OCNTUG Newsletter
Volume 2 Number 4
April 1, 2004
Welcome Members, Visitors and Friends!
"Spring has sprung, the grass has ris where last year's careless drivers is." Let us hope that that doesn't include corporations and jobs, as well. The proverbial "they" tell us the economy is steadily improving. I have yet to see that, but I can still hope...
Inside this Issue:
Meeting Announcement: April 8, 2004
Previous Meeting...
Final Notes…
Email the Editor
And Now, The News...
SUN MICROSYSTEMS ANNOUNCES TAKEOVER BY MICROSOFT AS MICROSOFT ITSELF IS BOUGHT OUT BY FOREIGN INVESTORS.
In a bold stroke, this morning, Microsoft acquired controlling interest in Sun Microsystems, finalizing a hostile takeover aimed at destroying all competition. At the same instant, a previously unknown triumvirate of international investors revealed that they had obtained fifty-three percent of Microsoft stock through dubious means. None of the senior executives of either corporation were available for comment. George Papadoupolous, of Athens, Greece, is considering converting Windows to a Xenix/Linux product line, while his partners, Alexei Romanov, of Kazakhstan, and Zhen Xiao Ming, of Beijing, China are considering dismantling the company, selling off the various divisions to former competitors. What they intend to do with Sun is still unknown. And if you believe any of this, go back and look at the date in the upper right hand corner...
Top
Meeting Announcement: Thursday, April 8, 2004
Tevora, http://www.tevora.com, and Computer Associates, http://www.ca.com, will present a discussion of eTrustTM Network Forensics, which captures raw network data and uses advanced forensics analysis to identify how business assets are affected by network exploits, internal data theft, and security or HR policy violations. Its patented technology allows IT and security staff to visualize network activity, uncover anomalous traffic and investigate breaches with a single, convenient solution.
Next, Gateway Telecom will present Shoreline Communications' Voice over IP (VoIP) solutions. Find out where VoIP is now and where it is going. VoIP is a very hot topic. Find out why at http://www.goshoreline.com.
As always please RSVP on the http://www.SoCalITPro.org website. The link is on the lower left hand side of the home page.
Top
At the Previous Meeting...
At the March meeting we had two dynamite presentations! First, Michael Greene, mgreene@webroot.com, of Webroot, http://www.webroot.com, spoke on spyware. I want to go over just a few of the points made in his presentation, for those who missed it, or would like the instant recap. Much of the following is quoted directly from the presentation notes.
Spyware is defined as any program that monitors a user's activities with or without their knowledge. It can capture a user's personal information, including websites visited, documents viewed or created, email or IM conversations, credit card information, user names and passwords. It can execute unwanted, unauthorized or inappropriate code, and use vital system resources.
There are several basic types of spyware, including Back Door Trojans, key loggers, system monitors and adware. Back Door Trojans are malicious programs that appear as harmless or desirable programs, which deploy remote access tools, allowing hackers to gain unrestricted access to a user's computer. Trojans can be deployed as email attachments or bundled with another software program. Worms are also considered Trojans.
Key loggers are programs that can monitor and record the user's every keystroke, which reveals sensitive data, from usernames and passwords to private communications and documentation. Key logs are then transmitted back to the hacker.
System Monitors are applications designed to monitor computer activity, to capture everything that is done on a computer. Information can be received at the computer, through remote access, or scheduled emails.
Adware is advertising supported software that displays pop-up advertisements whenever the program is running. Once install, it will download and install new software and data files--more advertisements. Adware will then track user activities at the websites visited.
Spyware can be deployed as part of free software that you download. Such things as Kazaa, Grockster, WeatherScope, Dashbar, and precision Time include spyware. Spyware is most often installed by a trusted user, who usually doesn't know that spyware is a part of the tool he/she is installing. It could be installed by a hacker or snoop, accessing the system through the internet or a back door (make sure your firewall is up!). It could be delivered in email or IM. It could be delivered by a worm or other form of backdoor Trojan.
Spyware collects usernames and passwords, electronic assets, browsing habits, applications used, personal information, email and IM conversations, IP and trade secrets, financial records, contact lists and customer databases. It can use your machine without your authorization for email forwarding, background computing and hacker attacks. Spyware is different from viruses. Viruses are used for vandalism. Spyware is used for stealing information, exploitation, and possible extortion. While viruses are generally the work of private individuals, Spyware is funded and profitable to the point where sophisticated and unique methodologies are developed for deployment. Unique methods are therefore required to disable spyware components that are entangled with legitimate portions of your system. Spyware is complicated to identify, and needs to be removed, rather than neutralized.
Michael then provided some very interesting statistics indicating that millions of computers are infected with spyware, and it has cost hundreds of millions of dollars in stolen resources. You should consider that spyware also reduces system performance and worker productivity. Ergo, if you haven't already done so, it is time to invest in anti-spyware software.
Next, Greg Hayes, ghayes@raxco.com, of Raxco, http://www.raxco.com, discussed Improving Windows File System Performance. Most of the information below is quoted directly form his presentation.Greg said that while PC hardware performance continues to rise, with gigahertz cpu speeds, gigabytes of ram and huge, fast hard disks, the limiting factor for system performance is still disk I/O speed, which is primarily a software-related problem. Anything that speeds up disk access improves performance. (By now, you're probably thinking of solid-state disks, but they're still too costly for consideration, and I'm sure the fatware programmers will figure out a way to slow those down, as well.) The key to fast I/O is non-fragmented files, and the key to keeping your files intact, is using a disk defragmenter on a regular basis.
First Greg mentioned the FAT (File Allocation Table) file systems used by DOS and Windows, which provide faster performance on partitions smaller than four gigabytes, and which provide the best performance for a pagefile, but have no security and a higher rate of file system corruption. If your system uses FAT 16, a 4 GB partition has a cluster size of 64 kb, which means that smaller files waste large amounts of disk space. On the other hand, FAT 32 has a smaller cluster size, wasting less disk space, but has a maximum partition size of 32 GB.
NTFS is a Journaling File System, or "Self-Describing" file system, creating Metadata--data which describes other data. NTFS has better security, better performance with partitions larger than 4 GB, and better resistance to file system corruptions. Unfortunately, you can't boot to MS DOS and get access to an NTFS partition. (Unless, of course, you're using SystemInternals' NTFSDOS, or NTFSPRO, both of which run under DOS. NTFSDOS allows you to read from an NTFS partition, which permits you to copy files that a user might need to recover, while NTFSPRO allows both reading from and writing to the NTFS partition. The first program is free, the second will cost.) NTFS supports file and partition sizes up to 16 TB, and has built-in file/folder compression, disk quotas, and encryption capabilities.
The NTFS Master File Table, $MFT, is a database that contains a record for every file that exists on the partition, and is mirrored. A file record contains the file name and parent directory, the logical cluster number and run length, and file size. The MFT uses a transaction log to record all transactions before posting them to the database, and it is this which gives NTFS its "self-healing" abilities. It also records bad clusters, so it never stores data in disk areas with bad sectors. Furthermore, NTFS reserves a certain amount of disk space, so it can grow as needed. It will not put files in the Reserved Zone unless it has no other choice. Disk Defragmenters cannot use free space inside the Reserved Zone. NT4 reserved 12.5% of disk space by default, while the NT5 MFT (Windows 2000, 2003, and XP) dynamically creates the reserved zone, each time the partition is mounted, up to a default maximum of 12.5%.
Logical culsters are created by a file system, while physical clusters are defined by the hard drive controller, which translates logical to physical clusters, and then positions the read/write heads. Every partition starts at Logical Cluster 0. If your system uses FATx, and you are running Windows NT, 2000, 2003, or XP, you will want to convert to NTFS. With NT4 and Win2k, conversion results in 512 byte clusters, which provides excellent performance for small document files, but poor performance for larger files, such as CAD, video or image applications. With XP, you get 4k clusters, which is best for general file system performance. If your file system uses cluster sizes greater than 4k under NT4 or Win2k, you will neither be able to defragment the drive, nor will you be able to use NTFS compression.
Remember, file fragmentation causes slow access to files, wastes CPU, memory and disk resources. Some applications may freeze or fail to run if files are fragmented, the system may boot or shutdown very slowly, and audio and video record and playback may drop frames.
Defragmentation locates and brings pieces of files back together. It consolidates free disk space into larger pieces, permitting new files to be store properly, in one piece. When fragmentation is at a minimum, there is no loss or corruption of data.
Microsoft's built-in defragmenter requires multiple passes, cannot defragment certain files, requires a large amount of free space in which to work, does not consolidate free space, and is not designed for large drives.
A good defragmenter should completely defag all files, consolidate free space, operate in a single pass, have a file placement strategy, have a minimal working free-space requirement, use minimal resources, support large hard drives, be easy to schedule and manage, and be certified for the operating system.
So to improve your file system performance, choose the most appropriate file system for your applications, choose the most appropriate cluster size, and defragment monthly, using an advanced technology defragmenter. To find one, see Raxco's website!
And for those of you who missed the presentation, Raxco has provided a special web page for OCNTUG members at http://www.raxco.com/ocntug, which offers a copy of the power point presentation, itself, some free online tools, including a disk fragmentation analyzer and a file access timer, a defragmentation tutorial, and papers on the differences between Raxco's PerfectDisk product and the built-in Microsoft defragmenter. You will want to visit this web page!
Top
Final Notes…
> Job Postings are now available on the OCNTUG website. Postings are open to employers and consultants looking to hire new employees directly, not to headhunters (agents or agencies).
> It has been suggested by Jack Bicer, President of Technology and Business Connection Forum, that members of OCNTUG might want to attend their meetings to expand business knowledge, and members of TBCF might want to attend our meetings for technical knowledge. The TBCF web site is http://www.TBCF.com
See you at the meeting on Thursday, April 8, 2004, enjoy!
Robert Holtzman,
Editor
rholtzman@netzero.net
Top
OCNTUG Newsletter
Volume 2 No. 4 04/01/04
99999