Configuring Virtual Memory

Take Windows 98 as an example of a typical operating system that has virtual memory. Windows 98 has an intelligent virtual memory manager that uses a default setting to help Windows allocate hard drive space for virtual memory as needed. For most circumstances, this should meet your needs, but you may want to manually configure virtual memory, especially if you have more than one physical hard drive or speed-critical applications.

To do this, open the "Control Panel" window and double-click on the "System" icon. The system dialog window will open. Click on the "Performance" tab and then click on the "Virtual Memory" button.

Click on the option that says, "Let me specify my own virtual memory settings." This will make the options below that statement become active. Click on the drop-down list beside "Hard disk:" to select the hard drive that you wish to configure virtual memory for. Remember that a good rule of thumb is to equally split virtual memory between the physical hard disks you have.

In the "Minimum:" box, enter the smallest amount of hard drive space you wish to use for virtual memory on the hard disk specified. The amounts are in megabytes. For the "C:" drive, the minimum should be 2 megabytes. The "Maximum:" figure can be anything you like, but one possible upper limit is twice physical RAM space. Windows default is normally 12 megabytes above the amount of physical RAM in your computer. To put the new settings into effect, close the dialog box and restart your computer.

The amount of hard drive space you allocate for virtual memory is important. If you allocate too little, you will get "Out of Memory" errors. If you find that you need to keep increasing the size of the virtual memory, you probably are also finding that your system is sluggish and accesses the hard drive constantly. In that case, you should consider buying more RAM to keep the ratio between RAM and virtual memory about 2:1. Some applications enjoy having lots of virtual memory space but do not access it very much. In that case, large paging files work well.

One trick that can improve the performance of virtual memory (especially when large amounts of virtual memory are needed) is to make the minimum and maximum sizes of the virtual memory file identical. This forces the operating system to allocate the entire paging file when you start the machine. That keeps the paging file from having to grow while programs are running, which improves performance. Many video applications recommend this technique to avoid pauses while reading or writing video information between hard disk and tape.

Another factor in the performance of virtual memory is the location of the pagefile. If your system has multiple physical hard drives (not multiple drive letters, but actual drives), you can spread the work among them by making smaller pagefiles on each drive. This simple modification will significantly speed up any system that makes heavy use of virtual memory.

Flash Memory

Electronic memory comes in a variety of forms to serve a variety of purposes. Flash memory is used for easy and fast information storage in such devices as digital cameras and home video game consoles. It is used more as a hard drive than as RAM. In fact, Flash memory is considered a solid state storage device. Solid state means that there are no moving parts -- everything is electronic instead of mechanical.

Here are a few examples of Flash memory:

· Your computer's BIOS chip

· CompactFlash (most often found in digital cameras)

· SmartMedia (most often found in digital cameras)

· Memory Stick (most often found in digital cameras)

· PCMCIA Type I and Type II memory cards (used as solid-state disks in laptops)

· Memory cards for video game consoles

Flash memory is a type of EEPROM chip. It has a grid of columns and rows with a cell that has two transistors at each intersection.

The two transistors are separated from each other by a thin oxide layer. One of the transistors is known as a floating gate, and the other one is the control gate. The floating gate's only link to the row, or wordline, is through the control gate. As long as this link is in place, the cell has a value of 1. To change the value to a 0 requires a curious process called Fowler-Nordheim tunneling.

Flash Memory: Tunneling and Erasing

Tunneling is used to alter the placement of electrons in the floating gate. An electrical charge, usually 10 to 13 volts, is applied to the floating gate. The charge comes from the column, or bitline, enters the floating gate and drains to a ground.

This charge causes the floating-gate transistor to act like an electron gun. The excited electrons are pushed through and trapped on other side of the thin oxide layer, giving it a negative charge. These negatively charged electrons act as a barrier between the control gate and the floating gate. A special device called a cell sensor monitors the level of the charge passing through the floating gate. If the flow through the gate is greater than 50 percent of the charge, it has a value of 1. When the charge passing through drops below the 50-percent threshold, the value changes to 0. A blank EEPROM has all of the gates fully open, giving each cell a value of 1.

The electrons in the cells of a Flash-memory chip can be returned to normal ("1") by the application of an electric field, a higher-voltage charge. Flash memory uses in-circuit wiring to apply the electric field either to the entire chip or to predetermined sections known as blocks. This erases the targeted area of the chip, which can then be rewritten. Flash memory works much faster than traditional EEPROMs because instead of erasing one byte at a time, it erases a block or the entire chip, and then rewrites it.

You may think that your car radio has Flash memory, since you are able to program the presets and the radio remembers them. But it is actually using Flash RAM. The difference is that Flash RAM has to have some power to maintain its contents, while Flash memory will maintain its data without any external source of power. Even though you have turned the power off, the car radio is pulling a tiny amount of current to preserve the data in the Flash RAM. That is why the radio will lose its presets if your car battery dies or the wires are disconnected.

 

Removable Flash Memory Cards

While your computer's BIOS chip is the most common form of Flash memory, removable solid-state storage devices are becoming increasingly popular.   SmartMedia and CompactFlash cards are both well-known, especially as "electronic film" for digital cameras. Other removable Flash memory products include Sony's Memory Stick, PCMCIA memory cards, and memory cards for video game systems such as Nintendo's N64, Sega's Dreamcast and Sony's PlayStation. We will focus on SmartMedia and CompactFlash, but the essential idea is the same for all of these products. Every one of them is simply a form of Flash memory.

There are several reasons to use Flash memory instead of a hard disk:

· Flash memory is noiseless.

· It allows faster access.

· It is smaller in size.

· It is lighter.

· It has no moving parts.

So why don't we just use Flash memory for everything? Because the cost per megabyte for a hard disk is drastically cheaper, and the capacity is substantially more.

SmartMedia

The solid-state floppy-disk card (SSFDC), better known as SmartMedia, was originally developed by Toshiba.

SmartMedia cards are available in capacities ranging from 2 MB to 128 MB. The card itself is quite small, approximately 45 mm long, 37 mm wide and less than 1 mm thick. This is amazing when you consider what is packed into such a tiny package!

As shown below, SmartMedia cards are elegant in their simplicity. A plane electrode is connected to the Flash-memory chip by bonding wires. The Flash-memory chip, plane electrode and bonding wires are embedded in a resin using a technique called over-molded thin package (OMTP). This allows everything to be integrated into a single package without the need for soldering.

The OMTP module is glued to a base card to create the actual card. Power and data is carried by the electrode to the Flash-memory chip when the card is inserted into a device. A notched corner indicates the power requirements of the SmartMedia card. Looking at the card with the electrode facing up, if the notch is on the left side, the card needs 5 volts. If the notch is on the right side, it requires 3.3 volts.

SmartMedia cards erase, write and read memory in small blocks (256- or 512-byte increments). This approach means that they are capable of fast, reliable performance while allowing you to specify which data you wish to keep. They are small, lightweight and easy to use. They are less rugged than other forms of removable solid-state storage, so you should be very careful when handling and storing them.

Compact Flash

CompactFlash cards were developed by Sandisk in 1994, and they are different from SmartMedia cards in two important ways:

· They are thicker.

· They utilize a controller chip.

CompactFlash consists of a small circuit board with Flash-memory chips and a dedicated controller chip, all encased in a rugged shell that is several times thicker than a SmartMedia card.

As shown below, CompactFlash cards are 43 mm wide and 36 mm long, and come in two thicknesses: Type I cards are 3.3 mm thick, and Type II cards are 5.5 mm thick.

CompactFlash cards support dual voltage and will operate at either 3.3 volts or 5 volts.

The increased thickness of the card allows for greater storage capacity than SmartMedia cards. CompactFlash sizes range from 8 MB to 6GB. The onboard controller can increase performance, particularly on devices that have slow processors. The case and controller chip add size, weight and complexity to the CompactFlash card when compared to the SmartMedia card.

Memory Standards

Both SmartMedia and CompactFlash, as well as PCMCIA Type I and Type II memory cards, adhere to standards developed by the Personal Computer Memory Card International Association (PCMCIA). Because of these standards, it is easy to use CompactFlash and SmartMedia products in a variety of devices. You can also buy adapters that allow you to access these cards through a standard floppy drive, USB port or PCMCIA card slot (like the one you find on a laptop computer). Sony's Memory Stick is available in a large array of products offered by Sony, and is now showing up in products from other manufacturers as well.

Although standards are flourishing, there are many Flash-memory products that are completely proprietary in nature, such as the memory cards in video game systems. But it is good to know that as electronic components become increasingly interchangeable and learn to communicate with each other (by way of technologies such as Bluetooth), standardized removable memory will allow you to keep your world close at hand.

Cordless Telephones

Cordless telephones are one of those minor miracles of modern life - with a cordless phone, you can talk on the phone while moving freely about your house or in your yard. Long before cell phones became so cheap that anyone could afford one, cordless phones gave everyone the freedom to walk and talk within the privacy of their own homes. A cordless telephone is basically a combination telephone and radio transmitter/receiver. A cordless phone has two major parts: base and handset.

Base

The base unit of the cordless phone is plugged into the telephone jack on your wall. If you open up the base and expose the circuit board, you see several components that carry out the functions of the base:

· phone line interface - receives and sends telephone signals through the phone line

· radio

· amplifies signals to and from phone-line interface, user controls and speaker phone (if present)

· broadcasts and receives radio signals to and from the handset

· power - supplies low voltage power to the circuits and recharges the battery of the handset

Phone Line Interface

Phone line interface components do two things. First, they send the ringer signal to the bell (if it's on the base) or to the radio components for broadcast to the handset. This lets you know that you have an incoming call. Second, they receive and send small changes in the phone line's electrical current to and from the radio components of the base. When you talk, you cause small changes in the electrical current of the phone line, and these changes get sent to your caller. The same happens when the caller talks to you.

Radio Components

The radio components receive the electrical signals from the phone line interface and user controls (keypads, buttons). The radio components convert the signals to radio waves and broadcast them via the antenna. Radio components use quartz crystals to set the radio frequencies for sending and receiving. There are two quartz crystals, one for sending signals and one for receiving signals. Remember that the base and handset operate on a frequency pair that allows you to talk and listen at the same time (duplex). The radio components include an audio amplifier that increases the strength of the incoming electrical signals.

Power Components

A DC power cube transformer supplies the low voltage required by the electrical components on the circuit board. The power components on the circuit board work with the power cube to supply electrical current to re-charge the battery of the handset.

In addition to the above components, some bases also have audio amplifiers to drive speakers for speaker phone features, keypads for dialing, liquid crystal displays (LCDs) for caller ID, light-emitting diodes (LEDs) for power/charging indicators, and solid state memory for answering machine or call-back features.

Handset

You can carry the handset with you throughout the house or outside within the range of the base transmitter. The handset has all of the equipment of a standard telephone (speaker, microphone, dialing keypad), plus the equipment of an FM radio transmitter/receiver. When you open up the handset, you can see these components.

Speaker

The speaker receives the electrical signals from the audio amplifier in the radio components and converts them into sound. When you remove the cover from the speaker, you see a large round permanent magnet with a hole in the middle and a deep groove surrounding the hole. Within this deep groove is a coil of fine copper wire that is attached to a thin plastic membrane. The plastic membrane covers the magnet and coil.

Microphone

The microphone changes the sound waves from your voice into electrical signals that are sent to the audio amplifier of the radio components. A microphone is essentially a speaker that works in reverse. When sound waves from your voice move the membrane, they make tiny electric currents either by moving a coil of wire within a magnet or by compressing the membrane against carbon dust.

Keypad

The keypad allows you to dial a number. It transfers the pressure from your fingertip on the appropriate key into an electrical signal that it sends to the radio components. Below the rubber keypad is a circuit board with black conductive material under each button. The keypad works like a remote control. When you press a button, it makes a contact with the black material and changes its electrical conductance. The conductance sends an electrical signal to the radio components indicating that you have selected that number.

Buzzer or Ringer

When the radio components of the handset receive the ringer signal from the base, they send electrical signals to the buzzer. The buzzer changes those electrical signals into sound much like the speaker does. You hear the buzzer sound and know that someone is calling you. In some phones, the speaker is used to make the ringer sound and there is no need for a separate ringer.

Radio Components

The radio components of the handset are like those of the base - they convert electrical signals from the microphone into FM radio signals and broadcast them at the same frequency as the receiving crystal of the base unit. The radio components also receive radio signals at the same frequency as the broadcasting crystal from the base, convert them to electrical signals and send them to the speaker and/or buzzer (ringer).

Battery

The handset's battery supplies the power for all of the electrical components in the handset. All cordless phone handsets have a rechargeable battery (nickel-cadmium, nickel-metal hydride or lithium). When the battery runs low, an indicator light on the handset usually lights up or flashes. In some phones, a "beeping" sound may also indicate a low battery. You then recharge the battery on the base of the cordless phone.

The GE cordless phone that we dissected was from 1993. Modern cordless phones have the same functions and much of the same hardware. However, many of the electronic circuits that were once achieved with transistors, resistors and capacitors have been replaced with integrated circuits. This advancement allows the handset to be either smaller with the same functions or the same size with more functions.

In summary, a cordless phone is basically a combination of a telephone and an FM radio transmitter/receiver. Because it is a radio transmitter, it broadcasts signals over the open airways rather than specifically between the base and handset.

Computer viruses

   Computer viruses are mysterious and grab our attention. On the one hand, viruses show us how vulnerable we are. A properly engineered virus can have an amazing effect on the worldwide Internet. On the other hand, they show how sophisticated and interconnected human beings have become.

    For example, the things making big news right now are the MSBlaster worm and the SoBig virus. The Melissa virus -- which became a global phenomenon in March 1999 -- was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. That's pretty impressive when you consider that the Melissa and ILOVEYOU viruses are incredibly simple.

    In this article, we will discuss viruses -- both "traditional" viruses and the newer e-mail viruses -- so that you can learn how they work and also understand how to protect yourself. Viruses in general are on the wane, but occasionally a person finds a new way to create one, and that's when they make the news.

Types of Infection
When you listen to the news, you hear about many different forms of electronic infection. The most common are:

· Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.

· E-mail viruses - An e-mail virus moves around in e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book.

· Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.

· Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.

What's a "Virus"?

Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person.

   There are similarities at a deeper level, as well. A biological virus is not a living thing. A virus is a fragment of DNA inside a protective jacket. Unlike a cell, a virus has no way to do anything or to reproduce by itself -- it is not alive. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. In some cases, the cell fills with new viral particles until it bursts, releasing the virus. In other cases, the new virus particles bud off the cell one at a time, and the cell remains alive.

   A computer virus shares some of these traits. A computer virus must piggyback on top of some other program or document in order to get executed. Once it is running, it is then able to infect other programs or documents. Obviously, the analogy between computer and biological viruses stretches things a bit, but there are enough similarities that the name sticks.

What's a "Worm"?

A worm is a computer program that has the ability to copy itself from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. For example, the Code Red worm replicated itself over 250,000 times in approximately nine hours on July 19, 2001.

  A worm usually exploits some sort of security hole in a piece of software or the operating system. For example, the Slammer worm (which caused mayhem in January 2003) exploited a hole in Microsoft's SQL server. This article offers a fascinating look inside Slammer's tiny (376 byte) program.

Code Red

Worms use up computer time and network bandwidth when they are replicating, and they often have some sort of evil intent. A worm called Code Red made huge headlines in 2001. Experts predicted that this worm could clog the Internet so effectively that things would completely grind to a halt.

   The Code Red worm slowed down Internet traffic when it began to replicate itself, but not nearly as badly as predicted. Each copy of the worm scanned the Internet for Windows NT or Windows 2000 servers that do not have the Microsoft security patch installed. Each time it found an unsecured server, the worm copied itself to that server. The new copy then scanned for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies.

The Code Red worm was designed to do three things:

· Replicate itself for the first 20 days of each month

· Replace Web pages on infected servers with a page that declares "Hacked by Chinese"

· Launch a concerted attack on the White House Web server in an attempt to overwhelm it

   The most common version of Code Red is a variation, typically referred to as a mutated strain, of the original Ida Code Red that replicated itself on July 19, 2001. According to the National Infrastructure Protection Center:

    The Ida Code Red Worm, which was first reported by eEye Digital Security, is taking advantage of known vulnerabilities in the Microsoft IIS Internet Server Application Program Interface (ISAPI) service. Un-patched systems are susceptible to a "buffer overflow" in the Idq.dll, which permits the attacker to run embedded code on the affected system. This memory resident worm, once active on a system, first attempts to spread itself by creating a sequence of random IP addresses to infect unprotected web servers. Each worm thread will then inspect the infected computer's time clock. The NIPC has determined that the trigger time for the DOS execution of the Ida Code Red Worm is at 0:00 hours, GMT on July 20, 2001. This is 8:00 PM, EST.

     Upon successful infection, the worm would wait for the appointed hour and connect to the www.whitehouse.gov domain. This attack would consist of the infected systems simultaneously sending 100 connections to port 80 of www.whitehouse.gov (198.137.240.91).

       The U.S. government changed the IP address of www.whitehouse.gov to circumvent that particular threat from the worm and issued a general warning about the worm, advising users of Windows NT or Windows 2000 Web servers to make sure they have installed the security patch.

How They Spread

Early viruses were pieces of code attached to a common program like a popular game or a popular word processor. A person might download an infected game from a bulletin board and run it. A virus like this is a small piece of code embedded in a larger, legitimate program. Any virus is designed to run first when the legitimate program gets executed. The virus loads itself into memory and looks around to see if it can find any other programs on the disk. If it can find one, it modifies it to add the virus's code to the unsuspecting program. Then the virus launches the "real program." The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time either of those programs gets executed, they infect other programs, and the cycle continues.

  If one of the infected programs is given to another person on a floppy disk, or if it is uploaded to a bulletin board, then other programs get infected. This is how the virus spreads.

    The spreading part is the infection phase of the virus. Viruses wouldn't be so violently despised if all they did was replicate themselves. Unfortunately, most viruses also have some sort of destructive attack phase where they do some damage. Some sort of trigger will activate the attack phase, and the virus will then "do something" -- anything from printing a silly message on the screen to erasing all of your data. The trigger might be a specific date, or the number of times the virus has been replicated, or something similar.

     As virus creators got more sophisticated, they learned new tricks. One important trick was the ability to load viruses into memory so they could keep running in the background as long as the computer remained on. This gave viruses a much more effective way to replicate themselves. Another trick was the ability to infect the boot sector on floppy disks and hard disks. The boot sector is a small program that is the first part of the operating system that the computer loads. The boot sector contains a tiny program that tells the computer how to load the rest of the operating system. By putting its code in the boot sector, a virus can guarantee it gets executed. It can load itself into memory immediately, and it is able to run whenever the computer is on. Boot sector viruses can infect the boot sector of any floppy disk inserted in the machine, and on college campuses where lots of people share machines they spread like wildfire.

      In general, both executable and boot sector viruses are not very threatening any more. The first reason for the decline has been the huge size of today's programs. Nearly every program you buy today comes on a compact disc. Compact discs cannot be modified, and that makes viral infection of a CD impossible. The programs are so big that the only easy way to move them around is to buy the CD. People certainly can't carry applications around on a floppy disk like they did in the 1980s, when floppies full of programs were traded like baseball cards. Boot sector viruses have also declined because operating systems now protect the boot sector.

       Both boot sector viruses and executable viruses are still possible, but they are a lot harder now and they don't spread nearly as quickly as they once could. Call it "shrinking habitat," if you want to use a biological analogy. The environment of floppy disks, small programs and weak operating systems made these viruses possible in the 1980s, but that environmental niche has been largely eliminated by huge executables, unchangeable CDs and better operating system safeguards.

E-mail Viruses

The latest thing in the world of computer viruses is the e-mail virus, and the Melissa virus in March 1999 was spectacular. Melissa spread in Microsoft Word documents sent via e-mail, and it worked like this:

      Someone created the virus as a Word document uploaded to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document (and therefore itself) in an e-mail message to the first 50 people in the person's address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document thinking it was harmless. The virus would then create 50 new messages from the recipient's machine. As a result, the Melissa virus was the fastest-spreading virus ever seen! As mentioned earlier, it forced a number of large companies to shut down their e-mail systems.

    The ILOVEYOU virus, which appeared on May 4, 2000, was even simpler. It contained a piece of code as an attachment. People who double clicked on the attachment allowed the code to execute. The code sent copies of itself to everyone in the victim's address book and then started corrupting files on the victim's machine. This is as simple as a virus can get. It is really more of a Trojan horse distributed by e-mail than it is a virus.

    The Melissa virus took advantage of the programming language built into Microsoft Word called VBA, or Visual Basic for Applications. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages. It also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus! It created a huge mess.

   Microsoft applications have a feature called Macro Virus Protection built into them to prevent this sort of thing. With Macro Virus Protection turned on (the default option is ON), the auto-execute feature is disabled. So when a document tries to auto-execute viral code, a dialog pops up warning the user. Unfortunately, many people don't know what macros or macro viruses are, and when they see the dialog they ignore it, so the virus runs anyway. Many other people turn off the protection mechanism. So the Melissa virus spread despite the safeguards in place to prevent it.

    In the case of the ILOVEYOU virus, the whole thing was human-powered. If a person double-clicked on the program that came as an attachment, then the program ran and did its thing. What fueled this virus was the human willingness to double-click on the executable.