PC Plus HelpDesk - issue 205
|This month, Paul Grosse gives you more
insight into some of the topics dealt with in HelpDesk
and HelpDesk Extra
We look at: Deleting Data; Virus
Hoaxes; Stretching the processing boundaries with Windows
and from HelpDesk Extra, we look at the LAN in more
Deleting data on a disk is a little more involved than
simply pressing [Del]. It really just doesn't want to go
away and the Windows operating system and a number of
program vendors have made sure that there are a number of
lines of defence before even the relatively unequipped
user can't get it back.
In Windows Explorer or on the desktop or numerous
other places, you can get rid of a file by highlighting
it and pressing [Del]. This, as everybody (I hope) knows,
will transfer it to the recycle bin. If you then go to
the recycle bin and delete it from there, the disk space
it occupies ("still" occupies as opposed to
"used to" occupy) is marked ready to be written
over by the next file that needs it.
If the file was originally written when the disk was
fairly full and the disk has had a lot of data removed
since, for instance, if you burn a lot of CDs, it may
well be a long time before that area is overwritten. With
this in mind, there are a number of programs available
that will look at the data on the disk that is
recoverable. Some "deleted" files can still be
found entirely intact and whilst any word processor will
reject any partially recovered file with the possible
exception of text files, these are still of some use to
forensic analysis or to competitors where the time and
cost to analyse the data is budgeted for. However even
forensic imaging of the whole disk still only looks at
part of the information on the disk -- only really
looking at as little as only 15% of it because this is
what has been digitised. The analogue information is
simply ignored by the imaging process.
The analogue information is what people like to think
of as digital information on the disk but in reality,
there are no completely magnetically polarised bits of
data. A clever piece of hardware decides whether or not
any particular bit is a 1 or a 0 based on whether it is
more like a 1 or more like a 0 and that result is what
the computer sees.
If the disk drive is taken apart and the analogue data
recovered directly from the disk, several generations of
data writes can be recovered -- claims of up to 7
generations have been made and if your information is
valuable enough to warrant that type of analysis, all of
the disk needs to have undergone a pretty rigorous
overwriting process in order to obliterate any
potentially useful residual data.
Just how much and of what type of overwriting of data
is required depends upon the media type and the
importance of the data. This is laid down in the US
Department of Defense file DoD 5220.22-M National
Industrial Security Program Operating Manual (NISPOM) at
the end of section 8-307 which states that simply
overwriting the data seven or so times is not good enough
for a 3.5" floppy which has to destroyed.
Click here to open the DoD
There are in the order of 500 new viruses added each
month to the lists of viruses that antivirus product
vendors use to keep their AV products up to date. Many AV
vendors issue bulletins when particularly dangerous
viruses get into the wild and it is on the back of these
that the virus hoax writers have their "fun".
A typical hoax associates itself with some sort of
recognised authority, a big name that everybody is likely
to have heard of or sounds to the novice as though they
should have heard of it. Then, it sets out the plausible
details of the hoax and how the victim should avoid any
damage to their equipment by following a few easy
procedures and finally (almost as though the virus hoax
was itself a virus, but instead of utilising a computer's
operating system to spread itself, it has taken over the
mind of the user) it suggests that the message should be
passed to everybody the user knows.
An early virus hoax was the Good Times hoax which
wasted a lot of man-hours. Some people got very fed-up
with receiving warnings about it and somebody wrote the
Good Times Spoof which is well worth the read.
Reports of the computer vulnerabilities and hoaxes can
be seen at the CIAC site http://www.ciac.org/ciac/
on the link in the top right of the CIAC page to download
CIAC's PGP public key so that you can check any CIAC
the processing boundaries with Windows xp
||If you have a resource-hungry
application that runs under DOS such as this rocket
computer model, you might get a screen similar to this
one when it decides to over-stretch the Windows xp
resources that are available to it
In this case, the
program in question has gone from normal operating mode
into one where it needs to optimise two input variables
against each other giving a graph of one of six output
variables. The graph has up to 31 x 31 points so there is
quite a large array to be produced - 5766 figures plus
the processing overhead with its arrays and so on.
The program simply runs out of space when it
dimensions these arrays and stops itself, offering the
usual cryptic error message that could only ever mean
anything to one person (not necessarily the programmer).
One thing to bear in mind is that this particular
program runs well on all computers from DOS on a 486
through to Windows 98 on various Pentiums so clearly, it
should run on an operating system that is
"better" such as xp. Shouldn't it? So, why
||In Windows Explorer, locate the exe
program and right-click on it. Select that enormously
useful "properties" menu option (where would
we, or Windows be without the properties tag?)
the "Program" tab in the properties box and
then click on "Advanced..."
You can now see where the AUTOEXEC.NT file is stored.
Go back to Windows Explorer and find the file and open
it in Notepad (you should find this in the Start/
Programs/ Accessories menu unless you have already copied
the shortcut to half a dozen more useful places).
|The suspect lines:
REM Install CD ROM extensions
REM Install network redirector
REM Install DPMI support
|There is a lot of hepful explanatory
text in the AUTOEXEC.NT file and it is worth reading
through it but here are the main points:
- In xp, DOS runs as a shell within xp, that is to
say that xp does not run as a program on top of
- In xp, AUTOEXEC.BAT is not used to initialise the
DOS environment, AUTOEXEC.NT is instead (which is
why you are editing the NT file instead of the
- You can modify the AUTOEXEC.NT file to suit your
situation or specify a different file to run
I suggest that you should follow this procedure:
- REM out any lines that the program clearly
doesn't need or, if there is no sound blaster
needed, use the suggestion in the file -- in this
case, SET BLASTER=A0 which will make sure that
the sound blaster will not work (you might want
to see if this does not interact by allowing it
once you have got the program working properly),
- REM out the lines instead of deleting them
(deleting them is just a bridge burning exercise
that Murphy's law dictates you will regret at a
- REM out the minimum number of lines until it
- REM out the lines that you need just one at a
time (possibly using an orthogonal array instead
of a unary system -- if there are three suspect
lines, REM out 1, then 2, then 3, then 1&2,
1&3, 2&3, 1&2&3.
||At last, it is running perfectly.
you really want, you can now go back to the AUTOEXEC.NT
file and see what you can turn on again without it
messing up the way that the program works.
|If you have
your network hardware installed and have followed the
instructions with your LAN card, you should be able to do
YOUR MACHINE - Win98
||Right-click on the network neighbourhood
icon and then select Properties.
Click on the
Identification tab and then you can input the name of
your computer -- Here, I have chosen semiprecious stones
for the names of the computers but there is nothing to
stop you from choosing: elements from the periodic table;
big cats; mountains; asteroids; or even, amino acids (if
you don't want a network bigger than about twenty).
The workgroup should be the same for each computer
that needs to communicate on any network and here, where
there is only one network, "workgroup" is fine
although if you have a bigger site,
"sales", and so on would be a good start.
||Clicking on the configuration tab, then
on the network interface card's protocol entry (TCP/IP)
and then on properties brings up the TCP/IP properties
On the IP Address tab, you can specify the
computer's IP address and subnet mask.
You will notice that where the subnet mask is 255, the
IP address has to remain the same. It is also advisable
for each machine to use the same subnet mask so, you may
have a number of machines with a subnet mask of
255.255.255.0 and addresses
||Here, you can see that the situation is
fairly similar with Windows xp although there are less
lines in the connection items under the
"General" tab (which was
"Configuration" in Windows 98)
||Here, on WinRoute, selecting
"Settings" and then "Proxy Server"
brings up the "Proxy Server Settings" dialogue
If you activate the Proxy Server and set the port
to 3128 (which is what is normally is), much of the
Internet traffic that goes through that machine will be
Any browser on another machine that is configured to
use port 3128 on this machine (as a proxy), will be able
to access files without the proxy needing to go online.
This will speed up access to commonly browsed pages if
there is only one or two other machines on the network
but if there are many machines, and the users tend to
visit the same pages, access will be much faster as being
stored locally, the slowest network they will travel
across will be the LAN instead of through the continental
shift paced Broadband connection.
||Internet Explorer 6, here on Windows
98SE can be configured so that it browses only through
Click on "Tools", "Internet
Options" and then, on the "Connections"
tab, click on "LAN Settings..." and then check
the "Use a proxy server for your LAN ..." box.
For the Address, type in the LAN IP address of the
Network Interface Card (NIC) that the LAN is connected
to. In the Port box, type the same port number that you
had on your Proxy server.
With these details, the browser will quite happily
connect to the Proxy over the LAN and if it can't find
the pages it wants on the Proxy, the proxy will connect
to the Internet to retrieve them for you.
||Again, Internet Explorer 6, this time
running on Windows xp.
Note that all of the machines
that you want to connect to the proxy must use the
network IP address of the proxy server.
If you have a machine with two NICs, they will be on
different networks with the PC acting as a bridge between
them. In this case, you can use the proxy server software
(certainly in the case of WinRoute) as a basic firewall,
scrutinising traffic as it flows between the two
With a true firewall, on such a machine, it is
possible to prevent somebody on the "accounts"
network from accessing certain information on the
"personnel" network and so on as this can be
filtered out as a content rule.
||Running a proxy for browsing using the
LAN is not limited to Windows machines.
Here we see
the proxy configuration for a browser running under
OFF THE TAP
||With all of the traffic going through
the proxy on the LAN, the administrator of the proxy is
put in a position whereby (s)he can select which machines
have access to Internet resources at what times of the
day or week.
Alternatively, all browsing through the
proxy can be halted simply by switching it off.
Back to PC Plus Archive Index Page