/------------------------------------------------------------------------\
  |                                                            _______     |
  |                                                           |       |    |
  |       ____    __   __    ____    __      _____    _____   |     __|    |
  |      / __ \  |  \ |  |  / __ \  |  |    /  _  \  /  ___|  |    |__     |
  |     /  __  \ |   \|  | /  __  \ |  |__ |  |_|  ||  |_---\ |___    \    |
  |    /__|  |__\|__|\___|/__|  |__\|_____| \_____/  \______| --__|   |    |
  |                                                          |        |    |
  |        a         n         a       l       o        g    |        |    |
  |                                                           \_______/    |
  |                                                                        |
  \-----------------------------------------------------------------<sprx>-/
  .  Issue # 02  .              |  The Hak.5   |              .            .
  :  -----|----  |------------  |   E - Zine   |  ------------|  ----|---  :
  |--------------|--            \--------------/            --|------------|
         --------------------------------------------------------------

  Analog.5 is a hacking eZine designed by the Hak5 community, for the Hak5
  community. The editors of Analog.5 ask you to create articles to appear
  in the ezine and help bring technolust to the masses. Articles can be any
  size, and submitted by email. Almost all entries are instantly accepted.
  This zine is licensed under the Attribution-NonCommercial-ShareAlike 2.5
  license. If you don't want your work to be redistributed, do not submit.
                               Analog5@Live.com


          Famicoman                                      Mubix       
      Famicoman@live.com                           Jd.mubix@gmail.com                       
       Editor-In-Chief                              Executive Editor


   Table Of Contents.
   Section.0.Analog.5: Update.....................................Famicoman
   Section.1.Basic Networking.....................................gameman73
   Section.2.Writing your own shell in C/C++.....................Nickisgod1
   Section.3.A primer on PKI.........................................Cooper
   Section.4.The Hackers conundrum By...........................FragUPlenty
   Section.5.Rant.................................................gameman73
   Section.6.A.C.R.O.N.Y.M. is an acronym.......................Bob.Chatman
   Section.7.DVD to AVI: A brief How-to for Windows...................DigiP
   Section.8.Keeping Your Windows Box Alive..........................Max302


       The Amazing Analog.5 Logo and Ascii art was designed by Sprecker    

  |--------------|--------------\______________/--------------|------------|
  :      |-----|----------------/              \-----------------|---|     :
  . Section 0  . |--------------|              |--------------|  .         .

                              Analog.5: Update

  Well... I guess these updates are becoming a necessary thing. I don't 
  like the way they clutter the top of the zine like this, but they are 
  necessary. Anyways, I'll try and keep this one brief. 

  First off, I'd like to make a big thanks out to gameman73 and Nickisgod1.
  This issue couldn't be possible without them, so if you see them on irc 
  or your instant messenger of choice, hell, if you're gonna go out to the
  movies with one of them, be sure to thank them for their work and trying
  to help me out.

  A second thanks goes out to STox at http://binarycore.org STox over there
  has a mirror of Analog5 and is even coming out with an ezine titled
  "theCore" which I advise you all to check out when it is released. The 
  mirror hotlink is at http://binarycore.org/Analog5/

  I also want to repeat what I said last issue. If you have ideas or need 
  ideas for articles, just head over to
   http://hak5.org/wiki/Analog5:Requests

  I'd love to see some people writing up columns. As always, if you have a 
  mirror, drop me an email or chat with me on the irc channel on
  irc.hak5.org #analog5

  So I say kudos to you and enjoy the ezine. I'm gonna go to sleep... 

	-Famicoman
	 Famicoman@live.com
	 http://hackinacan.siteled.com



  |--------------|--------------\______________/--------------|------------|
  :      |-----|----------------/              \-----------------|---|     :
  . Section 1  . |--------------|              |--------------|  .         .

                                Basic Networking

  As per a request on the analog.5 wiki, and an idea I had planned anyway, I
  present for your reading pleasure my network setup/general networking. 

  First off, Ill start with general networking. This is going to sound basic
  to most readers, but I need to start somewhere :). First off, you have the
  actual link type. In most cases, this is Ethernet, or can be other things
  like fiber optics. This is the actual medium through which data moves 
  about. The next level up is the protocol. These are typically TCP/IP, 
  NetBIOS, and ipx/spx for windows (although windows XP comes with TCP/IP
  setup out of the box) and AppleTalk, TCP/IP, and I think apples also have
  NetBIOS and IPX support, but I'm not too sure. Over all, TCP/IP has pretty
  much replaced most of these protocols, although the support was left over 
  for legacy reasons.

  Alright, time for some poor ASCII art. For these examples, there is a 
  computer A and a computer B. When computer A wants to contact computer B,
  computer A sends a packet to computer B, which gets routed through a 
  router (obvious name). When computer B receives the packet, it looks at 
  the packet to see which program it was sent to. Since computer A is trying
  to connect to computer B, computer B must have some sort of port listening
  to accept the connection on. The old example used to describe ports and
  firewalls is a brick wall. Imagine a brick wall with 65535 bricks (there 
  are 65535 ports). Since there are bricks in between the service you want 
  to connect to, you cant get data to that service.
  _______                       ________
  |      |                      |       |
  |  A   |      ------          |  22   |   xxxxxxxx     |   B   |
  --------                      ---------

  In this example, "XX" represents a broken connection, "--" represents a 
  good connection, and "| 22 |" represents the firewall (the appropriate 
  rules for port 22). If that firewall wasn’t there, there would be a 
  connection. You can also set the firewall to allow connections. 

  NAT (network address translation) acts as a firewall when its being used
  in its default mode. Essentially, NAT is what makes most home broadband 
  routers work. It allows multiple computers use 1 internet connection. 
  Lets see what happens when computer B is behind a NAT.

  _______	              ________
  |      |            	      |       |
  |  A   |      ------        |  NAT  |   xxxxxxxx    |   B   |
  --------                    ---------

  The problem with Nat’s is that when it receives an incoming connection on
  the public network, it has no idea what to do with it. Thus the need for 
  port forwarding. 

  Port forwarding tells the NAT that any incoming connections on such and 
  such port get redirected to some computer. Let’s see the previous example
  with ports forwarded.

  		       Ahh, I have a rule for this. Send to B
  
  _______                     ________
  |      |                    |       |
  |  A   |      ------        |  NAT  |   ----------  |   B   |
  --------                    ---------

  And thus, the connection is established and both computers are happy.

  Those are the basics of TCP/IP networking. Now I will brag a little bit
  (it’s really not that impressive) about my network setup. *WARNING* bad
  diagram time.

  --------------       ------------       --------------
  |   DSL      |  ->   | IPCOP    |  ->   | NETWORK    |
  --------------       ------------       --------------

  Alright, that’s the overall gist of how this works. The interesting part
  (to me anyway) is how I have ipcop running with 2 routers, 1 not directly
  connected to it, and all under the same networking scheme (ie, ipcop 
  controls dhcp leases, port forwarding, etc for all computers). 

  ------------
  | DLINK    |
  ------------
 Internet: Empty
  1  : comp (family computer)
  2  : NR041 (router, see below, make note of where this is connected)
  3  : IPCOP
  4  : Empty
  Wireless: any and all wireless clients, including my laptop

  Pretty standard setup here. I have DHCP turned off, and the ip address 
  set to be connectable from an IPCOP dhcp lease. Ill explain why/how in a 
  bit.

  ------------
  |   NR041   |
  -------------
  Internet: Empty
  1  : Desktop
  2  : laptop-server (yeah yeah laugh, it doesn’t get much use)
  3  : DLINK (make a note of where this is connected)
  4  : temporary network hookup for computers being serviced/laptop for 
       speed

  No wireless. Again, no dhcp and an ip address change.

  So why detail how this works. So that you can learn something ;). So
  lets walk through this step by step, assuming we are connection from 
  the NR041.

  1. Plug a computer in. Windows sees the link and sends a DHCP request on
     broadcast (Broadcast is an ip address that basically tells the routers
     to send this packet of data everywhere). 
  
  2. The NR041 sees the broadcast packet and forwards it to every port, 
     which ends up eventually in the hands of the dlink router.
  
  3. The dlink router sees the broadcast request and resends it to all 
     ports.
  
  4. The DHCP request eventually ends up in the hands of ipcop, which does
     have a dhcp server running. It responds and it makes its way through
     the routers.

  As you can see, there is nothing special about both of these routers 
  (basic broadband routers). However, due to bugs in their programming (the
  dlink requires a firmware update that makes it unstable, but includes the
  features I want. The NR041 has the features I want, but has bugs (the most
  noted one is http servers must be at the top of the dhcp clients list.. 
  and network everywhere doesnt want to fix it). Even with these 
  limitations, these routers serve as perfectly find switches and wireless 
  access points. 

  	-gameman73


  |--------------|--------------\______________/--------------|------------|
  :      |-----|----------------/              \-----------------|---|     :
  . Section 2  . |--------------|              |--------------|  .         .

                        Writing your own shell in C/C++

  One might ask why, is there a need, is it useful? Well most likely the 
  answer is no, It's not needed, and in the long run it's only use is that 
  it introduces you to some very useful functions.  However, It can be fun 
  if you have nothing to do and it is a great learning experience. That 
  being said, lets get a list of what we want our basic shell to do.

	1) have a prompt which includes the host name
	2) display the present working directory
	3) change the present working directory
	5) start other processes
	6) start other processes in the background
	7) basic piping.
	8) quit on a certain string, lets say "exit"

  I think this a pretty basic list of what a shell should do at its most
  basic level, so lets get started. First lets build a simple frame that 
  gets input, and stores it in a string or c style array. For this example 
  well use a string, for no good reason other than i like them better. 
  However, seeing as most of the functions we will use later are C 
  functions it may be simpler and cleaner to use a C style array from the 
  get go. OK, lets include the standard I/O functions and the string 
  library to start with a simple while loop checking for exit, or a command

	#include <iostream>
	#include <string>
	using namespace std;
	int main(int argc, char *argv[])
	{
		string command; 
		do
		{
			cout<<"basic prompt: ";
			getline(cin,command);
		}while(command!="exit");

  	    return EXIT_SUCCESS;
	}

  We now have a shell that display a prompt and waits for input, and quits 
  upon the string exit. All thats needed now is to parse our input for use

	int main(int argc, char *argv[])
	{
		string command; 
		do
		{
			cout<<"basic prompt: ";
			getline(cin,command);
			string com; 					
                        //string to store switch

			while(command[command.size()-1] == ' ' ) 
                        // trim tailing whitespace

			{
				command.erase(command.size()-1);
			}
			string::size_type pos = command.find(' ');	
                        //find first command and isolate it

			// if statement  will find first command
			if (pos == string::npos)			
			{
				com=command;
			}
			else
			{
				com=command.substr(0,pos);
			}
		}while(command!="exit");

 	 return EXIT_SUCCESS;
	}

  Now that we have a usable command it is time to start on our list.
  Many of the functions used here are available from the unistd library,
  so lets include that.

	#include <unistd.h>

  For the first entry on our list, we need to get the hostname and login 
  name, this can easily be done though calls to the functions 
  get_login_r(), and gethostname() used in something similar to this

	char hostname[256];
	gethostname(hostname, 256);
	char user[256];
	getlogin_r(user, 256);

  Then we could then change our standard prompt to read something like 
  this

	cout<<"["<<user<<"@"<<hostname<<"]$ ";

  That solves list item one, now how about two, again there is a 
  function available to us to achieve this, getcwd(), it is used in this
  fashion.

  	void pwdDisplay(){
		char pwd[256]; 
		getcwd(pwd, 256);
		cout<<pwd<<endl;
	}	

  Now we know what the pwd is, but how should we display it? Lets call this
  our first built in function, we can either do this with if/else 
  statements, or use enumeration and switch on the string, for the sake of 
  simplicity we will use an if statement.
	if(com=="pwd") getpid()pwdDisplay();
  A note to the reader, although not always included here most, if not all,
  of the functions I reference do set the errno, and return a negative value 
  on an error, error checking is good. Dont be afraid to use it.

  Now the program can return the present directory, but what if the users 
  wishes to change it? This is the reason for our second built in function, 
  well call it cd. the ready built function we can use is also included with
  unistd and is called chdir(), and takes a c style array as an argument, so
  assuming we are using strings, we can do something similiar to this

  	void change_dir( string command)
	{
		string dir; //string to store directory
		string::size_type pos = command.find(' '); 
                //find whitspace to look for directory

		if (pos == string::npos) //no space means no directory
		{
			cerr << "you must enter a directory" << endl;
		}
		else
		{
			pos++; //move onespace up
			dir=command.substr(pos,command.size()-pos); 
                        //create a substring of the directory

			if(chdir(dir.c_str())<0)    //change to that dir
			{
				perror("chdir");    //error
			}
		}
	}

  Again don't forget your error checking and to add the function to your main
  loop with something like

	else if(com=="cd")
		{
			change_dir( command);
		}

  Alright first 2 done, any other functionality that the programmer would like
  to add such as math ability, remembering history etc could be added here, 
  but since this does not really introduce new functions I will leave that as 
  an exercise to the reader.  Now lets add the ability to start other processes.
  To create the new process we will use fork(), which creates a clone of the 
  parent process, we can than replace the clone with our new process, for this 
  we will use a member the execve family. We will use execvp as it searches the
  user path. For other examples in the family see man execvp and man execve.  
  The function takes a c style array as the first argument (the process we wish
  to start) and an array of pointers(the process + its arguments). So again we 
  need to parse our command, sense I am using strings, and we need to get it 
  into an array of * char i used a string stream, but any way will work. We will
  also assume that if the command given is not one of our prebuilt functions, 
  then it is an outside program, thus we will use the last else if in our loop 
  to call this function.

  	else if(com != "exit")
	{prog_normal(command);} 

  and the basic function

  void prog_normal(string command)
  {
	char argv2[10][128];	// c style to hold string to point at
	char  * argv[10]={NULL};	// array of pointers to char 
	string command1=command;	// strings to maipulate
	string command2;		
	stringstream ss(stringstream::in | stringstream::out); 
        // in out string stream for conversion

	string::size_type pos = command1.find(' ');	//find the first break
	string arg1=command1.substr(0,pos);		// this is the command
	command1.erase(0,pos+1);			//get rid of it
	int c=1;					// initialize counter
	ss.str(arg1);
	ss>>argv2[0];
	argv[0]=argv2[0];
	do
	{
		stringstream ss(stringstream::in | stringstream::out); 
                // in out string stream for conversion
		if(c>9)
		{
			cout<<"error:To many arguements"<<endl;
			break;
		}
		else if(pos == string::npos) // no args
		{
			break;
		}
		else
		{
			pos = command1.find(' ');   // find the first arg
			if(pos ==string::npos)	   // last arg?
			{
				ss.str(command1);   //string to stream from
				ss>>argv2[c];	   
                                //stream to a temp array to point at

				argv[c]=argv2[c];   // point at array
			}
			else
			{
				command2=command1.substr(0,pos);
				ss.str(command2);	// see above
				ss>>argv2[c];
				argv[c]=argv2[c];
				command1.erase(0,pos+1);	
                                //remove stored command from copy of command

				c++;	// inc counter
				ss<<' ';
			}
		};
	}while(pos != string::npos);
	pid_t child=fork();		// mk child
	if(child==0)
	{
		if(execvp(arg1.c_str(), argv)==-1)
                //run prog error out and kill if errors
		{
			perror("execvp");
			pid_t curr_pid=getpid();   // get child pid
			kill(curr_pid, 9);	//kill with signal 9
		}
	}
	else
	{
		wait(NULL);	// wait till child completes	
	};

  }

  The same process can be used to start a process in the background, however 
  the parent need not wait for the child to finish. whether or not the program
  should be started in the background can be determined with an if statement
  checking if the last character in the command is an ampersand.

  Now for the final function of our list, the piping, to do this we will need
  to utilize two new functions, dup2() and pipe(). dup2() is used to copy a 
  file descriptor, and pipe creates a new pair of file descripters, which allow
  the parent and child to communicate(0 is for writing, 1 for reading). For 
  dup2() 0 is stdin, 1 is stdout, and 2 is stderr.  Therefore the first thing 
  we need to do is create our pipe.

	int pipe_array[2];
	pipe(pipe_array);

  Now to add some functionality to the code.  It is essentially the same as our
  earlier function but we add this if statement after we get the command 2 
  substring

  if(command2 =="|")
  {
	pos = command1.find(' ');		// find the first arg
	command1.erase(0,pos+1);
	pid_1=fork();
	if(pid_1==0)
	{
	// child
	// redirect the stdout
		if(dup2(pipe_array[1],1)==-1) //copy stdout to pipe_array write
		{
			perror("dup2");
		}
		if(execvp(arg1.c_str(), argv)==-1)//run prog
		{
			perror("execvp");
			pid_t curr_pid=getpid();   // get child pid
			kill(curr_pid, 9);	//kill with signal 9
		}	
	}
	else	//parent
	{	
		wait(NULL);
		close(pipe_array[1]);
		prog_with_pipe(command1); // start second process
		command1.clear();
	};
  }

  and don't forget the file descriptor copy in the second parent added after 
  our while loop.

  if(string::npos==command.find("|")) //if no more pipes execute final prog
  {
	pid_t child=fork();		// mk child
	if(child==0)
	{
		if(dup2(pipe_array[0],0)==-1) // copy stdin to pipe read
		{
			perror("dup2");
		}
		if(execvp(arg1.c_str(), argv)==-1)	
                //run prog error out and kill if errors
		{
			perror("execvp");
			pid_t curr_pid=getpid();   // get child pid
			kill(curr_pid, 9);	//kill with signal 9
		}
	}
  else
  {
		close(pipe_array[0]);	
		wait(NULL);		// wait till child completes	
  };

  Since we are only going for basic piping here this code will only work with
  one pipe, However it is quite possible to have multiple pipes, again this is
  an exercise I leave to the reader, Just be sure to remember that pipes are 
  one way, and to mind your openings and closings.

  We have now created a program, which has built in functions, can spawn 
  processes, and has single command piping. A very basic shell, but usable. I
  invite the reader to add their own functions to make it usable for them. 
  Should you wish your new program can be set as you shell using the chsh 
  command. So play around with it, maybe you'll learn something new.

  	-Nick S. aka Nickisgod1


  |--------------|--------------\______________/--------------|------------|
  :      |-----|----------------/              \-----------------|---|     :
  . Section 3  . |--------------|              |--------------|  .         .

                                 A primer on PKI

  Suppose you need to transmit a private message to someone across an 
  untrusted network. What would you do?

  Obviously you'll need to encrypt your message. But for that you need a 
  key, and the receiving party needs to know about that key so they can 
  decrypt your message. So you set up a meeting with this other individual, 
  and you two decide on a key to employ. You both take this key back with 
  you, and from that point on communicate in a secure manner by encrypting   
  all you data using that one key.

  This is called symmetric cryptography, the symmetry being that both 
  parties know the key. The problem with this is that you need to trust the
  other party to keep this key secure. The assumption is made that no other 
  person has access to this key, so when you receive a message encrypted 
  with this key you trust it to have come from the other person. When it's 
  only 1 key you have to worry about, this might still be doable. But what if
  you've got a network of people you need to stay in touch with in a secure 
  way? All the people on this network need to be able to securely communicate
  with each other. Having a special key for communicating between 2 people in 
  the network means each person's key repository will grow exponentially with
  the size of the network. Meeting with all these individuals personally to 
  decide on a key becomes troublesome and may expose your relationship, and 
  if someone loses his keys the fun can really start.

  The solution lies in the use of asymmetric cryptography, also referred to
  as public key cryptography. The concept of asymmetric cryptography is that 
  each individual has a private and a public key. When you want to securely 
  transmit a private message to someone you can encrypt it using the 
  receiver's public key. The receiver must then use his private key to 
  decrypt the message. As he's the only person who has access to this 
  private key, you know the message will remain secure while in transit. But
  since the public key is public in a rather literal sense of the word, 
  what's to stop someone from intercepting your message, throwing it away, 
  and sending a different message to the receiver, claiming to be you? The 
  answer lies in another function of public key cryptography: signing. You 
  can compute a signature over your message using your private key, and then
  attach it to the outgoing message. The receiver can then verify the 
  contents of this message using your public key, and thus be assured that 
  the message was sent you, and has also not been tampered with while in
  transit.

  As always, there's a drawback to using public key cryptography. Typically
  the keys needed considerably longer than those needed by symmetric 
  cryptography. More importantly, the algorithms used are considerably slower
  than their symmetric counterparts. One popular way of dealing with this 
  last drawback is for the sender of the message to enrypt the message using 
  a secure one-time key and a symmetric encryption algorithm. He then 
  encrypts this one-time key with the public key of the recipient, and 
  attaches it to the sent message. When there are multiple recipients, simply
  repeat this step for each recipient. The recipient can use his private key 
  to decrypt the one-time key and use that to decrypt the actual message.

  So now that you know the difference between symmetric and asymmetric
  cryptography, there's one more problem to fix. So you have this file that
  contains someone's public key. How do you know it's in fact HIS public key?
  Public keys are stored and transmitted as certificates, which combines the
  public key value with the name of the person the certificate belongs to. But
  people can still lie about who they are. So how do you know?

  There are 2 ways to know. First is the old fashioned way of simply meeting
  in person, proving to eachother that you are who you say you are, and 
  then exchanging self-signed public keys for future communication. You 
  should add this certificate to your system's trusted key repository, or 
  Truststore, to get your system to accept it for the encryption of outgoing
  messages and verification of signatures on received messages.

  The other way to know is via a trusted third party. This trusted third 
  party is called a Certificate Authority or CA. Instead of using self-signed
  certificates a person would sent the CA a certificate request, which 
  contains his public key plus some additional, personal information about 
  the individual. The CA would then verify this information and if he is 
  satisfied the presented information matches that of the person requesting 
  the certificate, he would use his private key to sign the certificate of 
  this person. Now, this person can unsecurely send out this certificate, 
  and the recipient can, using the public key of the CA, verify its signature
  to determine that this certificate belongs to you.

  There are a number of big, commercial CA's out there that have very, very
  strict rules and procedures that you need to follow to get your certificate
  request signed. Their entire business is built around the idea that they 
  are trustworthy so getting them to trust you takes more than just some 
  money, a smile and a handshake. I'm sure people are familiar with Verisign
  as a CA, but there are a number of others, including Comodo and Hak.5 
  sponsor GoDaddy.

  For some groups, using one of the big CAs simply isn't practical. It costs
  too much, the local, repressive goverment might look down on people that 
  seek to prevent others, including law enforcement, to view their messages,
  and so on... An alternative is to simply assign one or several members of 
  your community as a CA. The requirements to getting your certificate signed
  will probably be less but since the group is likely to be small there's a 
  good chance people already eachother anyway. This last way of organising a 
  CA has been coined the "Web Of Trust".

  It's important to realise what signing someone else's certificate 
  signifies. Chances are that in all but the most private of conversations,
  people will trust that a certain individual is person X because you as a CA
  said so, and they trust you. This is why, for this trusted third party 
  thing to work, it's pivotal that you actually meet face to face with 
  someone who can present you with sufficient identification that attests to
  his or her identity before you agree to sign their certificate. This is in 
  fact what the signing parties are all about. You don't (or shouldn't) trust
  an untrusted distribution network like email to bring you certificates for 
  signing. It could be anybody who sent you that stream of bits!

  The one remaining unexplained thing in this is just what exactly PKI is. 
  PKI is the abbreviation for Public Key Infrastructure, and it's the whole
  package of dealing with the distribution and management of public keys. 
  The mechanism of assigning an person's identity via an intermediary like a
  CA or a trusted third party from your community. As asymmetric cryptography
  is such an integral part of PKI people often consider this part of PKI, but
  as it has very little to do with infrastructure, it really should not be 
  seen as such.

  If you want to start playing with certificates, look no further than the
  OpenSSL suite of programs. You can get them at this URL: 
  http://www.openssl.org They only distribute their product in sourcecode
  form. Most Unixes come with OpenSSL pre-packaged by default, so look at 
  your package manager to see if there are precompiled binaries for your 
  platform. Behind the 'Related' tab on the left of the OpenSSL website you 
  will find a link to precompiled binaries for the Windows platform.

  The manual for these programs can be a bit daunting, so here are a few
  commands to get you started:

  openssl genrsa -des3 -out myname.key 2048

  Generate a 2048-bit RSA key-pair (contains both the public and private 
  key), encrypted using des3. The result will be stored in a file named 
  myname.key and you'll be prompted for a passphrase:
  
  openssl req -new -x509 -days 1001 -key myname.key -out myname.cer

  Create a self-signed certificate for this personal key. This certificate 
  will remain valid for 1001 days, and be stored in a file named myname.cer. 
  You will be prompted for the passphrase of your private key and a number of
  items like your country code, city, etc.

  In order to sign other peoples' certificates, you need to set up a 
  directory structure that is described in your openssl.cnf file, and create
  a new key-pair and certificate solely for your CA. You could use your own 
  key-pair and certificate, but it's more secure to have one set for signing 
  certificates and another for your day-to-day encryption and verification 
  needs. The directory structure to create with the current version of 
  OpenSSL's default openssl.cnf can be created with these commands:

	mkdir demoCA
	mkdir demoCA/newcerts
	mkdir demoCA/crl
    echo "" > ./demoCA/index.txt
	echo "01" > ./demoCA/serial


  On Windows, those slashes should of course be replaced by backslashes.

  openssl req -new -key myname.key -out myname.csr

  Generate a certificate request from our private key, to be sent to the CA
  for singing. You will be prompted for the same information as with the 
  self-signed certificate, plus 2 extra fields which I left blank.

  openssl ca -policy policy_anything -cert ca.cer -in myname.csr

      -keyfile ca.key -days 360 -out result.cer

  This is a single command that I split up over 2 lines. This command will
  process the certificate request in 'myname.csr'. It will display the 
  information from the request to you, and ask if you really wish to sign it.
  You should try to verify the data presented to you before selecting yes. 
  Afterwards it will ask if you want to update the database in which issued 
  certificates are being tracked (this is used for certificate revocation, 
  should that need arise). You should answer yes.

  openssl x509 -in result.cer -text

  Display the contents of this signed certificate. When compared to the 
  self-signed certificate created earlier you'll notice that the data in the
  signature field is different.

  openssl x509 -in result.cer -outform DER -out result.der

  The certificates generated above are in the PEM format, but Windows tends 
  to prefer the DER format for some uses. The above command transforms 
  the certificate to DER format.


	  -Cooper


  |--------------|--------------\______________/--------------|------------|
  :      |-----|----------------/              \-----------------|---|     :
  . Section 4  . |--------------|              |--------------|  .         .

		           The Hackers conundrum By

  I think the realization of who you are occurs in high school, and most 
  schools have a place to put you to help you realize your potential. An 
  athlete interested in football would probably want to join the football 
  team, if they are interested in soccer they join the soccer team. The 
  problem that we face is that there is no team for us. We quickly realize 
  that what we want cannot be satisfied by the programs that schools offer, 
  they do not offer something for us. The last time I checked, all the 
  computer courses did was teach you how to use Word and Powerpoint.

  “I am a hacker, enter my world...
  Mine is a world that begins with school... I'm smarter than most of the 
  other kids, this crap they teach us bores me...”

  Hackers are quickly ostracized from the social structure that runs the 
  schools, you have a groups of people that hang out together. The athletes,
  the preppy kids, the wanna be gangsters, the real gangsters, the stoners, 
  and of course we cant forget the rich kids that probably should go into 
  the preppy group. Heres our problem initially upon entry into the high 
  school world we almost immediately realize that we wont fit in.

  “Damn kid. All he does is play games. They're all alike.
  And then it happened... a door opened to a world... rushing through the 
  phone line like heroin through an addict's veins, an electronic pulse is 
  sent out, a refuge from the day-to-day incompetencies is sought... a board
  is found. "This is it... this is where I belong..." I know everyone 
  here... even if I've never met them, never talked to them, may never hear 
  from them again... I know you all...”

  Then we begin to realize the reason we do not fit into the high school 
  atmosphere. It is because the high school atmosphere was not intended for
  us. It was intended to help people like the above mentioned groups succeed 
  in life and society. Hackers however are seen as unimportant, they are 
  seen as being the counter culture of success. Its not that we are anti 
  social, actually it is usually quite the opposite most will answer any 
  computer question you have, Usually in great detail and length. This is an
  oddity because most people assume that in order to have knowledge of 
  something that you need a diploma or certification of some sort. This 
  results in us having a problem, where as we are unable to proceed with our
  lives due to the fact that high school will totally turn you off of any 
  school in the future. Soon though A hacker finds an outlet, some way to 
  make a living off what they do. Usually this happens later in life though.

  “This is our world now... the world of the electron and the switch, the 
  beauty of the baud. We make use of a service already existing without 
  paying for what could be dirt-cheap if it wasn't run by profiteering 
  gluttons, and you call us criminals. We explore... and you call us 
  criminals. We seek after knowledge... and you call us criminals. We exist
  without skin color, without nationality, without religious bias... and you
  call us criminals. You build atomic bombs, you wage wars, you murder, 
  cheat, and lie to us and try to make us believe it's for our own good, yet
  we're the criminals.”

  Eventually we realize this is our world that we can tap into the system 
  and use it to our advantage. We have the ability to do things that others
  cannot, we can stare for hours at code, or hardware and without even 
  knowing what we are doing, fix it, or modify it to do something better. It
  is almost as if our subconcious mind has been modified to allow us to 
  understand how computers work at a level others cannot.

  “Yes, I am a criminal. My crime is that of curiosity. My crime is that of 
  judging people by what they say and think, not what they look like. My 
  crime is that of outsmarting you, something that you will never forgive me
  for. I am a hacker, and this is my manifesto. You may stop this 
  individual, but you can't stop us all... after all, we're all alike.” All
  quotes taken from “The Hacker Manifesto” By: The Mentor

  	-FragUPlentt


  |--------------|--------------\______________/--------------|------------|
  :      |-----|----------------/              \-----------------|---|     :
  . Section 5  . |--------------|              |--------------|  .         .

                                      Rant

  The Internet has come a long way, although it may not have been for the 
  best. It has seemingly gone from being a research/educational tool, to 
  being used as a weapon and for profit by many people. Governments, 
  corporations, and individual people have taken advantage of the trusting 
  nature of the internet and has turned it into something that people dread 
  to explore. I'm not an "old-timer" reminiscing on old days (been on the 
  internet since 2000ish), but one look at some of the more basic features 
  of the internet will tell you it wasn't designed to withstand the stress 
  we put on it. Take a look at POP3. Our beloved e-mail protocol has been 
  around since 1996*, yet is still in use today. Our e-mail is flying 
  around the Internet without mandatory encryption (by default is my 
  *GUESS*, however POP3 CAN be run with encryption). With simple software
  programs, it is dead easy to sniff out passwords from wireless and wired
  networks alike. 

  Now to set this back on course. By default, the internet has gotten to be 
  an insecure place. However, there are people who have chosen to capitalize
  on this instead of helping the problem. It has gotten to be necessary to 
  use a firewall of some type. One could argue that it's stupid not to put 
  a firewall on your computer, but why is that? Someone on the other end 
  might own it? That's a good point, but as far as I know, its still 
  illegal in most countries to intrude into others' networks, yet it 
  happens day in and day out. In this day and age, with thousands upon 
  thousands of people using computers, it has gotten easier and easier to 
  "own" machines, and yet there are still people who believe that it is 
  "cool" to infect hundreds or thousands of computers for nothing more 
  than their personal enjoyment. Spammers flood the internet with their 
  junk, in hopes of snagging a few people to actually click on their 
  message, which usually gets sent to junk filters. Or, they may get hand
  deleted, causing thousands if not millions of man-hours to be wasted. 
  And lets not even mention the bandwith they waste. Spyware/malware 
  vendors focus on new ways to embed their junk into the most obscure 
  parts of windows causing most people to pay for specialized services to
  get rid of it. Usually costing them anywhere between $80 to $120 or more,
  plus the possibility of data loss (if a format is deemed necessary). NONE
  of this is hacking, this is exploiting. 

  So I suppose my point is who is to blame for this? Do we blame the simple 
  people who just want their computer to work? Or do be blame the people who
  make this possible? Or how about the people who ACTUALLY do this and think
  there is something to gain out of it? Or we could blame the people in 
  charge of making the decisions that lead to the security holes that allow
  these to happen? Personally, I blame the people who use this maliciously.
  I think Foxx from BSoD put it very nicely when he said "Hacking is the 
  exploration of a system." While I don't agree with everything he has said,
  this makes sense. While exploring, you can look, poke, and do various 
  things. However, exploring is not exploiting. Exploiting vulnerabilities 
  only makes you a "cracker" (in the evil hacker sense), and with the 
  internet being designed to be a trusting place, that isn't a hard thing 
  to do. 

  When it comes to "white hat" "grey hat" or "black hat", the only real 
  choice when "hacking" in the traditional sense is white hat, or grey hat
  if it's important information or the company isn't doing anything. Grey 
  hat does NOT mean make your own virus botnet to really show this company. 
  Do the responsible thing and post it somewhere where everyone can see and
  for it to gain attention. Software bugs won't be going away any time soon,
  so if you expect the situation to get better any time soon, think again.
  Unfortunately for every 10 people with ethics or morals, theres 100 or 
  more people willing to exploit it for their own gain. The only viable 
  solution in my opinion is tougher enforcement of pre-existing laws or 
  convincing the main offenders that they need to back off. Right now, the
  internet is in a position where no one person or country can control it.
  Unfortunately, other than attempting to solve the problems one by one, 
  only to have them be broke again (in a similar fashion to drm), there 
  doesn't seem to be a real solution.

     * POP3 RFC located at http://tools.ietf.org/html/rfc1939

     Mad props to manuel and Moonlit for proofreading. Thanks guys. 

  	-gameman73


  |--------------|--------------\______________/--------------|------------|
  :      |-----|----------------/              \-----------------|---|     :
  . Section 6  . |--------------|              |--------------|  .         .

            Abbreviated Coded Rendition of Name Yielding Meaning. --
                        A.C.R.O.N.Y.M. is an acronym.
 
  The camps are split, and the shoes are coming off. It's indeed time to
  start a battle of biblical proportions. I really wish that this wasn't
  something that needed to be said, but wow is it difficult to take part
  in development of the interwebs and not be bombarded by this craziness
  that some call pronunciation. Do you say SQL as ESS-QUE-EL or do you
  say SeQuilL or SeQueL? Should you say Lahl or just those hippies say
  that and laugh on your insides? Do you actually take the time to say
  WWW at all? I suggest that you take a step back from this 'debate' and
  take some time to actually think before you speak.
 
  IRC – (EYE ARR SEE)
 
  This debate came up first back in early high school when I used to
  take part in EFnet back before it became a cess pool. One guy would
  tell another guy, note that this is what we talked about in school,
  that he was going to change his irk channel and a riot would ensue.
  Fur would fly and folks would get heated and overly energetic, until
  they realized that the person who had said it was actually out of his
  mind and had never realized that IRC was an ACRONYM. What's that I
  said?
 
  Acronym - a word formed from the initials or other parts of several words.
 
  What does this mean to you? Well, for what its worth, there are quite
  a few acronyms that lend themselves to be pronounced, i.e. NATO, but
  at the same time they are also more than one word, and for that matter
  they are technically written differently, as period separated letters
  to denote that they are infact acronyms – N.A.T.O. These periods are
  there for a reason, to remind you that they are not a word. Keeping
  that in mind it doesn't take much of a step of logic to be able to
  realize that NATO is actually supposed to be En Aye Tee Owe.
 
  Now I can hear your blood starting to boil. OMG WTF! Please don't make
  me laugh at you. I assure you that I won't be forcing you to stop
  looking like fools. IT, pronounced EYE TEE, is an industry that is
  peppered with long and loosely named tools and features and it is
  definitely easier to say Sequel than it is to say Standard Query
  Language. The issue arises when someone says Sequel referring SQL when
  they are actually referring to an application of the same name, and
  mistaking it for the pronunciation of SQL, which is actually
  pronounced as its spelled (ESS QUE EL), unlike many CIO's have been
  bred into believing. Microshaft has done its part with its marketing
  department actually instructing people to refer to its SQL server as
  Sequel server. What a joke. It is only a larger shame because of the
  lack of any traction and the perpetual circle of uninformed folks
  making the mistake of trying to sound smart. May the lord smite him,
  if he would take the time out of making folks think it's alright to
  say LAWL at parties, instead of actually taking the time to laugh.
 
  I doubt many of you would argue that saying something stupid as
  STUHFOO at a party would constitute being a loser, but I have been at
  parties (LAN & the ones girls actually show up to) and heard folks say
  LAWL or OWE EMM GEE in the company of complete strangers. For one
  reason or another, these people usually stand out like sore thumbs,
  especially if you get them a shot of Jagermeister. Just think about
  yourself being this fool as he spouts off this garbage he picked up
  through AIM chat thinking he was hip with the latest lingo. He finds
  out far too late that he has actually crossed the line, and made this
  party, as all the others he has attempted to step into, into another
  festival of making nerds look like losers.
 
  Gamers United.
 
  A few days back one of my colleagues took the time to utter something
  that… to this day is completely unexplainable and I hope that I will
  never be able to forgive him for it. After a meeting that I did
  exceptionally well in he tapped me on the shoulder to get my
  attention. I took my headphones off, listening to the floyd of all
  things, and he looks at me in the eye. For a moment I thought I saw a
  spark of intelligence in that miserable excuse for a brain that he has
  been blessed to have. Without stammering in the slightest he nodded
  his head and said GEE GEE. My heart skipped a beat; had I just heard
  that?! Yes, my god there is nothing left for me to do on this planet.
  He has left the building.
 
  For those of you without mothers to steer you in the right direction,
  and give you that pat on your back to let you know you are making
  acceptable decisions, I suggest that you don't get your panties in a
  bunch too much over this. FTW, for the win, and FTL, for the lose, are
  not going to cause too much hooplah with me, although FTL is
  definitely the wrong way to say something sucks. There is definitely
  some grey area here, of course. But please keep in mind that your
  actions impact the way the worlds young see all nerds. We never got to
  have a football team to stick together, hell its hard enough to find a
  group of five guys/gals to actually co exist and socialize with, let
  alone actually do something productive with them. We are a group of
  unimaginatively large size that are all impacting each others lives.
  It is terrible when a manager turns to an employee and says "You know
  what we need?! You should move us to the new Microshaft Sequel
  Server," but it's a travesty when a fellow developer turns to you and
  says GEE GEE.
 
	  -Robert (Bob) Chatman
  	   bob@gneu.org
  	   http://www.gneu.org


  |--------------|--------------\______________/--------------|------------|
  :      |-----|----------------/              \-----------------|---|     :
  . Section 7  . |--------------|              |--------------|  .         .

  	     ##################################################
 	     ####       .##########################-       ####
 	     ####  +###   ##     ###      -#      #-  ###   ###
 	     ####  +####   ##   ###  ~########  ###-       ~###
 	     ####  +###   ###   ##P  ##    ###  ###-  #########
 	     ####        ###     ##-       #      #-  #########
  	     ##################################################
	
              DVD to AVI: A brief How-to for Windows by DigiP

  Ok, a lot of people have asked this question, and I see that
  there are many ways to do this. First, I want to stress that 
  I do not condone piracy. Copying DVD's from your own home videos
  is more what this is intended for and you will need an UNLOCKED
  dvd in order to do this. Cough...

  So, you wanted to rip your home video dvds to your pc to put 
  clips on the web, like clips on youtube, etc, but your not 
  quite sure how to get it from your dvd to your pc in a useable
  format. Mainly you will want this in either an mpeg or avi 
  format, but were talking about that AVI format just for its 
  common use on windows and the many codecs and programs for 
  compressing and editing them.

  Get your tools ready: 
  (See also: http://nickyguides.digital-digest.com/synth-vdub.htm)
  First things you will need are some Mpeg-2 filters to read a
  DVD. Now, people with a software dvd player will notice they can
  watch dvd's on their pc, but this is only because the program
  can decoded the mpeg-2 video stream (VOB files are actually
  mpegs) but copying them to the pc from the dvd itself
  makes them unreadable because they are encrypted. You would need
  a program to copy these from the dvd to an unlocked format on the
  pc, but that would be against the law..google...cough..Most home 
  made dvds are already unlocked.

  Second, you will need an AC3 filter (if you want to 
  keep original AC3 multichannel sound) or decoder for AC3 to stereo 
  output. This is because DVD's contain many different audio streams and
  can have multiple languages on one disc. 

  And thirdly, you will need a program that can tie all of these 
  together in order to read the dvd files and output it to AVI (or mpeg
  depending on the software you chose).

  MPEG-2 video and audio Filters: 
  http://files.divx-digest.com/nicky/all-filters.zip

  Virtual Dub   : http://www.virtualdub.org/
  AviSynth      : http://avisynth.org/
  xvid codec    : http://www.xvid.org/Xvid-Codec.2.0.html


  I personally use AVISynth and VirtualDub for all my editing of
  DVD material, and most other formats that use DirectShow filters
  for importing video files, but you can use others like T-Mpeg, etc.
  (check google)

  The first thing you will want to do is get those Mpeg filters and
  reg them into windows. You can use regsvr32 from the Run prompt for 
  Multiple_MPEG2_Source.ax, Mpeg2Parser.ax and Mpeg2Decoder.ax or if 
  your not handy with that, drag and drop them onto RegDrop:
  (http://files.divx-digest.com/nicky/regdrop.zip)

  YOU DO NOT NEED THE DUMP.AX, WAVDEST.AX or IVIAUDIO.AX! Delete them!

  Install AviSynth and Unzip/Compile/Install virtual Dub on your pc 
  or get an already compiled version.

  Once you have everything installed, you will want to grab your dvd. Your
  now going to write a simple script that will allow you to import the dvd
  files to VirtualDub. Open any text editor. Type the following:
  	DirectShowSource("drive:\somefile.vob")
  where drive is the drive the files are on and somefile.vob is the first
  vob file you want to import. For ripped dvds on the hard drive that 
  contian extra content, you will have to see which files are for which in
  your dvd once you open them in virtual dub.

  Now save that file as "MyDvds.avs" and open it with Virtual Dub. For 
  advanced editing, I "Ask for extended options" when opeing a file. This 
  gives you some other things you can play with before opening the files,
  like change frame rate, split interlaced video, etc. You will have to 
  experiment to see what works best for your needs, but you will usually 
  want to de-interlace the video, as well as resize them to a smaller screen
  res for ease of use. You can also specify these commands in the avisynth 
  script we just made, so get familiar with the commands and making small clips.

  Now that you have it loaded, you will see two video windows. The one on
  the left is the original video, the one on the right is what your output
  will look like when finished. Click play button and you will see the video.
  Click stop, and then the second play button and you will see the original
  and dubbed output. This gives you an idea of the basics. Now lets add some
  compression. Go to the menu for VIDEO and then select COMPRESSION. Scroll
  down to the xvid codec and click configure. Now this will be where you 
  set your compression levels. Each person has their own preference, but I
  like to set it to a target bitrate of 800 (click the Target Quantizer to
  toggle back and forth) This is great for smooth video and fast action as
  well as keeping the size down on the avi putput. Now we need to change the
  audio settings. Select AUDIO and then Full Processing on the menu. This
  enables advanced audio editing features. You can now select COMPRESSION.
  Check off MP3 and then on the right 48kB/24,000. This is where you will
  save 90% of the file size when converting the files. Otherwise the AVI
  file will be as large if not LARGER than the original file. You can also
  add a video filter to reduce the size of the output as well, but that is
  up to you. I personally would not suggest keeping the original size if it 
  is going to be uploaded to the web, but for personal viewing, this may
  be ok on a fast pc. If reducing the size, start with the easiest setting
  2:1 reduction High Quality. This will speed up the conversion as well.

  Now save the file as an avi somewhere on your pc and your all done! You can
  use virtual dub to delete certain parts and save just small clips, like 30
  seconds, or whatever, but you will have to get used to the program and its 
  interface to do this. I am not going to go into it any further than what
  I just showed you, but google is your friend, so get er' done.

  A 148 meg vob file can usually be reduced to about 28 megs using the methods
  I have shown here. You can achieve even smaller footprints by changing the
  codec settings for both the video and audio, but you will start to degrade the
  quality as you go down that road.

  Any questions on any of these programs, see their respective sites for 
  notes, or check google.

	  -Digip


  |--------------|--------------\______________/--------------|------------|
  :      |-----|----------------/              \-----------------|---|     :
  . Section 8  . |--------------|              |--------------|  .         .

                         Keeping Your Windows Box Alive


  Everybody hears the same thing over and over and over again on IRC, 
  podcasts, from friends, wherever:

  I cant keep my Windows XP install on my PC longer than 3 months, it’s 
  friggin annoying.

  You know what? Then you are doing something wrong. So instead of bitching
  about Microsoft like everybody does, I’m going to deliver in this article 
  5 ways of optimizing your Windows XP box and avoid all that useless 
  bitching.

   Step 1: Take Care of Your Registry

  Everybody knows that the big flaw in Windows product is the registry. As 
  soon as you start installing software, hundreds of entries are created, 
  and after that, they are not necessarily well organized or maintained, 
  or even check for validity, which causes fragmentation of information,
  and storage of useless data.

  Since Microsoft did not thing beforehand of creating a registry cleaner
  to be shipped with it’s products some third part software is necessary.
  Usually, I opt for opensource or freeware solutions for my articles, 
  but in this field, there is no free alternative, so you might end up 
  spending a couple of bucks for a registry cleaner.

  Basically, you have two choices. Well known registry cleaners are either
  the AMUST Registry Cleaner or PCTool’s Registry Mechanic. The two are 
  basically the same thing, with easy scanning and repair as well as 
  compacting of your registry on all version of Windows from 95 to XP SP2,
  with the only important difference being the price, which is 50 $USD for
  Registry Mechanic and 30 $USD for AMUST’s product.

  Personally, I have used the two and don’t have a specific recommendation.
  It seems to me as the two do the exact same job, but considering the fact
  that PCTools has received many awards for it’s software, you might want 
  to go with them if you have a couple more bucks to spend.

  Once you have one of those purchased, scan every week or biweekly, or 
  pretty much everytime you feel like it or if you know you have been 
  installed and uninstalling stuff. The scan itself should take only about
  10 minutes top on a slow system with lots of errors, and fixing is a 
  matter of seconds usually. As for performance gains, they are important
  even on a machine with a relatively fresh install of XP. The changes are
  usually felt as soon as you reboot. Another important thing is compacting
  the registry, which should be done every 2 months or so. These makes you
  registry much more consistant and the search time for entries is 
  decreased by much. Since pretty much every program that runs under 
  Windows uses the registry, this speeds up your computer LOTS.

   Step 2: Defrag More Often

  This is a simple thing that is very often neglected. The fact that 
  information is spread around your hard drive(s) can be a factor to a slow
  machine, this is specially true if you don’t have NCQ on your disks, 
  which is still to be mass implemented, or if you have slower disks like
  the 4200 or 5400 RPMs usually found in a laptop.

  I suggest defragging every month or so, less if you have a tendency to 
  move less files around. Also, remember that to defrag properly, you must 
  have the least possible programs running on your machine at the time of 
  the defrag, to prevent files in use of being skipped. You might want to 
  do this overnight to not waste precious time.

  Personally, I find that Microsoft’s built-in defrag tool is enough for 
  what has to be done, but if you want, you can Google up some commercial 
  solutions, at a cost.

  A good practice would also be to regularly clean your disk with 
  Microsoft’s disk cleaning tool, found on the same panel as the defrag 
  tool. Looks like something useless, but I save 500-600 megabytes only by 
  clearing out my temporary files and MS Office install files.

   Step 3: Manage Your RAM

  Everybody knows that now, for the average user, the minimum required RAM
  to run XP smoothly is 512 MB. However, even with the required 512, there 
  are still some limitations, and some machines may crash upon more memory
  intensive applications such as games on these machines with less RAM. I 
  had this problem on my laptop, once every two times, my machine crashed 
  and froze when I connected to an Enemy Territory server and loaded the
  maps.

  Crashes can be caused by many things, including overheating hardware, a
  possible scenario for a laptop, but I discovered that what made my 
  machine crash is the saturation of the RAM. To remedy this, I downloaded
  a tool called FreeRAM XP Pro. This freeware tool is designed to watch on
  your machine’s RAM usage, optimize it, and clear it when necessary, 
  saving you the crash that you would normally get on a case of memory 
  saturation.

  As was said earlier, the tool is totally free, and available from 
  YourWareSolution’s website.

   Step 4: Remove the Fluff

  Windows XP comes loaded with services and features that most of us more
  advanced users do not need. The obvious is course the XP theme, which in
  itself does take up some system resources, but there are also less 
  obvious ways of increasing your machine’s performance by removing some
  useless services and features.

  First thing to look at is the visual options. Right click on My Computer
  and go to Properties. Under the Advanced tab, you will find a button 
  entitled Performance. Click it, and explore the options. If you really 
  want to go total performance wise, then uncheck them all, at the cost 
  of the loss of some basic visual effects like character smoothing. In 
  general, everything that concerns animations and shadows are useless, 
  so you can uncheck them, and for the rest, you can experiment with it 
  at will, as they are reversible at all times.

  Another tip that could increase your system performance by loads, but 
  this time is slightly more dangerous, is the managing of system 
  services. There are plenty of guides on the thing and that personally,
  I haven’t tested them all, I can only point you to the lot, but chances
  are that you will quickly find a good one. Be careful, removing a 
  critical service can possibly mean kill your machine.

  Personally, since I did not need a huge gain for what I do with my 
  computer, I simply listen to the advice given to me by SiSoft Sandra’s
  computer analysis tool. The tool looks at your system component by 
  component, and list the possible upgrades and configuration 
  improvements. Although in this case the services to be disabled list is
  smaller than in other guides, but the suggested removals are much 
  safer. But Sandra doesn’t just give tips about services, lots of 
  hardware and BIOS setting recommendations can be found in a report.

   Step 5: Protect Your Baby

  Breaking news: Windows machines are vulnerable to viruses and spyware.
  Scary. So get an Anti-virus. Many people, including advanced users 
  neglect the presence of a good AV on their system. Sure, you don’t need
  to be bulletproof on your machine if you already have security devices
  on your upstream network, but still, between bare and barricaded, 
  there is a balance. My  AV suggestion would be Alwil’s Avast AV. Apart
  from being totally free, it has pretty much the same feature as 
  Symantec’s Norton, without the firewall and the resource hogging.

  Apart from a comprehensive list of virus that is frequently updated,
  Avast also includes many live filters for potential Peer to Peer, Mail,
  and Web threats that are very effective, detecting malware faster than you
  can recognize it. Just like Norton, it scans everything real time 
  according to your specifications, and alerts you whenever it finds 
  something suspicious. It does not include a firewall, but in my opinion,
  the Windows Firewall does a pretty good job of filtering unwanted traffic.
  Usually, common sense will tell you if you have to scan files or not, but 
  a good in depth scan every 5-6 months is always good too.

  There you are. Follow these steps, and I guarantee that scrapping your 
  Windows install will be much tougher.

  	-Max302


  .  -----|----  |--------------|              |--------------|  ----|---  .
  |--------------|--            \--------------/            --|------------|
         --------------------------------------------------------------