Volume 5, Issue 40 Atari Online News, Etc. October 3, 2003 Published and Copyright (c) 1999 - 2003 All Rights Reserved Atari Online News, Etc. A-ONE Online Magazine Dana P. Jacobson, Publisher/Managing Editor Joseph Mirando, Managing Editor Rob Mahlert, Associate Editor Atari Online News, Etc. Staff Dana P. Jacobson -- Editor Joe Mirando -- "People Are Talking" Michael Burkley -- "Unabashed Atariophile" Albert Dayes -- "CC: Classic Chips" Rob Mahlert -- Web site Thomas J. Andrews -- "Keeper of the Flame" With Contributions by: Paul Caillet Kevin Savetz To subscribe to A-ONE, change e-mail addresses, or unsubscribe, log on to our website at: www.atarinews.org and click on "Subscriptions". OR subscribe to A-ONE by sending a message to: dpj@atarinews.org and your address will be added to the distribution list. To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE Please make sure that you include the same address that you used to subscribe from. To download A-ONE, set your browser bookmarks to one of the following sites: http://people.delphiforums.com/dpj/a-one.htm http://www.icwhen.com/aone/ http://a1mag.atari.org Now available: http://www.atarinews.org Visit the Atari Advantage Forum on Delphi! http://forums.delphiforums.com/atari/ =~=~=~= A-ONE #0540 10/03/03 ~ Another MS Settlement! ~ People Are Talking! ~ Steem Update News! ~ Subpoena Use Protested ~ Ballmer Slams Hackers! ~ New PSX Game Device! ~ 8-bit Graphics Contest ~ OpenOffice 1.1 Ready! ~ Pop-Up Killers! ~ MSBlaster 2 A No-Show! ~ MS Faces Security Suit ~ New AOL Spam Filters -* P2Ps Unveil Code of Conduct! *- -* Hackers To Face Tougher Sentences! *- -* Music Industry Will Talk Before Lawsuits! *- =~=~=~= ->From the Editor's Keyboard "Saying it like it is!" """""""""""""""""""""""""" Well, it didn't take long for us to truly realize that summer was over and fall taken over! While the weather has been nice, it's getting noticeably colder. Earlier tonight, I pulled in all of my remaining veggies from the gardens to beat the predicted first frost. I had a great crop this year; I've been bringing in bagloads of stuff in to work because I can't keep up with eating it all! And some of my neighbors have also been getting some. But, that's over for another season. We're finally getting that addition to the house next week. Actually, we're enclosing our existing deck with a sunroom, but it will be almost like adding an additional room to the house. That should be fun, especially in the warmer months. Things at work are still hectic as ever. I could rant about it for pages, but I won't. I'm sure that many of you have had similar experiences in the past. Wouldn't it be nice to be back in simpler times, like when using an Atari computer was a breeze rather than messing with more complicated machines. On a happier note, if you recall my relating the story of "Pug" last week, he's back home from the veterinary hospital. He seems to be recovering well, but still has a way to go. Still, it's heartening to know he's back home with family. that will help to speed up the healing process. Until next time... =~=~=~= Steem 2.61 Hello, 26th September 2003 - Steem v2.61 Well v2.5 didn't contain any major bugs, but v2.6 did. So here is a small update to stop Steem crashing, there are no emulation improvements. However this version is definitely worth the download as, thanks to the author of Netatari (rb), we have finally fixed the Windows 98 extended features crash, so now all Steem users have access to the profiles and macros features. Bugs . Fixed extended features Windows 98 crash finally (thanks rb!) . Stopped crashing on complex 60Hz screens . Corrected extended monitor reset display New Features . Close disk manager after insert, reset and run option . Australian keyboard language added . DEBUG: Added I/O address monitoring, write and read You can get the update from the download page: http://www.blimey.strayduck.com/download.htm Best regards, Paul CAILLET $500 Atari 8-bit Graphic Programming Contest Mark DiLuciano of Sunmark Products has announced a $500 Graphic Programming Contest for Atari 8-bit computers. All you need to do is deliver an executable that can be loaded on an 8-bit machine, with a maximum file size of 16K. First prize is $300 cash, second prize $150, and third prize $50. The art can be on any subject matter, and can even be animated. The contest will run until October 20th, 2003, with winners announced on November 1st. For complete details, visit: http://www.atariage.com/forums/viewtopic.php?t=34470 =~=~=~= PEOPLE ARE TALKING compiled by Joe Mirando joe@atarinews.org Hidi ho friends and neighbors. It's gonna be a short column this week. I've got some kind of flu bug, and I feel like hell. It's not the worst sickness I've ever had... I didn't even miss work today. Although I wish I had been smart enough to stay home. I think that, more than anything else, it annoys me to be sick. And at the same time that I'm annoyed by being sick, I'm happy that it's just a case of the flu. Well, let's get on with the news, hints, tips, and info available from the UseNet. >From the comp.sys.atari.st NewsGroup ==================================== Facundo Arena asks about a parallel port driver: "I'm looking for a Parallel-port-drive driver called HDD-Daemon, which may let me use a PC HDD on my Atari 1040STfm, using a special parallel port cable. Does anyone have it? Is it good? It seems the be the only option I have since it's impossible for me to find a SCSI host adapter or something like that...." Adam Klobukowski tells Facundo: "Search for hdd_dmn .lzh or .zip. I remember there was page in czech language with it." Facundo checks around and tells Adam: "I found it! Thanks!!! Now, do I have to build a special parallel cable? I think my PC has a bidirectional parallel port... is it necessary?" 'Bruce' asks a favor of Facundo: "Could you post the link to the files ? i'm trying to get my ST a hard disk too..... And maybe, i can help you on building that cable! Nevermind... i found it... I was reading... And off course, you will need a bi-dir parallel port.. (But, all newer computers are equipped with, at least, one) The problem, is to build the cable. nothing else.. I'm going to build it, and post comments.." Kenneth Medin asks about Adamas with STiNG and a little twist: "I'm trying out the Adamas browser using a STinG setup with the Draconis emulator. I'm on a LAN with EtherNec and a "broadband router" with NAT connected to the Internet. Using Adamas strictly locally on the LAN I can surf to both the Weblight web server on another Atari here and a pc running Debian/Apache. But as soon as there is a single link to the outside with a named url (a counter for example) Adamas goes down. If I try to enter an external url it goes down right away. Apart from that Adamas seems to be quite a nice browser but useless to me at the moment... When I try to Ping other hosts with DRACPING.PRG I get response from all computers on my LAN including the router. If I Ping any outside numerical address I get no response at all! Judged by the lights on the router the Ping packets does not even manage to go through the NAT of my router and out on the Internet. Resolving works OK as there is a DNS proxy in the router. All native STinG clients work like they should. Has anyone managed to Ping an outside host using Draconis on a similar setup? I find it interesting that Adamas crashes on all external sites but not on local 192.168.0 LAN sites and DRACPING.PRG fails to reach the same sites." Edward Baiz offers this bit of info to Kenneth: "I got it to work with my Lan using MagicNet. Have not tried the Mint side, but I would guess it would work also...." John Garone asks an interesting question about forging message headers: "How much of a header can be forged? It seems to me you can't forge the IP #s which the post or mail passes through so shouldn't they be traceable back to the real source?" Guy Harrison tells John: "Let's find out shall we? I'm using my ISP's mail server here 'cos my local one would insert lots of stuff and wouldn't get the point across... $ telnet smtp.ntlworld.com 25 Trying 62.253.162.40... Connected to smtp.ntlworld.com. Escape character is '^]'. 220 mta03-svc.ntlworld.com ESMTP server (InterMail vM.4.01.03.37 201-229-121-137-20020806) ready Sun, 28 Sep 2003 17:29:17 +0100 helo 250 mta03-svc.ntlworld.com helo atlantik.net 250 mta03-svc.ntlworld.com mail from: foo@atlantik.net 250 Sender Ok rcpt to: swamp-DEL-dog@ntlworld.com 250 Recipient Ok data 354 Ok Send data ending with . From: John Garone To: Mr IRS Dude@irs.com Subject: Dat darn bill I will not pay! No, not ever!!! . 250 Message received: 20030928163141.TXFQ27049.mta03-svc.ntlworld com@atlantik.net quit 221 mta03-svc.ntlworld.com ESMTP server closing connection Connection closed by foreign host. The only thing I altered above is to insert "-DEL-" so that spambots can't grab me address off this article. Lo & behold the end-product appears moments later... Return-Path: Received: from atlantik.net ([80.4.128.70]) by mta03-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP id <20030928163141.TXFQ27049.mta03-svc.ntlworld.com@atlantik.net> for ; Sun, 28 Sep 2003 17:31:41 +0100 From: John Garone To: Mr IRS Dude@irs.com Subject: Dat darn bill Message-Id: <20030928163141.TXFQ27049.mta03-svc.ntlworld.com@atlantik.net> Date: Sun, 28 Sep 2003 17:32:45 +0100 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: I will not pay! No, not ever!!! Okay, so what's useful there. Not much I'm afraid. If you want to report someone then this is the line... atlantik.net ([80.4.128.70]) by mta03-svc.ntlworld.com ...and ignore the textual address. As you can see that's bollox as well. It's the IP address you're after... $ nslookup 80.4.128.70 Server: cache1.ntli.net Address: 194.168.4.100 Name: m70-mp1.cvx1-a.not.dial.ntli.net Address: 80.4.128.70 ...and a... $ whois 80.4.128.70 [snip lots of stuff] ...ought to yield an ISP address to report it to. You don't need these tools on your machine: there's plenty of web based ones. Note that there's a clue in the above "Name:" that its a dialup account & therefore pretty certain to be on a dynamic address. You need ISP help to discover who was using that address at the time of the abuse. However, if it does happen to be a fixed address then you're laughing so to speak 'cos it identifies them directly." David Bolt adds his thoughts: "Any header in a mail can be forged, with the exception of those inserted by the last server to handle the mail (should only be a Received: header, but some broken clients don't insert a Date: header). In general, these are going to be the ones added by your ISP, or your own server if your running one. Here's a tutorial on how to read headers: Google throws up a few more links with this: Searching Google groups should turn up a few more, but it looks like Google groups has a problem with memory. It seems to have forgotten stuff from the last 4 or 5 years." 'Yves' asks about setting up EasyMiNT: "I'm trying to install Easymint on a good old Atari STE with SCSI HD connected to ICD LINK. I set up the HD with 3 partitions using atari-fdisk under linux: */dev/sda1 10MB GEM boot partition */dev/sda2 190MB LNX partition */dev/sda3 50MB BGM partition (for Easymint installer) I use ICD drivers to make my HD recognized by the Atari, but it seems only both GEM and BGM partitions are seen from this drivers! So when I launch the easymint installer, i'm logically told no LNX or RAW partition is found on my HD. I tried using CBHD drivers instead of ICD drivers, but all I can get at boot time is 4 bombs and of course, no desktop. My questions are: *is CBHD able to see LNX partitions so that i can install Easymint ? *how can I make CBHD stop to crash at boot? *(worst case) do I really _need_ to buy HDDRIVER if everything fails? How can I be sure it will work on my system, since demo version doesn't have SCSI driver target interface and allows writing only C: ?" Maurits van de Kamp tells Yves: "So, all this under a big "IIIC" (If I'm Informed Correctly) : MiNT extended file systems require XHDI, which is (I think) an API extension to the hard disk driver. I know that the ICD drivers don't have this, I don't know about CBHD. HDDriver does for sure. And it's the best hard disk driver anyway, so use it However, I don't know if this is the cause of the fact that the driver doesn't actually see the partitions. I would expect them to see them, just MiNT not being able to use XFS-drivers." Lonny Pursell adds: "I am quite sure the latest minixfs driver requires XHDI. It would be safe to assume the other extended file systems do as well." Yves adds: "Oh well, HDDRIVER seems to be ok, but it's a commercial software, and I believe that paying for a driver to install a free OS is quite a paradox! My ST can't match with nowadays PCs and MACs productivity and still I have to spend 35 EUR for just having _free_ fun with an obsolete computer? That's why I try harder with CBHD, as it is freeware and said to support XHDI... But I didn't find yet any info on how to configure it to make it see LNX partitions..." Lonny tells Yves: "I can only recall my setup of minix. When I did this, I had to partition the drive, then set the partition type as RAW if I remember correctly. Once I did that, the minix setup tool would see it and setup the partition for use. I already had the commercial driver at the time though. You might try finding a used copy at a reduced cost or watch ebay." Well folks, my meds are wearing off and my wife (aka 'The Ball & Chain') is telling me I need to rest. I'll be past this wee lil' beastie in the next day or so, so tune in next week and be ready to listen to what they are saying when... PEOPLE ARE TALKING =~=~=~= ->In This Week's Gaming Section - PS2 Price Cut In UK! """"""""""""""""""""""""""""" New All-In-One PSX Device! Half-Life 2 Woes! And more! =~=~=~= ->A-ONE's Game Console Industry News - The Latest Gaming News! """""""""""""""""""""""""""""""""" Sony Cuts PlayStation 2 Price in UK for Christmas Push Sony Corp said on Tuesday it would drop the price of its best-selling PlayStation 2 video game console in the United Kingdom, the first price cut in over a year in the company's top European market. Beginning October 1, the PlayStation will carry the suggested retail price of 139 pounds ($232.40), representing a 13 percent discount, the company said. "We're bringing the UK in line with a price cut the rest of Europe had earlier in the year. The UK was the only territory where the price remain unchanged," a spokesman for Sony Computer Entertainment Europe said. In continental Europe, PlayStation 2 has a suggested retail price of 199 euros ($233.20). Sony cut prices in continental Europe and the U.S. in May in preparation for a traditionally slow summer retail season. Demand in the U.K. has remained relatively strong, enabling the company to maintain prices at the higher level for a longer period. Rumors persisted that Sony would be forced to introduce discounts for the Christmas period to match prices of its trailing rivals Microsoft Corp's Xbox and Nintendo's GameCube. Sony to Unveil All-In-One PSX Game Device Next Week Sony Corp said on Friday it would unveil its all-in-one PSX game device to the public next week. The PSX, which packs a TV tuner, DVD recorder, hard-disk drive, and the PlayStation 2 game player into a single white box, will be unveiled at the CEATEC Japan 2003 industry show in Makuhari, near Tokyo, on Tuesday, Sony said in a statement. Sony plans to launch the machine in Japan before the end of this year, and in Europe and the United States early next year, but a spokesman for Sony said on Friday the exact launch timetable and pricing were yet to be decided. Some analysts have expressed concerns the PSX could eat into demand for other Sony products at a time when the company is suffering from sluggish sales of its Vaio PCs and home electronics goods. IE Gets Blame for Theft of Half Life 2 Code Security experts are blaming known but unpatched vulnerabilities in Microsoft Corp.'s Internet Explorer for the theft and distribution of the source code for a much anticipated new video game. The source code for Valve Corp.'s Half Life 2, a sequel to the popular shoot-'em-up game that was due out by December, was posted on the Internet on Thursday, according to a statement from Valve Managing Director Gabe Newell. The theft of the code, which was made available for download on the Net, came after a monthlong concerted effort by hackers to infiltrate Valve's network. Malicious activity in the Valve network included denial-of-service attacks, suspicious e-mail activity and the installation of keystroke loggers, Newell added. "This is what happens when you have 31 publicly known unpatched vulnerabilities in IE," wrote Thor Larholm, senior security researcher for PivX Solutions LLC, in a posting to the NTBugTraq mailing list. "I have seen screenshots of successfully compiled HL2 installations, with WorldCraft and Model Viewer running atop a listing of directories such as hl2, tf2 and cstrike." Newell is seeking the Internet and gaming communities' help in tracking down the code thieves. The company has set up an e-mail address, helpvalve@valvesoftware.com, to collect information and tips on the hack. Military Recruits Video Game Makers Hunched with his troops in a dusty, wind-swept courtyard, the squad leader signals the soldiers to line up against a wall. Clasping automatic weapons, they inch single-file toward a sandy road lined with swaying palm trees. The squad leader orders a point man to peer around the corner, his quick glance revealing several foes lying in wait behind a smoldering car. A few hand signals, a quick flash of gunfire, and it's over. The enemy is defeated, but no blood is spilled, no bullet casings spent: All the action is in an upcoming Xbox-based training simulator for the military called "Full Spectrum Warrior." Increasingly, the Pentagon is joining forces with the video games industry to train and recruit soldiers. The Army considers such simulators vital for recruits who've been weaned on shoot 'em up games. Even the Central Intelligence Agency is developing a role-playing computer simulation to train analysts. "We know that most of our soldiers know how to use a game pad," said Michael Macedonia, chief scientist at the Army's Program Executive Office for Simulation, Training and Instrumentation in Orlando, Fla. "Every kid figures out the controls pretty fast." For years, the U.S. armed forces have used big, sophisticated simulators with hydraulics, wall-sized video screens and realistic cockpits. But such gear costs millions of dollars - far too pricey even by military standards to be widely available. And that's why video games make sense. "Full Spectrum Warrior" was created through the Institute for Creative Technologies in Marina Del Ray, Calif., a $45 million endeavor formed by the Army five years ago to connect academics with local entertainment and video game industries. The institute subcontracted game development work to Los Angeles-based Pandemic Studios. The institute's other training program, "Full Spectrum Command," was released for military use in February. That game, for the PC, is geared toward light infantry company commanders who lead about 120 people. Set in eastern Europe, it tests organization, decision-making and the ability to recognize threats in a peacekeeping setting. With "Full Spectrum Warrior," currently in testing at Fort Benning, Ga., squad leaders learn how to command nine soldiers in complex, confusing urban warfare scenarios. The game isn't not about sprinting, Rambo-like, through alleys with guns blazing. "It's not really about shooting at things," Macedonia said. "Learning how to shoot your weapon is easy. The challenging thing is leading." The game the Institute for Creative Technologies has been working on with the CIA for about a year - at a cost of several million dollars - will let agency analysts assume the role of terror cell leaders, cell members and operatives. "Our analysts would be accustomed to looking at the world from the perspective of the terrorists we are chasing, and learn to expect the unexpected," CIA spokesman Mark Mansfield said. Training aside, video games are increasingly viewed by top brass as a way to get teenagers interested in enlisting. Games such as "America's Army", developed and published by the Army, and "Guard Force", which the Army National Guard developed with Alexandria, Va.-based Rival Interactive, can be downloaded or picked up at recruitment offices. "America's Army" has been a hit online since its July 2002 release, attaining some 1.5 million registered users who endure a basic training regiment complete with barbed-wire obstacle courses and target practice. "Guard Force" has been less successful. Released last year, features bland synth-rock music that blares in the background. Between video commercials touting the thrills of enlisting in the Army National Guard, gamers pluck flood victims from rooftops or defend a snowy base. In the training mission, gamers deploy helicopters, even tanks, to rescue skiers trapped in an avalanche. The creators of "Full Spectrum Warrior" hope their stint with the Army will also spur commercial sales. Pandemic is already busy creating a retail version that will add multiplayer capability, streamline the controls and dispense with such realities as death from a single gunshot wound. "The explosions will be bigger. Smoke will develop more quickly. A squad leader could call in an F-16 strike," said Jim Korris, creative director for the Institute for Creative Technologies. "That doesn't happen in the real world." THQ Inc. is expected to release the public version early next year. An early demonstration in May at Electronic Entertainment Expo, the video game industry's annual trade show, won "Best Original Game" and "Best Simulation" awards. There are no plans to commercially release the CIA game. =~=~=~= A-ONE's Headline News The Latest in Computer Technology News Compiled by: Dana P. Jacobson MSBlaster II Fails To Materialize, Worm Writers Lying Low Over a week ago, several security experts noticed that exploit code for a recently-disclosed vulnerability in Microsoft Windows was circulating throughout the hacker underground, and said that another MSBlaster-style worm was only "days away." No such worm appeared. What gives? "We saw a highly functional binary that exploited Microsoft 2000 and evidence of tools that would allow an attack on Windows XP," said Ken Dunham, an analyst with security firm iDefense, and one of those who claimed that a so-called MSBlaster II worm was imminent. On further analysis, it turned out that the code was buggy, and didn't always work. "It's hard to predict what's out there," Dunham said in defending the announcement of an imminent MSBlaster II worm. "But security firms do understand trends. We have a good understanding of the hacker underground, and we were seeing a ton of activity on the 039 vulnerability. We really thought that something was going to happen." Another of the security experts who said that another MSBlaster worm might show up soon was Bruce Schneier of Counterpane Internet Security. "So far we're lucky," he said. "But this stuff is all random. Worms are created by the kind of guy who when he doesn't have a date, writes a worm. "It's a judgment call," Schneier said, in talking about whether to make an announcement or keep quiet. "You're right, people get complacent," when you make constant announcements, "but the real problem is that there are so many patches and vulnerabilities. You just do the best you can." Dunham defended the practice of blowing the whistle on possible worms. "Getting the news out has a side benefit of getting a lot of people to update, people such as home users and small businesses who don't normally update regularly. It helps protect a lot of computers against vulnerabilities." Other security experts agreed that spreading the warning about a potential new worm was the right thing to do. At least in this case. Other security experts agreed that spreading the warning about a potential new worm was the right thing to do. At least in this case. "They were absolutely correct, and would have been remiss if they hadn't," said Alfred Huger, the senior director of engineering at Symantec's security response center. "Unfortunately, we don't always nail a time window on an exploit," he explained. Although there's a danger of destroying credibility in the long term by 'crying wolf,' Huger noted that there's a very fine line between disclosing that an exploit exists and saying nothing. Security firms can get slammed either way. "Security vendors have to be remarkably careful about disclosing information, but in this case, it was based on pretty solid information." It may be that worm writers are playing possum, spooked by recent arrests in both the U.S. and Romania of men charged with writing variants of the original MSBlaster. Dunham and Huger said that these arrests might well be the reason why a new worm hasn't shown. "The people who create worms are lying low," Dunham said. "When worm authors are quickly prosecuted and held accountable, that impacts development. They're thinking, 'It's just not worth it if I'm going to jail.'" "I think they saw the arrests and decided writing a worm wasn't worth the trouble," Huger agreed. Not that there isn't plenty of hacker activity related to the second RPC DCOM vulnerability in Microsoft Windows. That vulnerability goes by the Microsoft-assigned moniker of MS03-039. "We're still seeing hard evidence that a significant number of computers have been infected by Trojan horse authors exploiting the 039 vulnerability," Dunham said. "They're still targeting computers that are vulnerable." The behind-the-scenes activity is both different, and possibly more dangerous, than an actual worm, Dunham said. Trojan horse authors can very quietly and covertly attack systems with the intention of remotely controlling them, then use that access to steal confidential information from compromised machines. Their motivation differs from that of worm authors, who simply want to see the Internet disrupted on a massive scale. But even though another MSBlaster hasn't struck, that doesn't mean users should be complacent, Dunham said. "Trojan horse authors are continuing their attacks," he said. Hackers to Face Tougher Sentences Convicted hackers and virus writers soon will face significantly harsher penalties under new guidelines that dictate how the government punishes computer crimes. Starting in November, federal judges will begin handing out the expanded penalties, which were developed by the U.S. Sentencing Commission. Congress ordered the changes last year, saying that sentences for convicted computer criminals should reflect the seriousness of their crimes. "The increases in penalties are a reflection of the fact that these offenses are not just fun and games, that there are real world consequences for potentially devastating computer hacking and virus cases," said John G. Malcolm, deputy assistant attorney general and head of the U.S. Justice Department's computer crimes section. "Thus far, the penalties have not been commensurate with the harm that these hacking cases have caused to real victims." There are multiple factors that a judge depends on to determine whether to send someone to prison and for how long, but most maximum prison sentences handed down for computer crime range from one year to 10 years. Hackers whose exploits result in injury or death - if they disable emergency response networks or destroy electronic medical records, for example - face 20 years to life in prison. Hackers will face up to a 25 percent increase in their sentences if they hijack e-mail accounts or steal personal data - including financial and medical records and digital photographs. Convicted virus and worm authors face a 50 percent increase. Sentences also will increase by 50 percent for hackers who share stolen personal data with anyone. The sentences will double if the information is posted on the Internet. More than half of the sentences handed out under federal computer crime laws would be lengthened by this change alone, according to a Sentencing Commission report released in April. Jail time also will double for hackers who break into government and military computers or networks tied to the power grid or telecommunications network. Hackers who electronically break into bank accounts can be sentenced based on how much money is in the account, even if they don't take any of it. Under the new guidelines, however, judges can tack on a 50 percent increase to the sentence if the hacker did steal money. Prosecutors traditionally had to show that computer criminals caused at least $5,000 in actual losses to win a conviction. The new guidelines let victims tally financial loss based on the costs of restoring data, fixing security holes, conducting damage assessments and lost revenue. "Some computer crimes are more serious than others, and these new guidelines reflect that critical infrastructures need to be protected and that invasions of privacy need to be treated as seriously as invasions of our pocketbooks," said Mark Rasch, former director of the Justice Department's computer crimes division and chief security counsel for Solutionary Inc., an Internet security company in Tysons Corner, Va. Kevin Mitnick, a well known former hacker who spent almost six years in prison, said he doubts the increased penalties would deter hackers. "The person who's carrying out the act doesn't think about the consequences, and certainly doesn't think they're going to get caught," Mitnick said. "I really can't see people researching what the penalties are before they do something." The new guidelines will not apply to sentences handed out or prosecutions underway before Nov. 1. This includes the high-profile case of Adrian Lamo, the 22-year-old computer hacker who stands accused of infiltrating and damaging the New York Times Co.'s source list and computer network. In addition, the guidelines generally will not apply to juveniles, who normally are charged in state courts. In one notable exception, the government last week charged a North Carolina youth as an adult for releasing a version of the Blaster worm. Most computer criminals are well educated, have little or no criminal history, commit their crimes on the job and often are seeking financial gain, according to Sentencing Commission documents. Of the 116 federal computer crime convictions in 2001 and 2002, about half involved disgruntled workers who used their knowledge to steal from or to discredit their former employers. Jennifer Granick, an attorney who represents one of those criminals, said that they are unfairly singled out for tougher sentences than other white-collar perpetrators. "In most cases, the use of a computer is the trigger for prosecution or for greater sentencing, because so many upward adjustments apply once a computer is involved in the case," said Granick, director of Stanford Law School's Center for Internet and Society. Her client is Bret McDanel, a 30-year-old California man sentenced in March to 16 months in prison for revealing sensitive security information about his former employer's computer network. Federal prosecutors said McDanel, who worked as a computer security staffer for the now-defunct Tornado Development Inc., sent the information to Tornado's 5,000 customers in September 2000, crashing the company's server. McDanel would have faced two years in jail under the new sentencing guidelines, said Granick, who argued that it is difficult to place a real dollar loss on computer crimes so judges typically impose harsher sentences than necessary. Granick also said prosecutors could manipulate the damage amount to appear much larger than it really is, giving the government an advantage in plea bargaining. Malcolm, the Justice Department's computer crimes chief, said that the department does not give prosecutors suggestions on determining damage amounts, and that prosecutors pursue plea bargain negotiations on a case-by-case basis. Internet security expert Rasch said that the number of computer-related prosecutions could rise as federal prosecutors try to tie them into otherwise unrelated crimes. He said this is especially possible in light of a recent memo from Attorney General John Ashcroft urging prosecutors to seek more convictions and stronger sentences based on the most serious charges they can find. "We could soon end up seeing a greater number of ordinary crimes prosecuted as computer crime in an effort to get more leverage for a plea, just because somehow, somewhere there's a computer involved," Rasch said. Malcolm said this is unlikely. "In your run-of-the-mill cases where the computer is only a tangential part of the crime, there are not going to be significant enhancements," he said. If there is an increase, he added, it is because "whether they're drug dealers, embezzlers, hackers or software pirates... people who commit crimes use computers more than they used to." Peer-To-Peer Networks Unveil Code of Conduct Several Internet "peer-to-peer" networks unveiled a code of conduct on Monday to encourage responsible behavior among the millions of users who copy music, pornography and other material from each others' hard drives. The networks also asked Congress to figure out some way that recording companies and other copyright holders can be reimbursed for the material traded online and urged users to get involved. The recording industry, stung by declining CD sales that it attributes to widespread peer-to-peer use, has taken the software makers and more recently their users to court in an attempt to squelch the practice. The Recording Industry Association of America, which represents the five largest labels, said Monday it had reached settlements with 64 of the 261 individuals they sued earlier in September, usually for less than $5,000. In an attempt to drum up political support, the RIAA has also portrayed peer-to-peer networks as a dangerous haven for child pornographers, identity thieves and "spyware" that secretly tracks online activity. Such charges "are not central to the relevant debate, and that debate is about how we build an online marketplace for the 21st century," said Adam Eisgrau, executive director of P2P United, an industry trade group. P2P United members - Lime Wire, Grokster, Blubster, BearShare, Morpheus and eDonkey 2000 - said they would help law enforcers track down child pornographers, would make it easier for users to protect sensitive material on their hard drives, and would not secretly install spyware on users' computers. The group also said it would encourage users to learn about copyright laws but would not install filters or otherwise limit users' ability to trade copyrighted material. Such filters would not be technically feasible and would infringe on legally permitted methods of sharing, they said. Kazaa, the music file-sharing service that is the most widely used peer-to-peer network, is not a member of the group. P2P United invited the recording companies to sit down and negotiate a method so they could be paid for the copies users make of their materials. Members suggested various models such as the per-song fee radio stations pay song publishers or the small surcharge levied on blank video and audio tapes, but steered clear of specifics. As was the case with radio, the videocassette and other technologies that have eventually enriched Hollywood, content owners have more to gain from negotiation rather than litigation, they said. "Music is what it is in big part because of radio," said Pablo Soto, chief executive of the Blubster network. An RIAA spokeswoman said it was "refreshing" to see P2P United educate its users about copyright law and security risks. "But let's face it, they need to do a whole lot more before they can claim to be legitimate businesses," RIAA spokeswoman Amy Weiss said in a statement. Use of Subpoenas to Name File Sharers Criticized The music industry's ability to use subpoenas to learn the names of people who allegedly pirate songs over the Internet is coming under increasing fire from civil liberties groups and members of Congress concerned at how the power is being employed to launch a broad legal attack on file sharing. The Digital Millennium Copyright Act of 1998 gives copyright holders wide latitude to demand that Internet service providers turn over the names and addresses of people suspected of illegally trading song files. Over the summer, lawyers for the music industry - under the umbrella of its trade group, the Recording Industry Association of America - used that power to serve more than 1,500 "information subpoenas" on phone and cable companies and other Internet providers in an attempt to learn who owned the Internet accounts belonging to the users of file-sharing services. With that information, the industry filed lawsuits against 261 people on Sept. 8, and it has promised thousands more suits are coming. The music industry said it needed to take the action to slow the free sharing of digital music over the Internet, a trend it blames for a 31 percent slump in sales over the past three years. But the industry's aggressive use of the subpoenas has drawn the ire of Internet service providers, which believe it violates their customers' privacy, and some lawmakers, who blanche at seeing children and grandparents getting sued by powerful commercial interests. A Senate hearing on the subject is scheduled for today. Monday, the American Civil Liberties Union asked a federal court to quash one of the RIAA's subpoenas that would force Boston College to hand over the name of a female senior whom the RIAA suspects of pirating songs. The ACLU calls the information subpoena unconstitutional, saying it violates due process, and filed the motion to quash on behalf of student "Jane Doe." For others, the RIAA suits look heavy-handed. "The bottom line is, there has got to be a better way" than mass-suing file sharers, said Sen. Norm Coleman (R-Minn.), who will chair a hearing today of the Senate Permanent Subcommittee on Investigations, featuring testimony from Jack Valenti, president of the Motion Picture Association of America, and new RIAA Chairman Mitch Bainwol, in his first high-profile public appearance. Coleman noted that copyright law allows for fines as high as $150,000 per violation, or, essentially, per traded song or movie file, and that defendants in the suits may not have known that friends or children were using their computers. The RIAA withdrew one suit after the target said her computer did not run the right software for file sharing. But the industry said it had settled 64 other suits. In an interview last week, RIAA President Cary Sherman said the settlements are averaging about $3,000 per defendant. "I come back to basic concerns about how the industry is making an example of a few people using broad power that is essentially unregulated," said Coleman, who added that his 17-year-old son traded songs online until Coleman told him to stop. "It puts people in fear of draconian penalties to settle up on something they may or may not have done." Verizon Communications Inc., the nation's largest phone company, was at the table when the Digital Millennium Copyright Act was drawn up and the information subpoena agreed upon. But Verizon had second thoughts about the provision earlier this year and said it would not hand over its customers' names to the RIAA. In April, the U.S. District Court in Washington ruled against Verizon, saying it must comply with the federal law. Verizon has appealed the decision, which is being considered by the U.S. Court of Appeals in Washington. "In hindsight, it was a mistake to agree to it," said Sarah B. Deutsch, Verizon's associate general counsel. "We thought it would be rarely used." The information subpoena does not require a judge's order but merely a clerk's stamp and a small payment. For a time this summer, the RIAA turned a small office at the U.S. District Court on Constitution Avenue into a subpoena factory, as clerks were brought in from adjacent offices to keep up with the association's appetite. Deutsch called the information-subpoena provision "a dangerous and vague loophole" that Internet pornographers and cyberstalkers could use to violate customers' privacy. Verizon is working with lawmakers in an attempt to overturn the provision; earlier this month, Sen. Sam Brownback (R-Kan.) introduced a bill that would ban the RIAA's use of information subpoenas to find music pirates. "Bringing a few targeted enforcement cases was not enough for them," Deutsch said. "They wanted the right to get everyone's name and go on a blitzkrieg approach to enforcement." Sherman said the RIAA will fight to keep the provision in the federal law. "We think that taking away the information-subpoena process is basically giving people the right to infringe with impunity," said Sherman, who once worked for Verizon as an information technology lawyer. Sherman also hinted that settlements in the next wave of lawsuits could be higher than $3,000 each, because "the notion that 'Oh, I didn't know this was illegal' is less and less true," thanks to the onslaught of press coverage of the Sept. 8 suits. Music Industry Will Talk Before Suing The music industry, criticized for its recent wave of lawsuits aimed at stopping song swapping on the Internet, agreed yesterday to contact future defendants before they are sued and give them a chance to pay a cash settlement or argue that they have been mistakenly accused of copyright infringement. The shift, announced at a Senate hearing by Mitch Bainwol, chairman of the Recording Industry Association of America, was in response to critics who accused the music industry of casting too wide a legal net over alleged song pirates, ensnaring 12-year-olds and grandfathers alike. "We are trying to be reasonable and fair and allow these cases the opportunity to be resolved without litigation," Bainwol said. Bainwol nevertheless defended the industry's decision to file 261 lawsuits alleging copyright infringement. "The suits are the last resort and the end product of our campaign," he said. "They are the last thing we had in our quiver." U.S. sales of recorded music, mostly compact discs, have dropped 31 percent drop over the past three years, the RIAA says. It blames people who trade songs on the Internet. The RIAA has advertising and education campaigns to teach song-swappers about copyright law. It also is suing those it characterizes as "egregious offenders," mostly people with at least 1,000 songs on their computer hard drives that can be downloaded by others using peer-to-peer file-sharing software such as Kazaa, Grokster and Morpheus. The lawsuits have been criticized by civil liberties groups, which say the RIAA's ability to use subpoenas to learn the names of traders is unconstitutional. Some members of Congress also have expressed concern. Sen. Norm Coleman (R-Minn.), who called yesterday's hearing of the Senate Permanent Subcommittee on Investigations, said in an interview last week that he hoped to find a way to protect copyrighted songs without suing consumers. The Digital Millennium Copyright Act of 1998 gives copyright holders the right to subpoena Internet service providers for the names and addresses of people suspected of illegally trading song files. Bainwol said the RIAA subpoenas force the Internet service providers to give up only "the same information that some of the ISPs sell to their marketing partners." Yesterday's hearing included celebrity witnesses - rappers LL Cool J and Chuck D, who are on opposite sides of the song-sharing debate and RIAA suits. "A reporter asked me if I wanted to sue my fans," said LL Cool J, whose rap name stands for "Ladies Love Cool James" and who was referred to as "Mr. Cool J" by Coleman. "I told him, 'Do you write for your paper for free?' " Chuck D, founding member of Public Enemy, an influential rap group, was one of the first musicians to support peer-to-peer file-sharing. His 1999 "There's A Poison Goin' On" was the first full-length album by a major artist made available for download. "P2P to me means 'power to the people,' " Chuck D said. "The fans got hold of the technology before the industry did." The hearing included a sharp exchange between Sen. Carl M. Levin (D-Mich.) and Alan Morris, executive vice president of Sharman Networks Ltd., Kazaa's parent company. Kazaa is the most popular Internet file-sharing software and the bane of the music industry, which says Kazaa is the main enabler of song piracy and that it has knowingly built a business on violating copyrighted material. The company is incorporated in Australia and Vanuatu, a group of South Pacific islands that advertises itself as a tax haven. ("Just like Delaware," Morris said.) Levin pointed out that the island nation had been on a State Department list for money-laundering concerns and that Kazaa's refusal to name its owners made the company look suspicious. Levin read from Kazaa's Web site, which says the service will revoke its customers' use of the software if it is used to violate copyright. But Morris acknowledged that the company does not know how its customers use the service. "It's an honor agreement," Morris said. "But it's not enforceable," Levin said. "It's not enforceable," Morris conceded. "Would you enforce it if you could?" Levin persisted. "If a court of due competence stated there had been an infringement," Morris said, "we would certainly look at it." After the hearing, Levin said of Kazaa: "I think they must know that most of their downloads are violations of copyright. They are highly secretive and highly evasive." Yesterday's hearing also featured look at what it's like to be sued. Lorraine Sullivan said she found out she was being sued when she played her home voice mail on Sept. 9 and it contained messages from four reporters, asking her for reaction. She called the RIAA and was referred to Patricia Benson, a lawyer for Los Angeles's Mitchell Silberberg & Knupp LLP, one of the RIAA's outside law firms. Sullivan testified that Benson told her it would probably cost between $3,000 and $4,000 to settle the suit, and that "nobody likes having to be the heavy." Sullivan told Benson that she had $1,500 in her savings account and was a student with a part-time job. Sullivan said the lawyer asked her if she could get the money from her parents. No, Sullivan, replied. Anyone else? No, Sullivan said. Benson finally asked: Do you have credit cards? Yes, Sullivan said, but they're almost maxed out. Benson said she would ask the RIAA to accept a lesser payment. Two days later, Sullivan said she agreed to settle for $2,500. "I won't be buying any more" CDs, she testified. Ballmer Slams Hackers As Criminals, Not Innovators Ask Microsoft CEO Steve Ballmer whether some hackers contribute to the IT industry, and you'll get an emphatic, 'No!'" "Hackers are criminals," Ballmer says, plain and simple. And they don't innovate, either, he adds. "Hackers are people who are causing hundreds of millions and billions of dollars in damage," he says. "And they're not showing that they are not all that smart and creative and clever." In an exclusive interview conducted by VARBusiness in conjunction with sister publication CRN, Ballmer made it absolutely clear where his company - arguably the biggest target for cybercrime the world over - stands when it comes to hacking, be it malicious code-authoring or what some consider to be ethical programming. Ballmer likens these individuals to criminals who blow up buildings and says the monetary damage is worse. And he takes umbrage with the notion that some are ethical and help to create new innovations for the market by pushing IT to its limits. Most, he notes, release their malicious code after patches for Microsoft software have been released, meaning that they are simply reverse engineering to exploit security weaknesses or holes in software. Ballmer was responding to a question posed to him by the editors of VARBusiness, which collected a wealth of queries by its readers. In fact, the entire interview consisted of actual reader questions submitted by partners like you. In an upcoming issue, VARBusiness will publish the entire transcript of the question-and-answer session, which covered a variety of topics ranging from the inequity between what Microsoft gets for sales and its partners receive, how the software giant will combat Linux and other lower-cost alternatives, and how Microsoft defines opportunities in the SMB market. No topic, however, raised Ballmer's level of passion quite like the issue of security, which he conceded has forced his company to respond in new ways. "There's no way to way to look these people as anything other than what they are: malicious people who are violating the law," Ballmer said. Their work, of course, is causing Microsoft significant grief. "We're really going to have to ratchet up our game in terms of working with our customers and our partners to work with our customers around security" he said. He added that the company is planning a significant announcement around security specifically to address the ongoing problem associated with malicious attacks on Microsoft systems and networks. Ballmer hinted that there will be a new set of ways Microsoft educates its customers on security and puts partners in position to help customers with theirs. "That is job one on a day-to-day on my radar," he said. Microsoft in $10.5 Million Software Sale Settlement Microsoft Corp. said on Tuesday that it will pay $10.5 million to settle a class-action legal dispute with customers who bought software directly from the No. 1 software maker's Web site. The settlement, which is pending in the U.S. District Court in Maryland and must be approved by U.S. District Judge J. Frederick Motz, will pay each purchaser a portion of the price paid for software bought up until April 30, 2003. Microsoft Faces Class-Action on Security Breaches Microsoft Corp. faces a proposed class-action lawsuit in California based on the claim that its market-dominant software is vulnerable to viruses capable of triggering "massive, cascading failures" in global computer networks. The lawsuit, which was filed on Tuesday in Los Angeles Superior Court, also claims that Microsoft's security warnings are too complex to be understood by the general public and serve instead to tip off "fast-moving" hackers on how to exploit flaws in its operating system. The suit claims unfair competition and the violation of two California consumer rights laws, one of which is intended to protect the privacy of personal information in computer data bases. It asks for unspecified damages and legal costs, as well as an injunction against Microsoft barring it from unfair business practices. Many of the arguments in the lawsuit and some of its language echoed a report issued by computer security experts in late September, which warned that the ubiquitous reach of Microsoft's software on desktops worldwide had made computer networks a national security risk. That report presented to the Computer and Communications Industry Association, a trade group representing Microsoft's rivals, said the complexity of Microsoft's software made it particularly vulnerable. Microsoft said it had received a copy of the lawsuit and that its lawyers were reviewing it, but could not comment immediately. Dana Taschner, a Newport Beach, California, lawyer who filed the lawsuit on behalf of a single plaintiff and a potential class of millions of Microsoft customers, could not be immediately reached for comment. "Microsoft's eclipsing dominance in desktop software has created a global security risk," the lawsuit filed in Los Angeles said. "As a result of Microsoft's concerted effort to strengthen and expand its monopolies by tightly integrating applications with its operating system ... the world's computer networks are now susceptible to massive, cascading failure." With some $49 billion in cash and more than 90 percent of the market in PC operating systems, Microsoft has long been seen as a potential target for massive liability lawsuits. But the company, which has been moving to settle anti-trust claims that it abused its monopoly on PC software, has been also seen as shielded from liability claims by disclaimers contained in the licenses that users must agree to when installing software, according to experts. The lawsuit comes in the wake of two major viruses that have recently taken advantage of flaws in Microsoft software. Slammer, which targeted computers running Microsoft's server-based software for databases, slowed down Internet traffic across the globe and shut down flight reservation systems and cash machines in the United States. The Blaster worm, meanwhile, burrowed through hundreds of thousands of computers, destroying data and launching attacks on other computers. Since early 2002 Microsoft has made computer security a top priority under a "Trustworthy Computing" initiative spearheaded by the company's founder and Chairman, Bill Gates. OpenOffice 1.1 Ready For Downloading OpenOffice.org, the open-source group of developers working on the free OpenOffice suite of applications, beat Microsoft to the punch and released the final version of its 1.1 bundle on Wednesday. OpenOffice 1.1, a competitor to Microsoft in the productivity suite space - Microsoft will release its newest edition, Office 2003, later this month - is available now for downloading in Windows, Linux, and Solaris editions. Version 1.1 includes a word processor, spreadsheet, and presentation maker; includes one-click export of documents to Adobe's PDF format; sports an updated interface; offers enhanced support for Microsoft Office document formats; and loads faster than before, said OpenOffice.org. "The release of Version 1.1 of OpenOffice.org is a major achievement for the OpenOffice.org community," said Curtis Sasaki, the vice president of Sun's desktop division. OpenOffice shares core code with Sun's branded StarOffice application suite. Versions for Mac OS X, FreeBSD, and the x86 versions of Solaris are still under development, but will be available later this year, said the group. OpenOffice 1.1 can be downloaded from the OpenOffice.org Web site. AOL Introduces New Spam Filters America Online Inc. on Tuesday introduced new spam filters for members using AOL 8.0 Plus and which will be delivered in the coming months to members using AOL 8.0, AOL 7.0, AOL 6.0 and AOL for Mac OS X. The automatic delivery of these spam filters will be "seamless to members using earlier versions of the AOL software for Windows or AOL for Mac OS X and they will quickly see a noticeable difference in the number of spam e-mails they receive," said David Gang, executive vice president of AOL Products. Previously available only to members using AOL 9.0 Optimized, the latest version of the AOL and AOL for Broadband services, these spam filters "learn" and adapt to the type of e-mail that each member considers to be spam. The filters require no additional software and no action on the part of members to install. AOL receives reports of up to 10 million unwanted mails per day, mainly through the use of the "Report Spam" button that's available with AOL 8.0, AOL 8.0 Plus and AOL 9.0 Optimized. Reporting spam to AOL helps the software's spam filters get smarter as members use them, while enabling AOL's proprietary server-side anti-spam filters to adapt in real-time to the growing epidemic of junk e-mail from the Internet, the company said. Internet Guns for Hire: Best Pop-Up Killers Even the most respectable businesses are not above planting those maddening pop-up ads that make visiting their Web sites a furious exercise in closing unwanted windows. That is why pop-up blockers, or killers, as they are affectionately known - a type of software that stops ads before they pop up - are such a hot item. A program that automatically blocks pop-up ads intelligently - meaning it can distinguish the "good" pop-ups from the "bad" - is worth its weight in gold. Alas, the selection of a pop-up blocker is not easy. Some block everything, requiring the user to tell them to allow pop-ups from certain sites. Others claim they are intelligent, but still wind up blocking the wrong pop-ups or letting "bad" pop-ups through. These programs also vary in their ability to thwart other advertising delivery techniques, such as Windows Messenger pop-ups. The following examines three of the leading programs available for wiping out the bane of Web surfers everywhere. PopUpCop is one of the more effective programs in the category. It blocks pop-up ads intelligently and squelches unwanted Java applets and JavaScript, as well as 15 other techniques that advertisers use to get an Internet surfer's attention. PopUpCop also blocks a category of spyware called "drive-by downloading," in which a site tries to load something onto a user's PC via an ActiveX control. PopUpCop does not use site-title or URL-address matching when figuring out what to block. Instead, it monitors the user's interaction with the browser and blocks pop-ups according to a set of rules. For example, a simple rule would be that when a user clicks on something, the action should only produce one result, said Peter Eden, proprietor of EdenSoft. "Less sophisticated [pop-up blockers] will miss pop-ups that appear when leaving a Web site or closing the main browser window," Eden told NewsFactor. "To catch all of them requires a bit of a technical tap dance." PopUpCop is packaged as an Internet Explorer add-in. Instead of being in the system tray, it resides in a customizable browser toolbar. "There are too many items in the system tray," Eden said. "System-tray implementations can be far less efficient from an engineering and performance point of view. That just means slower for the end-user." The PopUpCop toolbar features an Internet irritation indicator and irritation-level slider that allow the user to control the blocking of different ad techniques. Eden said that the company is considering enhancing PopUpCop by adding a feature to block adware, which usually arrives on people's machines unnoticed when they install software for P2P file-sharing. "We're probably going to start blocking adware but we will continue to advise people to remove it themselves," Eden said. EdenSoft also is considering adding the capability to block pseudo pop-ups that are written in active HTML. PopUpCop sells for US$19.95. One straightforward pop-up blocker is iHatePopups from Sunbelt Software, the makers of iHateSpam. iHatePopups blocks pop-up and pop-under ads and does not make any distinction between "good" pop-ups and "bad" pop-ups - everything is blocked. "It's simple, cheap, and we have done research about what people want," said Stu Sjouwerman, chief operating officer of Sunbelt Software. "You can go overboard with adding features to pop-up blockers. We give users 90 percent of the features that they need at an affordable price." With iHatePopups, a CTRL-click feature enables the user to allow a particular pop-up to appear. Users also can "whitelist" a particular Web page by right clicking on it to allow all pop-ups from that page to appear. iHatePopups notifies the user with a message or sound when a pop-up has been blocked. It also provides a history and log report showing how many pop-ups it has blocked and where they are from, Sjouwerman told NewsFactor. In addition to pop-ups, it blocks spam sent via the Windows Messenger service. It also stops Javascript error messages on Web sites that sometimes can put the user in an endless loop, Sjouwerman said. iHatePopups is available from Sunbelt for $9.95. And Dell is bundling it into a "privacy package" that includes iHateSpam and Pest Patrol, a spyware blocker. PopSubtract from interMute is another straightforward pop-up blocker that is less than 300 KB in size, making it easily downloadable even over a dial-up modem. The program installs as a tool-tray icon. Clicking on it reveals the control panel that lets the user toggle filtering on and off and view statistics. A "test" button on the control panel sends users to a diagnostic Web site where they can test the program's performance and functionality. PopSubtract boasts of what it calls "SmartPop logic," an ability to discern good pop-ups from bad. SmartPop works by examining the site from which a pop-up comes, said Brian Katzen, marketing manager for interMute. Secure sites (HTTPS), for example, are not filtered by default, so banking and stock-trading sites that use pop-ups in normal user transactions will not be blocked. Additionally, SmartPop allows pop-up windows to open if they originate from a hyperlink, Katzen told NewsFactor. "If a hyperlink spawns a pop-up window, the window is not blocked," he said. However, if the hyperlink opens another browser window from a different Web site, PopSubtract will block it. The PopSubtract statistics screen provides information on the number of pop-up ads blocked and the sites launching the ads. Trusted sites can be added to a whitelist by right clicking the blocked sites. PopSubtract is available free on a trial basis and costs $19.95 for a one PC license. Other programs are available. Some of the more notable ones not discussed here include PopNot, Popup Ad Filter, Popup Dummy!, and Popup XP. Since these programs will be an integral part of a user's Internet experience, it makes sense to examine them on a trial basis if the vendor allows it. Pop-ups are annoying, but an bumbling pop-up killer may just add to the irritation. =~=~=~= Atari Online News, Etc. is a weekly publication covering the entire Atari community. Reprint permission is granted, unless otherwise noted at the beginning of any article, to Atari user groups and not for profit publications only under the following terms: articles must remain unedited and include the issue number and author at the top of each article reprinted. Other reprints granted upon approval of request. Send requests to: dpj@atarinews.org No issue of Atari Online News, Etc. may be included on any commercial media, nor uploaded or transmitted to any commercial online service or internet site, in whole or in part, by any agent or means, without the expressed consent or permission from the Publisher or Editor of Atari Online News, Etc. Opinions presented herein are those of the individual authors and do not necessarily reflect those of the staff, or of the publishers. All material herein is believed to be accurate at the time of publishing.