packman

Jerry, please appreciate that I'm no longer in any gainful employment; I had to stop working because of my ill-health. Yes, I worked in an R&D lab, developing all kinds of new computer-based systems - but never working directly on desktop computers as we now know them. For us, computers merely were a tool. In their 'personal' form, they didn't really begin to gain much prominence, anyway, till the late 1980s. Retirement for me is no picnic, I can assure you. Money with which to pay all the bills is extremely short (just because I Was a professional didn't mean that I was paid a lot; in fact, quite the contrary). But, despite my health problems, I struggle on with my technical and musical interests, here at home. I contribute to a number of forums on the Internet, both technical and non-technical, using my knowledge and experience to help others. I get a lot of satisfaction from that.

Jerry, Certainly on my version, "Autoblock" and "Detect Scan Attempts" are side-by-side. I get the feeling, though, that if I turn off "Detect Scan Attempts", I'll effectively be turning off all intrusion protection. It's that that I'm unclear about. I can't afford to take the risk. There might well be a more suitable setting elsewhere, but I've not found it.

Jerry, Any answers for me yet?

Alecstaar, I've taken a look at the 27573-1 thread but I'm afraid I can't really help you. I think you must have assumed I was a chipset designer but, no, over my 30+ years career I was involved in ALL SORTS of analogue and digital design work, at both component and system levels (but never at chip design level). Not just to do with computers. These were newly thought-of mechanisms, on the part of myself and my colleagues. In fact, at my place of work I was always so busy with pushing on with new ideas that I never got the chance to use a desktop PC, as we know today, and I had to learn for myself when I finally left that employment and was on my own at home. I rarely ever look back on such matters, I always look forward, and continue to ask and learn from as many sources as possible. That's just the way I am. I suspect you're the same. As for your PCI timing query, therefore, I can't unfortunately help you. I have, of course, encountered BIOSs where PCI timings have been settable and I can remember a Via chipset-based m/board I used a few years ago where, like you, I experimented with the PCI latency timing. However, I found that varying the original figure (32) by as much as 100% (upward) made no detectable difference to the board's performance. Generally, it wasn't recommended to tweak the latency too much, especially downward, so I just left it at the 32 setting. After all, I'm not a 'total performance' freak, when it comes to my PC. I value system stability more than speed performance. Reading that thread, though, I'd say that FourandTwenty has got it just about right. Note that generally, in digital timing analysis, "latency" is viewed as a negative property of a logic state, but its meaning may well have changed in recent years ("latency" meaning that the state/device/whatever is hanging around, wasting time, until some other transition occurs). So, I think it might well depend on the precise circumstances as to whether a larger value (thereby allowing a parallel process to proceed in its place)would render a larger overall bandwidth, or whether a smaller value would, instead. As for Adrian's Rojak Pot, yes, I agree that that's a running bible on BIOS settings, and generally he's right. He does update his Guide from time to time, though, so have you looked again lately?

Alecstaar, I'm a 57-year old retired professional electronics engineer. I've been retired for a few years now, due to ill health. I used to work as a design engineer amongst physicists, so my skills are first and foremost in hardware. What I know about computers, the Internet, security, etc is all self-taught, since I left my employment. My computer, its peripherals, and the applications I run are one of the few interests I can pursue these days, given a severe drop in income and limited mobility.

Alecstaar, I've tried that netstat command. In fact, there are various switches for it, which give different levels of display. I've tried nearly all of them but not obtained a listing that looks anything like yours. Quite apart from that, I'm not at all sure how to export the results to this forum topic but if I rt-click on the Command Prompt screen, it looks like Edit/Select All can be done, so presumably there's a way of doing Copy and Paste, or something like that? I wasn't sure, anyway, whether you meant for me to execute the netstat command while offline or, instead, while connected to the Internet. I tried it both ways and, in the offline case, got just 7 active connections listed, whose States were all listening. Online, 21 connections were displayed, of which most were listening states, a few established states. BTW, I'm not going to display my results here, anyway, as I don't know enough about this feature to convince myself that I wouldn't be openly publishing some vital information about my system and so unwittingly compromising my security. After all, I don't know you from Adam, to say nothing of other forum users who might be reading this topic. The listings available under the netstat command (at least, on MY Win2K machine) do not look like anything you've displayed (no virus names at all are in my lists), in any event. And that's having tried the different switches. All I'm prepared to inform you is that my list of active connections are tabulated into four columns: Protocol Local Address Foreign Address State In the offline situation, the first six protocols are TCP, with the seventh UDP. Under TCP, there are no Foreign addresses listed. Each Local Address includes the name of my machine, along with what appears to be a process/port no. That's about as much as I'm prepared to divulge. The online case is very similar, except that there are one or two established States there (which I imagine is probably normal).

Again, thank you, Alecstaar, for trying to help. Let me point out, however, that I DO very much appreciate that these are scans and not necessarily a connection with a damaging virus of itself. The NIS handbook explains this time and time again and I've read the handbook many times over. The difficulty I'm encountering is being missed here, though. All I'm needing is someone with some expertise in configuring NIS or NPF to advise me as to how I can turn off the alerts in a reliable and safe way. It's the alerts that are proving to be tiresome. Also, I need to know precisely why there's apparently only a 30-minute block on such scans, in NPF. The thing about all non-pro firewalls is that it doesn't take much in the way of misconfiguring to lay yourself open to a true infection. Unfortunately, the way in which Symantec have referred to the controls in the firewall on Intrusion Protection has led to some considerable ambiguity and so users like me are left in some doubt about fiddling with them. As for your own comments, I'd like to point out that I've been using the word "attacks" in a very loose and general security sense. And I've referred to a "person" in the sense that someone must have originally sourced the scan, even though many other machines may have been hijacked in the meantime and may be participating. I might try the DOS-based search you've mentioned, for showing the ports scanned. However, I don't profess to be as expert as your good self, so cannot guarantee that I'll be able to interpret the screen results, if any.

Alecstaar, thanks for your thoughts on this. You do, however, underrate Norton somewhat. NIS, in fact, gives quite a lot of detail on attacks, even pre-cursor ones. For instance, it logs the sender's IP address and other information each time. It's identified these particular attacks as from the "Default Block Sokets de Trois v1" trojan horse virus. And, once again, I DO assure you that redialing (if that were a tolerable remedy, which it isn't) DOES NOT stop this scanning Trojan. It might delay its onset for a few minutes but thereafter the attacks are as regular and as varied as before. These sorts of attacks on my machine began about six months ago. They've been associated with not just this particular Trojan but with other backdoor types as well. At first, the alerts didn't occur that often but the person or persons behind these Trojans has clearly stepped up the regularity of the scans and, no doubt, has managed to infect many other machines (probably mostly on my ISP's net). Like I say, with Norton (and maybe other common-or-garden firewalls/antivirus software), the victim wouldn't be aware that his/her infected machine would be acting as a server or proxy for the Trojan. In MY case, I'm actually GETTING ALERTS from Norton each time, so it's clear that I'm getting attacks from OUTSIDE my machine, not attempts FROM my machine.

Alecstaar, I DO assure you that logging off and redialing has no effect. I redial many times in an evening and I still get the scans. I've had three alerts in the first five minutes of logging on tonight. If you look at: http://service1.symantec.com/SUPPORT/nip.nsf/pfdocs/2001012308470736 you'll see that, if you turn off blocking and subsequently get infected by a Trojan, NIS will probably not be able to detect it on your machine. Neither will it be able to eradicate it. So, I need to be 100% careful about the way I reconfigure my firewall. Jerry, please note! I'd think it VERY UNLIKELY that I've let in a Trojan at some stage because my machine is one that I built myself and equipped with OS, etc, and I'm always EXTREMELY careful about security. Over the years, I've reformatted and reinstalled from scratch a good many times and, EVERY TIME, I'm meticulous about getting protected as soon as possible. That said, no one person or his/her machine can be 100% immune from mistakes or bad luck. But all the indications, anyway, are that these are INCOMING attacks.

Jerry, Reporting is ALREADY set at the Minimum setting. That's the default. What else can/should I do, to turn off the Alerts?

'Personal Firewall' is, in this case, the main feature of Norton Internet Security v4.0. My guess is that any version of Norton Internet Security or of the specific package called Norton Personal Firewall will have very similar, if not identical, configuration settings. The one part of it that's ambiguous - leaving the user wondering that, if he/she unchecks one of the two settings (see my initial description of the problem above), all such security against Trojans will be thrown away - is Personal Firewall/Intrusion Protection.

Thanks Jerry, What do you mean, exactly, by "alert/reporting area"? And are you ABSOLUTELY certain you're correct? If you're not, I'll get infected VERY RAPIDLY. In the 5 mins I've been online, already I've had four attacks. An infection with a Trojan like this will mean a complete reformat. Whoops, here comes another one. Alecstaar, Redialing has no affect whatsoever on this sort of intrusion. I keep my firewall and a/v software bang up to date but, even so, I've run complete internal scans , to check for infection and never found anything. I've also run Symantec's online security check and, again, my machine's clear. It's obvious, anyway, from how the alerts are reported that these are INCOMING attacks.

Unfortunately, I'm using only a 56K dialup modem. It's not easily possible to know which port(s) this scanner is using; the IP address is different on each attack and varies wildly. I vaguely remember some TCP/UDP settings in the advanced section of TCP/IP Properties but I don't regard myself as sufficiently knowledgeable on TCP/UDP to be confident of making a valid change there. No, really, what I'm needing is some clarification of those checkable Personal Firewall settings I've described. What EXACTLY do those firewall settings do? There's no help on them at the Symantec website and asking Symantec themxselves would cost me a cool $29 a time. It's kinda a question of the 'semantics of Symantec', I'd say.

Actually, Gulab, Symantec state in the Ghost 2003 handbook that not all CD/DVD drives are supported (pretty obvious, really). But I would have thought you'd not have a problem with Plextor. If you look in the handbook, you'll see that Symantec recommends referral to one of their websites where lists of compatible drives can be seen. That said, my NEC DVD re-writer (internal type) wasn't on the list and yet it works perfectly with Ghost.

Gulab, Fear not. It's just that you haven't fully set up Norton Ghost's options. If you open Ghost and open Options and highlight and click on each one in the list, you'll find one that deals with external USB storage devices. You just need to configure that. I suspect that Ghost will then work properly for you.

I recently had to re-format my root partition and to reinstall Win2K/SP3 and my apps from scratch. The process went fine, I got Windows/SP3 re-installed, then installed Norton Internet Security again (Norton firewall which includes Norton Antivirus). But during the process of downloading subsequent Windows and Norton updates, my machine kept generating the Norton warning dialog "Generic Process for Win32 Services" and inviting me to either allow it or block it. Now, I recall this happening way back, when I first installed Win2K/SP3 on this machine, and it causing problems when I enabled it. It produced a problem with svchost.exe. So, THIS time, I blocked it. Blocking it appeared not to hamper the downloads. They all completed okay and installed okay, as far as I know. But, does anyone know what 'Generic Process for Win32 Services' is all about? Should I have enabled it, rather than blocking it? Or is this message a spoof and merely an opportunity for a Trojan virus to infiltrate my machine?

There is indeed a 130GB limit on hard drives in Win2K. However, it was supposed to have been fixed by a post-SP2 addition. I suggest you go the Microsoft's website and search for Knowledgebase article 305098 (under Win2K), which will explain the basis of the problem and how to get around it.

These days, with either or both of SP3/SP4 applied, you needn't worry about the hard drive caching problem. SP3 and SP4 each contain an automatic patch to fix that bug. It remains the case, though, that SP4 is far from perfect and a good many bugs still remain. Indeed, some would argue that Microsoft's created more bugs than it's solved, by bringing out SP4. One of my very knowledgeable technical contacts says that you have to be very careful about how you install SP3 and SP4. First of all, ideally, either the one or the other should be installed after a new formatting of the hard drive and the installation of Win2K (then the chipset drivers after that).An integrated installation of Win2K/SP3 or Win2K/SP4 is even better. If you're already using SP3, it's fine to download Windows updates from Microsoft but if you then install SP4 over the top of SP3, you'll create problems. Apparently, Microsoft has admitted to this. In other words, you mustn't mix SP4 with updates that were downloaded and installed under SP3, as it will cause all manner of errors. If you want to use SP4, then you should either uninstall all the updates used under SP3 or, better, reformat and install SP4 on its own.

I gather that you're enquiring about DVI connectivity, so I can't really comment on that. However, it IS possible to use an Apple analogue CRT monitor on a PC (15-pin sub D) - so analogue operation - as I do that on my second PC. I tried for ages to get a small PC-to-Apple video cable adaptor in the UK but had to give up in the end. I then quickly found a supplier of such an adapter in Florida and, for $15 including postage, got one. Works fine. Nothing to do with digital, though.

I've started having problems with my applications' CDs sometimes not auto-running and so I suspect some dust contamination of the drive. The drive is actually a DVD re-writer drive. Is there a cleaner disc on the market that's designed to clean specifically a DVD laser? (Clearly, the cleaner disc needs to work subtedly, so as not to damage the laser mechanism when it spins). In the shops, here in the UK, I've seen a number of cleaners for CD lasers but I've never seen one that's described as suitable for DVD lasers. Can anyone tell me whether such a product exists and, if so, what form it takes and by whom it's made? Do bear in mind that I'm hailing from the UK.

My system's based on Win2K/SP3. I used to have Drive Image 5 and it was very unreliable. What made it worse was that Powerquest wouldn't give any support after the initial qualifying period had expired. I recently dumped Drive Image and invested in Ghost 2003 instead. God, how things are so much easier now! And no problems. Mind you, I've not put it to the ultimate test yet. I do regular 3GB images to CD-RWs/DVD+RWs and I also image to a reserved partition. No, for me, Drive Image was a bit of a disaster (but perhaps that was just v5). Ghost seems much better, and faster! Furthermore, being a Symantec product, you get continuous updates to it automatically, through LiveUpdate. Product support should be a big factor in the choice, in my view.

Am not sure whether this helps but, when you backup personal files to CDs (using something like Nero or InCD) and then later restore them, they do indeed become Read Only. It's a well-known feature and can be very annoying if you've backed up LOTS of personal files. I once came upon a little routine to clear that attribute on all such files. However, I didn't keep a record of it. I've personally learnt to live with this by clearing the Read Only MANUALLY in the Properties of just specific files I want to still work on, and leaving the remainder as Read Only. On the whole, dealing with it this way does no harm and, indeed, those files left as Read Only become less easy to corrupt. If I can find the info on resetting the Read Only attribute universally, I'll post it here. It involved, I seem to recall, using a DOS prompt 'attribute' string.

I'm trying to sort out my Windows Fonts folder. I use Windows 2000 + SP3. The problem I have is that the application Adobe Photoshop Elements 2.0 has automatically dumped some extra fonts into the Windows Fonts folder and I now cannot tell which of those in that folder are now Windows defaults and which are the extra ones. I'd like to keep a separate folder of, or a written list of, all extra fonts put into the folder. It's important to know which are the defaults, as deleting a default by mistake can lead to corruption of Windows. Does anyone have a list of the default fonts, as installed under Win2K/SP3? I'd want to know the ordinary name of each font, plus its filename. Alternatively, is there a user of Photoshop Elements out there who knows which Photoshop fonts are added? I'll be trying to contact Adobe about this, via their website, but I somehow doubt I'll easily get the answer I'm after, if at all. It really annoys me when applications automatically dump all manner of fonts into the Windows Fonts folder.

BTW, I also use Office 2000, so extra fonts may have been entered by that, as well.

Those problems with RAM seem very unlikely. I use Win2K and have added more and more RAM over the last couple of years (currently 1GB)without any effect on the reinstalling of Windows. Can't vouch for WinXP, though. I think the most likely cause of your problem is a corrupted installation disk. Is it a personal copy (I think a backup copy is admissible), or the original authentic disk? Either way, take a very close look at the working surface of the disk (hold it up to the light) and look for any scuffs or scratches. Especially near the start of the Setup, if errors are found in some of the important files (and Win2K uses a lot of dll files), the Setup won't proceed any further. Try to keep all your software disks pristine. Even mild mishandling of disks can introduce almost invisible scratches which can easily cause read errors.