To: Editors
From: Bill Johnson

Subject: HAL-PC magazine looks GREAT!

On leaving Houston in 2000, I dropped my membership; so I hadn't been watching your work; but I dropped back by today, and ... WOW! HAL-PC magazine is a knockout!

I _love_ the layout -- the comprehensive left-side link index outlined by date, PLUS the right-side in-feature links by date.

... the shorter lines in a narrowed central pane to make the text easier to follow ... the clean layout, with fonts and colors that are easy on the eyes.

... and did I mention the blessedly non-commercial, plain-English quality of the writing?

Fantastic!

Reading that Linux article, I realized something else:

HAL-PC's is easily _the_ best web magazine I've ever seen.

Note ...

  • the expandable/collapsible left link index, AND - the feature-specific right link index, AND
  • the smaller fonts & colored background to push the side frames back visually, relative to larger central fonts, black-on-white, all sans-serif, AND
  • the narrowed center pane is more readable, more like traditional print, AND
  • the very minimal boilerplate graphics, AND
  • the email links for writers.

... and, of course, _the_ most user-focused content anywhere.

Subject: error 645
From: A HAL-PC Member

My dial up works ok except when I access message center. The error occurs with Netscape or Explorer. It suggests a missing cookie. It usually lets me go on through. Suggest something, please.

Editor: The DUNS (Dial Up Networking) error 645 is an Internal Authentication Error, and can occur when either the password entered is incorrect or if “Require Encrypted Password” is enabled in the server type or security tab of your connection properties. For help to configure your connection, select the “Basic Configuration Information” for your Operating System on the HALNet Support Page at www.hal-pc.org/support/. For additional details about this error see also Microsoft Knowledge Base article #199780 and documents at www.modemsite.com/56k/duns645.asp or www.modemsite.com/56k/connectoid.asp.

Subject: Re: Fw: HALNet Advisory Message?
From: A HAL-PC Member

I wonder if the attached letter is a hoax. It looked authentic to me!

----- Original Message -----

Subject: HALNet Advisory - Possible virus infection on your computer.
HALNet Advisory - Possible virus infection on your computer.
This is a HALNet Advisory for your security.
It is possible that you have a virus, W32.Erkez.B@mm Also Known As: W32/Zafi-B. Please see the information below and check your computer.
Make sure your antivirus is up to date.
Thank you.

SYMANTEC (NORTON) W32.Erkez.B@mm is a mass-mailing worm that sends itself to the email addresses found on an infected computer. When it infects a computer it attempts to overwrite executables associated with security products installed on that machine.

To Remove: Update your virus definitions. (Do this immediately and manually if you have to. If you do not know how, contact your antivirus manufacturer.)

Do one of the following:

Windows 95/98/Me: Restart the computer in Safe mode.
Windows NT/2000/XP: End the malicious process.
Run a full system scan and delete all the files detected as W32.Erkez.B@mm.
See: securityresponse.symantec.com/avcenter/venc/data/w32.erkez.b@mm.html

SOPHOS W32/Zafi-B

Aliases I-Worm.Zafi.b, W32/Zafi.b@MM, Win32/Zafi.B, W32.Erkez.B@mm, PE_ZAFI.B

“W32/Zafi-B is a peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file...”
W32/Zafi-B collects email addresses from files which have the following extensions: HTM, WAB, TXT, DBX, TBB, ASP, PHP, SHT, ADB, MBX, EML and PMR. The worm stores the collected email addresses in randomly named files with a DLL extension in the Windows system folder.
See: www.sophos.com/virusinfo/analyses/w32zafib.html
McAfee W32/Zafi.b@MM us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126242

Microsoft Security Bulletin MS01-059
Unchecked Buffer in Universal Plug and Play can Lead to System Compromise - www.microsoft.com/technet/security/bulletin/MS01-059.mspx
“Corporate networks could be protected against Internet-based attacks by following standard firewalling practices (specifically, blocking ports 1900 and 5000).”
Microsoft Windows Update: v4.windowsupdate.microsoft.com/en/default.asp
Order the Windows Security Update CD: www.microsoft.com/security/protect/cd/order.asp
Virus Alerts: www.hal-pc.org/support/virus.html
Latest virus-related threats discovered by Symantec: securityresponse.symantec.com/avcenter/vinfodb.html
Symantec (Norton) Security Response: securityresponse.symantec.com/
McAfee - Virus Information Library: vil.nai.com/vil/
Symantec (Norton) Virus DATA (DAT) update site: securityresponse.symantec.com/avcenter/download.html
McAfee Virus DATA (DAT) update site: www.networkassociates.com/us/downloads/
VIRUS/WORM REMOVAL TOOLS - Norton (individual virus removal programs):
securityresponse.symantec.com/avcenter/tools.list.html
VIRUS/WORM REMOVAL TOOLS - McAfee ("stinger" will remove many common viruses): vil.nai.com/vil/stinger

Editor: HALNet Support confirmed that this is indeed a legitimate warning sent out by HALNet to infected users who are port scanning. They say that this activity seen from your computer could be an indication that a virus or Trojan Horse is present and advise that you should scan for viruses with something good like: AVG, or even Norton or McAfee, Trend Micro [www.hal-pc.org/support/trend.html], etc. They also suggest that you review the information at www.hal-pc.org/support/virus.html.
Use the multipurpose McAfee Stinger or the specific tool from Symantec for detecting and removing the W32.Erkez.B@mm virus (from www.symantec.com/avcenter/venc/data/w32.erkez.b@mm.removal.tool.html). If you find nothing, you should still check out your system and make sure that your virus signatures are up to date.

We look forward to hearing from you! Send your questions or comments for this column to emailbag@hal-pc.org. Names and addresses are printed only with permission, so please indicate your preference.