Wednesday, April 15, 2009

How Vulnerable is our Internet Infrastructure?

WXPNews: Published by Sunbelt Software since 2001
RSS feed for WXPNewsManage your WXPNews ProfileWXPNews Privacy Policy
WXPNews: Your Source for all things XP
Vol. 8, #66 - Apr 14, 2009 - Issue #374

 How Vulnerable is our Internet Infrastructure?

  1. Editor's Corner
    • How Vulnerable is our Internet Infrastructure?
    • Follow-up: Obligation of local governments to secure public wi-fi networks
    • Quote of the Week
  2. Cool Tools
    • Tools We Think You Shouldn't Be Without
  3. News, Hints, Tips and Tricks
    • Microsoft: 97% of email is spam
    • Hotmail problem fixed
    • Touchscreen Zune on the horizon?
    • Time Warner revises consumption-based billing trials
  4. How To: Using XP Features
    • How to make XP skip the prompt to find a program to open files
  5. XP Security News
    • New twist from Conficker worm
    • Patch Tuesday provides eight fixes
  6. XP Question Corner
    • Can I install XP on a Mac?
  7. XP Configuration and Troubleshooting
    • Monitor doesn't turn off on XP computer
    • Laptop screen runs at full brightness
  8. Fav Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  9. Product of the Week
    • Auto Web View Screensaver

My Antivirus Is Killing My Netbook - Now What?

Traditional antivirus products can be terrible resource hogs, literally grabbing hundreds of megabytes in RAM, and maxing out the smaller Netbook CPU. But you cannot leave Netbooks unprotected either. VIPRE Antivirus + Antispyware is the AV you want to run, with it's now famous low resource consumption and practically invisible malware protection. VIPRE now is officially the fastest antimalware on the planet! Get your 30-day eval here and experience VIPRE on your Netbook for yourself:

 Editor's Corner

How Vulnerable is our Internet Infrastructure?

Last Thursday, people in the Silicon Valley area of northern California found themselves without Internet access when four AT&T fiber optic cables and a Sprint Nextel cable were cut, apparently by vandals. Because Verizon uses AT&T's lines for their wireless and DSL services, their customers were also affected. Although the outage occurred in a relatively small geographic area, according to news reports, hundreds of thousands of business and individual users were without communications services for hours. The outage included not just the Internet but some cell phones and landlines that are dependent on the fiber, as well. AT&T offered a $100,000 reward and then increased it to $250,000.

Even though this incident didn't impact most of us, it gives us cause to stop and think again about how dependent we are on the communications infrastructure and how vulnerable that infrastructure is. We go to great pains to protect our computers and networks from high tech threats: hackers, viruses and worms and so forth. But this outage was accomplished by attacking at the physical layer and required nothing more sophisticated than a hacksaw. Even without malicious intent, the physical infrastructure - the cables, routers, servers and other equipment on which the Internet runs - is always vulnerable to natural disasters such as tornadoes, floods, hurricanes and earthquakes. The Internet infrastructure is also considered a prime target for terrorists. In 2007, forty-five Internet cafes in Gaza were bombed. The group that claimed credit said they did it because the Internet was exposing Muslims to pornography and keeping them away from their daily prayers:

But wait - wasn't the Internet (or rather its predecessor, ARPANET) originally built to be able to withstand nuclear devastation? That's the whole point of its decentralized nature and all those redundant connection points, after all. The problem is that even though it would be incredibly difficult to bring down all of the interconnected networks that make up the Internet, there are some "weak links" - such as the thirteen root DNS nameservers. These form the backbone of the system by which friendly text-based names in URLs are translated to IP addresses. Without them, you would not be able to connect to any Internet resource without knowing its IP address. Because this is such an essential service to the functioning of the Internet as we use it, an attack that destroyed the root DNS servers would effectively disable the Internet. There have been attempts to do just that, with major distributed denial of service (DDoS) attacks against the nameservers taking place in 2002 and again in 2007.

So would be the real ramifications of a widespread Internet outage? Some folks think that it wouldn't affect them much at all, because they rarely use the Internet or use it only for non-essential things like recreational web surfing or sending an occasional email message to family members. The problem is that even if you aren't directly dependent on the Internet, many of the companies with which you do business probably are.

Once upon a time, businesses communicated between their home and remote offices via direct links - leased lines such as T-1s that created a dedicated circuit between one location and the other. But then the development of VPN technology made it possible to connect disparate sites by "tunneling through" the Internet, creating a secure private connection that piggybacks on the public network. This is generally less expensive than dedicated leased lines, so many companies use the Internet now to access servers in another location for doing business. That works great, but if the Internet does go down, in many cases these companies are paralyzed because they can't access the servers they need to process orders, verify customer information, and complete transactions. A study conducted on behalf of security company Secure64 in 2007 showed that over half (54%) of companies said their companies were "totally or extremely dependent" on uninterrupted Internet connectivity and only 6% said their companies were "not very dependent" on Internet connectivity:

It's not just email, web and what we traditionally think of as Internet services that are affected by an Internet outage. Voice over IP (VoIP) provides telephone service using your Internet connection instead of the old phone company lines (the Public Switched Telephone Network or PSTN). VoIP can save individuals hundreds of dollars per year and companies thousands - but VoIP service doesn't work without an active Internet connection. If the Internet goes down, then, VoIP users are also without telephone service.

Of course, the recent trend in the business world is to put all your eggs in one cloudy Internet basket. IT pundits predict that one day, all of us will use low powered computers to connect to resources that reside "in the cloud" - that is, somewhere out there on the Internet. We'll store our data on some server five, five hundred or five thousand miles away. We'll run applications off servers that sit halfway across the country or halfway across the globe. Physical location won't matter. We won't need big hard drives and we won't need to buy application software because we'll just rent what we need from a cloud provider. When they tout the benefits - such as letting security, software updates and hardware failures be somebody else's problem - it all sounds tempting. But what happens in this scenario if the Internet goes down? Basically, you're just out of luck.

Some would say it's never going to happen. After all, it hasn't happened yet. There have been short term, localized Internet outages like the one in the Bay area last week. In early 2008, damage to undersea cables in the Mediterranean cut off Internet access from Egypt to India.

Last December, breaks in three different cables, also in the Mediterranean (this time off the coast of Italy) disrupted both Internet and phone services between Europe and the Middle East and South Asia.

Still, many of us have never experienced the loss of Internet connectivity for more than a few hours. All that redundancy built into the system has done its job. If we do have an outage, it's usually because a server at our ISP is down for maintenance or there's been an equipment failure locally.

As for terrorists bringing down the Internet, it makes for a great movie plot but some folks think it's not really that likely to happen. Way back in 2003, IDC predicted a major cyberterrorism event but here we are, six years later, and it hasn't happened yet. At least one security blogger opined, a couple of years back, that it's not because they don't have the means - it's because they use the 'Net, too, and have no desire to destroy their own favorite communications venue.

What do you think? Is the Internet infrastructure really so fragile that it's liable to collapse at any moment, leaving us all stranded as the information highway becomes a giant information parking lot? Or do you think it's a bit more robust than that, and other than isolated incidents, can withstand pretty much anything that vandals, terrorists or Mother Nature throws at it? Do you ever think about just how dependent on the Internet you really are - including indirect dependencies? For how long a time do you think the entire Internet could be down without it having a negative impact on your life? Send your thoughts and experiences regarding this subject to

Follow-up: Obligation of local governments to secure public wi-fi networks

In last week's editorial, I wrote about the growing trend for cities and other local governmental entities to provide free, open wireless Internet access for the benefit of their citizens - and some of the security implications of those wide-open networks. Quite a few of you wrote to comment.

The vast majority of those who wrote believe that governments do have an obligation - a moral one if not a legal one - to provide security on their free networks. T.J.M. wrote: "I would think that anyone that has an 'open' wi-fi connect should take appropriate security cautions & make sure the system has the latest updates, as well as allowances set for the area & usage. If not, then not only are they asking for trouble, but so is anyone that signs on to the network."

Nathan P. said, "I like some of your suggestions, but I think ideal would probably depend on the size of the population each spot is serving. A town of a few hundred people would probably not need as much security as a hotspot in Chicago, however it would be nice if it could be implemented in such a way as to isolate users from each other in a cost effective way. Definitely, every organization should protect their internal network from those on the street, not doing so is just asking for trouble."

Gregory T. noted that unintended consequences are common with all sorts of government services, not just wireless networks: "I see your point, and like most things that was first intended to be good and beneficial, usually ends up corrupt and twisted. Rec centers become gang hangouts, city parks become shooting galleries, walking trails become rape zones, playgrounds become pedophile peepshows, etc."

Some of you, though, don't agree that the government is obliged to provide security for their open networks. Izagaia N. wrote: "It may seem harsh to say, however, I have always been a firm believer that each of us, individually, are responsible for our own safey and perhaps that of our families ... I believe that a society who embraces these technologies and has an interest in utilizing such technology, has a responsibility for themselves and perhaps others to seek and practice practical knowledge of how that technology works ... Now that is not to say that government entities could not provide their locales a measure of security to protect the general populace as they access these networks. Yet should they elect to do so, then it should be the taxpayer who bares the responsibility of this. As they currently do police, fire and other first- responders that provide the security of public safety."

Tony G. used several analogies to describe public wi-fi networks: "with separated networks, then the public one is just that - same as being caught by the Google camera (one village in the UK blockaded the streets to keep it out because they decided they did not want it). Public wireless access is really the 21st century equivalent of the Wild West - unpoliced and anything goes - use at your peril. It sounds bad, but we cannot protect people from everything - if the technically incompetent want to use free stuff, they should be aware of the risks or not do it. Public wireless is the technical equivalent of random sex - if you are going to do it, protect yourself (AV, firewalls == condoms) - else take the consequences - risks to your health and wallet."

Thanks to everyone who wrote about this topic.

'Til next week,
Deb Shinder, Editor

PS: Did you know this newsletter has a sister publication called VistaNews? You can subscribe here, and tell your friends:

And for IT pros, there's our "big sister," WServer News, at

Look up the WXPnews Fan Page and join us on Facebook!

Quote of the Week

Example is not the main thing in influencing others. It is the only thing. - Albert Schweitzer (1875-1965)

Integrity without knowledge is weak and useless, and knowledge without integrity is dangerous and dreadful. - Samuel Johnson (1709 - 1784)

We have too many high sounding words, and too few actions that correspond to them. - Abigail Adams (1744 - 1818)

Keep The Bad Guys Out With The Sunbelt Personal Firewall

Why do I need a firewall? Together with antivirus and antispyware, a firewall is a "must" to protect your computer. PC Magazine gave the Sunbelt Personal Firewall a "Very Good" rating with 4 Stars and a conclusion of "good protection". Check out the Reviews on the site and it will be clear why you need the Sunbelt Personal Firewall to protect your PC. One good example: Unlike the Windows XP and Vista Firewall, you can tell the Sunbelt Personal Firewall to look carefully at the data leaving your browser, so that sensitive information like your credit card numbers, email address, bank account, social security number and PIN code do not get stolen by hackers!

 Cool Tools

Tools We Think You Shouldn't Be Without


The defragmenter of choice for Microsoft MVPs and Certified Trainers. Make your PC or laptop run like new - free trial and special savings.

Before You Kick that Computer to the Curb. Free PC Diagnostic Scan

I need a REAL program for autofilling my passwords and shipping info - not a toolbar widget. Roboform is the real deal!

If you have any iPod/iPhone device, this software is a 'must have' utility to keep your iPod/iPhone safe. Download the free trial version here.

Registry First Aid 7.0 - New Release Is Faster, Safer and Even More Effective

Turn your webcam into a CCTV with alarm and email notification! Try it before you buy it:

Rip DVDs for your iPod/iPhone or Apple TV. Bundle includes video converter too! Try it free!

Vista gets bogged down very quickly! Advanced Vista Optimizer will tweak Vista for Max performance. Easy to use:

Backups? GoodSync is an easy and fast way to backup and synchronize your emails, photos, iTunes, MP3s, and other important files.

Spotmau PowerSuite Professional 2008: Fantastic! All the tools necessary to fix most common computer problems. Clone and backup too!

Print Screen Deluxe is the realistic upgrade of the Windows version. You can crop - before the capture! Very quick!

 News, Hints, Tips and Tricks

Microsoft: 97% of email is spam

In their latest security report, Microsoft said that only 3% of the email we receive is legitimate, wanted mail. The rest is spam or otherwise relegated to the trash bin. Of course, the typical user sees only a small fraction of those spam messages, thanks to filtering programs. Interestingly, the report says that almost half of the spam messages are ads for pharmaceutical products. Some other studies report a smaller percentage of mail as spam - but not that much smaller. The lowest numbers still show almost three quarters of our mail is junk. Read more here:

Hotmail problem fixed

This happened to me recently: I signed onto my Hotmail account and got a message saying I didn't have a mailbox. Say what? Since when? Luckily I only use Hotmail for backup email so I wasn't overly perturbed, but I can only imagine the reaction of someone for whom it's a primary email account. Well, you can rest easy: the problem has been fixed and your account should be acting normally now. Your mail should still be there, safe and sound. Read more here:

Touchscreen Zune on the horizon?

We don't know, but the folks over at Engadget are showing a drawing of what may be the next generation of the Zune MP3 player. If so, it definitely looks cooler, and it's rumored to have an HD wide-screen touchscreen display that might or might not also have a web browser and/or Bluetooth support. Your guess is as good as mine, but it's fun to speculate. See the drawings here:

Time Warner revises consumption-based billing trials

The Chief Operating Officer of Time Warner recently posted a clarification of the company's "consumption based billing" trials (a.k.a. metered service or pay-by-bandwidth). It appears that they've backed off somewhat from the extremely low top tier cap of 40 GB per month that was announced last summer when they began experimenting with this billing method. Now there's going to be a 100 GB per month "Turbo" package for $75 - and according to this, there will also be a cap on the overage charges. That means no matter how much you use, you won't be charged more than $150. Read the full post here:

 How To: Using XP Features

How to make XP skip the prompt to find a program to open files

When you try to open a file for which XP doesn't have a program association, you normally get a dialog box asking you if you want to search online for the appropriate program to open it. This registry tweak will disable that prompt and display the Open With dialog box instead.
  1. Open your registry editor.
  2. Navigate to HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ system
  3. Right click an empty space in the right details pane and click New.
  4. Select DWORD value.
  5. Name the new DWORD value NoInternetOpenWith
  6. Double click the value and set the value data field to 1
  7. Close the registry editor
You may need to reboot for the change to take effect.

 XP Security News

New twist from Conficker worm

The Conficker worm that has caused such a stir in the security community recently has been discovered to have a new twist: it downloads a fake antivirus program and then gives you a message saying your system is infected and you need to pay fifty bucks to clean it up. Apparently the worm wasn't created just to cause havoc, but to make its perpetrators money. Read more here:

Patch Tuesday provides eight fixes

This month's Patch Tuesday is coming up this week, and we're expecting to see a relatively heavy batch of patches, at least compared to recent months. Eight security bulletins are on the way, including fixes for Office as well as all current versions of Windows. If you don't have auto updates turned on, be sure to check these out and manually install the ones that pertain to your software. Read more here:

 XP Question Corner

Can I install XP on a Mac?

I love the look of the MacBook Air. But I don't like the OS X operating system - I want my Windows XP. Is it true that I can install XP on the Mac? Is there anything special I have to do? That would be so cool! Thanks in advance. - Julie M.

The new Macs that are Intel-based can indeed run Windows. To install it on the MacBook Air, which doesn't have a built-in DVD drive, you'll need an external USB optical drive like the SuperDrive that Apple sells. You can then use Apple's BootCamp software, which is included with OS X v10.5 (Leopard), to install XP so you can run it in a dual boot configuration with OS X. BootCamp includes the drivers for Windows. Of course, you need an XP installation disc (not a restore disc). Here's a video of a MacBook running XP with BootCamp:

There's more detailed info about installing Windows on a Mac here:

An issue that you might want to be aware of, though: some people have reported that XP/BootCamp on the Air causes the system to get very hot and/or the fan runs continuously.

 XP Configuration and Troubleshooting

Monitor doesn't turn off on XP computer

If you've set your monitor to turn off after a specified time period to save power, but it doesn't happen, this may be because of an application that doesn't close, which cancels system power requests. There is a hot fix available to address the problem, but you'll need to request it from Microsoft. Find out how in KB article 960496 at

Laptop screen runs at full brightness

You may expect your XP-based portable computer's screen to dim, in order to use less battery power. However, if you start the computer while it's running on battery power, you might find that the display is as bright as when it's running on A/C power. If you start the computer while running on A/C and then unplug the power cord, the screen dims as expected. There is a hot fix that will make the display behave as you'd expect when you start it on battery power. Find out how to get it by reading KB article 960921 at

 Fav Links

This Week's Links We Like. Tips, Hints And Fun Stuff

Disclaimer: WXPNews does not assume and cannot be responsible for any liability related to you clicking any of these linked Web sites.

 Product of the Week

Auto Web View Screensaver

Use the Auto Web View Screensaver to cycle through a list of your favorite websites, plus images, animated GIFs and webcams - and display them as your screensaver. View the latest blogs, social networks, sports, weather, entertainment and more. Update the web page views as often as you like. Includes a scrolling text caption to display the current date and time, current filename, or a personal message. Link directly to the current web page being displayed by pressing the "spacebar" on your keyboard - get more information about the news item that you are reading. Download the free evaluation here.

 About WXPnews

What Our Lawyers Make Us Say
These documents are provided for informational purposes only. The information contained in this document represents the current view of Sunbelt Software on the issues discussed as of the date of publication. Because Sunbelt must respond to changes in market conditions, it should not be interpreted to be a commitment on the part of Sunbelt and Sunbelt cannot guarantee the accuracy of any information presented after the date of publication.


This newsletter and website and may contain links to other websites with whom we have a business relationship. Sunbelt Software does not review or screen these sites, and we are not responsible or liable for their privacy or data security practices, or the content of these sites. Additionally, if you register with any of these sites, any information that you provide in the process of registration, such as your email address, credit card number or other personally identifiable information, will be transferred to these sites. For these reasons, you should be careful to review any privacy and data security policies posted on any of these sites before providing information to them.

The user assumes the entire risk as to the accuracy and the use of this document. This document may be copied and distributed subject to the following conditions: 1) All text must be copied without modification and all pages must be included; 2) All copies must contain Sunbelt's copyright notice and any other notices provided therein; and 3) This document may not be distributed for profit. All trademarks acknowledged. Copyright Sunbelt Software, Inc. 1996-2009.

WXPnews Archives
Looking for a past issue? Missing an issue? Accidently deleted an issue? Trying to find that article that pointed you to that cool site? All our newsletters are archived and are searchable:

About Your Subscription to WXPnews
This is a posting from WXPnews. You are subscribed as
To manage your profile, please visit our site by clicking on the following link:

If you have feedback or wish to write to the editor, write to us at

Sunbelt Software
33 North Garden Avenue
Clearwater, Florida USA 33755

No comments:

Post a Comment

Thanks for understanding that we need to prevent the nasties.

Terms of Use

Personal & Educational Use Only This blog consists mainly of FREE newsletters from computer web gurus that I receive. I thought you might like to see them all in one place than try to discover them on your own. A moderate amount of editing may be done to eliminate unrelated repetitious ads or unnecessary text which bloat the post. However I have given the authors full credit and will not remove their site links because you deserve to see where it comes from and they deserve to get credit for what they have written. Your use of this site is simply for educational purposes. For more computer-related help go to: CPEDLEY.COM for free software, advice and tips on low cost products which are very helpful. If you want to contact the editor, please go CPEDLEY.COM and check the Contact page for email address.