A text version is also available.
1. Introduction
1-1. About this FAQ
1-2. How to contribute
1-3. Acknowledgements
1-4. The FAQ doesn't answer my question. What now?
2. The Basics
2-1. What is @Guard?
2-2. Who wrote it?
2-3. Where can I get it?
2-4. How much does it cost?
2-5. For which operating systems is it available?
2-6. I just installed it. What do I do now?
2-7. How do I uninstall it?
3. Blocking Graphic Images
3-1. How do browsers load graphics and how does @Guard block them?
3-2. How do I block an image using Netscape?
3-3. What's the difference between "Link Location" and "Image Location"?
3-4. How do I block an image using Internet Explorer?
3-5. How do I block an image using a different browser?
3-6. How do I modify entries in the blocklist?
3-7. How can I tell if I'm blocking too much?
3-8. What happens with animated GIFs?
3-9. Why is there sometimes an empty square or rectangle on the page?
4. Privacy: Cookies and Refer Fields
4-1. What are cookies?
4-2. Why does my browser keep warning me about accepting cookies?
4-3. How does @Guard block cookies?
4-4. How do I block some cookies but not others?
4-5. What are referer fields?
4-6. Why aren't a lot more refer fields being logged?
4-7. Why is "referer" misspelled?
5. Firewalls and Safety
5-1. How do I enable the @Guard Firewall?
5-2. What does the @Guard Firewall do?
5-3. How does the firewall block connections?
5-4. Why are RuleAssistant alerts popping up?
5-5. What should I do when a RuleAssistant alert pops up?
5-6. What does "Always permit in/outbound communication for this app" do?
5-7. How about "Always permit in/outbound communication for this service"?
5-8. What does "Always block this network communication" do?
5-9. What are services? What are port numbers?
5-10. What's the diff between TCP connection attempts and UDP packets?
5-11. Why is there sometimes no alert when someone tries to connect to me?
6. Other stuff
6-1. When I turn @Guard <off/on> and reload the page, it still <is/isn't> blocking images!
6-2. What is the web browser's cache?
6-3. Anything I should watch for when installing on a dual-boot machine?
6-4. How do I find the version number?
6-5. Why do some pages come up completely blank?
6-6. An image STILL isn't being blocked. How do I block it?
6-7. How do I find the Image Location URL for a particular image?
6-8. Where are the registry entries and what do they mean?
6-9. Why doesn't the statistics window show a count of bytes rejected?
6-10. Is the Ad Trashcan editing URLs that are dropped in it?
6-11. Does @Guard keep any of its files in the windows system directory?
6-12. Netscape hangs when...
This FAQ is intended to provide more information about @Guard to newcomers and seasoned users alike. Herein you will find basic info about @Guard and how it works, how to make it do what you want (or make it stop doing what you don't want), how to suggest features to the people working on it, and where to get updates, blocklists, and more information.
This FAQ is available at http://www.cryogenius.com/atguard
You can find additional information at http://www.technologypreview.com
1-2. How to contribute to this FAQ
If you have something you'd like to add to this FAQ, please send email to atfaq@cryogenius.com. It will be reviewed, and if accepted, added to the FAQ.
Please note that all submissions to the FAQ become the property of the authors and that they may or may not be acknowledged. By submitting to the FAQ, you grant permission for use of your submission in any future publications of the FAQ in any media. The authors reserve the right to edit any submission in any manner necessary, or omit it entirely.
First off, I'd like to thank WRQ, without whom all this wouldn't have been possible. The folks at WRQ have been known for quietly producing high quality corporate software for years, but have recently come "out of the box" with this very cool performance enhancement and firewall package for mainstream internet users.
1-4. The FAQ doesn't answer my question. What do I do?
If your problem isn't mission-critical, you can send an email to the FAQ at atfaq@cryogenius.com and wait for it to get answered here.
You can also send an email to nam-feedback@technologypreview.com and check their FAQ for updates. That email address can also be used to ask the developers about things, but they're pretty busy folks so you may or may not get a reply.
If you need help right away, subscribe to the @Guard mailing list and post your question there. Uhhh... there is no @Guard mailing list yet. Hang on, I'm working on it. It'll probably be a list served at cryogenius.com, unless we can convince WRQ to host one.
@Guard (pronounced "At Guard") is software that runs on your PC and monitors network traffic going in and out of your computer. Specifically, it can:
The biggest software company you never heard of, WRQ in Seattle, WA. They're something like the 16th largest PC software company in the world and have a web page at http://www.wrq.com.
You can find namdemo.exe at http://www.technologypreview.com, or more specifically, at http://wrqdownload.wrq.com/techprev/namdemo.exe
No price has been set yet. What's available right now is a "Technology Preview" that times out 90 days after it's installed. The best rumor I could get my hands on was that it'll probably wind up somewhere around $30, depending on interest level and feedback.
2-5. For which operating systems is it available?
Windows 95 or greater and Windows NT 4.0, Service pack 3. Alas, it is not available for Macintosh, but for image and cookie filtering I can recommend WebFree, available at http://www.falken.net/webfree/
Note: @Guard will NOT run on any 3rd party TCP/IP stack, including WRQ's own. @Guard hooks the TDI interface in Microsoft's stack.
2-6. I just installed it. What do I do now?
Start surfing! Depending on where you go, a whole bunch of ads should now be gone, your car will run smoother, your food will taste better, and the web will be a happier place.
You should have a little icon of a yellow and black striped gate on the right side of the taskbar. Click on it and a menu will appear. Try them!
"Statistics" Brings up a window with various counters on it
Note that you can clear these by right-clicking in the window.
"Ad Trashcan" Brings up a little window with a trashcan that you can
paste image and link URLs (Netscape) or drop link URLs
(Explorer) into to add stuff to the blocklist.
"Event Log" Brings up a log of all sorts of interesting things, including
a record of images blocked and which blocklist entry caused
the blocking to occur, a list of past connections to remote
computers, a list of cookies and refer fields and what
happened to them, a history of URLs that have been visited,
and a log of connections that were denied by the firewall.
"Settings" Brings up the configuration dialog, where you can turn various
blocking features on and off, add strings to the blocklist,
add individual domains to allow cookies to, modify firewall
rules, and password protect @Guard's settings.
"Help" Brings up a most excellent online help. Most of your
questions can probably be answered here.
In the unlikely event that you want to uninstall it, :) you can go to "Add/Remove Programs" in the Win95 or WinNT control panel, select "@Guard", and hit the Add/Remove button.
Beware that uninstalling really uninstalls; any blocklist and firewall rule set entries that you created WILL BE LOST. Hopefully, they'll have a way to save and restore the blocklist and rule sets before too long.
When you go to a web page, your browser might receive something like this:
Blah! Blah blah: <img src="http://www.foo.com/nifty_images/image7.gif">
When your browser sees that, it prints the text "Blah! Blah blah:" on the screen, and then it connects to www.foo.com and asks it for a file called "/nifty_images/image7.gif". If www.foo.com has such a file, it sends it to the browser, which displays the image.
This same mechanism is used to gather up all the different pieces that can make up a web page, including images, windows that display other web pages (also known as frames), and even audio or video clips.
So a single web page can be constructed of data sent from many different host computers, each of which must be queried and respond to each data request of your browser. Each of these query and response cycles takes time, and a page which has an excessive number of these requests, such as one with several different advertisements, can slow down the loading of a web page dramatically. Not only does the downloading of the data for a single page take longer, but all those packets of unnecessary and often undesired data flying about slow the speed of the entire World Wide Web. It is as if we have taken the now heavily traveled "information superhighway" and populated it with empty cars.
When @Guard blocks these things, what it's doing is blocking the outbound request that the browser makes for the image. The blocked data IS NEVER TRANSFERRED, so pages load faster and the internet has less clutter.
The example string, "http://www.foo.com/nifty_images/image7.gif", is known as a URL, or Uniform Resource Locator. @Guard lets you block it if any part of it matches a string in your blocklist, so if you put either "www.foo.com", "nifty_images", "image7.gif", or something more specific like "foo.com/nifty_images/image7.gif" into the blocklist, the image would be blocked.
The particular string that you choose to block a data request (such as an advertisement) will affect how restrictive or unrestrictive @Guard will be in its filtering of data. For example, if you put simply "foo.com" into the blocklist, you would wind up blocking EVERYTHING that comes from foo.com. If you were much more specific by using "www.foo.com/nifty_images/image7.gif" to block the same thing, you would probably wind up blocking only that one particular image on one particular web page.
3-2. How do I block an image using Netscape?
First, bring up the Ad Trashcan by clicking on the @Guard icon on the right side of the taskbar and clicking on the "Ad Trashcan" menu item. You should then have a window with a trashcan in it that does not look like the desktop Recycle Bin. Then, in either Netscape 3.0 or 4.0, right-click on the image you want to block. You should see a menu with "Copy Link Location" or "Copy Image Location" or both, toward the bottom of the menu. Select one of those to copy the URL to the clipboard, and then right-click on the trashcan to paste it into the blocklist.
The trashcan looks back at the web page data it has seen recently, finds something that's a close match with what you dropped into it, and brings up a dialog box telling you what it just added to the blocklist. Depending on what it came up with, you may want to go modify the new blocklist entry. (see section 3-6)
3-3. What's the difference between "Link Location" and "Image Location"?
When you click on some images, they take you to other pages. What really happens is that your browser just loads a new page that was associated with the image you clicked on.
The URL that your browser used to fetch the image is the "Image Location", and the URL that your browser uses to fetch the new page is the "Link Location". You can block an image by adding a string that matches EITHER its Image Location OR the Link Location associated with it.
That leads to a potentially useful generalization: If you want to customize a particular page, being specific about the Image Location by using a blocklist string such as "www.foo.com/nifty_images/image7.gif" usually works well. On the opposite end of the spectrum, if you want to block all of the images that take you to a site whose only purpose is to sell you shoes for your pet wombat, it often works well to use a very general blocklist string, like "www.wombatshoes.com", or even just "wombatshoes.com".
Be careful that what you put into the blocklist isn't too general. Something like "www" is not a good blocklist string because it would match far too many URLs. (see section 3-7 for how to tell if you're missing things.)
3-4. How do I block an image using Internet Explorer?
First, bring up the Ad Trashcan by clicking on the @Guard icon on the right side of the taskbar and clicking on the "Ad Trashcan" menu item. You should then have a window with a trashcan in it that does not look like the desktop Recycle Bin. Then, in either Internet Explorer 3.0 or 4.0, click and hold on the image you want to block and drag it onto the Ad Trashcan.
The trashcan looks back at the web page data it has seen recently, finds something that's a close match with what you dropped into it, and brings up a dialog box telling you what it just added to the blocklist. Depending on what it came up with, you may want to go modify the new blocklist entry. (see section 3-6)
Internet Explorer doesn't give you a choice between Link Location and Image Location. If the image has a link associated with it, Explorer gives you the Link Location. Otherwise, Explorer gives you the name of the file in its disk cache and @Guard makes the best guess it can as to what portion of the name to use. (see section 6-11)
3-5. How do I block an image using a different browser?
If your browser allows you to right-click on an image and copy either the image location URL or the link location URL to the clipboard, you should be able to paste it onto the Ad Trashcan just as you would if you were using Netscape.
Otherwise, you may need to look at the HTML source code and find the <IMG SRC="blah/blah/image_name"> image location string and copy a piece of it manually to add to the blocklist.
3-6. How do I modify or remove entries in the blocklist?
Go to the Settings dialog by clicking on the @Guard icon on the right side of the taskbar and clicking on the "Settings" menu item. Select the "Ad Blocker" tab (if it isn't already selected) and note the list of strings in the window. You should be able to move the elevator bar up and down to scroll through the list. When you see the string you'd like to modify or remove, click once on it to select it and then click on either the "Modify..." or "Remove..." button.
Modifying or deleting blocklist entries is sometimes required for new entries that didn't come out as you expected, or just to change what's being blocked.
3-7. How can I tell if I'm blocking too much?
@Guard logs all the things that it removes to the Ad Blocking tab of the Event Log. You can bring up the Event Log by clicking on the @Guard icon on the right side of the taskbar and clicking on the "Event Log" menu item.
If you are looking at a page and it doesn't seem quite right, you can look at the Ad Blocking tab and see the web page elements that @Guard most recently removed. Clicking on a particular line will bring up more information about it in a window at the bottom of the Event Log dialog. You should see "Removed", which is the HTML element that the browser was prevented from retrieving, "From", which is the URL of the web page you were looking at that the blocked element would have been requested from, and "Because", which is the string in the blocklist that caused the thing to be blocked.
If you see a large number of things being removed from several different "From" locations all for the same "Because" reason, it could be an indication that the "Because" string is too general, and you might consider removing it from your blocklist.
You can also go to the Settings dialog, turn off URL blocking, and reload the web page to check the differences between the page with blocking enabled and the apge with blocking disabled. NOTE: Be sure to clear your browser's web page cache before doing this test, or you won't see any changes even if @Guard had been blocking a dozen images!
This makes for a good experiment: Manually add a string that is certain to match way too much, such as "/" (a slash without the quotes) to the blocklist, using the Settings dialog, and load a web page to see the effects.
Obviously, you'll want to remove the string right after you do this experiment, because a single forward slash will match (and therefore block) almost everything. Go to a web page, and it will probably be completely blank. Now, go look at the Event Log's Ad Blocking tab and click on the entry in the top of the list of things that were recently Removed. The "Because" line in the Event Log bottom window will probably read simply "/", which is certain to cause far more blocking than you want.
If pages start looking like the blocker is catching too much, look in the Event Log for "Because" strings that may be too generic.
3-8. What happens with animated GIFs?
Animation blocking only applies to GIFs that were not blocked in the first place. All of the frames of an animated GIF are fully downloaded, and if animation blocking is enabled, will run through a single cycle of animation and then stop.
Aside from reducing the visual distraction level of some pages, this can also dramatically reduce "disk thrashing", which occurs when the browser stores all of the animation frames in its cache and continuously re-reads them in order to display them. For laptops, that can mean increased battery life.
3-9. Why is there sometimes an empty square or rectangle on the page?
In some cases, @Guard blocks an image by replacing it with a transparent GIF. If the unblocked GIF would have had a border around it, the transparent GIF gets one also. In those cases, the link is usually still present, meaning that it's possible to click on the empty area and go to the web page associated with the blocked image request.
Cookies are bits of information that web servers store on your computer for their later use. Web servers can use cookies to keep track of how many times you've visited and when, what sort of info you've been surfing for on their site, and even use them to pass that information on to other web servers, such as advertisement servers.
On the positive side, cookies can be used to store your own web site configuration, to remember items placed in your "shopping cart" at an on-line shopping site, or to store account and password information for subscription sites. You may not want to block ALL cookies, hence @Guard's cookie "allow" list.
4-2. Why does my browser keep warning me about accepting cookies?
You've probably got your browser configured to warn you before accepting a cookie. Since AtGuard prevents cookies from being sent to web servers, (and logs what it blocked and what it allowed), it's safe to change your browser to go ahead and accept cookies without bugging you.
To verify that cookies are in fact being blocked, make sure that "Block Cookies" is checked in the Privacy dialog of Settings, and you should see the "Cookies Rejected" (they should probably read that to "Cookies Blocked" or something, since technically, the cookies were already accepted) counts going up in the Statistics window. You should also see what action was taken with the cookies in the Event Log under the Privacy tab.
4-3. How does @Guard block cookies?
Cookies are blocked on the way OUT of your computer, NOT on the way in. Incoming cookies are accepted, but the information that they contain is not allowed to be sent back to a web server unless you explicitly put the domain name of the server into the cookie allow list.
A number of cookie-blockers work this way, probably because it's easier to implement. There are several ways for web servers to set cookies on your computer, but there's only one way that browsers give cookies back to web servers. If they're blocked on the way out, the blocker catches all of them.
4-4. How do I block some cookies but not others?
Just add the "domain name" for the site to which you want to allow cookies to be sent to the cookie allow list.
The name you want is usually the same name as the site you're visiting, but an easy way to check is to bring up the Privacy tab in the Event Log and then go visit the web site that is setting the cookie you want to allow. After the web page is done painting, hit the Refresh button on the Event Log and you should see something like this:
Blocked Cookie: WPI=890793854.jw.00132 sent for http://www.javaworld.com/
The thing on the left of the "sent for" is the value of the cookie, and the thing on the right of the "sent for" is the thing that was being requested. This cookie was being sent to www.javaworld.com, so I can add "javaworld.com" (without the quotes) to the cookie allow list.
You can copy selected text out of the lower window in the Event Log by selecting it with the mouse and hitting ctrl-C. Then, when you hit the "Add" button in the Privacy tab of the Settings dialog, you can hit ctrl-V to paste it in.
With "javaworld.com" in my cookie allow list, I see the following when I visit javaworld:
Allowed Cookie: WPI=890793854.jw.00132 sent to http://www.javaworld.com/
4-5. What are "referer fields"?
When you click on a link to a web page, your browser makes a quick note of what page you are currently viewing. When it sends the request for the new page, it passes that information on to the new server. That allows web servers that you visit to know where you've just been, which is information that you might prefer to keep to yourself.
When refer fields are allowed, your browser tells a web server that you are visiting that you clicked on a link to get to them. It also tells them what page it was that you were just visiting! When refer fields are blocked, however, the web server that you are getting a page from thinks that you just typed the URL into your browser or selected it from your bookmarks.
Cool trick: Bring up the Privacy tab in the Settings dialog and right-click on "Block refer fields". You'll get a better explanation of what the "Block refer fields" checkbox does than what I've got here. You can right-click on a bunch of things around the Settings dialog for more info.
4-6. Why aren't a lot more refer fields being logged?
Refer fields are also sent by the browser for every separate piece of a web page that's downloaded, so astute observers will notice that only a fraction of all the actual refer fields that are sent are being logged. What's happening is that @Guard only concerns itself with refer fields when your browser is telling a host that it was referred by a different host.
If you visit www.yahoo.com and the opening page tells the browser to retrieve one image from yahoo.com and one image from advertisers.com, @Guard will always let the refer field to yahoo.com through because it's going to the same host that the referring page was obtained from, but will block refer fields to advertisers.com because the request is going to a different host. The reason for this is because some web sites use refer fields to prevent other web sites from linking into the middle of their pages. Also, because a host knows that you just visited it, there's little privacy to be gained by blocking a refer field that's going back to a host you just visited.
4-7. Why is "referer" misspelled?
I knew someone was going to ask that. Inside the actual HTTP header that the browser sends to a web server when you click on a link is the referrer field, spelled "Referer:". Long ago, some programmer who couldn't spell referrer came up with that field name. Hundreds of thousands of installed web servers, all looking for a field called "Referer:", makes it quite difficult to correct the spelling within the HTTP header. It's rarely seen by humans though, so it doesn't really matter. I probably should've just spelled "referrer" correctly in this FAQ and never even mentioned it.
The @Guard Firewall can be turned on (it is off by default) by going into @Guard settings (see section 2-6) and going into the Firewall tab. Then, click on the Enable Firewall checkbox.
5-2. What does the @Guard Firewall do?
The @Guard Firewall, when enabled, intercepts both inbound and outbound connection attempts and packets on your computer and decides whether to allow or deny them based on a list of rules that you define. If the "RuleAssistant" (learning mode) is enabled and @Guard sees a connection attempt or packet that it has no rule for, it puts up a dialog box to tell you what's happening and ask you how to deal with it now and in the future. With the RuleAssistant feature, it constructs firewall rules on the fly.
@Guard can protect against data being transmitted without your knowledge. It can warn you about attempts to use resources on your computer that you might otherwise not know about, help you learn about the resources your computer makes available to others on the internet, and provide you with a way to control who connects to your computer and who your computer can connect to.
5-3. How does the firewall block connections?
The firewall consults a list of rules, visible in the Firewall tab of the Settings dialog, when it needs to decide how to deal with a connection. When a new connection or packet needs to be dealt with, the firewall goes down the list of rules, IN ORDER, looking for the first rule that matches the connection or packet type in question. If no match is found, the connection or packet is denied. However, if the RuleAssistant is enabled, an alert pops up and will give you several options on how to deal with this communications attempt.
5-4. Why are RuleAssistant alerts popping up?
You've got the @Guard Firewall and RuleAssistant enabled, and something is trying to communicate to or from your computer. The RuleAssistant will indicate several things to you:
The most common reason for an alert to pop up is that you ran an application that is trying to establish an outbound connection with another computer. (The RuleAssistant will always indicate to you what application is making the attempt.) In this case, you probably want to allow it, and you might even want to create a rule to allow it in the future so that you aren't warned every time you try to use that application. In this case, once you have RuleAssistant create a rule to always permit this application, you are now giving this application a green light to establish any communications. Consider it now to be a trusted application.
If, on the other hand, the application is something that you think shouldn't be communicating with other computer, such as a newly installed text editor or a paint program you downloaded from the Internet, you may want to create a rule to block communications for that application.
If the communication was inbound, again, RuleAssistant will indicate to you what application is responsible for the communcations attempt. Before you get too suspicious of remote computers trying to connect to yours, bear in mind that programs often create more than one connection, and some client programs that you run communicate with remote servers by asking them to connect back into your computer. An FTP client is a good example of this; when you run an FTP client to connect to an FTP server, one alert usually pops up to tell you about an outbound connection, not surprisingly. Then, more alerts come up to tell you about the remote FTP server connecting back to your FTP client whenever you send a command to the FTP server to do something.
5-5. What should I do when a RuleAssistant alert pops up?
The first thing to do is try to understand what communication happened that made it pop up. Then, you need to decide whether to permit or block the communication. Finally, you need to decide whether to have RuleAssistant create a rule for you that @Guard can apply for future communications attempts.
The Application name shown in the alert dialog is usually enough to give you an idea of what happened, especially when the communication is coming from a program that you just ran. The alert dialog also gives you the "service" or port number to consider, and the address or name of the remote host computer as well.
If you're just starting out, it doesn't hurt to try blocking or permitting the connection for "just this attempt" until you get a feel for how often the communication occurs. You can also check the Event Log's System tab to see events logged by the firewall, including how rules are being processed and any connections that were blocked. The Connections tab shows information about successful connections, whether permitted by the firewall or because the firewall was not enabled.
5-6. What does "Always permit in/outbound communication for this app" do?
When you choose that option from the RuleAssistant alert, a PERMIT rule is created to always permit communications to or from the indicated service (port number).
After creating a rule, it is possible to go back and make changes to it to make it more or less restrictive. After initially granting permission to your email client to connect to your Internet Service Provider's mail server for example, you may wish to edit the rule to restrict your email client's connections ONLY to your ISP's mail server.
5-7. How about "Always permit in/outbound communication for this service"?
When you choose that option from the RuleAssistant alert, a PERMIT rule is created to always permit communications to or from the indicated service (port number).
Say, for example, you ran an FTP client to transfer a file from an FTP server on the Internet. You would first get an alert warning you that your FTP client was trying to make an outbound connection to the FTP server. If you choose to always permit outbound connections for the ftp service, then the rule will permit ANY FTP client application on your computer to establish a connection to a remote host without alerting you.
5-8. What does "Always block this network communication" do?
When you choose that option from the RuleAssistant alert, a BLOCK rule is created that's very specific about what it's blocking. The rule includes the application name, the particular service (port number) that an attempt was being made to communicate on, and the address of the remote system.
Once you create a block rule, you can always change your mind and edit the rule that was created at a later point in time. Sometimes, after creating a rule, you may want to be more or less specific. For example, you may have had the RuleAssistant create a rule to block a connection attempt to a certain remote machine. You later decide you want to edit the rule to be more general to block this same communication to other remote machines that are perhaps on the same network as the original one you blocked. By editing the rule, you can change it to specify more than one remote address by specifying a remote network address, rather than just a single remote host address that was originally created.
5-9. What are services? What are port numbers?
Many host computers that are connected to the Internet offer services, such as HTTP servers (HyperText Transfer Protocol to provide World Wide Web service), FTP servers (File Transfer Protocol), SMTP servers (Simple Mail Transport Protocol to provide mail sending), and POP servers (Post Office Protocol to provide mail retrieval). Services are protocols that are used to allow one computer to access a particular kind of data stored in another computer.
A computer that is connected to the Internet is usually assigned a 4-byte Internet Protocol address (an IP address) that is used to distinguish it from all other computers connected to the Internet. When you connect to a web server, for example, you may tell your browser to connect to www.technologypreview.com, but your computer ultimately has to translate the name to its IP address, 199.238.200.110, before the connection can be made.
When the connection is made, we also need a way to tell the computer that we're connecting to which of its services we're interested in. The host computer may be running both an HTTP server and an FTP server, and if we're connecting to the host computer using a web browser for example, we'll want to connect to the HTTP server and not the FTP server. This is done using port numbers. Since HTTP servers usually listen on port number 80, and FTP servers usually listen on port number 21, our web browser will connect to the correct server on the www.technologypreview.com computer if it connects to port 80 of the computer at 199.238.200.110 rather than to port 21. Port numbers are arbitrarily-chosen numbers associated with particular services, and are always used in conjunction with IP addresses when establishing connections to host computers.
This section is quite a brain-filler, but once you've got it, you've got the basis by which all kinds of different data flies around on the Internet! Search for a file called "services" on your computer for an interesting list of some of the different kinds of services and what their "standard" port numbers are. If you're like me, it'll keep you spellbound for hours on end.
5-10. What's the diff between TCP connection attempts and UDP packets?
A connection attempt is really just a TCP packet that is asking to establish a connection to or from your computer that may last anywhere from milliseconds to hours. A UDP packet, on the other hand, is a single packet used to transmit information without the implied promise of any additional information being transmitted. Your computer can send or receive a single UDP packet to exchange information without any connections being established.
An example of both kinds being used occurs when you use a web browser to download a web page. If you go to http://www.technologypreview.com, for example, your computer first sends a UDP packet out into the world to try to find out what the 4-byte Internet Protocol address is for the computer called "www.technologypreview.com". The protocol used to do that is called DNS, or Domain Name Service, and the queries and replies take place without any persistant TCP connections being made. Having a rule to allow this to happen is important (that's mostly what those predefined Inbound UDP and Outbound UDP rules are for) or your computer wouldn't be able to talk to other machines at all. UDP, or connectionless communication works well for DNS because the queries and replies are very small and can be completed in single packets. Once we've got the 4-byte IP address for www.technologypreview.com, however, we need to establish a persistant connection with it in order to fetch the web page and images because there's more data to be moved than will fit in a single packet. That's where TCP connections come into play; a TCP "SYN" (synchronize a connection) packet is sent to the web server, it replies with a TCP "ACK" (acknowledgement), and viola, a connection is created between the two computers and the data starts to flow.
By default, when the @Guard Firewall is enabled, inbound and outbound UDP packets are permitted. This can always be changed by editing one of the @Guard Firewall rules.
5-11. Why is there sometimes no alert when someone tries to connect to me?
If you are not running a program on your computer such as an FTP server, finger server, telnet, or web server, then the TCP/IP network software below @Guard knows that no software is listening on the port that the connection attempt was made on, and it will reject the connection without any notification making it up to @Guard. For inbound TCP connections, @Guard only alerts you when your computer is running a server program that could be connected to (and if there's no rule for the operation defined).
A common problem is that the reloaded page is coming from your browser's local history of web pages (the cache) and not from the actual server. You need to clear your web browser's cache.
6-2. What is the web browser's cache?
Because transferring web pages over the internet from a web server to your computer takes time, the people who write browsers came up with a nifty trick to speed up the displaying of pages. Before your browser sends a request to a web server for a page, it first checks to see if it has seen that same web page recently. This occurs more often than you might think, such as when you hit the Back button in Netscape or Explorer.
If the web page is in your browser's list of recently-visited pages, called the cache, then it is read right from your hard disk. This is much faster than retrieving it from the web server.
However, reading the web page from your hard disk also bypasses your computer's network software, which also means that @Guard will not see any requests going to web servers and won't have anything to block. If the web page in the browser's cache is full of images you want to block, you'll need to clear the cache before @Guard can block them. The reverse can also be true: If the web page in your cache has already had images blocked and you want to disable blocking, you'll need to clear the cache or your browser won't realize that there are now "new" images to be retrieved.
6-3. Anything I should watch for when installing on a dual-boot machine?
Yes. The most important thing is not to install to the same directory. On Win95, I installed @Guard in c:\block95 and on NT I installed in c:\blocknt. You can install it wherever you like, but you'll definitely want to use different directories. This is usually a good rule of thumb for most Win32 software installed on a dual-boot machine.
6-4. How do I find the version number?
Go to the Settings dialog (see section 2-6) and click on the "About" tab. You'll also see versions and sizes for various DLLs that @Guard has loaded.
6-5. Why do some pages come up completely blank?
There is probably a string in your blocklist that is too generic and is matching more than you want. If a page loads and it's totally blank, go to the Event Log and check to see what the last blocklist string was (in the "Because" field) that blocked something. Chances are that removing that string from the blocklist will clear up the problem.
Another cause is what appears to be a bug in Netscape. Sometimes, Netscape simply fails to paint after retrieving a page. I've seen this happen in Netscape 3.0 on Win 3.11, Win95, and WinNT, and 4.0 on Win95 and NT without any other 3rd party software installed. Tread lightly, 'cause it sometimes page faults soon after.
6-6. An image STILL isn't being blocked. How do I block it?
In order for a browser to display an image, it needs to request that image from a web server. If the actual Image Location URL is in the blocklist (as opposed to the Link Location URL, where you'd be taken to if you clicked on the image), the image request will be blocked by @Guard. So for tough stains, er, images, we need to make sure we've got the Image Location URL in the blocklist, and not the Link Location.
This can be easier said than done. Internet Explorer 4.0, unfortunately, likes to give Link Locations instead of Image Locations when images are dropped into the Ad Trashcan. If the link location is something "unsafe" to add to the blocklist (such as "/" or "/index.html") the Trashcan will offer to add the full URL to the blocklist, which won't block the image. With Explorer 4.0, it's often necessary to get the Image Location by right-clicking on the image, selecting "Properties", and copying the Image Location URL off of the dialog. Then, you can right-click on the Trashcan and paste the URL into the blocklist.
Image maps are difficult to determine the Image Location for because a single image can have multiple Link Locations, and Explorer picks whichever one the mouse is on when it is dragged. With an image map, the only way to block it is to use the Image Location URL.
6-7. How do I find the Image Location URL for a particular image?
In Netscape, right-clicking on the image and copying its Image Location to the clipboard, then pasting the location into Notepad or into the browser's Location or URL entry field usually works.
In Explorer, right-clicking on the image and selecting Properties displays a dialog that contains the Image Location.
In the worst case, it may be necessary to look at the HTML source and try to find the SRC="... statement associated with the image. This isn't always as bad as it sounds, especially when the image is close to the top of the page or there aren't too many images on the page. It helps to get the image properties before looking at the HTML source
If you pulled up the image properties and have a string to search for, Explorer's View Source window (Go to the View menu, then select Source) allows you to search for a string in the HTML source. Netscape's View Source window (Go to the View menu and select Document Source or Page Source) does not, so you'll have to select all (ctrl-A), copy it to the clipboard (ctrl-C), paste it into your favorite text editor and search for the string there.
If the page is relatively small, you can do an eyeball-search for "<img" tags to find the image references on the page.
Link Location strings are often of the form:
<A HREF="http://www.foobar.com/dir/path/webpage.html">
and Image Location strings usually look something like:
<IMG SRC="path/path/path/filename.gif">
Also, they are almost always close to each other, with the Link Location coming right before the Image Location. Here's an example taken from WRQ's Technology Preview page at http://www.technologypreview.com
<tr><td valign=top align=center><a href="http://www.wrq.com"> <IMG SRC="images/buttons/k_wrqhome_up.gif" WIDTH="95" HEIGHT="22" Border="0"> </a></td></tr>
Note that the HTML commands like HREF and SRC are not case-sensitive.
6-8. Any undocumented registry entries?
First off, don't mess with the registry unless you know what you're doing and you've done it before. I think I know I'm doing, but I'm obviously mistaken since I've hammered my machine several times while twiddling the registry and had to erase my disk and do a clean install in order to recover. So, since you're not going to mess with the registry anyway, here are a couple tidbits:
@Guard stores its configuration info in HKEY_LOCAL_MACHINE->SOFTWARE->WRQ->IAM in a number of subkeys, including:
HTTP Performance
FilterEnable 00 or 01
This is used to globally turn the HTML filter on and off, although
no checkbox exists anymore in the UI for it.
FilterText 00 or 01
When set to 01, an anchor tag that has no IMG SRC= part to it gets
wiped out if the HREF part matches something in the blocklist.
With FilterText turned on, you can actually block text-only links.
6-9. Why doesn't the statistics window show a count of bytes rejected?
That would be great info to have, but unfortunately, there's no way to know how many bytes have not been received when an image is blocked. @Guard didn't receive the data, so it couldn't count them.
6-10. Is the Ad Trashcan editing URLs that are dropped in it?
Yes. If you have a string to add to the blocklist manually, it's best to go add it directly to the blocklist via the Settings dialog.
When a URL is dropped into the Ad Trashcan, the trashcan looks back in a list of HTML string fragments that it saw when you loaded a recent page. It tries to find a match so that it doesn't add the entire string to the blocklist. In many cases, adding to the blocklist the full URL string that the browser gives you when you copy the Image or Link Location or drag the image won't work because the full URL doesn't necessarily appear in the HTML.
For example, the actual HTML might read <IMG SRC="huge_images/ad9000.gif">, while the browser gives you the full URL, which might be "http://bandwidth.eater.com/huge_images/ad9000.gif". The Ad Trashcan would try to reduce the full URL down to "huge_images/ad9000.gif" if it can.
6-11. Does @Guard keep any of its files in the windows system directory?
Yes. They all begin with "iam", so they're easy to find if need be. For Win32 programs, there's occasionally a choice between having to have DLLs in the path or in the windows system directory. @Guard chose not to require an entry in the path.
Yes, that happens to me often on Win 3.1, Win95, and WinNT. If you're getting weird hang behaviour with Netscape, try to duplicate it using Explorer before pointing the finger at installed network filters, service providers, the version of the Winsock DLLs, network load, ambient temperature, phase of moon, etc.
My current theory is that Netscape doesn't always seem to recover from network connections that aren't completed in a timely fashion, so if the network is slow or packets are being lost in the net when downloading web pages, Netscape is more likely to hang. Hitting the Stop or Cancel button while downloading a page, or clicking on a link before a page is completed seems to help it demonstrate hangness. Your mileage may vary.