More Back Issues
Let’s Fight Sp@m!
NetBEUI and Win XP
Letter Mail Donate
Recommend Scot’s Newsletter to a Friend!
November 8, 2002 - Vol. 2, Issue No. 34
By Scot Finnie
IN THIS ISSUE
This past June I reviewed Norton Internet Security (NIS) 2002 Pro, and I added it to the Top Product! list at that time. But Norton Internet Security 2003 is a much better deal than NIS 2002 Pro. Buy.com sells it for $61, plus there's a $30 rebate coupon in the box that's redeemable whether you're upgrading a Symantec product or a competing one from McAfee, Network ICE, or Zone Labs. Amazon.com has an even better offer. It sells NIS 2003 for $70, and in addition to the Symantec $30 rebate (good through 12/31/2002), it's offering its own extra $30 rebate (good through 1/12/2003). Your net cost is just $10. Amazon will even ship the product for free if you're willing to wait a few extra days for it.
Norton Internet Security 2002 Pro had fewer features than Norton Internet Security 2003, and its suggested retail price was $99 (also offering a $30 rebate). Bottom line: NIS 2003 is every bit as good as NIS 2002 Pro and then some. But it costs at least $30 less.
The intangibles, though, are what I like best about NIS2003. It includes the best version of Norton AntiVirus (NAV) ever. Norton's virus-protection product went through some growing pains back in 2000 with the introduction of NAV2001. A lot of people had problems, including yours truly. Symantec straightened out my problems, but many readers didn't get the kind of treatment I got. I wrote about how my problems were solved, but my experiences didn't help everyone.
I started looking around at the competition, and tried some of them for a while. But I came back to NAV with the 2002 release last August. I was still annoyed by UI miscues, issues with LiveUpdate, and some operational behaviors. One of my biggest complaints -- concerning the lack of an ability to silently delete or silently quarantine email-borne viruses -- was quietly fixed via LiveUpdate earlier this year. I've been pretty happy with NAV2002 since.
Although I don't do in-depth, lab-based testing of antivirus products, many of my email addresses are published in multiple places on the Internet and I have hundreds of emails rolling into my mail package daily (from work, the newsletter, personal correspondence, other newsletters, so forth). In other words, I get dozens of virus-laden emails each day. From that real-world experience I can tell you that Norton Antivirus works. It has saved my bacon many, many times. There are other products that are quite good too. This is the one I use currently.
NAV2003 is mostly a refinement release. It does add the ability to detect and block viruses in instant message attachments, which works with AOL Instant Messenger for Windows 4.7 and higher, MSN Messenger, and Yahoo Messenger 5.0 and higher. I haven't used this extensively because, while I use AIM, I use an older version of the product because the newer versions of AIM don't actually exit when you close the program window. They stay in memory and continue to send out presence information about me. (It is possible to close down the presence portion, but it's a nuisance.) Users of the AOL online software have no way at all to turn off Instant Messenger while the client is running (so far as I know). I hate this about IM. MSN/Windows Messenger is the same way. This is the biggest privacy threat I know of, and Microsoft and AOL Time Warner couldn't give a hoot about it. Don't even get me started about Yahoo, a company I've come to hate over the last year or so. Even though AOL owns ICQ, it's probably the best instant messaging solution on the market. Unfortunately, it also has the smallest market share, so NAV2003 doesn't support it.
Back to NIS2003, Symantec is also claiming "exclusive worm-blocking technology" that "detects worms such as Nimda in outgoing mail to prevent them from infecting other computers." In the press briefing I received, Symantec went to pains to explain that NAV2003 can detect worms not just by specific signatures but by checking for worm patterns. But let's keep this in perspective: NAV2002 had outbound mail scanning. They cranked up worm detection, which is a good thing, but let's wait for the next Nimda to come along before we go ga-ga.
The best things about NAV2003 aren't new features, but improved operation. For example, under NAV2002, I used to turn outbound mail scanning on and off, because performance was an issue on outbound scans. I found the feature unusable in NAV2001, partly usable in NAV2002, and perfectly usable in NAV2003. I leave it on all the time now.
The other operational refinement worth mentioning is that NAV2003 does a better job of automatically, without the least input from the user, removing viruses, worms, Trojan horses, and other menaces from your system as they arrive in email. NAV2002 wasn't always good about this.
NAV2003 isn't perfect either. Symantec has already fixed a bug that caused NAV2003's inbound email scan to delete mail before it even arrived in your mailbox. I noticed this behavior and didn't really consider it a terrible bug because I'd rather have a deleted email than a virus. Still, it was a little annoying. The behavior was fixed via Norton's online software update feature, LiveUpdate.
Also, during the last three months while I've been testing NIS2003, I helped Symantec identify another NAV2003 bug. On a certain type of email-borne virus (which I'm not going to name), I was getting literally scores of pop-up OK boxes from NAV. I had to click through these OK boxes all day long, even though I had "delete email viruses silently" configured in Options, and the virus in every case had, in fact, been deleted. It turns out that the email portion of NAV was deleting the virus payloads automatically, but the main NAV scanning engine was picking up on the presence of the virus too, and it was prompting the litter of OK dialogs. The main NAV engine is supposed to function that way, and I prefer it to pop open a dialog box when doing a system-wide scan of my drives. But it shouldn't double-detect the virus when the email scanner has already gotten the job done. Symantec promises a fix for this that will be slip-streamed into the product via LiveUpdate as soon as it's ready.
Do you get the sense I'm picking at nits? Because I am. The main thing about NAV2003 is that it's smooth, real smooth. This application has really come into its own. No other antivirus product I've used has anywhere near as good an interface as Norton AntiVirus. Other products may detect a handful more obscure viruses than NAV, but give me the product that works well in the real world, day in, day out -- and never mind the laboratory comparisons.
The Firewall Stuff
But I digress, this is a firewall review after all. Let's get to the good stuff: Norton Internet Security 2003 absolutely aced the ever-growing Scot’s Newsletter Firewall Test Suite battery of tests, which now includes PC Flank's Stealth, Trojan, and Exploits tests.
When you toss the marketing aside, the Sygate and Norton products performed equally well in my tests. And I turn their automatic IP blocking features off to run the tests, a feature ZoneAlarm doesn't have. There are some things about the Sygate product I like better, but it's difficult to argue with the fact that NIS2003 is much, much easier to use than Sygate Personal Firewall 5.0 Pro. If we could take the ZoneAlarm firewall, graft on all of Sygate's intrusion-detection and networking features and controls, and then give the whole thing the NIS2003 interface (oh, and NAV2003), we'd have the perfect security product. But the thing is, any one of the three products has the stopping power to protect you. Clearly, NIS2003 is the best value of the three.
When you compare NIS2003 to Norton Internet Security 2002 Pro, it's not the extra bells and whistles, like Norton Spam Alert (covered in a previous issue of the newsletter), that stand out. What stands out is the new, much cleaner user interface. I don't 100-percent love it (there's something sort of sterile about it), but it's much better than previous versions. It's not immediately obvious where you have to go for advanced settings, but once you figure that out, it's easy to find the next time. Program options are still located in a completely separate place from module configurations (a distinction that continues to seem artificial and confusing to me). Even so, the whole thing hangs together much better. The program controls dialog has been de-emphasized, a good thing. The overarching effect might be summed up as a feeling of simplicity, but it also gives me the sense that I'm driving a well designed minivan. It's comfortable, but you don't look forward to driving it. The fact that controls for NAV2003 and NIS2003 can share the same overall UI is an added benefit.
I keep returning to this point throughout this review, Norton Internet Security 2003 represents an excellent value. Everyone needs an antivirus program, and NIS2003 has one. Given the rebates available, it's cheaper than the Sygate product to boot. NIS performed well in my vulnerability tests. It's easy to install. It's easy to configure and use. Safety, value, usability, what's not to like?
Zone Labs' ZoneAlarm 3.1x is also on the Top Product! list. I still like that product, but some people do have problems with it. I've seen them myself on some PCs. One of the best things about ZoneAlarm is that the freeware version is absolutely excellent. It's not the easiest to use in a networking environment, or with a VPN. But for straight ahead serious security, the free-for-personal-use version of ZoneAlarm product is tough to beat on the value scale. It also aced all the same vulnerability tests.
Sygate Personal Firewall 5.0 Pro, placed on the Top Product! list last issue, costs $40 for a single-user license. If you want the very best in security, I continue to believe Sygate offers a bit more protection than the other two. You may never need the little bits of extra power it offers, but for some people knowing that they're there brings peace of mind. It is the hardest product to use, although it's especially good with VPNs. In my VPN tests, NIS2003 was nearly as good. All in all, it's no trouble to make the case for Sygate, especially for more experienced users.
One of the less visible value-robbing factors for Norton products is that the company charges an annual fee for the ability to keep updating many of its products. This is true NIS2003. The first year is free, but after that the company charges $24.95 a year to update both NAV and the firewall's intrusion-detection signatures, and a few other things. (The standalone version of NAV2003 costs $14.95 annually.) Yes, you're getting something worthwhile in return for that $25-a-year outlay. But it's an added cost you have to factor in.
But there's also something offsetting that. Symantec has been on a 12-month product cycle with NAV, NIS, and SystemWorks for several years now. New versions come out every August or September, and they always include one-year subscriptions in their purchase prices. Their boxes always contain $30 rebate coupons too. The retail prices are fairly reasonable. The products improve every year. So the upshot is that it's really just cheaper to upgrade, assuming the new software is better than the old (and the trend has been good there the last two years).
What happens if Symantec is a little late with the next version? Might you have to renew your subscription services? But then what if you want to upgrade? Would you have to pay twice? Symantec's Tom Powledge tells me that Symantec will refund the cost of any subscription upgrade payment made up to 60 days prior to the purchase of a new version of NIS2003. This is part of the company's 60-day money-back guarantee. SFNL subscriber Carol Haynes who bought NIS2003 and is "very pleased with it," points out that she had a lot of subscription time left on her previous Norton version and when she called the company to see if she could carry it over, they did extend that courtesy to her. Only problem was that she had to uninstall NIS2003 and then reinstall it to get her software to recognize her extended subscription period. Long term, Symantec has you spending money every year, one way or another. That's not true of the other guys, at least, not necessarily. It's something to keep in mind, be aware of, to expect. With a product like this one, I think it is fair to expect to pay on an ongoing basis, especially since you are getting an improving product in return. But that kind of business arrangement isn't for everyone.
Symantec's Norton Internet Security 2003 was originally placed on the Scot's Newsletter Top Products list, but it was later removed when numerous readers had difficulties with it. In subsequent issues of the newsletter, I recommended only single package versions of products like Norton AntiVirus and Norton Personal Firewall, not the filled-to-the-gills packages, like Norton SystemWorks and Norton Internet Security, which clearly have more problems than the standalone packages. In December 2005, I stopped recommending Norton AntiVirus. At this writing, Norton Personal Firewall, Norton Ghost, and Norton Partition Magic are the only utilities I recommend. Norton SystemWorks also contains some excellent utilities. And it is possible to limit the installation down to just the bare essentials, but it may not be worth the price of the entire package to do so.
Back to the Top
Of Tablet PC
In August I made the mistake of telling Microsoft "no" to a two-week evaluation of a prototype Tablet PC unit. Unfortunately, they called just as I was going on vacation, and someone you all know refused to allow any computers at all on holiday. Even a Tablet PC (and she used to be a geek). Imagine that. For those of you who have been reading Editor's Notes from "Cyndy" for a while and scratching your heads about that, Cyndy is my wife. We met when we were both editors at PC/Computing magazine. She really does edit this newsletter, although she's usually doing that while cooking dinner, taking care of our one-year-old daughter, and feeding the dog. Generally speaking, I'm completely unaware of just how much Cyndy does around here. And that's the way I want to keep it ... Ouch!
Anyway, I'm still very intrigued by the Tablet PC, which officially debuted yesterday. Ever since I declined that prototype tester, Microsoft has been politely telling me it can't help me get an evaluation unit. Looks like I'm stuck banging on doors at Acer, Fujitsu, HP, Toshiba, ViewSonic, and so on. (So far no one's home. Hello!) At least 10 hardware vendors have announced Tablet PCs.
If and when I get a Tablet PC to work out, I promise at least a two-part series on the beast. Despite some early lukewarm reviews by many of my colleagues in the press, I think this is a very promising form factor -- one worthy of attention. Many of the nay-sayers were perhaps expecting a level of perfection that's not likely from the first crop of a new platform. And it's true, this round of Tablet PCs are overly expensive, some designs have problems, and some just haven't been fully thought out. There are also issues with functionality that are caused in part by this 1.0 release of Windows XP for Tablet PC Edition.
But the bones are there. Microsoft has done a good job in laying the groundwork for what this new type of PC needs. I don't fully agree with the points made in this TechWeb story, Software Will Tell The Tablet PC Story. (It's a truism for any new platform that software makes or breaks it, but there's more to it than that.) It's a very interesting article on Tablet PC nonetheless.
I haven't been a wildly positive reviewer of handheld PCs like Palm and Pocket PC prior to this. I like notebook PCs because they have full size screens. I can't get any real computing done on a two-inch by three-inch screen. In 1992 when I torture-tested notebooks for a living, I used to tell notebook vendors that what people want are giant screens in an ultra-light, slim half-inch design. In those days, an almost two-inch-thick notebook with a 10-inch diagonal screen was de facto. That's four times too thick for me, and not a large enough display. Tablet PC displays aren't all that big either, but these computers are at least capable of being very thin and light. They can save -- and later search -- handwriting, in fact, Tablet PC is all about handwriting. A mouse and keyboard are definitely optional. Microsoft and the OEM hardware makers have given this a lot of thought, and generally speaking, I like their starting point.
The secret problem for me is that I have lousy handwriting, not to mention 20 years of muscle memory invested in touch typing. I don't look at handwriting as a "freeing" experience. I mean, writing a check is sometimes a trying experience for me. Computers have atrophied my handwriting skills. But maybe I'd relearn for a product that I could take pretty much anywhere. Think about it, assuming there's enough juice, one of hidden benefits of a Tablet PC is that there are no wires. That's a huge advantage.
Anyway, here's to hoping that Tablet PC vendors are reading this, or I can free up some time to make about a zillion calls and get placed in the press evaluation queue.
Let me know what you think of Tablet PC so far, what you want to know about it, whether it's a waste of time, which models you like, and so on.
Back to the Top
A bare 24 hours after I sent that newsletter though, I came face to face with something I missed in my rushed Product Beat write-up. ActiveWords is sold in an unusual way. The company behind it, ActiveWord Systems, is looking for an ANNUAL payment of $30 for the use of its product. If you don't pay them the $30 a year after your initial "purchase," ActiveWords stops working.
Make no mistake, I like this product. In use, I found only marginal problems with it. The worst problem is that user input (mouse or keyboard) occasionally seemed to pause for a second or two before continuing. (Some SFNL readers noticed this too.) There are some minor interface issues, and one operational peeve: inserted words are sent with a trailing space, which makes it tough to use ActiveWords to insert passwords. By and large, though, ActiveWords is an excellent product with an original concept, well deserving of use by 98 percent of the computer-using populace. It is also just a great idea. There are some other products -- macro products in particular -- that verge into the ActiveWords territory. But no other product I've tried so far is quite as cool.
But even though ActiveWord Systems gave me a free two-year license, I've uninstalled the product from my computers. I'm no longer using it at all. What's more, I am recommending that Scot’s Newsletter readers do the same. I just can't abide by the subscription-based business model for software when that software doesn't require ongoing maintenance or upkeep. If I can envision using the product just as it is for three, four, or five years, I don't want to have to pay to keep using it. In other words, I don't want to rent software. And most of all, I don't want to see computing head down the path of software subscriptions. I'm pretty sure you don't either. I don't begrudge the company a solid predictable revenue stream, but I think ActiveWord Systems' approach is just plain wrong.
I'll come back to the theoretical discussion in a minute, but let me provide some facts about ActiveWords that may help some SFNL readers who downloaded the product on my say-so, fell in love with it, and are now faced with the payment decision too. If you press ActiveWord Systems, it will sell you ActiveWords for a one-time charge of $50. The company is not making this plain on its website, but some Scot’s Newsletter readers have already been offered that option.
If you go the $50 route, you'll be getting a different version of the product, one that has serious limitations. The $30-per-year version of ActiveWords can be installed on multiple PCs. The $50 version cannot. I don't have a problem with that, except that the licensing technology ActiveWord Systems employs makes life a lot harder than, say, Microsoft's product activation. If you upgrade your version of Windows, that will break your ActiveWords installation. If you buy a new PC, you won't be able to install ActiveWords on it. While ActiveWord Systems can exception-process these problems if you contact them, it's a big extra headache. And you're at their mercy.
In over 20 years of computer product reviews, I don't think I've ever said "I love this product" and "don't get it" in the same breath. There's a first time for everything, I guess.
Software's Business Model
ActiveWord Systems' Pete Weldon and I have spent a couple hours on the phone and passed lots of email back and forth in an attempt to thrash out this problem. There were really only two things we agreed on:
1. Software companies deserve to make money for their significant efforts. And not a pittance either. People who make and market software have homes, families, and bills just like the rest of us.
2. The right way to solve this problem is to license software on a per-person basis, instead of on a per-PC basis. We don't have the technology for this yet, at least, not in a way most of us are ready to accept (iris scanning, universal ID cards, fingerprint readers, and so on).
Look at it from the software maker's point of view. Most types of software don't benefit the user by being updated on a once-a-year basis (antivirus and signature-based intrusion detection products are among the few exceptions to this rule). Microsoft might like to sell us security and other patches on future versions of Windows, I guess. But again, that's an exception. And again, I'm not buying.
Software makers have a choice of either distributing software to enterprises and consumers that can be freely installed on multiple systems or of using some sort of product-activation-style technology that will be locked to a specific PC. With a product like ActiveWords or, say, Nico Mak's WinZip, the software's acceptance rate is so high and immediate that the product is pirated rapidly. It may be against the license agreement, but in a time of freeware, shareware, trialware, and freely distributed open-source programs, software users have become cavalier about grabbing software or giving it away. Also, there's not much of a compelling reason to upgrade products like this, both of which probably belong in the operating system.
Today's product-activation-style technology isn't very good. Smaller software makers have to buy, not build, it and they're making a long-term commitment to the technology when they plunk down their cash. Worse, though, is that its per-PC orientation leaves the buyer frustrated and locked in. In ActiveWords' case, installing a Windows XP upgrade over a Win2000 or Win98 PC breaks a previously installed ActiveWords installation. It's the technology that's bad, not the software companies who seek to employ it.
That's why most software makers have opted to offer their products as shareware or trialware with a one-time purchase price. For ActiveWord Systems (and a few others, because it is not alone), though, it makes some sense on paper to offer customers unlimited installation for an annual fee. One the company's biggest problems is that it hasn't structured its pricing well. What if the charge were $39.95 the first year and $9.95 a year after that? Doesn't sound as bad, does it? I still don't like the precedent, but it might have worked.
No Free Lunch
All this is leading up to a more important question. Whether you call it freeware or freely distributed open-source software, is software we don't pay for the future of software? Because if it is, I for one see software's future as being dim. The open-source movement is here to stay, but that's because lots and lots of companies are going to make money on it. If they don't, it won't last. But they will. Some already are. Companies can make money redistributing open-source software when the software has broad appeal (in other words, many potential customers). Right now, that's working for enterprise customers, and conceivably, a similar business model could work with consumers. That's why Linux is doing so well. That's why Mozilla has at least some potential. Why Apache is a runaway success. And why an open-source office suite might also fly some day. But most software doesn't fit that mold.
In fact, there are literally thousands of software companies and programmers out there struggling to make code do cool things for people like you and me whose products are unlikely to be purchased or licensed for repackaging by a larger company. They don't have any golden exit strategies. The lucky ones are able to charge $29-$99 after a trialware period (I think of products like Jasc's PaintShopPro, which came from the shareware world and is no longer available that way). But most rely on the kindness of strangers who actually pay shareware fees for products they regularly use. Must software users aren't that altruistic.
Listen, people. We're besotted by free software. A time is going to come when this interlude while so much software is free passes by. It's time for us to support the truly talented software makers out there with a little portion of our hard-earned cash. I'm a big believer in one computer user, one copy of software. If you own three PCs and you're the only one using them, pay once for a piece of shareware. But pay, if you're using it. It's the right thing to do. And don't forget to contribute to freeware authors too.
We think little about shelling out hundreds, sometimes thousands of dollars for a new PC, a printer, a bigger display, a scanner, or whatever hardware we want and can afford (ok, so maybe not this year). But we've come to believe that free software is somehow our right.
So what do you think? What's the best way for software users to support the makers of the best software products? Am I wrong, is subscription software really the best way to handle it? Would you be willing to pay a lot more up front for free and clear right to a copy of software you know you like? Do you have another idea? I intend to publish the most insightful messages you send, with your first and last name (so please include that). Be creative. Think outside the box. Be honest. What would work? Assuming the software is something you would run, how best to pay for it? Put your thoughts in an email and send it along.
In case you're thinking for the first time about the subscription model, you might want to check out the ActiveWords license agreement.
Back to the Top
I've written on this subject many times over the years. In the mid 1990s, I was a pretty staunch Microsoft supporter. The tide started to turn for me when Microsoft insisted on bundling Internet Explorer with Windows, and insisted that it wasn't possible to uninstall the browser suite from the operating system. Even though I knew that software companies were hurt prior to that, and OEM PC makers were being bullied, up until that point Microsoft made excellent decisions (and pretty good products) for end users. In other words, I was fat, dumb, and happy as a longtime reviewer and Microsoft commentator because I felt that my readers were getting a good deal.
It was also clear to the majority of us in the computer industry that companies like Lotus, WordPerfect, Borland, Corel, Ashton-Tate, IBM and many others really just blew it in their various rivalries with Microsoft. People say that Microsoft used unfair practices. And I think that's true, especially as the computer industry moved into the middle and later 90s. But Lotus decided to back OS/2 in 1989-1990. And even after it became painfully clear to all that Windows 3.0 was a runaway market success, Lotus and others were extremely slow to react with solid Windows versions of their products.
Microsoft's Word and Excel were terrible products at that time. Ami Pro, which wasn't yet owned by Lotus, was a much better word processor than Microsoft Word. Lotus's presentation graphics program was superb under OS/2, and could have been ported sooner to Windows 3.x. Lotus dragged its heels. WordPerfect took even longer to deliver a Windows version of WordPerfect, and when it finally arrived it was quirky to say the least. Ditto for Lotus's 1-2-3 for Windows. What was clear to me and many others at the time was that Microsoft was paying attention to what Apple had done with the Mac, but Lotus and especially WordPerfect seemed mired in their DOS roots. Microsoft, the maker of MS-DOS, was far nimbler in dumping DOS and focusing on the graphical user interface.
The next argument by the anti-Microsoft league is that Microsoft used its knowledge of Windows to make its own business applications better. I'd be surprised if there weren't at least a germ of truth in this, but the reality is that Lotus, WordPerfect, Borland, and many others were very slow to invest in Windows development. Microsoft saw the handwriting on the wall and quickly devoted resources to Windows applications development. And in those days, Microsoft was nowhere near the huge company it is today. Lotus and WordPerfect were both fat on the earnings from their dominant DOS applications. They were Microsoft's equals. They blew it, plain and simple.
By 1997, though, Microsoft's monopoly power had grown sharply. It owned the operating system and business office suite categories, and was raking in gobs of money. The browser war did it for me. Even though I have preferred Internet Explorer personally since Netscape Navigator 4.0 was released, the reality is that Microsoft clearly used its market advantages unfairly to put Netscape out of business. Although I also have in the past criticized some of the decisions Netscape made, at least they were seriously trying to fight the good fight. Microsoft's ability to bundle its browser with the operating system, though, was clearly an unfair practice. I have absolutely no doubt that the deck was stacked against Netscape.
Since that time, Microsoft has made a series of decisions that are increasingly detrimental to end users like you and me. BIOS-locked PCs and Product Activation are just some. I wouldn't wish Microsoft's MSN online service on my worst enemy. That's how bad the user experience has been. I literally look upon Microsoft's Passport and the way the company is attempting to make it standard as completely anti end user. Ditto for Windows Messenger, Windows Media Player, Outlook Express, and really most Microsoft products and services. Microsoft is locked in huge struggles with a long list of competitors and the end user is no longer much of a concern to Redmond. It used to be that IT customers got a better shake, but increasingly those customers are also disgruntled, and with good reason.
The only Microsoft products released over the last few years that really give back to their users are Windows 2000 and Windows XP. Tablet PC shows a lot of promise too, but then it's an extension of XP. So, like many people in the computer industry, I have a love-hate relationship with Microsoft.
All of the above is a preamble to what I think about the judge's decision last week. I think it's a sham. If you think Microsoft was given anything much more than a mild-mannered upbraiding and the promise of some closer oversight, you're mistaken. The Bush administration de-clawed the remedy. Short-term, Microsoft will mind its Ps and Qs. But the long-term message is this: It takes so long to prosecute monopolistic behavior in the fast-paced computer industry that there's no drawback to taking unfair advantage. By the time any decision is rendered, it will no longer apply to market conditions. Besides, you'll get away with it anyway.
I was against breaking up Microsoft. It would have been a serious mistake to split up the most successful U.S. company of our time (and, incidentally, now the world's largest company). But I was all for significant and specific remedies that would in the future readily protect OEM PC makers, independent software vendors, and especially consumers. Software and PC makers did get some bones, but consumers got nothing.
The clear takeaway from the Microsoft antitrust trial is that the U.S. legal system is seriously flawed. Not only did the lawyers on the government's (both federal and state) side fail to understand the computer industry, it's clear the mixture of the legal and computer worlds quickly gets mired in layers of semantic confusion that the courts seem unable to rid themselves of. Fives years, what a colossal waste of time. Most of us would probably have been a lot better off if there'd just never been a trial at all. And that's pathetic.
Every time I write about Microsoft's business practices, you send mail. And I'm always happy to get your opinions. And this time is no different. Please give me a piece of your mind.
Back to the Top
But before we charge over the wall, there are some hard truths about this out-of-control "annoyance" we should come to grips with. For starters, spam isn't going to go away easily or completely. There's no quick fix. Here are the important issues:
HARD TRUTH #1: SPAM PAYS. Let's face it, if spam didn't work for the marketing miscreants who send it, they'd have given up long ago. With the numbers of spam messages on the rise, it's a sure bet that sufficient numbers of people respond to spam to make it worthwhile. Consider the fact that direct-mail marketers call a 5-percent response rate average. That's a return they can make money on given the cost of doing business via standard mail. But because it may cost an e-mail marketer next to nothing to send thousands or even millions of messages, he or she can afford to get a much lower response rate. You may wonder how people could ever respond to the often coarse advertising messages in spam, but they do. So don't open spam mail. Don't visit spam Web sites. And certainly do not purchase products or services from spam messages. Spammers are laughing all the way to the bank when you do.
What You Can Do: Don't ever purchase anything from a spam message. Don't even click through a spam message. Just delete it. If everyone in the world heeded those words, spam would dry up in a year's time.
HARD TRUTH #2: YOU THINK YOU GOT IT BAD? BUSINESSES AROUND THE WORLD ARE GETTING HIT VERY HARD. All attempts to protect enterprise users from spam messages via content and spam mail filters have been ludicrously deficient so far. Most people who understand the technology realize that any attempt to hunt down spam messages with keyword searches of message headers and bodies results in only two sure things: Missed spam messages and incorrectly tagged normal messages. Many of the most popular ISP and enterprise solutions cause whole new problems for email users and administrators. Bottom line: The problem is getting worse, not better.
What You Can Do: Pay attention to your company's antispam policies, and report spam to the proper authority. Don't expect content-filter or keyword-based antispam solutions to work well. Modify your expectations about how quickly the spam problem can be solved. Demand better solutions from your company and from vendors.
HARD TRUTH #3: WHILE WE WERE PUTTING UP WITH IT, THE VENDORS WERE LOOKING THE OTHER WAY. The solutions vendors are coming very late to this party. What's more, in a year when people are finally making it a top priority to get this spam problem fixed right away, the available technology is surprisingly deficient, out of date, overly complex, too precisely targeted, or completely new and untried. A wave of new solutions has been announced in recent months, but many are still undergoing development. Though a few even show flashes of brilliance, we're still a long way from any sort of total fix for spam. In the meantime, there are many would-be fixes that need careful evaluation, something that takes lots of time that most of us don't have.
How much would you pay to rid your e-mailbox of spam? I'd happily pay $75, $100, $125, and probably more for a product that got the job done without forcing me to work at it. That willingness to pay what's more than the going rate for a single-purpose software utility is finally attracting large numbers of solution providers. Spam-fighting software is likely to become as ubiquitous as antivirus software. So while it's early days yet for anti-spam solutions, the companies pursuing them are cranking up a marketing message that doesn't always jibe with reality.
What You Can Do: Contact antispam vendors and let them know you'd pay good money for a solution. And be willing to pay good money.
HARD TRUTH #4: NO CLEAR DIRECTION. The companies building spam-combating products are heading off in several directions. In many cases, they're attempting to shortcut the process by making bad assumptions. Here are some of them:
1. Not everyone uses Microsoft Outlook. Many business people don't have a choice of what they use at work. But anyone who understands software, is experienced with email, and who has tried the other products out there quickly realizes that Microsoft Office is not a great email client. It's better than any corporate solution I've tried (products like Lotus Notes, CC:Mail, and so on). But plenty of email clients run rings around Outlook, including Pegasus Mail, Netscape, The Bat, PocoMail, and Eudora. There are far too many Outlook-only antispam solutions being developed right now. That may make good business sense, but it's just the sort of thinking that has already put a lot of independent software companies out of business.
2. Protect email muscle memory. There's an awful lot of muscle memory out there relating to email. People don't want to change the way they use their email programs to fight spam. Doing so is counter productive. That means that solutions that give you a new email client or a second one to manage are a bad idea.
3. Don't make busy work. Many anti-spam solutions require a mind-numbing degree of ongoing configuration and management. If you use up just as much time killing spam "automatically" as is needed to scan through it and delete it manually, there's not much point.
4. Solo client-side solutions make little sense. If a product can catch spam on the server, it's much more efficient to do so there. On the other hand, what is spam? Not everyone agrees on the answer to that question. And it's impossible to identify it with 100-percent accuracy. That's why I believe that the successful approaches will employ both server and client components. Most of the real work should happen at the server level, but end-users need some control for exception processing and configuration. In particular, we need the ability to override the automatic decisions the product makes.
5. Trainable software isn't a luxury, it's key. No automatic antispam technology will ever equal a human being's ability to read one or two sentences and know whether a message is a come on or just an awkward turn of phrase. Smart programs will automate the process of human decision making and combine that with an ability to heuristically learn to identify new spam messages. I think this will have to be coupled with automatically downloaded spam signatures, because spam is constantly changing and evolving. Expertise in trapping spam distributed in the form of signatures from a central location is key, whether that distribution goes to the client or server.
6. Use a database, stupid. Spammers employ databases as a means of storing and updating active email addresses. They rent these lists, swap them, and employ all sorts of strategies to update and grow them. Even though spammers don't use their everyday email addresses in the Reply To field, it is possible to track down repeat offenders. Once that happens, they should be entered into public databases that can be referenced by antispam solutions. This isn't, of course, a new idea. Several companies and organizations are working on public or private spammer databases. Some have been in existence for quite some time. What we don't have, though, is a single standard for this that has serious computer industry, business, and standards weight behind.
What You Can Do: Vote with your pocketbook. Software consumers need to start supporting the products that do a good job with their hard-earned dollars. The only way spam will ever be fully defeated is if smart people get paid to develop solutions that work.
BRASS TACKS. Spam techniques are merging with virus, worm, Trojan, and hacker activities, creating a far more deadly problem that threatens to break out in ways we're only beginning to anticipate. If you've ever received a virus-laden email letter-bomb every 30 seconds for three straight days -- as have many people who've been attacked by Klez or other malware -- you've got a leg up on what I'm referring to. There's a lot of growing room for the hurt that unwanted email can put on us. We have to beat that threat to the punch.
The time has come for businesses to strongly urge government to make spam illegal. That may be difficult to do given that postal service-delivered "junk mail" has been previously ruled to be legal. So we should also attack the problem by making it expensive for spammers to ply their trade. Several companies are working on solutions that would seek to charge spam senders for each piece of spam they send. It's unclear whether such a policy would be enforceable, but hitting them where they live is an excellent approach.
Spam ultimately threatens the privacy of every user on the Internet (if there ever truly was such a thing). One clear way to fight it is by requiring an Internet identity for all -- passing laws that make spamming illegal, and prosecuting people who break the law to the fullest. Does that seem a little extreme to you? Well, it doesn't to me. But I'm not sure I trust any entity to protect my Internet identity either. Certainly I will never trust Microsoft's Passport for this.
We have to stop playing around and start fighting back in earnest. I've lost every last iota of patience I ever had with spam. I now have zero tolerance. But I'm still actively in search of a serious, comprehensive, painless solution. And I've come to a standstill (temporarily?) with my antispam product testing. Why? Because I don't use Microsoft Outlook and have no intention of switching. And all the promising solutions I'm aware of are being developed for Outlook (or worse, Outlook Express). Any company that thinks it has a truly useful antispam solution that will work with Eudora but will not require me to master a separate client, I'm all ears!
What do you think?
Back to the Top
Outlook Express Fix for Win XP SP1
About a week and a half ago Microsoft released the Cumulative Update for Outlook Express 6.0 SP1. Reader Mike McKinney learned about that in the Microsoft newsgroups and passed it along to me. This OE patch fixes the identity-switching problem in Outlook Express that crops up after you install Windows XP Service Pack 1. Microsoft KnowledgeBase (KB) Article Q331923: OLEXP: Overview of the Cumulative Update for Outlook Express 6.0 SP-1 details all the things the update fixes; among other items, it specifically lists the multiple-identities problem I've covered in previous issues of SFNL as one of the problems it fixes.
On Friday morning, as I was looking this over, Microsoft's support websites and newsgroups were having severe connectivity problems. So if you aren't able to open the above page, try again later. It's there. This download link was working fine in any case.
If you try this fix, please let me know how it goes. There are a wide variety of other OE-related problems that people reported after Windows XP SP1, so I'd like to know whether they're fixed as well.
Big Microsoft Lifecycle Changes
In case you missed it, about a week after the last issue of the newsletter, Microsoft made a pretty big change to its support policies for Windows and other software products. From October 2002 onward, Microsoft is offering a standard five years of mainstream support, and software will be available to purchase for at least four years. Extended support will be available beyond the five years. One important point: this change only applies to the "latest generation" of Windows. It has no effect on the support timeline for Windows 98 or Windows ME. It does extend Windows 2000's support range pretty significantly, and of course, XP and all future versions of Windows.
The following links tell the whole story:
MyRealBox, FastMail, and Free Email Services
Wouldn't you know that the last issue of Scot’s Newsletter hadn't been out more than a few days when the folks at MyRealBox decided to stop providing new free accounts. The service is still fully operational, and I'm using it every day. But I guess we overwhelmed them with all those new account requests, eh? Many SFNL readers wrote to tell me about the unfortunate timing, and I thank them for that.
Several other readers wrote to tell me about an another email service that they describe as being excellent. It's called FastMail. There are several plans, everything from free to a one-time $14.95 fee to $14.95 plus $39.95 a year, each with different levels of service. The service levels make sense, and everyone who has written to me about this (about a dozen folks) have said that it's great. One thing: The free service does append little ads and taglines in your emails. I wouldn't recommend that. Still, it might be a good way to start out to try the service. The company also provides POP3 service so you can use it with an email program. Plus there are a long list of domain names to choose from.
I'd also like to point out the EmailDiscussions website, brought to my attention by SFNL reader Lisa Noer, which may help you out in your pursuit of a free or low-cost email service.
I intend to do a free/low-cost email service article in a future issue of this newsletter. I'll examine a long list of them and see which ones I like best. If you use a service like this and love it, tell me about it. There are a wide variety of other OE-related problems that people reported after Windows XP SP1, so I'd like to know whether they're fixed as well.
Product Beat: Eudora Email 5.2
I mention Qualcomm's Eudora Email program enough in this missive that I feel bound to at least mention when a new version comes out. Qualcomm released the 5.2 version (previous was 5.1) a few days ago. Here's where to download Eudora Email 5.2.
There are some things you should know about updating Eudora. There are three versions, Sponsored (full-featured but with ads), Light (free but not full featured), and Paid. If you have the paid version, there are two variations: You paid within the last 12 months or you paid longer ago than 12 months. If you fall into the former category, you can download and install the full upgrade, no sweat. But if your paid version is older than 12 months, you'll have to pay again. This is all explained (finally) on the Eudora website. But I wanted to give you the heads up. Eudora is available for Windows, Mac OS X, and Mac OS.
Back to the Top
Langa Letter: Wireless Poachers, Wireless Guests - InformationWeek
By the way, those of you concerned with Wi-Fi (802.11x) security, be advised that the Wi-Fi alliance has finally released a replacement spec for its anemic Wireless Encryption Protocol (WEP) security. Find out more about it in this TechWeb piece: Wi-Fi Alliance Takes Wraps Off Of New Security. By the way, I called for this pretty vehemently in a story I wrote recently for TechWeb: WLANs: Unsafe At Any Speed?
Have you discovered a relatively unknown Windows- or broadband-oriented website that everyone should know about? Please send me the URL, and let me know why you liked it.
Back to the Top
Four Ways Dump Unwanted Auto-launching Programs in Win 9x
1. Windows launch times bog down the more programs queue themselves to be run automatically on system startup. You may even be unaware that this is happening as you install programs and device drivers. The first place to check for these unbidden programs is the StartUp folder on the Programs submenu of Start. Move them out of StartUp into a new folder named StartUp (Disabled).
2. Some auto-launching programs are launched from a special file in Windows called WIN.INI. You may find them listed on WIN.INI's LOAD= or RUN= line. Open WIN.INI from your Windows folder using Notepad and delete unwanted program names from these lines. You can "comment out" or disable them by placing a semicolon at the beginning of either the Run or Load line -- a good way to test your changes while preserving previous settings in case you need to reinstate them.
3. There are four locations in System Registry where programs configure themselves to be automatically launched at system startup. They are:
HKLM = HKEY_LOCAL_MACHINE
HKU = HKEY_USERS
HKCU = HKEY_CURRENT_USER
Any changes you make to the Registry will be permanent, so back up your Registry files first. Use the System Registry Editor to check each key, and when you find entries in the right pane that you're sure don't belong, delete them. Some entries, including SystemTray, may be required for Windows to run properly, so when in doubt, leave it.
4. If you have Windows 98, Windows Me, or Windows XP, you have an infinitely better resource at your disposal for handling all types of auto-launching programs. To access the System Configuration Utility, run the System Information utility in Start, Programs, Accessories, System Tools. Click open SysInfo's Tools menu, and choose System Configuration Utility. In that separate program, click the Startup tab. At the very least, you'll see a short list of auto-launching programs and services. Remove the check mark beside any one to disable it. Or alternatively, press Start > Run > type "msconfig" without quotations and press Enter.
How to Use the NetBEUI Protocol in Win XP
Microsoft decided to abandon its own NetBEUI networking protocol beginning with Windows XP. I wrote about that in SFNL more than a year ago, and recommended at the time that people switch to IPX/SPX with NetBIOS, a protocol that Microsoft includes in every version of Windows since Windows 95. I prefer NetBEUI though. It has also seemed to me to do a better job of helping various Windows versions inter-network, especially on simpler peer networks. I guess I wasn't alone in preferring it, because Microsoft decided at the last minute to include NetBEUI on the Windows XP CD. Here's how to install it:
The files necessary for installing the NetBEUI protocol on Windows XP are NETNBF.INF and NBF.SYS. To install them, follow these steps:
1. Insert your Windows XP CD into the CD drive and use My Computer to browse the CD to the Valueadd\MSFT\Net\NetBEUI folder.
Copy NBF.SYS to your Windows\System32\Drivers folder.
Copy NETNBF.INF to your Windows\Inf folder (which is hidden).
NOTE: To make a hidden folder viewable, click Start > Run > type Explorer > press Enter. Then click Tools > Folder Options > View tab. Then under Advanced Settings, click "Show hidden files and folders" under the "Hidden files and folders" Folder.
2. Click Start > Control Panel > double-click Network Connections. Right-click the adapter you want to add NetBEUI to and click Properties.
3. On the General tab, click Install. Next click Protocol > Add.
4. Click to select the NetBEUI Protocol from the list and then click OK.
5. Restart your computer if you receive a prompt to complete the installation.
For more information, see this Microsoft KnowledgeBase Article Q301041: How to Install NetBEUI on Windows XP.
Do you have a Windows or broadband tip you think SFNL readers will like? Send it along to me, and if I print it in the newsletter, I'll print your name with it.
Back to the Top
1. I can't answer all my email. I can't even answer half of my email. If you send me a message and you get no response, please don't take that personally. There's no staff of people at the other end of your message answering messages in my name. I don't send out boilerplate "I received your message" responses. It's just me and my mailbox here. I love reading your mail. But I have a choice: I could do nothing but read your mail and never put out another newsletter. Or I can read some of it and keep sending newsletters. I chose that second one long ago.
Additional points on this topic: If you have a computer problem that you're hoping for help with, there's just not enough of me to go around. I like helping people. But, I'd have to give up both my day job and the newsletter to do that. Your best bet is to send your problem to the Q&A section of the newsletter:
Another way to reach me in that vein is to post your question on the Computer America Radio Show Tech Talk bulletin board, where I've been answering questions for some time.
I don't promise a direct response to Q&A submissions, a quick response, or even any response at all (although I often do respond, eventually). But if I can provide a sure answer, there's a good chance that answer will appear in the newsletter.
I frequently use email links like the one above to help me sort my mail. When you send me something to a directed email link like that, don't go off topic in your message. This is especially true of Reader Polls, which I almost never respond to. The generic email address for Scot’s Newsletter is:
In many cases, it may be your best way of reaching me if you're trying to get my attention.
2. The second thing you need to know is that when I publish something you send to me via email, I expect to be able to use your first and last names with what I publish. So please include them. I value your privacy, so I would never, ever publish your email address, where you live, or any other details about you that might be included in your message -- unless there's both a specific reason too (rare) *and* you give me specific permission to do so. The only example of this I can think of is that I've sometimes published the country, state, or large city or region someone is living in because it was important in differentiating broadband offerings.
Here's the important bit: I consider anything you send me to be publishable, unless you specifically tell me otherwise. If you don't give me your first and last name, I will send email asking you for it. Or else I won't publish it. In some cases, I have withheld the names of people who might in some way be damaged by having their names published. I am always willing to do that. I also reserve the right to edit what you send me for clarity and length. In all the time I've been publishing newsletters (Windows Insider, Broadband Report, Scot’s Newsletter), I can recall only two complaints about my publishing someone's email message or name in the newsletter. Most people are happy to be mentioned.
The people who read this newsletter are extremely important to what gets printed in it. Your email messages matter.
Please let me know whether these email policies concern you, or if you have any suggestions about them. I aim to please.
Back to the Top
The Fine Print
If you like this newsletter, I need your help spreading the word about it. Please share it with friends and co-workers, and encourage them to sign up! It's free.
Visit the new Scot's Newsletter Forums.
Subscribe, Unsubscribe, Change Email Address or Message Format
You can unsubscribe at any time; I don't believe in captive audiences. The website subscription center is the easiest way to manage your Scot’s Newsletter subscription. Changes take only a minute or two. You must select your message format — Text or HTML — even for address changes or unsubscribes.
To help with the cost of creating and distributing the newsletter, I accept contributions via PayPal and Letter Mail. For more information on donations:
Send comments, suggestions, or questions about this newsletter. Don't be bashful about telling me what you like or don't like. Send emails related to editorial content (only) to email@example.com/snl.
Please address advertising inquires (only) to: firstname.lastname@example.org/snl
How to Link to Scot’s Newsletter
Copyright © 2001-2007 Scot Finnie. All Rights Reserved.
Ten Myths About Copyright Explained.
You are subscribed to Scot's Newsletter HTML EDITION as: $subst('Recip.EmailAddr')