packman

This kind of disaster just goes to show that not only is the human race itself volatile but also that the very crust of this planet that we live on is equally unstable. Fortunately, earthquakes of this particular type and scale are rare. However, it's a sobering thought that the Pacific Ocean is littered with minor underwater quakes and every year minor tsunamis are recorded. Of particular concern, though, is a potential mammoth tsunami sitting off La Palma in the Canary Islands, just off the north-west coast of Africa. La Palma is noted for its unstable volcano on the coastline and for it being on a tectonic line of the American-African plates. Geologists have been warning that when that volcano next erupts or when there's a significant tremor there (which could be at any time), half the coastline will fall into the ocean and cause a tsunami of epic scale. It'd make the Asian tsunami look like a trickle, they say. The tidal wave generated would travel the width of the ocean and completely wipe out the entire eastern seaboard of the USA, obliterating places like New York City, Boston and Miami. Parts of the Caribbean and of Europe would also be affected. There seem to be few, if any, plans to mitigate the effects of such events. At least, the public has not been educated about this and told of any contingencies. This is rather worrying. If, in Asia, this is what we get as a result of a 9-point quake on the ocean shelf, just think what the devastation anywhere in the world would be if a small asteroid were to hit. (Sorry to be alarmist). Religion needs to be put aside and the world needs to unite on such matters. Hey, but that's too much to ask for. We humans are flawed and will never learn the errors of our ways.

Actually, those Nero guys provide some downloadable removal utilities of their own at Nero.com. You need to search on that website quite carefully to find them, though. There's the General Clean Tool, for example, which removes all signs of previous versions of Nero, including Registry entries. There's a similar tool just for InCD as well - InCD Clean Tool. So, you'd have been better off using these, probably. The latest v5.5 update is v5.5.10.56 and the latest InCD is v4.3.0.5. You'd need the serial/product no. from a previous valid version of Nero to install these. Note that some burner drives require a minimum version of Nero or InCD in order to work properly. Crosscheck your particular burner with the compatibility information at Nero.com or at Ahead.de.

Well, how exactly did this friend 'reinstall' Windows 2K? By formatting the hard disk partition in which it sat and then running the Win2K Installation CD? When reinstalling Win2K from scratch, the order of installing should be: Win2K Service Pack 4 for Win2K (or SP3, if you wish) Latest chipset drivers (AGP and IDE drivers) Latest graphics driver Only after these have been installed and you can see that Windows is booting up correctly should you then proceed with installing any further Windows updates, utilities or applications. With Win2K, using 'Last Known Good Configuration' seems to be a complete waste of time, as are usually other attempts to 'repair' it. The best strategy always seems to be a re-format of the hard disk, in which case you will need a backup system, if you don't want to lose all your personal files.

Just want to check with you all as to whether there are any known problems in using Ghost 2003 with DVD media. Know of any? I vaguely recall someone on this Forum discussing backup to DVD, using Ghost, some while back, and I believe they were having some problems. To date, I've used CD-RWs for backing up my system under Ghost 2003 and had no problem, but now I want to change to using DVD+RWs instead. OS is Win2K SP3 (shortly to be SP4), and I keep Ghost up to date (LiveUpdate).

Alecstaar, Doesn't use of Firefox, instead of Internet Explorer or any of the other popular browsers, help avoid masses of spyware? Have you tried Firefox yourself, yet?

Alecstaar, You seem to be saying that removing spyware is pretty straightforward. Well, I've never found it so and a long time ago I gave up trying to do anything about spyware, as bad as I know it is. It seems to me that all the anti-spyware utilities that are around rely on the user, at the end of the day, to decide on which lumps of spyware to delete and usually, in so doing, the Registry, or Windows generally, gets screwed up. Frankly, I think it's better to just leave it alone. On the other hand, if you know something that I don't, please educate me! [Windows 2000 + SP3, shortly to become Windows 2000 + SP4 (after a re-format and re-partitioning)].

Another lesson learnt, perhaps - that one should always get the backup software to check the integrity of the backup before it's assumed that the backup is completed and can be put away.

You have my sympathy, Eric. I know what it's like to lose important data in that way. (Not that I've ever had any problems with Ghost 2003 - touch wood - but I once did with Drive Image). Regardless of what happens now, might I suggest that in future not only ought you to do full backups of your root drive but also copy to a CD or DVD all your personal files (like My Docs). What I do is partition my hard drive several ways, one partition being reserved for just documents and drivers and utilities, copied across from the root drive (drag n' drop). I also periodically copy these to a separate DVD. This way, if Ghost ever goes belly-up and I can't restore, all will not be lost. As soon as I could re-format the root drive and reinstall Windows, all those personal files from the other partition could then be rapidly copied back. Even if that partition got wiped, I'd still have the DVD copies. Backup, in my experience, needs to be multi-faceted.

Sorry, you've got that completely wrong, Scintex. 500K (or thereabouts) IS "half a meg", but in Internet line rates it's assumed that it's bits/sec being discussed, not bytes/sec. The difference between bytes and bits is a factor of 8, not 10. The fact that you're getting "61K" means you've either signed up for a slower service than you intended (60k bits/sec ISDN) or you yourself are converting down by a factor of 8. In other words, if you've truly signed up to proper Broadband, your average download rate should be around 500K bits/sec, less some for the error retransmissions due to the imperfections of the line. You yourself are probably getting around 480K bits/sec.

I can't comment in detail, Waffler, because I don't even have Broadband myself, but my understanding is that there are several grades of Broadband available from most service providers. 500K download speed seems to be very reasonable. However, that's usually the MAXIMUM speed, your actual average speed depending on contention, the distance between you and the exchange,and the quality of the cabling between you and the exchange.

Yes, you normally need to delete individual partitions before you can resize and reformat them, and Win2K and WinXP have easy facilities for doing that on their installation CDs (forget about FDisk, as that's history now, and was a pig to use, anyway). So, run the XP installation CD and, at the appropriate point in the Setup (it'll become obvious) delete the existing partitions. You'll of course lose all your existing data, so ensure you've made a backup of important data beforehand. Within the same procedure, repartition the hard drive and also reformat the partitions. BTW, I think you meant "un-partition", didn't you? Not "unpartician".

Irrespective of whatever else you do, it might be sensible to go into your System BIOS and enable Reset Configuration Data. Allow the machine to then boot into Windows. As it does so, it'll re-detect your various hardware components and, where appropriate, reinstall their drivers. The RCD setting in the BIOS then puts itself back to its original state.

Yes, I've had this problem as well, only with an earlier version of NIS. The ping alerts are from remote machines that are looking for Trojan-type vulnerabilities. The alerts can occur quite frequently. In my version of NIS, there's a configuration setting for apparently turning off these alerts but it doesn't work. What I did find that helped, though, was blocking Port 135. Do a search for this at Symantec's site and you'll get instructions as to how precisely to do it. First, though, run the online firewall and a/v check at Symantec's site. Believe me, it can show up things you've probably not closed off properly. In the results, ask for details to be shown. I found that closing off Port 135 helped but didn't totally stop the alerts. As for downloads, whilst there are a few websites on the Internet that require the firewall to be disabled, normally you shouldn't need to disable your firewall. It's highly risky. The need to do so might indicate a not-so-appropriate cookie or Java or Active-X setting.

Mine's Ghost 2003 as well. Never had a problem with it yet. Why waste DVD-Rs? Why don't you backup to a DVD-RW? Keep two such backups at a time, up[censored] one each per session. DVD-RWs or DVD+RWs can be erased and re-used (eg. use the Erase function in Nero). Backup all your core software on to the DVD-RW/DVD+RW - operating system, essential utilities, OS security updates, firewall/antivirus updates,etc. Load your apps and personal files each time separately. This will ensure you always have a clean workable restore, and will certainly reduce the time to a full restore. Re USB devices, do understand that you must configure Ghost appropriately before starting a backup process. You'll find that there's a configuration setting that you must make, for external USB devices, in the Options part of Ghost. Something else worth considering - in addition to backing up to a writeable external medium - is to keep aside a separate partition of your main hard drive and to keep a Ghost backup of C: in that. (It'd need to be at least the size of the used part of your C: partition). As long as you know that, at any one time, it contains 100% good data, you can restore from that partition instead, and very quickly! All in all, for backup, it's best to keep a number of options around.

Are there any Norton firewall experts out there who can tell me why I'm unable to stealth-block a persistent Trojan scanner? OS is Win2K SP3. The firewall app is Norton Personal Firewall, part of Norton Internet Security. I've ensured that the firewall is reasonably well configured. The problem is that every day now, for about six months, I'm continually bombarded with Trojan attacks. These are blocked by NPF but, with each, an alert is signalled on the screen and has to be investigated and serviced, otherwise (apparently) the block is lifted after 30 mins. But with this obvious scanning Trojan hitting my machine every 15 secs on occasions, I think you can see that this situation's intolerable. The source originates from ever-varying IP addresses and possibly comes from a number of infected machines somewhere on my ISP's customer network. The variation in IP address is very wide and, anyway, many of the addresses are in the same range as that of my ISP, so I can't selectively block. Incidentally, my machine is clean. There are no outgoing comms to unknown machines. Neither is my machine on a network; it's standalone. I traced the incoming addresses as being machines on the same international network as my ISP (Tiscali) but when I informed Tiscali, they didn't want to know. So, I'm left to deal with the problem myself, at my end. In Personal Firewall/Intrusion Protection, I've got the following two settings checked: Detect Port Scan Attempts Enable Autoblock Autoblock, according to my Norton handbook, prevents a scanned attack from gaining access to the system, so keeping that setting checked seems sensible. However, there's some ambiguity over the "Detect Port Scan Attempts" setting. The handbook recommends enabling this if you want to be notified when the firewall detects a port scan. However, elsewhere, Norton states that Trojans and the like will only be blocked if first detected, which implies that you must always have "Detect Port Scan Attempts" checked. So, what's the correct position, here? Would it be safe to uncheck "Detect Port Scan Attempts" and just keep "Enable Autoblock" checked, so that I don't have to keep servicing the alerts? Or are those two an AND function? I can't test this in any secure way, as I get constantly scanned. What gives with the 30-minute limit on the autoblock? Surely, a firewall, once configured and with an up-to-date database of definitions, should permanently block - period? Incidentally, in the Customise section of Personal Firewall Settings, there's a related setting called "Alert when unused ports are accessed". I've had that unchecked for a long time but it's not stopped the Norton alerts for this Trojan.

Certainly, since closing that Port 135, the scans have been much less frequent, so it looks as though it was worth all that investigative work, in the long run. Oh, of course, I realise that if I were to buy the latest version of NIS, I could get the upgrade version, at a discounted price. But, who knows, that bug might have been carried across even into the latest version?! Unless Symantec are willing to communicate with me, they, me and other users will perhaps never know. I must say I find their latest policy on support somewhat offputting (ie. no one-to-one e-mail support, unless you pay for it). Actually, I'm starting to have a look at Firefox. Looked into that yet, Alecstaar? If so, I'd like to hear your view of it. A couple of my contacts have already been trying out v0.9 and are reporting that it works very well. If it does all that it claims, then perhaps those who choose to use it can say goodbye to all those browser-borne viruses, spam, adware, pop-ups and other crap.

Yeh, I second that view, Alecstaar. Thanks for your indulgence in this issue.

I returned to Symantec's site and did a search on "Port 135" and, low and behold, an issue concerning its security popped up. Fortunately, Symantec gave clear instructions on how to stealth-block that port within NIS (NPF). I duly made the changes and then went back to Symantec's site and re-ran the online security check. That confirmed the now water-tightness of my firewall. However, it HASN'T STOPPED those accursed alerts!!! They're still occurring. I reckon there must be a bug in NPF and I've now e-mailed Symantec about it. This doesn't affect security, it's more that the constant stream of alerts is terribly annoying and there appears to be no means of turning them off. What seems to be the correct configuration setting for that simply doesn't work. Mind you, my particular version of the firewall is no longer supported by Symantec, so they might have corrected the problem in more recent versions.

Alecstaar, It might surprise you to learn that, for about 18 months now, I've had Messenger service turned off completely, ie. stopped. I've had it like that in order to stop Messenger-type spam being received. I was plagued with that sort of spam for a long time but finally stopped it in its tracks by turning off Messenger completely. Any more ideas?

Alecstaar, If you're still there, just the other day I tried unchecking the "Detect Scan Attempts" in NPF but found that it certainly didn't turn off the Alerts. I also tried hiding the Alert Tracker but that also was fruitless. The scans continue to come and I continue to get alerts each time from NPF. Fed up with this situation, I went back to Symantec's website and ran a more detailed security check on my machine. The only vulnerability it found was Location Service (loc-srv). I've no idea what that is but, anyway, the Symantec test found that the port on which it runs is open and is vulnerable to hackers. I gather that the port in question (I'm not giving its number here, for obvious reasons) is used to direct Remote Procedure Calls. The remainder of my firewall is completely stealthed, according to the results. So, is there any way that I can close (stealth) that port, and do it without screwing up my Internet usage?

I'm afraid you've rather lost me there, Alecstaar. However, I have to admit that, in the user-configurable section of the Norton firewall that deals with outward processes, GHP for Win32 Services is listed, and in such a way that it's clear that normally it's intended to be enabled, not blocked. By having it blocked ever since I last installed Win2K, I've not experienced any problems with processes that have needed to access the Internet.

Hmm, that's interesting. That svchost process has been linked with the picking up of viruses. In various forums, I've seen people commenting on it and, like me, some have blocked Generic Host Process for Win32 Services as a result.

Jerry, as an aside, in Internet Access Control (IAC), should the application Generic Host Process for Win32 Services be permanently blocked? I've never been sure about that one. Note that, in the Configure button of IAC, the Sokets de Trois v1 trojan is among many that are automatically blocked for the apps in that list. These are, of course, outgoing connections and nothing to do with the inward scans that I'm trying to avoid servicing.

Jerry, Does simply hiding the Alert Tracker (the globe at the edge of the screen from which the Alert pop-ups emerge each time) cause the alerts not to be shown? (Obviously, what I want is for the firewall to continue to block these scans but, on the other hand, to turn off the alerts so that I don't have to keep servicing them). I also need some insight into the "30-minute" rule.

Alecstaar, Re your PCI Latency query, would it be completely daft of me to ask if you've thought of e-mailing Adrian (he of Rojak's Pot fame), to ask him directly for the definition of that parameter?