Master CDs. Video and sound plug directly into the motherboard, and tech support lasts for as long as I own the machine. I recently call tech support to reformat the hard disk drive, and although it was reformatted by them, I had to pay to get an installation disk made. Anyway, I will be leaving the Packard Bell family and moving on. By the way, anyone interested in a used Packard Bell? All I can say about it is it will be an experience you will NEVER forget. Heck, I'll pay someone to take it. Any takers? Huh? - Former Packard Bell Owner

Reply

I hope your experience with your new Gateway computer is as exciting as one of my co-worker's son's was. He has had it for one week, and has the tech support number memorised already. Modem, sound card, memory, modem sound card, hard drive. You name it, they've been replaced. Some several times. I laughed. Said hell, at that rate, he'll always have a new machine. Piece by piece, bit by bit, every week. I hope your experience with your new Gateway is as heart warming as his has been. Umm, just accompany the check along with the computer. I'll be more than happy to take it off your hands! :)

Response

Well, I don't know about that, but I do know that Id rather have a machine that fails and get tech support than have a machine that fails and no support. But, so far, so good. At least this time I got a Windows 98 system disk. It's mine forever. No more Master Disk bullshit! As far as I'm concerned, Packard Bell owes me $1600.00.

CASE 5

First of all, the system I'm working on is a Compaq Presario, with 128Mb RAM, an 8Gb HDD, and an AMD K6-2. I have a Compaq Restore Disk, (Yes I know this sucks), running Windows 98. But, obviously, since I have a Restore Disk I do not have a Windows 98 CD. Now as to what is happening:
1) At start up I get the normal red COMPAQ screen, and then the Windows 98 screen.

2) Then comes the infamous BLUE screen that reads as follows:
"Microsoft Registry Checker backing up system files. Restoring system files. You have restored a good registry. Windows found an error in your system files and restored a recent backup of the files to fix the problem."

3) At this point, I am prompted to hit enter and restart the computer, at which point it starts all over and continues this vicious cycle, never going any further than this.

4) When Scandisk is run I find 708,000 bytes lost .

5) This has happened four times in two weeks, and after I have performed a complete restore, everything works fine for a day or so, and then - well you get the idea.

6) I have also removed, or should I say, failed to reinstall any software previously added in the hope of finding a corrupt file in one of them, but to no avail.....still crashing. PLEASE HELP......if you can.

Answer

I suggest you call Compuke and ask them. The newer machines have a "soft BIOS" - and you CAN'T install or upgrade to another operating system only what is on the restore disk THAT CAME WITH THAT MACHINE. Also you CAN'T leave out certain programs. If you do, you start having problems. Sorry. I went through the same damned thing with a client, and I ended up sending machine back to the factory for a NEW MOTHERBOARD and PROCESSOR. You will also have problems with these machines if you try to install a larger HDD. Nice folks, huh?

CASE 6

What make of CD-RW drive should I get?

QUESTION

I am in the market for a CD-RW drive, and I am wondering what kind to get. I have heard a lot of stuff about compatibility issues with various brand names and software programs, but haven't come to a conclusion yet. I would need an IDE drive, and don't know what kind to get.

FIRST ANSWER

I can only tell you my first experience. I bought the Hewlett Packard 8200I CD-RW and had nothing but problems with it. After four days I called HP Tech support (not toll-free so get ready to pay long distance charges), and after an hour they gave up and said that the laser must have been damaged in shipping. I really doubt it, because it played audio and read files just fine. Before calling HP Tech support, I posted a message here (alt.comp.periphs.cdr), stating my problems, and my e-mail was deluged with HP users telling of their terrible problems, and some even told of how their HP CD-RWs died after one to two years of use. So back it went and I ordered a Plextor instead, a little higher priced, but for a extra $50 I'm getting a 8x/4x/32x with 4mb buffer, compared to the HP8200i's 4x/4x/24x with 2mb buffer, and Plextor's reputation is great, providing free Tech support for as long as I own it - TOLL FREE!!!

SECOND ANSWER

I have an HP 8110 (4x/2x/24x) and it has performed flawlessly for over a year or so. I use CD Creator 3.5 and have had great results with data or music. I haven't had to use HP support at all.

CASE 7

Packard Bell PC comes with Cyber Patrol software integrated into Windows so that it cannot be removed or accessed without a password that cannot be obtained from Packard Bell.

My friend recently purchased a Packard Bell machine in the UK from PC World and it comes with Cyber Patrol pre-installed. It doesn't seem possible to find a password [from PB] for the software and so the user cannot set any custom settings or uninstall it. Doe anyone know how to completely remove Cyber Patrol from the system? Can it be removed manually or would it be better to use a third party utility like Cleansweep? [Cyber Patrol restricts Internet access. In this case, it is preventing the user from accessing certain sites.

Reply

You should contact Cyber Patrol if you remove it the wrong way your Internet
won't work.

Response

I wrote to "Cyber Patrol" and got no response.

Reply

What about restarting the computer in DOS mode then use the DELTREE command on the folder Cyber Patrol is in, then run regedit and delete anything that says Cyber Patrol?

Reply from another poster

Their software [Packard Bell's] is fully integrated into the Windows' system. Simply removing any visible entries won't work. It's like an application and a browser/operating system plug-in in one program.

The problem is that Packard Bell build crappy computers. They are never standard architecture machines. Therefore, installing the Windows from scratch can be difficult, as certain 'built in' components don't have publicly available/installable drivers. - In other words, PB PCs suck!

PCI IRQ ISSUES - IRQ STEERING

[For additional (or back-up information) see what is written about this subject at Bud's Troubleshooter site: http://www.geocities.com/budallen98_98/]

This is one of those technical matters on which a great deal of misleading and even downright false information has been propagated.

The PC has a limited number of Interrupt Request (IRQ) lines. Sixteen to be precise, numbered from 0 to 15.

[See the BIOS page on this site for a BIOS option called APIC mode that allows a Windows XP system to use 23 IRQs.]

Five of these are reserved for the use of the motherboard, others are used for the floppy and hard disk drive controller chips, and the keyboard, leaving only eight (3,4,5,7,9,10,11,12) for the serial ports, LPT printer ports, mouse port, USB (Universal Serial Bus) ports, sound, video, and network cards, etc.

The PCI (Peripheral Component Interconnect) bus was designed to solve the problem of limited IRQs by allowing different devices fitted to it to share the same IRQ. A software process called IRQ Steering was developed to enable the various PCI devices to share an IRQ.

Prior to the advent of the PCI standard, version 2.1 in 1995 there was no agreed way for software to be made aware of the source of a shared IRQ, and no way in which an operating system could manage IRQ assignments in a proper manner. Chipset manufacturers and BIOS writers were left to do as they saw fit to program the situation. As a result, many drivers, chipsets, BIOS versions, and PCI cards made before and even some after this date had severe bugs in the way in which they managed IRQ assignments, the symptoms of which were seemingly incurable resource conflicts, or system freezes, and lock-ups.

Each PCI slot has four interrupt lines, often labelled as PIRQs #A, #B, #C, and #D. Each slot has access to all four PIRQ lines. The PCI card determines the PIRQ used, not the slot, and almost every PCI card only uses PIRQ #A. A BIOS unmanaged by software will initially allocate PIRQ #A to a different IRQ for each of the four PCI slots on a standard motherboard, and usually there are only four available - IRQs 9, 10,11, and 12. Therefore, since sharing and an IRQ is what is wanted to conserve these system resources, a shared IRQ would require complex software to determine first of all which device was using it to issue a request for processor time, which would then have to steer it to the correct device driver that has to be run to make that device operate. IRQ Steering is only supported by Windows 95 versions OSR 2.0, 2.1, 2.5, and Windows 98. It is not enabled by default by these versions of Windows 95, but is by Windows 98 - a policy that has resulted in many problems due to bugs in BIOSes, chipsets, PCI cards, and their software drivers. A precise software and hardware harmonisation between all of these is necessary for IRQ Steering to function properly.

Problems soon became apparent with multifunction cards, such as a sound card that often has SoundBlaster sound compatibility, a game port, MIDI (Musical Instrument Digital Interface) and CD-ROM interfaces. This means that one PCI card would ordinarily require more than one IRQ assigned to it to be able to handle all of these interfaces requesting processor time simultaneously. Allocating a second or third IRQ to the same PCI slot is something that many BIOS writers have failed to handle well, because if a device is sharing an IRQ with another device and they both make use of it at the same time, a system lockup results, often rendering the computer inoperable.

To see how to enable IRQ Steering in Windows 98, go into Device manager (right-click My Computer; click Properties), click on the plus sign by System Devices, and, in the list of devices that come up, highlight PCI Bus. The option for PCI Steering should be checked. There are four other boxes to select alternative ways of finding the BIOS routing table: ACPI BIOS, MS specification, PCI BIOS 2.1 real mode, and PCI BIOS 2.1 protected mode. (Windows 95 OSR 2.0 only offers the option, Get IRQ table from PCIBIOS 2.1 call, which is not even enabled if you click the Set Defaults button.) The default choice, usually the best, is for all of the options except PCI BIOS 2.1 protected mode to be checked. If you suspect the BIOS of having bugs, try another combination of options, but if the default option does not work, you will probably have to obtain an updated BIOS file and flash it into the BIOS chip. Microsoft does not recommend enabling the protected mode option unless a PCI card refuses to work after all of the other options have been tried unsuccessfully. If IRQ Steering is functioning properly, an IRQ Holder for PCI Steering device for each IRQ allocated to PCI devices should appear in Device Manager. However, the presence of these devices does not guarantee that IRQ Steering is working properly.

Sometimes when IRQ Steering is enabled, a combination of a badly designed PCI card and a bug-ridden BIOS can cause system lockup, or produce a kernel32.dll error message.

Visit Bud's Troubleshooter for some excellent information and sources on IRQ Steering

http://www.geocities.com/budallen98_98

The SoundBlaster PC164 sound card, for example, is sensitive to the BIOS and chipset support given to it for IRQ Steering. If it does not find things to its satisfaction, it can produce the following error message on boot up:

The audio PCI interrupt has been routed incorrectly by the system

In Windows 95 and 98, turning off IRQ Steering can often help to sort out system resource conflicts of this kind. VIA MVP3 chipsets can often require a BIOS update and the installation of a software patch to fix IRQ Steering issues, both of which can be downloaded from VIA's website, or from the motherboard's website.

IRQ Steering gives Windows the ability to change the BIOS assignments of IRQs to PCI cards, but it rarely changes them from the initial settings. Thus it is possible to solve IRQ sharing problems by moving a problematic PCI card to a different PCI slot, which forces Windows to alter the original IRQ assignments.

The following is a table showing how PIRQs are allocated to the PCI and the AGP slots:

Notice that the interrupts are staggered so that conflicts do not happen easily. The four interrupts can have 16 different combinations. Because the AGP slot and PCI slot 1 share the same set of IRQs, unless you do not have other slots to use, to avoid IRQ conflicts, the best option is to use only either one or the other of those two slots, not both at the same time. The same goes for PCI slot 4 and 5. However, your BIOS may offer this set of options: -

PIRQ_0 Use IRQ No. ~ PIRQ_3 Use IRQ No..

Options: Auto, 3, 4, 5, 7, 9, 10, 11, 12, 14, 15

It allows you to set the IRQ for any slot manually. For instance, normally, you should just leave it to AUTO. But if you need to assign a particular IRQ to a device on the AGP or PCI bus, this is how to make use of this BIOS function. Find out which slot the device is installed in. Next, check the table above to determine its primary PIRQ. For instance, if you have a PCI network card in PCI slot 3, the table shows that its primary PIRQ is PIRQ_2, because all slots are first allocated INT A if possible. After that, select the IRQ you want to use for that slot by assigning it to the appropriate PIRQ. If the network card (in the example above) requires IRQ 7, then enable PIRQ_2 to use IRQ 7. The BIOS will then allocate IRQ 7 to PCI slot 3. That is how simple it is.

This is a particularly useful BIOS setting if, say, you are transferring a hard disk drive from one system to another that has a different IRQ setup. All you have to do is use this set of BIOS settings to make the IRQ assignments in the new system agree with the ones that the operating system on the hard disk has.

Here is a typical posting from a computer newsgroup

I am using an FIC VA-503+ motherboard with the VIA 4-in-1 service pack installed, this includes the IRQ patch. My system still freezes up frequently. First I thought the problem was with my video card, but now I believe that the problem has something to do with the IRQ settings. This is what my IRQ settings look like in Device Manager:

0 System timer
1 Standard 101/102-Key or Microsoft Natural Keyboard
2 Programmable interrupt controller
3 Communications Port (COM2)
4 Communications Port (COM1)
5 VIA Tech PCI to USB Universal Host Controller
5 IRQ Holder for PCI Steering
6 Standard Floppy Disk Controller
7 ECP Printer Port (LPT1)
8 System CMOS/real time clock
9 3dfx Voodoo Banshee
9 IRQ Holder for PCI Steering
10 IRQ Holder for PCI Steering
11 SupraMAX 56i Voice PCI
11 Supra 2260 PCI Modem Enumerator
11 IRQ Holder for PCI Steering
12 PS/2 Mouse 4.0
13 Numeric data processor
14 Primary Busmaster IDE controller (dual fifo)
14 VIA Busmaster PCI IDE Controller (Ultra DMA)
15 Secondary Busmaster IDE controller (dual fifo)
15 VIA Busmaster PCI IDE Controller (Ultra DMA)

Note: This is with my Diamond Sonic Impact S90 Sound card disabled. When I enable my soundcard, I end up with five devices on IRQ 10.

Does anyone see a problem? I have no forced hardware, here are my
sharing/conflicting devices from above:

IRQ 5 VIA Tech PCI to USB Universal Host Controller
IRQ 5 IRQ Holder for PCI Steering
IRQ 9 3dfx Voodoo Banshee
IRQ 9 IRQ Holder for PCI Steering
IRQ 11 SupraMAX 56i Voice PCI
IRQ 11 Supra 2260 PCI Modem Enumerator
IRQ 11 IRQ Holder for PCI Steering
IRQ 14 Primary Busmaster IDE controller (dual fifo)
IRQ 14 VIA Busmaster PCI IDE Controller (Ultra DMA)
IRQ 15 Secondary Busmaster IDE controller (dual fifo)
IRQ 15 VIA Busmaster PCI IDE Controller (Ultra DMA)

Does anyone see a problem, if so how do I resolve it? Any ideas?

The poster of this message uses one of the versions of Windows 95/98 that supports IRQ Steering, because each IRQ that can use it has an IRQ Holder for PCI Steering device installed. The causes of the problem could be any of the ones given above - a buggy BIOS, a poorly designed PCI card, a motherboard chipset that does not handle IRQ Steering properly, or even buggy VIA IDE busmaster drivers. The problem persists when no multifunction card is installed that would make use of more than one IRQ in a PCI slot, so to cure it, he should have tried disabling IRQ Steering in Device Manager. If that did not help, he could have tried uninstalling the VIA busmaster drivers by using the uninstall option by running the utility that installed them, and then have allowed Windows to install its own busmaster drivers, since it is known that some users have experienced problems having installed the VIA 4-in-1 service pack.

Here is an instructive question and answer on this subject taken from a newsgroup:

Question

Both of my CD-RW and CD-ROM drives are working. But in the Hard Disk Controllers in Device Manager I have a yellow exclamation mark (!) next to the Secondary Busmaster IDE Controller. If you click on it, a message comes up saying that the IRQ cannot be shared; you must change the conflicting setting, or remove the real mode driver causing the conflict: CODE 30. Under Hard disk controllers, the Primary Busmaster IDE Controller and the VIA Busmaster IDE Controller are using IRQ 14.

I have tried installing the VIA IRQ Routing driver upgrade several times, but the yellow exclamation mark will not go away. I have an FIC 503+ and Windows 98 SE. Any ideas about how to get rid of it anyone?

Answer (One of several possible ways to solve this problem)

[If you have a multifunction card installed that uses more than one IRQ and you experience freeze-ups and shutdowns, have PCI Steering enabled, but allow Windows to allocate the IRQs. Using the Legacy setting for an IRQ in the BIOS does not allow Windows to use it as it sees fit.]

Other possible ways of getting rid of the exclamation mark in Device Manager include downloading and installing the latest VIA IDE Busmaster drivers and patches, or flashing the latest BIOS file, which could contain a remedy for a software bug in the previous BIOS, or uninstalling the VIA Busmaster drivers, turning off UDMA mode in the BIOS, and allowing Windows to install its PIO drivers, or experimenting with how the hard disk drive, the CD-ROM drive, and the CD-RW drive are connected to the motherboard. It could be that this person has the hard disk drive installed and configured as the master drive on the primary channel and the CD-ROM and CD-RW drives configured (or not properly configured) and installed as master and slave drives, respectively on the secondary channel. The master/slave settings might not have been done properly - one drive has to be set as master and the other as slave on the same channel. Also, one of these drives might not function properly when set as a slave. To sort out which drive works best on which channel is merely a matter of changing them around until hopefully everything starts working properly. For example, the CD-ROM drive could be set as a slave and put on to the same cable as the hard disk drive on the primary IDE channel, leaving the CD-RW drive set as master by itself on the secondary IDE channel.

DIAL-UP NETWORKING ISSUES - THE TCP/IP PROTOCOL

The Internet is a packet-switched network. Information is sent via the computers on the Internet in packets or blocks. As a system of data transfer, this will obviously not work unless there is a way of keeping track of these packets of information. This is done by enclosing each packet with the information that provides in its destination address how it is to be handled. In programming terms, this process is defined by a pair of protocols given the name Transmission Control Protocol/Internet Protocol, the acronym for which is TCP/IP.

The TCP/IP protocol come with several parameters that can be set. The acronyms for four of the most important ones are MaxMTU, MSS, RWin, and TTL. MTU stands for Maximum Transmission Unit and it sets the maximum size of a packet of data, MSS stands for Maximum Segment Size, RWin defines the size of the window, and TTL stands for Time To Live (all of them explained later).

The MaxMTU is an important setting because every link on the Internet , from the PPP (Point-to-Point Protocol) stack, the ISP's dial-up nodes, and all of the numerous network routers that the information will have to pass through, has a limit on the size of packet it can handle. If a packet of data is too large to pass through a router, for instance, it is refused entry and has to be broken into as many smaller units as will be able to pass through it. A process known as data defragmentation. The fragmented packets, each with its own address, handling, and identification information, are sent on until they reach their destination, where they are reassembled according to that information. The packets can be sent via different routes, and some of them could get lost, all of which introduces delays in the transmission time.

In 1983, way back in computer terms, document RFC 879 (Request for Comment) suggested that the Internet should be able to handle a MaxMTU of 576 bytes, which has become known as the Internet standard maximum packet size. But RFC 1134, which defined the PPP protocol - now the usual means of negotiating a dial-up connection to the Internet - specifies a standard MaxMTU of 1500 bytes per packet. This is also the packet size set by the Ethernet networking standard, IEEE 802.2 and 802.3. Not the largest packet size by far, because the IBM Token Ring uses a MaxMTU of over 17,000 bytes.

Where to Find Related RFCs (Request for Comments)

Requests for Comments (RFCs) are a set of documents, published by the Internet Engineering Task Force (IETF), that define the Internet protocols and standards. Each RFC is assigned a number. Once an RFC is published, it is not updated; if it needs to be modified, a new RFC is created.

You can view (or copy) any of the RFCs from the InterNIC's web database. InterNIC is the Internet Network Information Centre, which co-ordinates DNS registration. To register domain names and obtain IP addresses, visit http://www.internic.net/index.html

Other RFCs describe the following Internet protocols and standards:

Domain names, concepts and facilities, RFC 1034

Domain names, implementation and specifications, RFC 1035

Finger, RFC 1288

Lightweight Directory Access Protocol (LDAP), RFC 1777

Management Information Base (MIB), RFC 1158

Simple Network Management Protocol (SNMP), RFC 1157

Whois, RFC 954

Because modern modems use error correction, incorporated within their hardware or employed by software, they do not have to use a small packet size as the best means of reducing packet fragmentation. In theory the most desirable state of affairs is a maximum packet size as large as possible, but one not so large that it causes fragmentation. Since each packet has to contain 40 bytes of additional information - 20 bytes for TCP description and 20 bytes of IP header, the packet size cannot be too small or it would swell the amount of traffic by an unsustainable amount. If the standard packet size was reduced from 1,500 bytes to 576 bytes across the board, there would be almost three times the number of packets for the network routers to handle and the Internet would be even more deluged in information than it is at present. Therefore, it is the best data flow over the Internet would be achieved by setting the MaxMTU to 1500 rather than 576. However, the MaxMTU should never be set higher than the one set as standard by your ISP, some of which have theirs set at 576 bytes. If a higher packet size is use than can be handled at any point on the Internet, data fragmentation results, which must obviously reduce performance.

Windows 98 has Dial-Up Networking 1.3 and Winsock 2. The former can automatically adjust the MaxMTU to match the setting at any point on the Internet. If you have Windows 95, and you want to improve your modem's performance, you should search for and download copies of these files from Microsoft.com.

The other TCP/IP settings

The MSS - maximum segment size - parameter of the TCP/IP protocol is the amount of data a packet can hold. Since a packet has 40 bytes of address and ID header information, the MSS has be 40 bytes smaller than the MaxMTU.

RWin is the 'window size'. This is the multiple of the MSS which will fit into the data buffers at your ISP. Some tweaking utilities recommend a setting of 4 when the MaxMTU is set at 1500, but if your ISP provides sufficient buffering it can be set a high as 10. - Experimenting can do no harm!

TTL - time to live - sets a limit on the number of network routers a packet will pass through before it gives up and expires. This prevents lost packets of data from wandering through the Internet eternally. Bear it in mind that as the Internet has increased in size, the number of hops that a packet will have to use has also increased considerably. This setting should be set at a minimum of 32. A setting of 64 would probably be preferable. If your version of Dial-Up Networking is 1.2 or higher, Microsoft recommends a setting of 128.

The software process by which the TCP/IP stack and the remote server decide on the optimal packet size at any one time has been given the name PMTUAutoDiscovery. When this is active, it completely removes any need to experiment with the MaxMTU size, because the process is automatic. For this to work, version 1.3 of Dial-Up networking needs to be installed. The PMTUBlackholeDetect setting does nothing other than inform Dial-Up Networking to allow for the fact that some network routers cannot handle the MTU path discovery properly. Both of these can be set from within the MTUSpeed utility, but their recommended setting is: disabled.

A 28.8K (kilobits) modem should be able to download a file on a good, unbusy line at a rate of about 3.2 kilobytes/sec; a 33.6K modem at 3.7 kilobytes/sec. Consider a download speed of up to 4.6 kilobytes/sec acceptable for a 56K modem, since they seldom, if ever, achieve their maximum specified download speed, and can only upload at the same rate as a 33.6K modem. These speeds can be put to the test by downloading an executable or zip file from a site on the Internet. The speeds are usually indicated on the download window that can be viewed if you do not set it to be minimised. Download a file from a local site early in the morning or late at night to be sure of an unbusy line, since heavy traffic tends to slow the Internet down. If your download speeds are not up to scratch, you can try using MTUSpeed to tweak the settings. This should not be necessary if you have Windows 98, since the whole process is fully automated. Remember that downloads usually start slower than full speed and accelerate slowly, but should reach full speed after about a minute.

To view a setting worth checking, click the Modem icon in Control Panel, click Properties, and make sure that 115200 is selected as the Maximum speed. This reflects the maximum speed for the download of compressed files, which is safely set at four times the actual speed of the modem.

File transfers should be less sensitive to Internet congestion than web page accesses, since the server doing the downloading will keep sending packets to your computer up to the window size or the RWin value. These packets are usually sent to the communications buffer of your ISP, where they wait their turn to be downloaded. Thus, for a non-automated set-up, you want RWin set so that the window is large enough to keep the download going at maximum speed in spite of transmission delays, but you do not want it so large that the packets cannot bypass the ISP's setting for window size.

If you do not have Windows 98 installed, the following are the system components you will need to download from Microsoft.com or your modem manufacturer if you want to get the best from your Internet experience with Windows 95. I have not given precise web addresses because of the speed with which they become redundant. You will have to go to microsoft.com and search for the updates.

When installing new files remember that if the system asks if you want to keep a file that is more recent than the one about to be installed, always elect to keep it. Having installed all of the updates, you are now ready to make sure that all of your modem and Dial-Up Networking settings are correct.

Double-click My Computer and right-click on the Dial-Up Networking icon, select the ISP connection icon you want to configure (AOL, Freeserve, Netscape Online, etc), click the Properties tab. Select the General tab and click the Configure button. If you have a 28.8K or faster modem, select 115200 from the drop-down menu of the Maximum speed box. Data compression allows a modem to receive up to four times as much data as its nominal speed. On the Connection tab, which should have 8, none, and 1 in its boxes, click the Port Settings button. Select to use 16550 FIFO buffering. If this option is not available, you might have an external modem connected to an old 16450 serial port, which will probably cause communication overrun problems that will reduce data throughput drastically because buffering is necessary to maintain it. However, if you have a 28.8K or faster modem and the buffering option is not available, installing a revised modem .inf will probably make it available.

Clicking the Advanced button gives access to several more configuration settings. Select Use error control, Compress data, Use flow control, and Hardware (RTS/CTS). The setting Require to connect should not be selected.

Close the Modem Properties window, and click the Server Types tab of the ISP (Freeserve, etc) window. Under Advanced options, none of the settings need to be selected, but all of them except Log on to a Network can safely be selected; it must be left unchecked or you probably will not be able to dial into your ISP. Under Allowed network protocols, NetBEUI, and IPX/SPX should not be selected; these protocols are used for intranet networks, they are not used for the Internet.

The installation of an ISP such as Freeserve usually sets the TCP/IP Settings as part of the installation, but it is a good idea to make sure that the two bottom options Use IP header compression and Use default gateway on remote network are selected.

Finally, if you are making use of MTUSpeed, Mike Sutherland, its creator, found that the optimal Dial-Up Networking parameters for his PC were a MaxMTU set at 1500, a RWin set at 6 (MSSx6), a Time To Live (TTL) set at 128, and an NDI Cache Size set at 16.

AN IN-DEPTH LOOK AT IDE HARD-DISK DRIVE TECHNOLOGY 

IDE hard disk drives are used in most PCs today. Unfortunately, because there are BIOS Setup and Windows' version issues to be taken into account with every improved release of the IDE standard, which has a bad habit of making its presence felt every two years or so, I have put the following information together in an attempt to clear up all of the confusion.

IDE stands for Integrated Drive Electronics, which means that all of the electronics required for the drive to function are integrated into the drive itself rather than being supplied, as it was in the early days of the PC, by a controller card in an ISA expansion slot. These early drives (without integrated electronics) were called AT drives. (I will not be discussing these or the earlier kinds of hard disk drive here.) Although up to four of the latest IDE drives can be attached directly to the motherboard, an ISA or PCI expansion card can still be used as an attachment point for these drives if you want to install more than the four that the two motherboard connection points can accommodate. However, neither the expansion card nor the motherboard has a controller chip installed on it. All of the controller electronics for an IDE drive are contained within the drive unit itself.  

In 1988, the hard disk drive manufacturers got together and defined a CAM (Common Access Method) specification, which still took some time to be implemented across the board, so there was a period in which the various manufacturers products could not be guaranteed to be compatible with one another. This was in stark contrast to the situation today when all of the different manufacturers drives are expected to be able to work together.

The original CAM specification was designed around the WD1003 Hard Disk Controller. All IDE hard disk drives still support the full WD1003 command set, which is also supported by the BIOS of most PCs, thereby making it possible to have even the most advanced ATA 100 IDE drive work from the original IDE interface. The original WD1003 command set has been greatly extended by adding additional ATA commands that are supported by the IDE drivers instead of being burned into the BIOS. This means that while the PC is booting, the BIOS treats even the latest ATA 66 or ATA 100 drive as a basic WD1003 drive. The operating system then loads the IDE drivers and they are able to make use of the extended ATA commands. If for some reason or other the operating system has to use a real mode DOS IDE driver, the drive will probably be treated as if it was one of the original WD1003 drives.

HOW CD-ROM DRIVES WERE MADE TO RUN ON AN IDE INTERFACE

Soon after the first IDE standard was established for hard disk drives, developers began to create the first ATA CD-ROM drive. A necessary step because at the time CD-ROM drives were attached to a PC by using three proprietary interfaces developed by Sony, Panasonic, and Mitsumi, and one more expensive non-proprietary interface - SCSI - the Small Computer System Interface, often called Scuzzy. An ATA IDE CD-ROM is just one that can be attached to the 16-bit AT expansion bus in the same way as an IDE hard disk drive. Obviously a CD-ROM drive functions in a totally different manner from an IDE hard disk drive, so a different command set had to be created. Consequently, a variation of the ATA standard for non-hard-disk devices was agreed upon - ATAPI - the ATA Packet Interface. The ATAPI standard is suitable for CD-ROM drives and tape drives. Moreover, without specific BIOS support, an IDE ATAPI CD-ROM drive is not available for use until the operating system has loaded its software driver. This is why it is only possible to boot from a CD if the BIOS provides specific ATAPI support, and why a real mode DOS driver has to be loaded before MS DOS can access a CD-ROM drive. This is why you need a boot disk if you want to load Windows 95/98 from scratch. The boot disk loads the CD-ROM drivers that makes running the setup program from the Windows CD possible.

In any case, even if your CD-ROM drive is one of the first ATAPI IDE drives, it should be able to function with any IDE hard disk drive. If the use of your IDE CD-ROM drive freezes the screen, or cannot be accessed, the chances are that the problem lies with driver or BIOS incompatibility - with a buggy BIOS or faulty drivers. Most of the problems to do with CD-ROM and IDE hard disk drives can be traced back to the BIOS or drivers. Flashing the latest BIOS, or installing the latest drivers, usually obtained from the motherboard's chipset manufacturer or Microsoft.com, or falling back to tried-and-tested drivers, having installed buggy updated drivers, solves most problems.

BACK TO IDE HARD DISK DRIVES

Each of the two IDE connection points (channels) on a typical B-AT or ATX motherboard can have two IDE devices connected to it by the same ribbon cable, making a total of four devices. And just as two IDE devices share a cable, they must also share the same data transfer capacity. Which in effect means that as long as they support independent timing, two IDE devices on the same channel will function using the same data transfer rate as the slowest of them. If either of them does not support independent timing, freezes will result as each device tries to use the same system resources. That is why, if possible, it is best to have the CD-ROM drive on one channel and the hard disk drive on the other. If you install another hard disk drive, the slowest of them should be installed on the secondary channel with the CD-ROM drive. Sharing a cable is achieved by having one of the drives designated as the master device and the other as the slave device.

Now that it is possible to obtain PCI IDE interface cards, it is easy to come to the conclusion that the IDE interface has moved from the 16-bit ISA bus to use the 32-bit PCI bus. This in not the case! Hard disk drives still always operate on a 16-bit bus, and as such always use a 16-bit interface. There are three possible types of connection:

PCI: NORTH AND SOUTH BRIDGES

If an IDE ATA drive is connected via an AT (ISA) expansion slot, no additional electronics are needed, the data transfers proceed according to the rules of the 16-bit AT bus. However, a PCI IDE ATA expansion card contains special electronics that bridge the difference between the 16-bit ISA and the 32-bit PCI interface standards. An electronic bridge that already exists in most recent PCs. A complex matter that is not necessary to explore in depth unless you are a prospective system designer. All you need to be aware of is that the PCI bus is connected to the rest of the system by two bridges known as the north bridge and the south bridge. The north bridge is responsible for connecting devices to the PCI bus that can make use of it directly - the (video) AGP slot, the RAM, and the processor. The south bridge is responsible for converting the PCI standard to the alternative standards that cannot make use of the PCI bus directly - the 16-bit ISA slots, the 16-bit IDE ATA interface, and the Universal Serial Bus (USB). If the IDE ATA connection points are built into the motherboard, a similar bridging between the 16-bit IDE and 32-bit PCI interfaces has to take place. The data transfers in this case are dependent on the quality of the bridging chip being used. How fast your IDE ATA drive works will largely be dependent on the motherboard's chipset, the leading manufacturers of which are Intel, ALi, and VIA. The four other major components involved are the processor, the BIOS, the IDE drivers, and the operating system. All of these have to work in perfect harmony to provide seamless data transfers. All of these can contain bugs or design faults that have to be solved by installing software patches. The AMD processor timing problem that affected the K6-2 350MHz and higher processors using Windows 95 OSR 2.0 (subsequent versions include it) is a good example. Microsoft had to rectify this by updating several Windows 95 files that it incorporated into a single downloadable executable file: amdk6upd.exe. Other good examples of bugs are: the VIA MVP3 chipset originally came with a bridging bug that was rectified by a software patch, and the original BIOS for the FIC VA-503+ motherboard came with a bug that rendered a CD-ROM drive useless if the VIA busmaster drivers were installed. An updated BIOS file rectified that problem.

TRANSFER MODES

THE PIO MODES

The PIO and DMA IDE data transfer modes are set in the BIOS and implemented by the IDE drivers, which can be installed automatically by Windows, or installed from an Internet download, a CD, or floppy disk.

The most basic method of transferring data to a device from hard-disk memory is called Programmed I/O, or PIO. In this case, the processor is responsible for taking data from hard-disk storage and transferring it to its own 16-bit IDE registers. In the case of a device attached to the south bridge, the bridge deals with the 32-bit to 16-bit conversions, otherwise all of the transfers take place as 32-bit transfers. The PIO method is therefore processor intensive, and as such will have a negative impact on system performance - the more so the more the system is stressed.

The Direct Memory Access (DMA) method of data transfer was designed to relieve the processor of as much involvement in data transfers as possible. With this method, the processor sets up the details of the data transfers and then leaves the motherboard's DMA Controller to get on with the process, leaving the processor as free as possible to get on with other activities. The only essential difference between equally fast PIO and DMA transfer methods is the amount of load each places upon the processor; the DMA places considerably less load on the processor. An advantage that only has significance if the processor is able to make use of the extra time, such as when the computer is running complex games and graphics applications, or multitasking between applications. 

The ATA standard has been revised several times, with a new and faster transfer mode being introduced each time.

The Cycle Time is measured in nanoseconds (ns), millionths of a second, and the Transfer Rate is measured in megabytes per second (Mb/s). As well as single byte PIO mode, ATA 2 drives are also able to operate in Block PIO mode, which, by transferring data in blocks, does not transfer the data any faster, but, as with DMA, reduces the number of calls to the processor. If this mode is available, there will be an IDE HDD Block Mode setting in the BIOS to enable it. (In the Integrated Peripherals section of an Award BIOS.)

THE DMA MODES

DMA transfers became available with the ATA 1 modes, but were mostly ignored by PC users, largely because the ordinary default PIO modes were as fast as the more sophisticated and hence more difficult to understand DMA modes. DMA hard-disk transfers took place either directly via a motherboard connection to the south bridge, or via a PCI IDE ATA expansion card. The earliest versions supported single-word DMA transfer rates, which are very similar to the PIO transfer rates available from the ATA 1 modes.

Multi-word DMA transfer modes, which make use of what is known as the PCI busmastering facilities of the PCI bus, became available with ATA 2. The advent of this type of DMA transfer should have made their adoption more popular than single-word DMA transfers, because the processor loading is reduced considerably without reducing the rate of data transfer. However, the DMA check box in the window for the Properties of a hard disk drive in the Device Manager of Windows 95 gave dire warning of what would happen if it was enabled and the drive did not support DMA transfers. Moreover, given that PIO Mode 4 was just as fast as DMA 2, most users avoided taking the chance of checking the DMA box that forces Windows to load the appropriate busmaster drivers, or give the option to install them from a CD.

An attitude that was changed when the ATA/33 mode, advertised as Ultra DMA or UDMA 33 was introduced, quickly followed by ATA/66 (Ultra DMA 66 or UDMA 66). ATA/33, also known as Multiword 3, uses a cycle time of 60ns, which gives a peak data transfer rate of 33 Mb/s - twice as fast as the highest ATA 2 mode PIO 4, which has a peak transfer rate of 16.7 Mb/s. Because the technology involved in halving the cycle time stretched the electronics to their limit, special error-correction code was added to all data transfers, which improves an ATA/33 drive's reliability greatly compared to an ATA 2 drive. Since an ATA/33 drive can transfer data faster than it can be read or written, the disk rotation rate (RPM) and the buffering (cache) used also had to be increased.

ATA/66 - Ultra DMA 66

A new cable had to be designed to halve the cycle time yet again for ATA/66 compared to ATA/33 mode. Fortunately, the ribbon cable with 40 conductor lines that is used on earlier versions can still be used on an ATA/66 and ATA/100 drive working in (backward-compatible) ATA/33 mode. The special ATA/66 cable adds another 40 conductor lines (making a total of 80) without increasing the number of connectors (40) so that an ATA/66 drive can be used on an ATA/33 or earlier IDE interface, with a standard cable. Depending on the available BIOS and chipset support, an ATA/66 drive connected to an IDE ATA interface using a standard cable, functions as an ATA/33 or earlier type of drive. Connected using the ATA/66 cable makes it function in ATA/66 mode - if the BIOS and the chipset are also compatible with it.

Note that the new 80-conductor IDE cable can be used with an ATA/33 drive. The higher data transfer speeds will not be achieved, but the other superior qualities, such as better error control, will function.

The transfer speed at which an ATA/66 drive works is the maximum possible for the PCI bus, so, without completely re-engineering the electronics, it is likely to be the last upgrade of the IDE standard as we know it. Note - to use an ATA/66 drive in earlier modes a software fix may have to be downloaded from the manufacturer's website that turns ATA/66 mode off. Maxtor drives may require this fix. For instance, you may have an ATA/66 drive that is supported by the latest flash BIOS upgrade on a particular motherboard, but which is not supported by the motherboard's chipset. In this case, you would probably have to use the software fix to turn off ATA/66 mode in the drive so that the BIOS does not try to configure it and it can operate in ATA/33 mode - or PIO mode 4. In any case, getting things right for any particular drive is usually merely a matter of making use of all of the available information correctly. That is why you should always glean all of the available information on a drive's website before you attempt to install it.

If your motherboard's chipset does not support ATA/66, ATA/100, or ATA 133 modes, you will have to install a PCI controller card that does support it. Promise produces such a cards, which provide two IDE channels, each of which can support two IDE drives, making a possible total of eight drives per computer. The controller on this card has a BIOS extension and drivers that can support a drive capacity of up to 128Gb.

Most of the hard disk drives on the market are now ATA/100 or ATA/133 drives, so there is not much point in delving into the benchmark test results of ATA/33 versus ATA/66. Suffice to say, with the same amount of cache and the same RPM, the data transfer rates of ATA/66 drives are only marginally faster than ATA/33 drives. However, an ATA/66, ATA/100, or ATA/133 drive with 2MB or 8MB of cache and 7200 RPM capability is bound to significantly outperform an ATA/33 drive that comes with a 512KB cache, the disks of which spin at 5400 RPM.

The limitations of the various combinations of hard disk drive, BIOS, and operating system

The 8.4Gb limit raises several important considerations. This limit occurs when the maximum disk parameters of 1,024 cylinders, 255 heads, and 63 sectors for a hard disk drive using FAT 16 have been reached, and no amount of translation can be used to access any additional disk space.

Microsoft got together with the hard disk drive and BIOS manufacturers to find the most suitable way around these limitations. The extended BIOS was introduced. This uses a single long logical block numbering system, transmitted via a data packet instead of by using registers. If it has operating system support, this extended LBA (Logical Block Address) hard disk drive part of a system BIOS allows drives of sizes up to 137Gb! In effect, this means that any version of Windows, from Windows 95 OSR 2.0 onwards, will support this size of drive in conjunction with an extended BIOS. Such BIOSes are: a Phoenix BIOS from version 4, release 6 onwards; an Award BIOS dated after November 1997 (OEM versions may be later - check with the OEM motherboard manufacturer); an AMI BIOS dated from January 1998.

The limitation considerations of MS DOS and Windows

You should also remember that the original FAT 16 version of Windows 95 and versions of MS DOS from 4.0 to 6.22 use maximum disk drive partition sizes, as created by FDISK, of 2Gb. An important point if you are using a FAT 16 version of Windows, because any hard disk drive purchased today will be much larger than 2Gb, and as such will have to be split up into several partitions, each of which cannot exceed 2Gb in size. More importantly, since FAT 16 versions of Windows and the version of MS DOS they contain (MS DOS 7) can only access drives up to 8.4Gb in size, if you were to boot from a floppy disk for any reason, MS DOS will only be able to access the first 8.4Gb of a drive that is larger than that, and may well damage the drive if it tries to access data stored in areas of the drive that it cannot map.

HOW TO USE FDISK TO SET UP DUAL BOOT WINDOWS 98/NT 4

I came across this very useful posting in a Windows newsgroup.

I recently installed a MAXTOR 8.4Gb HDD and set it up for dual booting - Windows 98/NT 4 Workstation.

Here is how I set mine up using FDISK(FDISK.EXE). One(1)Primary DOS partition set active, one (1) Extended DOS partition with four (4) logical drives.

C: 300Mb FAT16 Boot [See below for an explanation of FAT 16.]
D: 1Gb FAT32 Win98
E: 1Gb NTFS WinNT
F: 3Gb FAT32 Programs (like MS Office, Lotus Suite, etc.)
G: 3Gb FAT32 Games and miscellaneous programs

Install Win98 FIRST to D:\Windows, then install WinNT to E:\WinNT

WINDOWS98

Next get all of the FREE Microsoft upgrades for your software and
install them from - http://windowsupdate.microsoft.com/

Get NTFSDOS.ZIP (freeware). It is a read-only network file system driver for DOS/Windows that is able to recognise and mount NTFS drives for transparent access. It makes NTFS drives appear indistinguishable from standard FAT drives, providing the ability to navigate, view and execute programs on them from DOS or from Windows, including from the Windows 3.1 File Manager and Windows 95 Explorer.

[Search for the file name using the Google search box at the top of this page (enable the Web Search option on the first search page).]

WINDOWS NT 4 WORKSTATION

Make sure you get SERVICE PACK 5 (SP5) for WinNT and install that. Obtain it here. -

http://www.microsoft.com/technet/archive/downloads/winnt.mspx?mfr=true


Get FAT32.EXE for your WinNT operating system to access the FAT32 drives. For read-only it is FREE; for read & write it costs $39.00 U.S.

[Search for the file name using the Google search box at the top of this page (enable the Web Search option on the first search page).]

Get DKLITE_I.EXE (Freeware) to defragment your NTFS formatted partition(s).

[Search for the file name using the Google search box at the top of this page (enable the Web Search option on the first search page).]

Get AUTOLOG.ZIP (freeware) for your WinNT operating system if you don't want the Ctlr + Alt + Del and Password logon screens every time you restart WinNT.

[Search for the file name using the Google search box at the top of this page (enable the Web Search option on the first search page).]

Make an NT BOOT disk as follows: the boot disk for NT workstation is used a little differently than that for MS-DOS and Win9X. First, the boot disk is made by formatting a 1.44MB diskette from NT.

Then boot.ini, ntdetect.com and ntldr are copied to this diskette. (If an SCSI HDD is used, ntbootdd.sys is also copied. For multi-boot with DOS, bootsect.dos is copied.)

With these files comprising the NT Startup Floppy, its purpose is primarily to start loading NT. Connection to the net is then achieved by NT loading the network drivers, in the usual way, from the HDD. This is totally dissimilar to the boot-up disk for MS-DOS or Win9X, which can boot the computer independently of the HDD.

These postings clear up the matter of having a FAT 16 boot partition

If I partition my HD for dual boot between Windows 98 SE and NT, can the NT use NTFS? [NT File System; the equivalent of the File Allocation Table filing system, FAT 16 and FAT 32 in Windows 95/98] and I want to use Windows 98 SE for video editing and use NT as a server to test networking. So the NTFS is required for the network testing.

Yes you can, but you may encounter some problems during installation if you are not careful. You must install Windows 98 SE first on your C: drive using FAT 16 or else Windows NT won't install. Then install Windows NT on a separate partition using FAT 16 for now. Once both systems are installed and fully functioning, then you can convert Windows NT to NTFS and Windows 98 SE to FAT 32 if you want.

If he has Windows 98 on the C drive and converts it to FAT 32 then NT won't boot. This is assuming he uses the NT boot loader. It is installed on the C drive, not the partition NT is on, and since Windows NT can't read FAT 32 it would render it unbootable. The best way to do this if you want Windows 98 on a FAT 32 partition and NT on a NTFS partition is to make three partitions. One small boot partition (say 100 to 200MB) and make that the C: drive. Install Windows 98 on the D: drive and NT on the E: drive.

A GAMING PC SUBJECT TO PERIODIC SYSTEM FREEZES

Typical system setup:

Typical problems:

Correction measures:

If you have installed a high-end AGP graphics card into your PC, such as one with a 3dfx Voodoo chip, and you are experiencing screen freezing problems, the most common causes are as follows.

DISCOVERING A MODEM'S MANUFACTURER

The 56K.COMTroubleshooting Guide, frequently suggests downloading new drivers or firmware from a modem's manufacturer. However, many modem owners have no idea who made their modem, so they have no idea where to get new drivers or firmware updates.

The following information addresses this problem. It will show you how to find out which company manufactured your modem. You will then be able to download drivers or get technical support from the manufacturer that is probably listed on the 56K.COM Modem Manufacturers Link Board.

Note - the company that made the modem is not necessarily the company that is responsible for technical support. For instance, if the modem came pre-installed in a computer, the computer manufacturer is probably responsible for supplying technical support, and perhaps, but not necessarily, the software drivers and firmware upgrades.

****

Contents: How to determine a modem's manufacturer

Using AT commands

Using FCC ID numbers to determine the manufacturer

Using search engines

Now I know the manufacturer. What next?

Using AT commands

Modems store information about themselves. Under 'interrogation', some modems can tell you their maximum speed, their brand name, or their model number. Not all modems, however. Some modems will merely be able to tell you their speed or firmware version, plus some incomprehensible letters and numbers. For instance, I have yet to see a Rockwell-based modem that stored the manufacturer's name in the firmware - the upgradable software stored in read-only chips.

AT commands (AT stands for attention!) are the first line of enquiry, because they do not require you to open your computer's case to remove the modem for inspection. AT commands (typed in lowercase letters, such as ati6, atdt, at&f, etc.) can be sent to a modem via a terminal emulator, or terminal program. If you are using Windows 3.1x or Windows 95/98, you will already have a terminal program installed on your computer by default. Complete instructions for using the most common terminal software can be found from the websites, the hyperlinks for which are given below, and the manual that came with the modem, in book form and/or on a disk, should provide a full list of the commands that the modem supports

Using a terminal program is a good way to learn about your modem. For instance, you can obtain information about your last connection by using ATI6 and ATI11 with x2 modems, or by using AT&V1 with K56flex modems.

If you have Windows 95/98, you do not have to use a terminal program. It is possible to view the responses to several of the AT commands by calling up the Modem's Properties window that is accessed via the Modem icon in the Control Panel. This information is presented if you click the More Info button of the Diagnostics tab. However, you may still want to use a terminal program to obtain the information about your last connection, or check if the modem supports a particular AT command. Any AT command entered in a terminal program's window will issue an ok response if it is supported and an error response if it is not.

Operating-system-specific information on terminal programs can be found by clicking the following hyperlinks to the relevant 56K.Com pages:

If your modem reports the manufacturer and model information in the AT commands, you can go to the last step in the detection process to find out where the manufacturer is on the Internet. Unfortunately, not all modems are so forthcoming. In that case, you can use the FCC numbers to find the manufacturer. Once you know the manufacturer, you can find its website on the 56K.COM Modem Manufacturers Link Board.

Using FCC ID numbers to determine the manufacturer

Products approved by the U.S. FCC (Federal Communications Commission) usually have one or more FCC ID numbers printed somewhere on the device. For internal modems, you will have to examine the labels stuck to the modem. If you do not feel happy about opening the case, or having to remove the modem if access to it is cluttered, you will have to obtain outside assistance. Be aware that not all modems will have an FCC ID number. In the UK, for instance, you might find a BABT ID number instead. (See below.) The first three characters are unique to each manufacturer. You can search for the entire FCC ID number, or search for just the first three characters if all you want to determine is the manufacturer.

Once you have found the FCC ID number on your modem, look it up at this site -

http://www.fcc.gov/oet/fccid/

Once you know the manufacturer, you can find their web site on the 56K.COM Modem Manufacturers Link Board.

Using search engines

If there is a model number printed on your modem, try searching for it by using the Google search box at the top of this page (enable the Web Search option on the first search page) . It is possible to enter the number enclosed in inverted commas and have a relevant page containing information about it coming up on the first page of links offered by these search engines.

****

Now that I know the manufacturer, what next?

Once you know the manufacturer, you can check the 56K.COM Modem Manufacturer's Link Board to see if the company has a website. If the company is not listed there, you can try to find its website by using the Google search box at the top of this page (enable the Web Search option on the first search page).

Note - the company that made the modem is not necessarily the company that is responsible for its technical support. For instance, if the modem came pre-installed in a computer, the computer manufacturer is probably responsible for supplying the technical support, and, if it is an OEM version of an established brand or no-name modem, will also be responsible for supplying the software drivers, and firmware updates.

HOW TO CREATE A HOSTS FILE TO SPEED UP INTERNET ACCESS

Every server computer connected to the Internet has an IP (Internet Protocol) number that all other computers need to know before they can gain access to it. Every time a connection is sought the software in the client computer has to look up that number. The browser on the client computer will look first on its own hard disk drive for a HOSTS file to obtain the IP number, and then it will search in the records of a special server computer that contains all of the known registered IP addresses. Therefore, it stands to reason that if the client computer obtains them from its own hard disk drive, the access times will be reduced significantly.

The following is an example of the contents of a HOSTS file:

194.200.20.15 www.netscapeonline.co.uk

194.200.20.13 mailhost.netscapeonline.co.uk

194.200.20.41 pophost1.netscapeonline.co.uk

194.200.20.16 newshost.netscapeonline.co.uk

195.92.177.3 www.freeserve.net

195.92.193.23 pop.freeserve.net

195.92.193.18 smtp.freeserve.net

195.92.193.11 news.freeserve.net

The following instructions, using Netscape Online as an example, show how to obtain the IP number for a particular site's server. In this instance from www.netscapeonline.co.uk.

The pinged server will return results that look like this in the DOS window:

C:\WINDOWS>ping www.netscapeonline.co.uk

Pinging www.netscapeonline.co.uk [194.200.20.15] with 32 bytes of data:

Reply from 194.200.20.15: bytes=32 time=491ms TTL=243
Reply from 194.200.20.15: bytes=32 time=465ms TTL=243
Reply from 194.200.20.15: bytes=32 time=498ms TTL=243
Reply from 194.200.20.15: bytes=32 time=455ms TTL=242

The 194.200.20.15 is the IP number for Netscape Online UK.

This is the form in which the information for every pinged Internet site, news, or mail server, is written in the HOSTS file that you will be creating:

192.160.13.21 www.netscapeonline.co.uk

There has to be a space between the numbers and the URL.

And this is how to create a HOSTS file by using Notepad that appears in the Accessories menu of the Windows Programs menu.

NOTE - YOU SHOULD RE-PING ANY WEBSITE THAT CANNOT BE DIALLED UP ALL OF A SUDDEN, BECAUSE, FOR SOME REASON OR ANOTHER, MANY SITES CHANGE THEIR IP ADDRESS NUMBERS REGULARLY. A GOOD EXAMPLE IS MICROSOFT'S WEBSITE - MICROSOFT.COM.

AN ENCOUNTER WITH A TROJAN VIRUS

(PLUS OTHER VIRUS INFORMATION)

Some changes have occurred since I wrote this article...

Note - Computer Associates, the owners of the InoculateIT anti-virus program, sold out to McAfee some time in 2000. As I reported then, it was doubtful if it would remain free for much longer. This has turned out to be the case. Existing users of InoculateIT can obtain virus file updates at a reduced annual cost of $5.95 ($19.95 retail price). For more information visit Etrust at - http://www.my-etrust.com/?VDRID=IPE0000001.

An even better alternative that is still free AVG AntiVirus - is also listed alphabetically on this list. However, a free virus file update is only available once a month for the free version of the program. This is only likely to be inadequate protection if you make a habit of visiting the kinds of non-proprietary sites that might be programmed to invade your system (by downloading a Trojan program or a web bug to it), or infect it with a virus.

If the only websites you visit are reputable, well-known ones, and you know not open e-mail attachments that have certain file extension endings, such as .exe, .vbs, .pif, etc., you have scripting and ActiveX permission either disabled or set to prompt under Internet Options, and you have the Java security level set to high, there is little likelihood that you will fall victim to a virus.

Three other excellent measures of protection that are still free are -

AD-aware (Discovers and removes parasitic 'spyware' and 'adware') -

http://www.lavasoft.de/ and http://www.lavasoftusa.com/

Spybot S&D (Discovers and removes parasitic 'spyware' and 'adware') -

http://www.safer-networking.org/

ZoneAlarm Free Personal Firewall

http://www.zonelabs.com/ (ZA home page)

There are many security-related links provided on the Security page on this site.

---

E-mail to InoculateIT's technical support

Note that InoculateIT no longer exists. The people responsible for it now produce E-Trust.

http://www.my-etrust.com/

I downloaded the latest version of InoculateIT (5.0), plus the latest
virus update, and then did a scan of my hard disk drive. This is what the log reported:

InoculateIT Personal Edition Version 5.0.0.27
Started scanning: 11:34:18, 01/01/00
Major dat file v200
Minor dat file v274
Macro dat file Dec 31 1999 (VMD Ver 1.4)

Scanning memory...

Scanning boot sectors...
C:\ Master Boot Record matches template, is OK: standard Win95 OSR2.
C:\ Partition Boot Record matches template, is OK: standard MSWIN 4.1
FAT32.

Scanning file(s)...
C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat - unable to
open file - not scanned.
C:\WINDOWS\History\History.IE5\index.dat - unable to open file - not
scanned.
C:\WINDOWS\Cookies\index.dat - unable to open file - not scanned.
C:\WINDOWS\Wcab32.com is infected with Win32.SubSeven.21.B trojan. Not a
virus. Not restored.
C:\Program Files\InoculateIT PE\VIRUSLOG.TXT - unable to open file - not
scanned.
C:\WIN386.SWP - unable to open file - not scanned.

Finished scanning: 11:42:47, 01/01/00
Number of files scanned: 15842.
Number of files that could not be scanned: 5
Number of infections: 1
Number of infected files not cleaned/deleted/renamed: 1
C:\WINDOWS\Wcab32.com (Win32.SubSeven.21.B trojan. Not a virus)

Anyhow, the wcab32.com is a 1Kb shortcut - copy attached. It was located in the C:\Windows directory. If this is a serious Trojan, kindly let me know if I got rid of it by deleting it with the file wiper program, BCWipe, in Safe mode. I think it got into my system when I opened an unsolicited e-mail attachment.

Reply from InoculateIT's technical support

A Trojan is a malicious program that masquerades as a legitimate program.
You should delete any file that IPE reports as a Trojan.

If the file is "in use" by the system, you will have to reboot the computer with a "clean" bootable system disk and then delete the file from DOS.

A Trojan may look like it is a system file or a patch or even a game but
when activated, it runs some other malicious activity.

InoculateIT Personal Edition 5.0, which is now available, will automatically delete Trojans when they are detected if they are not "in use" by the system.

The story continues...

When I deleted the Trojan, every time I started my PC, a message came up on the Desktop saying: "Runtime error 216 at 00002021".

I thought that perhaps the Trojan had corrupted a file that was now producing this error message whenever it was run, because this is a programming error message indicating that one of the lines has been misprogrammed. Although the message kept coming up, I thought more of it because I could close it without any further ado.

Then I cam across the following posting in a Windows 98 newsgroup:

"I too deleted windos.exe. Nothing would run! I read the replies to you
and really got nowhere. I couldn't run regedit.exe! But, guess what?
There is a regedit help file! The instructions are as follows: Go to
Start, shut down, re-start in Dos mode and click OK. At the prompt (c:
\windows), type scanreg /restore. This will allow you to restore the
registry at an earlier date when it started correctly. [Not available in Windows 95.] So far, mine is working well."

Reply

"Just for information: WINDOS.EXE does not exist on a normal system.
It is a file that has been put there by the Trojan (other names are
also used - run.exe for example) to be 'associated' with .exe files so
as to get its finger in when any get run. The normal association is
%1 - i.e., the file runs itself. Going back to the earlier registry is an excellent thing to do in these circumstances. Also, if there is none that remains uncorrupted, using MS TweakUI - Repair page - Repair associations button, will normally restore the right setup."

The story continues...

Guess what? - I did a search for windos.exe and found it large as life in the C:\Windows directory. Since InoculateIT had detected the Trojan and I had deleted it, I had been plagued with all kinds of strange happenings on my PC that had never occurred before then. Outlook Express connections to the Internet would freeze, the ISP Dial-up window would freeze in place, requiring the three-fingered salute to get rid of it. Netscape would produce error messages that required a complete reboot to dismiss, and screens I had not brought up would come up on their own. Until I read the above posting, I had put this all down to the damage caused by the Trojan.

I right-clicked the file to check its Properties. Sure enough, it did not have a Microsoft version number, which all of Windows' .exe files have.

I made a copy of windos.exe on to a floppy disk, deleted the original in the Windows directory, and logged off using the Log Off option on the Start menu. It was true. This file had hijacked the system, because while rebooting Windows brought up a message saying that it needed the file to continue booting. So, I gave the floppy drive as the location where Windows could find the file and the log-on went ahead. I then used the Repair Associations option in the Repair section of TweakUI, deleted windos.exe, and logged off. Hooray! This time Windows did not ask for the errant file. Not only that, the message "Runtime error 216 at 00002021" was gone.

I sent the following e-mail to InoculateIT's technical support:

"I e-mailed your company when InoculateIT picked up this Trojan:
Win32.SubSeven.21.B trojan. I was told to delete it via the DOS prompt. I got rid of it, but while reading a Windows 98 newsgroup, I discovered that this Trojan sets up a file called WINDOS.EXE that takes over the file associations. I searched for this file and found it in the Windows directory. I made a copy of it and deleted it with a file shredder. As expected Windows needed it to operate file associations. I used MS TweakUI to repair the file associations, which then allowed me to delete the windos.exe file, which did not have an Microsoft version identification tab. So this file was definitely laid by the Trojan. What I need to know now is when I deleted the Trojan did that action disable windos.exe from giving an outsider access to my system? Has someone been able to access my computer via the Internet. I need a specific answer from someone qualified to give it, not just a standard reply. Perhaps you should make sure that others are warned about this file when they contact you about being invaded by a Trojan. A copy of the file is attached for you to investigate."

Then it occurred to me to search the Windows' configuration files for entries relating to the wcab32.com and windos.exe files. I found this entry under the heading [PROGRAMS] at the end of the Win.ini file: WINDOS.EXE="A:WINDOS.EXE" This is probably an instruction to load the file on to a floppy disk so that it can restore itself from an infected floppy disk if it is deleted from the Windows directory, but I could not find the file on any of my floppy disks. Then I made a search of the Registry by entering the file names in the Find dialog box, with all of the search options enabled. There were two references to each file in various places in the Registry that I deleted without incurring any adverse reactions after a reboot of Windows.

Always have a back-up copy of the Registry that can be used to restore it if any deletions prove to be fatal. In fact, you should not get rid of any back-ups of the Registry, because you can never be sure how far back your system was invaded by a virus. You need to restore a clean copy.

As a result of this, I run the Repair Associations option in TweakUI every time after having accessed the Internet. Because, as you will have noticed, certain e-mails are capable of making your system dial up your ISP automatically even before they are opened, so if you are not safe from interference from unopened e-mails, imagine what opened ones have the potential to do. In fact, as it is, I have to leave the password entry in the Dial-Up Networking settings blank to prevent such e-mails from connecting me to the Internet automatically.

Here is the reply I received from InoculateIT's technical support:

Thank you for your E-mail and attached file.

The file you sent us contained Win32.SubSeven.2x.ldr Trojan which loads the
original Trojan.

This is now detected with IPE virus signature update 288 which is now
available for download from our website.

A Trojan is a malicious program that masquerades as a legitimate program.
You should delete any file that IPE reports as a Trojan.

If the file is "in use" by the system, you will have to reboot the computer
with a "clean" bootable system disk and then delete the file from DOS.

A Trojan may look like it is a system file or a patch or even a game but
when activated, it runs some other malicious activity.

The Win32.SubSeven Trojan would have put an entry in your registry to run
WINDOS.EXE which would then try to load the Win32.SubSeven Trojan. If you
deleted the original Win32.SubSeven Trojan then WINDOS.EXE would not do
anything. You have done the correct thing and deleted this file.

SubSeven is a Trojan similar to Back Orifice. Unlike Back Orifice and
NetBus, SubSeven does not claim to be a legitimate administration tool.
These kinds of programs (sometimes called "Backdoors" or "Remote Access
Trojans") consist of a Trojan server and a client program. The server is
usually received as an email attachment which installs itself onto the
system when run. It may display a fake error message in order to make it
seem the program failed to execute.

When installed, someone can use the client program to connect from another
machine and control some parts of the system, ranging from opening and
closing the CD drive to modifying the registry, uploading files and
rebooting. It can also take screen shots, monitor keystrokes and steal
passwords from the infected machine. The server can also be set up to send
an ICQ, IRC or email message to someone to notify them of the computer being
open to attack.

---

Some Useful Information on the BubbleBoy Virus

(Also known as Netlog, or by its file name, Network.vbs)

This is a network 'worm' virus that can infect vulnerable computers without having to open an infected e-mail, or view and infected website. It travels the web and worms its way into your system if it finds it to be a suitable host for its replication activities.

I found the following information about it by reading the posts on the alt.comp.viruses newsgroup.

It is a Visual Basic Script (VBScript) program that makes use of the scripting language, which is built into the newest versions of MS Internet Explorer. VBScript can be added to Windows 95, but is built into Windows 98 because its Update feature requires it to function.

This particular worm is harmless. All it does is slow networks down very noticeably, replicate, and spread itself wherever it can. Apparently, it sends out NetBios requests (a networking protocol that is not necessary to browse the Internet, but which is installed by default in Windows 95/98), in a search for Microsoft-shared-network drives that can be accessed on the Internet. It is programmed to search for a shared resource called C (usually the C: hard disk drive) that is not password protected.

Unfortunately, there is no shortage of vulnerable targets, so the virus is replicating very quickly.

Although this particular virus is relatively harmless, others with the same access capabilities could act like a Trojan and worm into your system, phone home, and supply its creator with all kinds of information from your system. It could also delete files, or mess about with their contents. Apparently, it is even able to do so if you have file and printer sharing disabled under Networks in the Control Panel of Windows 95/98, so removing the file and printer bindings from the TCP/IP of the dial-up adapter does not provide the protection that we have been led to believe that it did.

The solution involves providing your system with the correct protection:

• Microsoft has provided a patch that closes a known backdoor entrance point in Outlook and Outlook Express. Download it from: http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm.

• NetBios/NetBEUI are unnecessary to have installed, as is IPX/SPX if you do not play games over the Internet, so removing them under Networks in the Control Panel is a good idea.

• Apart from providing the free ShieldsUp service that tests your system's vulnerability to outside influences, and offering for download the free (21Kb) utility OptOut that scans your system for Aureate/Radiate 'spyware', Steve Gibson's site at grc.com provides excellent information on system security. The most important of this advice is to separate internal (Intranet) and external networking (Internet) by a firewall, and to make sure that all shared hard disk drives are password-protected.

• The single PC linked to the Internet by a modem should have only the TCP/IP protocol installed under Networks in the Control Panel, have file and printer sharing disabled for it, and should have an regularly updated antivirus application monitoring the system while it is connected to the Internet, plus firewall protection of the kind provided by the free ZoneAlarm, which is available from zonealarm.com. - The latest version logs unauthorised access attempts that have been blocked, and deals with e-mail attachments that run by using the Visual Basic Scripting Host (have the extension .vbs), which can be removed from the system in Add/Remove Programs utility the Windows Control Panel.

---

WAYS OF IMPROVING YOUR PC'S SECURITY

Visit the PC Security: How to Make Computers Secure from Hackers, Viruses, Trojans, Spyware, Adware, and Phishing Scams pages on this site for a comprehensive introduction to the subject. Most of the information provided below is additional to the content on those pages.

Beware of cookies, the small data files that websites can place in folders on your hard disk drive. A third party with access to the information provided by the cookies placed on your system by two or more websites can obtain enough information to identify you.

Beware of free software, because it can contain secret 'spyware' that can monitor your browsing activity and phone it home. Read below about spyware, viruses, Trojans, security sites, and firewalls.

Beware of sweepstake sites. They are almost certainly just sites set up to obtain free marketing information - you name, address, e-mail address, etc. You are unlikely ever to win anything from playing the game, while they make money from the websites that you have to visit before you can play. The less information you provide to a site the better. You should think hard about providing anything more than an e-mail address to any sites that you are not using for business purposes.

Never assume that your browsing activities and the personal details that you put onto your computer are private. In other words, do not place social security, bank, or credit card numbers on your computer. Not even in password protected applications such as Quicken. There are cunning devils out there that are constantly coming up with new ways to invade your privacy. For example, there is a new software device called a web bug. With this technology, a web page is supplied with an image file that uses only one pixel by one pixel on the screen, a dot so small as to be invisible to when you download the page containing it. With the right programming, one of these bugs can track your browsing habits and patterns. Turning off the cookies in your browser has no effect. These bugs are programmed to connect to a specific server that can pick up your PC's IP address, so that no matter where you go on the Internet, you can be followed. If your Internet Service Provider (ISP) is one that uses dynamic IP addressing (gives you a new IP address, such as 462.614.695.257, every time you log on), you will be less vulnerable than if you have a permanent IP address, such as the one that an ISP such as CompuServe will have assigned to you. You might be surprised to know that in August 2000, the online retailer Toyrus.com severed its relationship with a marketing company when the company's use of these web bugs came to light.

MICROSOFT'S SECURITY SITE

http://www.microsoft.com/technet/security (Microsoft security patches, etc.)

"Cross-Scripting" can compromise your system. It has the potential to enable an eavesdropper to introduce executable code of his (or maybe her) choice into your system via a web session. Once the code has insinuated itself into the system, it is capable of doing things such as monitoring your web sessions and forwarding a copy of the screen to the eavesdropper, and even of changing what is displayed on your screen.

Such a script also has the ability to make itself persistent, so that the next time you return to the website, the eavesdropper's script would start running again automatically.

Many sites require the cookies and/or Java scripting options to be turned on to enable access (Hotmail, for instance, requires cookies enabled) or to work properly, so disabling them can be more of a nuisance than anything else.

Good news! - There are reputable websites that can check your system's vulnerability to secret invasion from outside sources. Their tests use the same techniques as the hackers. One of the major players in this area is Steve Gibson of Gibson Research, whose site at http://grc.com/su-firewalls.htm provides some very pertinent information on how to protect your system by using a firewall. He also runs the ShieldsUP testing site that can help identify your PC's online security problems. Go to his page at: http://grc.com/default.htm for information on testing your system, and to this page to allow ShieldsUP to put your system to the test: https://grc.com/x/ne.dll?bh0bkyd2.

The Security page on this site contains links to other security-testing sites, and other security-related sites.

If you visited the above websites and you were ignorant on the subject, you now know what a firewall is. Firewall utilities are usually commercial products, but you can obtain a good one for free at .

Yes, ZoneAlarm is providing their personal Firewall of that name free of charge. This utility blocks unwanted access from outside, but also alerts you if a website or Trojan invader tries to return data from your PC for the use of an unknown outside source. It does this by asking you to give confirmation every time a program accesses the Internet, or an outside source on the Internet tries to access your system. The Programs tab of the control panel shows any program that has already had access to the Internet or a LAN with a question mark against it. This means that ZoneAlarm will ask for permission before allowing that program access to the Internet (or a LAN). You can give permanent permission to any program (that appears in this window) to Allow connect or Allow server (to act as a server), such as Internet Explorer, Netscape Navigator, a download program such as Go!Zilla, or an FTP program such as FTP Explorer. There are a few other setup options that are self-explanatory, such as the level of security and setting locks to prevent particular kinds of access. If a website or IP address tries to access your system, ZoneAlarm asks if you want to grant it access, and provides you with the IP address in the query window so that you can use your browser to make contact with the source. You can also obtain more details by clicking the More details button, which takes you to the ZoneLabs website that provides all of the available information. The IP address is given in its number form, such as 92.41.41.144, so to find out who is behind the intrusion all you have to do is enter http://92.41.41.144 in your browser's search dialog box. - In short, the setup of this program could not be more user-friendly.

"Spyware" from the Aureate Media Corporation...

This corporation produces many free products, such as the free Go!Zilla download utility. However, these products install a file called advert.dll, over half a megabyte in size, that has the capacity to download information from your system over the Internet to unknown destinations. The company itself says that it only uses this facility on these sponsored products to upload and cache new advertisements and delete the old ones. However, you should be aware that you are leaving the data on your system open to abuse if you have any of these Aureate programs installed on your PC. Use Find to search for the file advert.dll and then right click on it, click the Properties tab, and the Version tab will show you the name of the company that created it. Also, if you open Start => Run and enter regedit, click Edit => Find of the Registry Editor, and enter Aureate in dialog box, with all of the search options enabled, it will bring you to a place in the Registry that will provide you with the names of Aureate programs that have been installed on your PC.

[Note: According to Steve Gibson of the Gibson Research Corporation, Aureate now calls itself Radiate.]

If you disable the advert.dll file by making it a read-only file, the products that use it, such as Go!Zilla, will no longer function. To make sure that these programs are not constantly downloading data from your system, make sure that none of them are loaded at startup. If they are not loaded as background programs, they cannot be activated while you access the Internet. Alternatively, you could uninstall the program and reinstall it only when you want to make use of it.

Note well that Computer Associates, the creators of InoculateIT anti-virus software, now renamed as E-Trust, stated in their newsletter of 18 December 2000 that having tested Radiate/Aureate software, they did not find it to be 'spyware'.

These are the areas of your system from which programs are activated at startup:

Startup items in [windows] section of the Win.ini file:

[To edit the file: Start => Run => enter sysedit]

Load=
Run=

Startup items in the registry:

[To edit the Registry: Start => Run => enter regedit]

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

The StartUp shortcuts to programs that appear in the Programs menu (Start => Programs => StartUp)
can be removed from the Startup folder that can be accessed in Windows Explorer at:

C:\WINDOWS\Start Menu\Programs\StartUp

DOWNLOADS

Download Startup Control Panel by Mike Lin from mlin.net if you want insert this utility that shows the whereabouts in the Registry of the startup programs that can be safely be disabled, removed, or transferred to another location within the Registry from the Control Panel. There is also a Windows 98 utility (does not work in Windows 95) called Startup Monitor that you might like to try. Both are small and free.

DesktopShield 2000

From SysOpt Express
Wednesday, May 31, 2000
The weekly newsletter of sysopt.com

"This security program for your desktop is tough to beat. It prevents access to your computer whenever you want, and cannot be circumvented with CTRL-ALT-DEL. A log file shows attempts to access your system, so you'll know if someone has been trying to tamper. You can opt to have the replacement desktop look like your own setup, or display something different. Set it up to load on bootup, and no one can circumvent it by hitting the on/off switch. Anyone who needs to protect data from prying eyes, or simply wants to control children's access, can use DesktopShield.

---

Hard disk drive data erasing software

You can find lots of data-wiping or free-space-erasing programs. Click here! to go directly to Freeware and shareware sites on the first of the four Links pages on this site. Also try using the Google search box at the top of this page (enable the Web Search option on the first search page).

A program called Eraser that can be trusted to get the job done properly can be found here - http://www.tolvanen.com/eraser.

An Austrian computer scientist of repute, who specialises in data recovery, has concluded that someone, say a government agency, with the right very expensive equipment, could still recover the original data after it had been overwritten more than a dozen times. The solution, according to him, is to overwrite the file with specific patterns of bits, a total of 35 times. The above-mentioned utility is the only one I have come across that can do this. This is why it has to be more trustworthy as a data eraser than most of the others, which do not have the ability to erase the data deeply enough.

---

Cookies

Beware of cookies, the small data files that websites can place in folders on your hard disk drive. A third party with access to the information provided by the cookies placed on your system by two or more websites can obtain enough information to identify you.

I have discovered that a few concerns are responsible for the cookies from a wide variety of sites. In other words, websites are downloading cookies on to your hard disk drive that are supplied by third parties - usually advertisers. That is why, unless there is a specific need to have a cookie installed in order to use a site, I get rid of all of them. These are some of the names that these cookies go under - ads.link - avenuea - doubleclick - engage - flycast - locallink - hitbox - linkexchange - netadsrv - office - pinbox. One of these concerns could collect quite a bit of information on your browsing habits, and if they collude with each other (not unlikely given the scruples of these people), and the site owners, they could complete the jigsaw puzzle, so to speak. Say, you entered Computer Shopper magazine's competition on its website. You would have supplied your name, address, e-mail address, and telephone number. There is a checkbox that you have to fill in order that your details are not shared with third parties (the advertisers). If you do not check this box just once when entering the competition, the advertisers will be supplied with all of your details and will then be able to marry those details to the cookies they download on to your hard disk drive, because, as you will notice, the name entered in Window's Registry as your registered name is appended to each cookie. For instance, if you entered the name D. Robinson as the registered owner of your copy of Windows, a cookie placed on your hard disk drive would typically look like this - d.robinson@spinbox[1].txt. If you want to falsify the name Windows registers, all you have to do is open System Properties (right-click My Computer and select Properties). The registered name appears on the General tab. You can change it by entering the word regedit in the Start => Run dialog box. Then use the Edit => Find to search the Registry for that name. By right-clicking any Registry key containing the name, you will be able to use the Modify option to change it to any name you like. Just be completely consistent. If your change the name to M. Dickens, make sure that you enter the full stop and the capital letters exactly the same every time. You can use the F3 key to Find Next. Back-up the User.dat and System.dat files (the Registry files), in the Windows folder, just in case you mess things up. You can use the Registry => Export Registry File in the Registry Editor to save back-ups as .reg files. All you have to do to incorporate a .reg file into the Registry is click it, or right-click it and select the Merge option. Should anything go awry, you could restore a back-up, or merge a .reg file in Safe Mode, which can be selected as the boot option by pressing the F8 key at the right time during the boot process. Note well: you make any changes to the Registry at your own risk!

---

Web bugs

Never assume that your browsing activities and the personal details that you put onto your computer are private. In other words, do not place social security, bank, or credit card numbers on your computer. Not even in password protected applications such as Quicken. There are cunning devils out there that are constantly coming up with new ways to invade your privacy. For example, there is a new software device called a web bug. With this technology, a web page or HTML e-mail (one composed using HTML, not a plain text message) is supplied with an image file that uses only one pixel by one pixel on the screen, a dot so small as to be invisible when you download the web page or HTML e-mail message containing it. (Most newsreaders can be set to send e-mail messages in HTML or plain text modes.) With the right programming, one of these bugs can track your browsing habits and patterns. Turning off the feature (in your browser) that allows cookies to be stored has no effect. These bugs are programmed to connect to a specific server that can pick up your PC's IP address, so that no matter where you go on the Internet, you can be followed. If your Internet Service Provider (ISP) is one that uses dynamic IP addressing (gives you a new IP address, such as 462.614.695.257, every time you log on), you will be less vulnerable than if you have a permanent IP address, such as the one that an ISP such as CompuServe will have assigned to you. You might be surprised to know that in August 2000, the online retailer Toysrus.com severed its relationship with a marketing company when the company's use of these web bugs came to light. - A software firewall such as ZoneAlarm can alert you when any program, including a web bug, attempts to send information from your PC to an external source.

To put the dangers posed by web bugs and cookies, the following extract comes from the LangaList Standard Edition of 2001-06-28 by Fred Langa (langa.com).

Bugged By Web bugs?

Web bugs are normally tiny, invisible graphics (usually 1x1 transparent
GIFs), but there are other kinds, and reader Leslie Coke has run into
some:

*Any* image on a web site or HTML e-mail message can be used
as a web bug. I have noticed that they are definitely being
used in some of the advertising e-mail that I receive. They
usually add parameters to the URL of the image that are unique
to my e-mail address. All they have to do later is mine the
web server logs for all references to the image URL. The more
information links also consist of additional parameter data so
they can track click thru's as well. All the major search
engines are now using click thru's also.

You're right, Les, and one of my main points about web bugs is that
they're not special at all--- any graphic or any link can act as a web
bug, including photos, drawings, logos, standard URLs, etc. And even the
small 1x1 version is still just an ordinary, standard, static GIF, like
any other.

As such, Web bugs "report" or "track" no more and no less than any other
graphic or link can. But because they're called "bugs," people think
they have special powers or abilities, or contain some kind active
spying technology, like a telephone bug. They do not.

Another reader wrote in to say that I was wrong about Web bugs and
Cookies--- he didn't want "these programs" tracking him!

If they were programs, I'd agree. But they're not. In fact, they are not
active in any way at all. Usually the only way a cookie or bug can
become associated with any private, personal data is if you
*voluntarily* provide private data by filling out a form on a web page
associated with the cookie or bug. If you don't give out that data, then
almost all the web bug fear-fantasies simply collapse. With no private
data to work with, the bugs pose no risk to your privacy.

OK, you might say, but isn't it at least *possible* for bugs and cookies
to be used for evil purposes?

Sure. But the chain of events needed to pull off a true covert privacy
breach via Web bug--- that is, using a bug to obtain truly private data
without the knowledge and, at some level, *cooperation* of the person
being targeted--- is so remote as to be almost silly.

Consider this argument-by-analogy: Each year, a few of the Earth's 6+
billion humans are killed by elephants. So, it's 100% true to state that
statistically, the odds of you dying under the flat feet of a pugnacious
pachyderm are NOT zero. It *could* happen. But for most of us, the risk
is so small--- and so easily avoided--- that it makes no sense to equip
ourselves with anti-elephant technology. (And if you don't believe me,
then perhaps you'll want to buy this marvelous little program I wrote:
It's 100% guaranteed to prevent elephants from stepping on your PC, or
your money back! <g>)

Reasoning in the same vein: The risks from bugs and Cookies are also
nonzero, but small and easily avoided. With just a little common sense,
the risks from Cookies and bugs drop so low they're just not worth
worrying about.

But all the above doesn't matter to some people: It's almost as if they
*want* to believe that Cookies and Web bugs are somehow actively spying
on them, or "looking over their shoulders as they surf," even when you
can conclusively prove that most Cookies and bugs are utterly harmless.

At one frightening end of the spectrum, I've received email from what
seem to be seriously disturbed individuals who believe that unnamed
"someones" are out to track their every keystroke and click; believing
that their click stream is somehow incredibly valuable or interesting to
others. Let me tell you, some of these emails are *really* out there,
and the writers seem to be a few short steps from full-blown delusional
paranoia. Scary--- and sad.

But even at the gentler end of the anti-Cookie, anti-bug spectrum,
there's something that appears to me to be a form of mass hysteria. I
think there's a psychology thesis in all this for someone. 8-)

As the current InformationWeek.Com "LangaLetter" explains
(http://www.informationweek.com/843/langa.htm ), all security risks are
NOT equal. Some are very real, and require high vigilance. Others are so
small and easily managed that they can be mostly ignored. In that vein,
believe that with basic precautions, Web bugs and Cookies become such a
tiny risk that going all-out to eliminate them is simply a waste of
time.

Check out the InformationWeek.Com article, get the scoop, and if you
don't agree, please let me know: If my reasoning is off track here, I'd
love to know why or how. Join in the discussion!

http://www.informationweek.com/843/langa.htm

---

======================== Support Alert ========================

www.techsupportalert.com/

FROM THE EDITOR

I recently had an experience that would strike terror into the heart of any computer user.

Late into the night I was checking out web sites recommended by subscribers. It's an activity I enjoy as the quality of these suggested sites is usually very high indeed.

I arrived at one site which was recommended as a "stunningly good security resource". From the moment the first page loaded it was clear that this site was not what I was expecting.

The opening page had a black background and the border consisted of red Flash animated flames. The centre of the screen was blank. Then, after about 15 seconds, the "fun" started.

A message appeared suddenly saying that I was going to regret visiting this site. This was followed by a violent animated display of a computer being smashed.

At this point I decided I'd seen enough so I reached for my mouse to shut down my browser.

Then the first shock. My mouse was frozen.

I then reached for the keyboard and typed in ALT F4 to shut down Windows. No response, the keyboard was dead.

I then noticed out of the corner of my eye that the Norton Anti-virus icon had just disappeared from the task bar tray. As I watched helplessly the icon for my Sygate Personal Firewall Pro vanished as well.

Quickly I reached for the power switch and turned the machine off.

I rebooted in safe mode with the LAN cable unplugged. Everything looked OK so I rebooted normally. That too went fine. No real damage had been done. Knowing that I'd have to give the machine a thorough checkout, I went to bed.

Next day, having reflected on the incident, I came to some sobering conclusions.

Firstly, if this could happen to me it could happen to anyone. Perhaps more so. At least my PC has all the latest Windows XP and Explorer updates installed. On top of that I update my virus scanner signature files daily and I run two firewalls. Not perfect I know, but probably better than many end-user machines.

Secondly when the incident occurred, I knew what to do and did so quickly. As a result no permanent harm was done. A lot of users would have taken much longer to react and their PC could have been totally trashed.

Thirdly the problem I encountered was almost certainly a JavaScript (JS) or ActiveX (AX) exploit of some sort. The reason it worked was because my browser was set at the "Medium" security level which allows JS and AX execution.

Now normally I surf with by browser set to the "High" security level which disenables these functions but on this particular night I had set the level lower because another site I had visited wouldn't function correctly at the high setting. I had simply forgotten to reset the security level when I left that site. This had left me vulnerable. Mea Culpa.

Before you chastize me for the oversight please recall that "Medium" is the default IE setting and consequentially that's the setting most people use. That's the setting many of you reading this newsletter will be using right now.

So here's the lesson; learn from my experience and reset your browser security settings immediately. It may just save your bacon.

From Internet Explorer select Tools/Internet options/Security and then just push the slider up from "Medium" to "High".

From time-to time you'll find a site that won't work with this high security setting but you can easily lower the setting to medium for browsing that site and change it back when you exit.

This may be an occasional inconvenience but it's worth it. Believe me, I know! - Robert Schifreen

PC Buyer Beware! Copyright © Eric Legge 2004-2012. All rights reserved.