We look at: Deleting Data; Virus Hoaxes; Stretching the processing boundaries with Windows xp
and from HelpDesk Extra, we look at the LAN in more detail.

DELETING DATA

Deleting data on a disk is a little more involved than simply pressing [Del]. It really just doesn't want to go away and the Windows operating system and a number of program vendors have made sure that there are a number of lines of defence before even the relatively unequipped user can't get it back.

In Windows Explorer or on the desktop or numerous other places, you can get rid of a file by highlighting it and pressing [Del]. This, as everybody (I hope) knows, will transfer it to the recycle bin. If you then go to the recycle bin and delete it from there, the disk space it occupies ("still" occupies as opposed to "used to" occupy) is marked ready to be written over by the next file that needs it.

If the file was originally written when the disk was fairly full and the disk has had a lot of data removed since, for instance, if you burn a lot of CDs, it may well be a long time before that area is overwritten. With this in mind, there are a number of programs available that will look at the data on the disk that is recoverable. Some "deleted" files can still be found entirely intact and whilst any word processor will reject any partially recovered file with the possible exception of text files, these are still of some use to forensic analysis or to competitors where the time and cost to analyse the data is budgeted for. However even forensic imaging of the whole disk still only looks at part of the information on the disk -- only really looking at as little as only 15% of it because this is what has been digitised. The analogue information is simply ignored by the imaging process.

The analogue information is what people like to think of as digital information on the disk but in reality, there are no completely magnetically polarised bits of data. A clever piece of hardware decides whether or not any particular bit is a 1 or a 0 based on whether it is more like a 1 or more like a 0 and that result is what the computer sees.

If the disk drive is taken apart and the analogue data recovered directly from the disk, several generations of data writes can be recovered -- claims of up to 7 generations have been made and if your information is valuable enough to warrant that type of analysis, all of the disk needs to have undergone a pretty rigorous overwriting process in order to obliterate any potentially useful residual data.

Just how much and of what type of overwriting of data is required depends upon the media type and the importance of the data. This is laid down in the US Department of Defense file DoD 5220.22-M National Industrial Security Program Operating Manual (NISPOM) at the end of section 8-307 which states that simply overwriting the data seven or so times is not good enough for a 3.5" floppy which has to destroyed.

Click here to open the DoD 5520.22-M.PDF file

VIRUS HOAXES

There are in the order of 500 new viruses added each month to the lists of viruses that antivirus product vendors use to keep their AV products up to date. Many AV vendors issue bulletins when particularly dangerous viruses get into the wild and it is on the back of these that the virus hoax writers have their "fun".

A typical hoax associates itself with some sort of recognised authority, a big name that everybody is likely to have heard of or sounds to the novice as though they should have heard of it. Then, it sets out the plausible details of the hoax and how the victim should avoid any damage to their equipment by following a few easy procedures and finally (almost as though the virus hoax was itself a virus, but instead of utilising a computer's operating system to spread itself, it has taken over the mind of the user) it suggests that the message should be passed to everybody the user knows.

An early virus hoax was the Good Times hoax which wasted a lot of man-hours. Some people got very fed-up with receiving warnings about it and somebody wrote the Good Times Spoof which is well worth the read.

Reports of the computer vulnerabilities and hoaxes can be seen at the CIAC site http://www.ciac.org/ciac/

Click on the link in the top right of the CIAC page to download CIAC's PGP public key so that you can check any CIAC vulnerability reports.

Stretching the processing boundaries with Windows xp

In this case, the program in question has gone from normal operating mode into one where it needs to optimise two input variables against each other giving a graph of one of six output variables. The graph has up to 31 x 31 points so there is quite a large array to be produced - 5766 figures plus the processing overhead with its arrays and so on.

The program simply runs out of space when it dimensions these arrays and stops itself, offering the usual cryptic error message that could only ever mean anything to one person (not necessarily the programmer).

One thing to bear in mind is that this particular program runs well on all computers from DOS on a 486 through to Windows 98 on various Pentiums so clearly, it should run on an operating system that is "better" such as xp. Shouldn't it? So, why doesn't it?

Click on the "Program" tab in the properties box and then click on "Advanced..."

You can now see where the AUTOEXEC.NT file is stored.

Go back to Windows Explorer and find the file and open it in Notepad (you should find this in the Start/ Programs/ Accessories menu unless you have already copied the shortcut to half a dozen more useful places).

REM Install CD ROM extensions
lh %SystemRoot%\system32\mscdexnt.exe

REM Install network redirector
lh %SystemRoot%\system32\redir

REM Install DPMI support
lh %SystemRoot%\system32\dosx

SET BLASTER=A0

• In xp, DOS runs as a shell within xp, that is to say that xp does not run as a program on top of DOS.
• In xp, AUTOEXEC.BAT is not used to initialise the DOS environment, AUTOEXEC.NT is instead (which is why you are editing the NT file instead of the BAT file).
• You can modify the AUTOEXEC.NT file to suit your situation or specify a different file to run instead.

I suggest that you should follow this procedure:

1. REM out any lines that the program clearly doesn't need or, if there is no sound blaster needed, use the suggestion in the file -- in this case, SET BLASTER=A0 which will make sure that the sound blaster will not work (you might want to see if this does not interact by allowing it once you have got the program working properly),
2. REM out the lines instead of deleting them (deleting them is just a bridge burning exercise that Murphy's law dictates you will regret at a later stage),
3. REM out the minimum number of lines until it works, and
4. REM out the lines that you need just one at a time (possibly using an orthogonal array instead of a unary system -- if there are three suspect lines, REM out 1, then 2, then 3, then 1&2, 1&3, 2&3, 1&2&3.

If you really want, you can now go back to the AUTOEXEC.NT file and see what you can turn on again without it messing up the way that the program works.

IDENTIFYING YOUR MACHINE - Win98

Click on the Identification tab and then you can input the name of your computer -- Here, I have chosen semiprecious stones for the names of the computers but there is nothing to stop you from choosing: elements from the periodic table; big cats; mountains; asteroids; or even, amino acids (if you don't want a network bigger than about twenty).

The workgroup should be the same for each computer that needs to communicate on any network and here, where there is only one network, "workgroup" is fine although if you have a bigger site, "personnel", "canteens", "sales", and so on would be a good start.

On the IP Address tab, you can specify the computer's IP address and subnet mask.

You will notice that where the subnet mask is 255, the IP address has to remain the same. It is also advisable for each machine to use the same subnet mask so, you may have a number of machines with a subnet mask of
255.255.255.0 and addresses
192.168.0.1
192.168.0.2
192.168.0.34
192.168.0.35
192.168.0.246

AND xp

THE PROXY SERVER

If you activate the Proxy Server and set the port to 3128 (which is what is normally is), much of the Internet traffic that goes through that machine will be stored locally.

Any browser on another machine that is configured to use port 3128 on this machine (as a proxy), will be able to access files without the proxy needing to go online.

This will speed up access to commonly browsed pages if there is only one or two other machines on the network but if there are many machines, and the users tend to visit the same pages, access will be much faster as being stored locally, the slowest network they will travel across will be the LAN instead of through the continental shift paced Broadband connection.

THE BROWSERS

Click on "Tools", "Internet Options" and then, on the "Connections" tab, click on "LAN Settings..." and then check the "Use a proxy server for your LAN ..." box.

For the Address, type in the LAN IP address of the Network Interface Card (NIC) that the LAN is connected to. In the Port box, type the same port number that you had on your Proxy server.

With these details, the browser will quite happily connect to the Proxy over the LAN and if it can't find the pages it wants on the Proxy, the proxy will connect to the Internet to retrieve them for you.

Note that all of the machines that you want to connect to the proxy must use the network IP address of the proxy server.

TWO NICs

If you have a machine with two NICs, they will be on different networks with the PC acting as a bridge between them. In this case, you can use the proxy server software (certainly in the case of WinRoute) as a basic firewall, scrutinising traffic as it flows between the two networks.

With a true firewall, on such a machine, it is possible to prevent somebody on the "accounts" network from accessing certain information on the "personnel" network and so on as this can be filtered out as a content rule.

OTHER OPERATING SYSTEMS

Here we see the proxy configuration for a browser running under LINUX.

TURNING OFF THE TAP

Alternatively, all browsing through the proxy can be halted simply by switching it off.