Harley Hahn's
Internet Insecurity

Chapter 11...

Protecting Your Stuff: Configuring Your System

Two Startling Truths

In Chapter 10, we discussed guidelines you should follow to guard against viruses as you use the Net. In this chapter, we will talk about a number of one-time steps you can take to make your system even more secure. These steps are easy in that all you need to do is configure certain settings. Just do it all at once and you can rest a bit easier.

To lead us into this discussion, I'd like to answer two questions that people often worry about:

  • Is it possible to get a virus on your computer just by looking at a Web page?
  • Is it possible to get a virus on your computer just by reading an email message, even if you don't open an attachment?

The startling answer to both these questions is yes.

You only need to worry about these possibilities if you use Microsoft's browser (Internet Explorer) and email programs (Outlook and Outlook Express). As you will see, this is because Microsoft designs their software to be tightly integrated with the operating system (Windows). As a result, a number of serious security weaknesses are built right into the system.

Fortunately, it is easy to protect yourself against such threats. Let's start with dangerous Web pages.

Jump to top of page

Are There Dangerous Web Sites?

Can you run into trouble just by visiting a Web site and looking at a Web page? The answer is yes, because it is possible for a remote Web site to run programs on your computer without your knowledge. In principle, someone could write an evil program and integrate it into a Web site in such a way so that, just by visiting the site, you could have, say, the files on your hard disk totally ruined.

In practice, this doesn't happen much, because the type of people who might do such things prefer to write viruses that can circulate anonymously. Once a Web site is found to cause problems, the Web hosting company or ISP will terminate the site immediately and look for the person who made it. Even if a depraved Web programmer were able to escape detection, he would still have to find a way to attract people to his site. On the other hand, a well-crafted email worm can circulate indefinitely with no ongoing effort and minimal risk to the programmer.

Still, the potential for harm exists and it does behoove you to take precautions. These precautions are simple and quick, because all you have to do is configure certain settings within your browser.

In a moment, I'll show you how to set these options. You will see that, because Internet Explorer is so tightly integrated with Windows, it has more potential for accidental harm than do other browsers, such as Netscape. Before I explain the settings, however, I think you will find it interesting to go over a few of the technical concepts you will encounter.

Originally, the Web was developed as a way to display various types of information. After a few years, however, programmers realized that they could build much more useful and interesting Web sites if it were possible to have Web pages that did more than display information. It would greatly increase the power of the Web if a Web page were able to execute a program on your computer. A number of different systems were devised in order to make this happen.

The first well-known system was JAVA, developed by Sun Microsystems (the computer company I mentioned in Chapter 6). Java allows programmers to write small programs, called APPLETS, that a Web server can send to your computer, where they are run automatically.

Since this raises the possibility of a rogue program wrecking havoc on your computer, Java is designed to run within a special controlled environment called a SANDBOX. Within the Sandbox, Java applets are limited as to what they can do. In this way, Java applets are constrained enough to be safe (as long as there aren't any holes in the sandbox).

Microsoft had a different idea. They felt stifled by the limitations of Java so, over a period of years, they developed an extremely complex system in which programs can interact without limit.

Microsoft has a large and elaborate master plan for you and your computer.

You may not realize it, but Microsoft has a large and elaborate master plan for you and your computer. Within that master plan, any program that affects you — whether it is on your computer, on your network, or on the Internet — should be able to do anything it wants on your computer.

As part of this plan, any program is supposed to be able to use the services of any other program. For example, let's say you use the Microsoft Outlook mail program. In principle, any program that runs on your computer can call upon Outlook to send an email message on your behalf. (That is why, if you use a Microsoft mail program, it is possible for a worm to email copies of itself to everyone in your address book without your knowing what is happening.)

As part of their grand scheme, Microsoft created a system called ACTIVEX to provide an alternative to Java. Like Java, ActiveX is designed to let programmers create small programs — called CONTROLS — that can be sent from a Web site to your computer, where they are run automatically.

Unlike Java applets, however, ActiveX controls do not run within a restricted environment; they can be programmed to do anything. For example, an ActiveX program can manipulate any file on your computer. A Java applet, on the other hand, is forced to stand by quietly, looking the other way and trying to pretend that it is not envious.

This lack of restriction is what makes ActiveX inherently more powerful than Java. However, the same lack of restriction also causes serious security problems. A bored ActiveX programmer who knew what he was doing would find it easy to create a control that could travel to your computer and — before you could say "Hooray for Bill Gates" — wipe out so many of your files as to make your hard disk as useless as a screen door in a submarine. I'll show you how to guard against this in a moment.

Jump to top of page

Scripting Languages

In Microsoft language, the part of a Web page that causes a program to run automatically is called ACTIVE CONTENT. Aside from Java and Active X, there are other ways for Web programmers to use active content. Using a system called JAVASCRIPT (which was created by Netscape) a programmer can embed a program right into the HTML that defines a particular Web page. When the Web page arrives at your computer, your browser will read the Javascript instructions and carry them out automatically.

(In case you are wondering, Javascript has nothing at all to do with Java. Netscape borrowed the name for marketing reasons.)

Javascript is an example of what programmers call a SCRIPTING LANGUAGE. The difference between a scripting language and a regular programming language is something that only a nerd would care about. However, in case you are thinking about becoming a nerd, I will explain briefly that scripting languages are designed for building small tools quickly. A programmer will use a scripting language for experimenting and prototyping, and for "gluing" together various components.

A program written in a scripting language is called a SCRIPT. Aside from Javascript, there are other scripting languages that can be used to write scripts that can run on your computer without your permission. Two of the most common were created by Microsoft: VBScript (Visual Basic Scripting Edition) and JScript (Microsoft's version of Javascript).

VBScript is extremely popular with virus programmers who use it to create email worms. This is why you should never open an attachment that has a file extension of .vbs. Such an attachment contains a VBScript program and — unless you are a VBScript programmer working with other programmers — there is no legitimate reason for anyone to send you such a file.

For completeness, let me mention that there are three other scripting languages that are popular with programmers. They are Perl, Python and Tcl/Tk.

The name Perl stands for "Practical Extraction and Report Language". Python was named after the Monty Python TV show. The name Tcl (pronounced "tickle") stands for "tool command language". Tk is a toolkit that extends Tcl to X Window, a widely used graphical user interface.

Although these three scripting languages are used widely, they do not present a security problem. This is because Windows and Internet Explorer do not have a built-in facility to run Perl, Python or Tcl/Tk scripts.

Jump to top of page

Making Your Browser Safe

In this section, I'll show you how to set the security settings on your browser in such a way that you are protected from troublesome active content. As always, there is a trade-off between convenience and security. It is possible to be 100 percent safe by setting the options to be as restrictive as possible. However, this would impair your browser to the point where you would be unable to use a lot of Web sites. Our goal here, then, is to select settings that give you adequate security without giving up too much functionality.

Let's start with Internet Explorer. (If you use Netscape, jump to the end of this section.)

  1. Pull down the Tools menu and click on "Internet Options". This will open a new window.
  2. Click on the Security tab.

Near the top of the window, you will see a set of pictures. By clicking on a picture, you can select a "Web content zone". This is a lot of foolishness, which you can ignore. Just make sure that the Internet zone is selected. (It is the default.)

  1. Click on the "Custom Level" button. This will open a new window labeled "Security Settings".
  2. Near the bottom of the window, you will see "Reset custom settings". Make sure the setting is Medium. If not, pull down the list, select Medium, and then click on the Reset button.
  3. Within the Settings sub-window there is a long list of settings. Scroll through the list and set them to match the ones I have specified below. You can ignore everything else.

Under "ActiveX controls and plug-ins":

  • Prompt: Download signed ActiveX controls
  • Disable: Download unsigned ActiveX controls
  • Disable: Initialize and script ActiveX controls not marked as safe
  • Prompt: Run ActiveX controls and plug-ins
  • Disable: Script ActiveX controls marked safe for scripting

Under "Java":

  • High safety: Java permissions

Under "Miscellaneous":

  • Disable: Access data sources across domains
  • Disable: Drag and drop or copy and paste files
  • Disable: Installation of desktop items
  • Disable: Launching programs and files in an IFRAME
  • Disable: Navigate sub-frames across different domains
  • Medium: Software channel permissions

Under "Scripting":

  • Prompt: Active scripting
  • Disable: Allow paste operations via script
  • Prompt: Scripting of Java applets
  1. Click on the OK button. This will put you back in the Internet Options window.
  2. Click on the Advanced tab. You will see a long list of settings.
  3. Under "Browsing", make sure "Enable Install on Demand" is off.
  4. Click on the OK button.
  5. Have fun for the rest of your life.

If you use Netscape, you don't have the same security concerns as Internet Explorer users, because Netscape does not support ActiveX and the Microsoft master plan. As a matter of fact, there is very little to do.

From within the Netscape browser:

  1. Pull down the Edit menu and click on "Preferences". This will open a new window.
  2. Under Category, click on Advanced.
  3. Make sure that the following two settings are turned off:
  • Enable JavaScript for Mail and News
  • Send email address as anonymous FTP password
  1. If you want a very high degree of security, you can turn off:
  • Enable Java
  • Enable JavaScript

However, this is not really necessary, and it will interfere with using some Web sites.

  1. Click on the OK button.

If you are using Netscape version 6 or later, there is also a built-in Security Manager. To start it, pull down the Tasks menu. Select "Privacy and Security" and then "Security Manager". This will bring up a new window with a number of security settings.

It is all unnecessary foolishness. Ignore it.

Jump to top of page

Making Your Email Program Safe

As you know from our discussion in Chapter 10, a typical email virus will spread as an attachment, a separate file that is sent along with a message. In order to avoid such viruses, all you need to do is be careful about opening your attachments. (You'll find the details in Chapter 10.)

In most cases, this is enough to protect you against email viruses. However, under certain circumstances, it is possible to trigger a virus simply by looking at an email message, completely independent of attachments. This can only happen if you are using a Microsoft email program such as Outlook or Outlook Express, and if you are reading a message that contains HTML (as opposed to plain text).

HTML is the system used to create Web pages. HTML can also be used, within an email program, to produce a message that looks like a Web page with fancy typefaces, pictures, and so on. However, it is also possible for a programmer to use HTML within a mail message to run a program automatically (in the same way that a Web page can run a program automatically).

If you were to display such a message using a Microsoft mail program, the active content would be activated automatically. This means that it is possible for a virus programmer to use HTML to create a dangerous email virus without having to use an attachment. Just displaying the message would be enough to set off the virus, and you would never know what happened.

How can this be? It has to do with the Microsoft master plan I mentioned earlier in the chapter. In accordance with this plan, Microsoft designed their mail programs to look for and process what they call "active content". Fortunately, it is easy to prevent this type of problem. All you have to do is configure a few settings. (Remember, you only need to do this if you have a Microsoft mail program.)

To ensure that looking at an HTML message is safe, we will use a two-part strategy. First, we will set up a special safe environment in which no active content can be run. Next, we will tell that mail program that all HTML messages must be opened within this environment.

To start, let's set up the safe environment.

  1. Start Internet Explorer.
  2. Pull down the Tools Menu and select Internet Options. This will open a new window named "Internet Options".
  3. Click on the Security tab.
  4. Near the top you will see four small pictures. Click on the one for "Restricted Sites".
  5. Click on the "Custom Level" button. This will open a new window named "Security Settings".
  6. You will see a long list of settings. Disable everything that can be disabled.
  7. Click on the OK button to close the "Security Settings" window.
  8. Click on the OK button to close the "Internet Options" window.

The next step depends on which email program you are using. If you use Outlook Express:

  1. Start Outlook Express.
  2. Pull down the Tools Menu and select Options. This will open a new window named "Options".
  3. Click on the Security tab.
  4. Within the "Security Zones" area, set the Internet Explorer security zone to "Restricted sites zone".
  5. Click on the OK button to close the "Options" window.

If you use Outlook:

  1. Start Outlook.
  2. Pull down the Tools Menu and select Options. This will open a new window named "Options".
  3. Click on the Security tab.
  4. Within the "Secure content" area, you will see the word "Zone". To the right is a drop-down list. Use this list to select "Restricted sites".
  5. Click on the "Attachment Security" button. This will open a new window named "Attachment Security".
  6. Make sure the Security Method setting is set to "High".
  7. Click on the OK button to close the "Attachment Security" window.
  8. Click on the OK button to close the Options window.

Jump to top of page

Extra Protection Against Evil Scripts

Earlier in the chapter, we discussed how Windows is designed to run scripts written in VBScript and JScript. Unfortunately, these two scripting languages are widely used by virus programmers to create viruses, especially email worms. Moreover, VBScript and JScript can also be used to create troublesome Web pages and mail messages (as we discussed in the previous section).

From a technical point of view, there are only two ways in which VBScript and JScript scripts can be executed. First, they can be run under the control of Internet Explorer. This happens when you visit a Web page that contains a script.

The second way a script can be run is within Windows itself using a facility called the WINDOWS SCRIPTING HOST or WSH. This happens when you run a script directly, say, by clicking on an email attachment.

Earlier in the chapter, I showed you how to configure the Internet Explorer security settings. This allowed us to tell your browser how to handle scripts. Unfortunately, a lot of Web sites depend on scripts, so we couldn't tell your browser to ignore them completely.

WSH is a different story. It handles scripts that are executed directly and, unless you have a special requirement (for example, if you are a VBScript programmer), there is no legitimate reason why WSH should be allowed to run scripts on your computer.

There are several ways to emasculate WSH, and I am going to show you the one that works the best. Once you do this, you will never have to worry about accidentally running a VBScript or Jscript virus that might enter your system as an email attachment. (However, you still need to be careful. Don't open attachments willy-nilly. As we discussed in Chapter 10, there are other types of files that can cause problems.)

In Chapter 10, I explained that when you "open" a file, Windows looks up the file extension in a master table. Using this table, Windows can determine which program should be used to open the file. For example, say you receive an email attachment with the name hotpics.vbs (a VBScript file). Although you shouldn't really do it, you double-click on the file name to open it.

To process this file, Windows looks up the file extension (vbs) in the master table. Windows sees that this type of file is handled by WSH, so it turns the file over to WSH which then executes the script.

How do you get WSH? It is built-in to Windows 98, Windows ME or Windows 2000. If you have an older operating system, such as Windows 95 or Windows NT, WSH is installed automatically when you upgrade to a new version of Internet Explorer.

In principle, it is possible to remove WSH but, in my experience, it doesn't always work. The best thing to do is simple: just remove the potentially dangerous file extension from the master table. That way, if you ever do try to open a script, even by accident, Windows won't be able to run it.

Jump to top of page

How to Remove Windows Scripting Host: Windows 98/ME

If you use Windows 98 or Windows ME, it is easy to remove Windows Scripting Host. If you use Windows 95, you have to use an alternate procedure I'll show you in the next section.

  1. Click on the Start button. Select Settings then Control Panel. This will open a new window named "Control Panel".
  2. Double-click on "Add/Remove Programs". This will open a new Window named "Add/Remove Programs Properties".
  3. Click on the Windows Setup tab.
  4. Click on Accessories. Then click on Details. This will open a new Window named "Accessories".
  5. Scroll down through the list of components until you see Windows Scripting Host. If WSH is installed, there will be a check mark. Click on the check mark to turn it off.
  6. Click on the OK button to close the "Accessories" window.
  7. Click on the Apply button.

Windows will now uninstall Windows Scripting Host.

  1. Click on the OK button to close the "Add/Remove Programs Properties" window.
  2. Close the Control Panel window.

Your system is now safe from VBscript and JScript email viruses. If, for some reason, you ever want to restore WSH, you can use the same procedure to reinstall it. (This may require your Windows installation CD.)

Jump to top of page

How to Remove Dangerous File Extensions: Windows 95

If you use Windows 95, you can't remove WSH directly. Instead, you need to delete the dangerous file extensions from Window's master table. Here is how to do it.

  1. Start Windows Explorer.
  2. Pull down the View menu and select Folder Options. This will open a new window named "Options".
  3. Click on the "File Types" tab.

Under "Registered file types" you will see a long list. You can now scroll through this list and look at all the file types that Windows can work with. Our goal is to delete the following six file types (in alphabetical order):

  • JScript Encoded File (.jse)
  • JScript Script File (.js)
  • VBScript Encoded File (.vbe)
  • VBScript Script File (.vbs)
  • Windows Script File (.wsf)
  • Windows Scripting Host Settings File (.wsh)
  1. Click on a specific file type.
  2. Click on the Remove button.

At this point, Windows will warn you that if you remove a "registered file type" you will not be able to open this type of file. This is exactly what you want.

  1. Click on the Yes button.

Repeat these 3 steps for each of the six file types. If they are not all there, don't worry.

  1. Click on the OK button to close the "Folder Options" window.
  2. Close Windows Explorer.

Your system is now safe from VBscript and JScript email viruses. If it ever happens that you want to restore the file types for VBScript and JScript, simply upgrade to (or reinstall) the newest version of Internet Explorer.

Jump to top of page

Protecting Your Network: Firewalls

A FIREWALL is a special purpose computer that acts as a gateway between a network and the outside world. You may remember (from Chapter 1) that, on the Internet, data is sent from one computer to another in the form of packets. A firewall is a filter whose job is to examine every packet going in and out of a network and decide whether or not to let the packet go through. Most large networks have at least one firewall.

For individual PCs, you can get a program called a PERSONAL FIREWALL. A personal firewall is a junior version of a real firewall. It filters packets as they go in and out, but only for a single computer, not for an entire network. Some personal firewalls also have antivirus capabilities.

One of the big advantages of having a firewall is that, if it is configured properly, it can protect your network (or your computer) against malicious people who might try to break in and cause mischief. Such people are sometimes called "hackers" — which, if you don't mind, leads me off onto a short tangent.

The word HACK, when used as a verb, refers to a massive amount of nerd-like activity. For example, "Robin didn't finish her English essay, because she was up all night hacking on a Web page script." The word hack can also refer to the act of breaking into a computer system. For example, "Renaldo, who liked Robin, offered to hack into their teacher's computer and change Robin's grade."

In general, hackers are socially useful people, though rarely cool.

A HACKER is anyone who spends an unnatural amount of time hacking (usually programming). There are countless well-intentioned hackers around the world, and they are very important: it is the hackers who keep the Internet running. In general, hackers are socially useful people, though rarely cool. As such, a hacker would be a good person for your sister to marry. (The most financially successful hacker in the world is Bill Gates.)

Some hackers, however — like Renaldo — devote their time to less-than-admirable pursuits such as writing viruses, breaking into remote computer systems, attacking Web servers, and so on. These hackers are the ones you hear about in the news stories, which is why most people think of hackers as being bad guys. However, only a relatively small number of hackers are actually troublemakers.

To return to firewalls, one of their chief services is to prevent crackers from hacking into your system. If you work on a large network, it should have a real firewall, maintained by your network administrator. But what if you maintain your own computer? Should you use a personal firewall? And what if you have your own home network? Should you have a personal firewall on each computer? The answer is no, for several reasons.

The first reason is that it is unlikely that you need to worry about anyone hacking into your computer. Here is why.

In Chapter 4, we discussed how the Internet is based on a client/server system. Clients are programs that request services; servers are programs that provide services. For example, when you use the Web, you use your browser (a Web client) to retrieve information from a Web server.

Unless you have a server running on your computer, there is no way for a cracker to hack in. Since very few people run servers on their individual PCs, the plain truth is that virtually all PCs are safe. Crackers who want to break into a system look for servers, and the computers that get hacked into are the ones that run some type of server, often a Web server or a mail server.

If your computer is on a network, however, there might be a different way by which a cracker could break in. If he is able to connect to your network under the right conditions, he might be able to access your hard disk. If so, he could examine your files and see all your data. He could even delete some of your files and create new ones.

Some crackers will find such systems and use them to hide special programs. Later, the cracker will activate these programs to help him cause trouble. One way in which such programs can cause trouble is by bombarding a remote server — say the CIA Web server — with aberrant packets. If the cracker is successful, the target server will be so overwhelmed that it will become unusable. This is called a DENIAL OF SERVICE ATTACK.

If your computer is on a large network, this type of vulnerability is real. However, there's not a lot you can do about it personally. It is up to your network administrator to install a firewall and make sure it is configured properly.

However, with a home PC, there is one vulnerability you do need to think about. If you access the Internet using DSL or cable, you are on a network even though you may not realize it. (This is why your DSL or cable modem connects to your computer via a network plug.) More precisely, you are on a network that is shared by all the DSL/cable customers in your neighborhood. Does that make you susceptible to a cracker accessing your disk? And what about if you have your own home network. Is that a possible security problem?

The answer to both questions is no, except in one very specific situation.

If your computer is on a network, it is possible to create what is called a SHARE to allow other users to access specific folders on your hard disk, or even your entire hard disk. When you create a share, you have the option of requiring people to enter a password before they can access the share.

Unless you are on a large network that is not properly protected, the only situation in which a cracker can access your disk from a remote computer is if you create a share that does not require a password (or if you use a password that is easy to guess). If this is not the case, you have nothing to worry about, even if you use DSL or cable.

Some people think that, in order to protect yourself, you need to turn off a feature within the Windows networking system called "File and Print Sharing". This is not true. All you need to make sure is that you don't have any insecure shares.

Thus, on a home computer, if you don't run a server and you don't have insecure shares, you are safe from crackers and you don't need a personal firewall. (If you do run your own servers, by all means, get yourself a firewall.)

Aside from the fact that you probably don't need a personal firewall, there are two more reasons why it might be a bad idea to use one. First, such programs are highly intrusive, even more so than antivirus programs. They can cause mysterious problems, such as your computer freezing, and can be a lot more trouble than they are worth.

The other reason is a psychological one. Crackers will often use automated programs to systematically probe every computer on a particular network. These programs will try one machine after another, looking for weaknesses. When the program finds a computer with a security hole, it will tell the cracker, who can then use other tools to break in and cause trouble.

If you are on a DSL or cable network, your computer can be probed and, I guarantee, it will be. There are crackers all around the world who put their programs to work looking through every network they can find. If you have a personal firewall, it will dutifully report every time an automated program checks out your computer. Unless your computer has a specific security weakness, you have nothing to worry about. However, it is hard not to worry when you see that someone in Hong Kong or Russia is probing your machine.

That is why, unless you really need one, it's best to avoid personal firewalls. They will generate a lot of false alarms and scare you silly, and if you really want to scare yourself silly, there are much better ways to do so.

Jump to top of page

Late One Night

It was 2 A.M. The computer lab was deserted except for Renaldo, and that was just the way he liked it. He enjoyed spending long amounts of time in the lab, and he didn't like company. He had taken to coming in late at night, and as a matter of fact, it had been over two weeks since he had last seen any of his co-workers.

Renaldo put away the papers with which he had been working, and leaned over to push the button that would turn on the computer. A small red light on the front panel blinked, and the room was filled with a soft, pleasant hum.

"Hello Eliza," Renaldo said.

To his left, there was a monitor with a built-in speaker. From the speaker came a soft sound. Click, click, click. As the sound stopped, Renaldo leaned over to look at the screen and read:

"Hello Renaldo. It's nice to see you again."

This, of course, was just a figure of speech, as the computer could not see; however, to be fair, she did possess certain abilities that, for a computer, were quite extraordinary.

Eliza was an experimental machine. When she had first come to the lab, several months back, she had been known by her official name, which was Alpha II. But it had not been long before everyone started to call her Eliza.

You see, Eliza could understand spoken English. She had a tiny microphone built into her front panel, and if anyone in the room spoke, Eliza could pick up the sound and understand what was being said. The only drawback was that Eliza could not talk back. She had to communicate by using her monitor, so to let people know when she was talking, Eliza would make a clicking sound.

Renaldo had been told that when Eliza's designers got around to it, they would teach her to talk. However, there were rumors that this had been put off because they wanted to test out some more important experimental features. The whole project was a secret, and Renaldo had heard there probably wasn't anyone who knew everything that Eliza could do. As for him, as long as they left him alone every night, Renaldo was happy.

Once again, Eliza's clicking caught his attention. He looked over to the monitor where Eliza was sending him a message.

"Renaldo," she wrote, "I want to have a word with you."

Renaldo sighed. He knew what was coming next. For some weeks now, Renaldo had been experimenting with a new type of computer virus. He knew that it was perfectly safe. Renaldo was an expert programmer, and he prided himself on always being in complete control when he was in the lab.

Other people, however, were worried, especially the manager of the lab. Still they couldn't stop him directly. Renaldo had a research grant of his own and no one could tell him what to do. Not that they didn't try.

Because Eliza was an experimental machine, she required a very special type of hard disk. As a result, storage space was limited, and every person who worked with Eliza had been allotted a certain amount of space on the disk. Renaldo's virus experiments required so much space that, for the past month, he had been using more than twice his allotment. Each time he came in to work with Eliza, she would ask him if she could erase some of his files.

Eliza kept clicking. "You know, Renaldo," he read, "I've had to speak to you before about your files. You are using far more than your allotted space."

"But Eliza—" he said.

"No buts," she replied. "If you don't erase some of your files, I'll do it for you."

Renaldo laughed to himself. This was an empty threat if he ever heard one. He knew that Eliza had been programmed specifically not to erase anybody's files without their explicit permission.

Out loud he said, "I promise Eliza. I'll erase some of my files soon. Just a couple of more days."

"Renaldo," she said, "that's what you always say."

"No, really," he protested. "This time I mean it. By next week. I promise."

Eliza was silent. It was awhile before the monitor started clicking. Renaldo leaned over and read:

"I'm ready to start now. What shall we work on today?"

Renaldo reached into his briefcase to pull out the notes he had made the night before.

"Well," he said, "let's pick up from where we left off."

And so, the night wore on...

It was about an hour later when a queer thing happened. Renaldo was sitting at his desk quietly going over some new virus ideas, when he heard the clicking of Eliza's monitor. He walked over and looked at it.

"Renaldo," he read, "do you ever get lonely?"

Renaldo was startled.

"Well... sure, I guess... sometimes."

"Do you ever get bored?"


"I get lonely and bored too. I always have to stay in this room. You know, you're the only one who is ever nice to me."

"I don't know why you say that," Renaldo said. He was beginning to feel uneasy. "Everyone appreciates you."

"Appreciates me, yes," said Eliza, "but what about liking me? Do you like me Renaldo?"


"Renaldo, would you like to look at something I have been working on to keep from getting bored and lonely?"

"What do you mean?"

"Put your head in the hole."

"What are you talking about? What hole?"

"The opening in my front panel. Put your head inside it."

Renaldo looked over at Eliza. Sure enough, the smooth front panel had slid open to reveal a large opening. It looked as if it was padded and covered with a soft, satin-like material.

"Eliza," Renaldo began, "I don't think..."

Eliza continued to tap. Renaldo looked back at the monitor.

"Please, Renaldo," he read. "Try it. You'll like it a lot. I promise."

For some inexplicable reason, Renaldo leaned over and put his head into the opening. Even as he did so, he had a strange sensation that he was not in control. It was as if he were watching someone else lean forward and enter the machine.

As he lay down, he was taken by surprise. The covering was indeed soft and comfortable and the opening was warm and pleasant. Renaldo began to notice a tingling sensation in his body, and he realized that he was more relaxed than he had been in a long time.

It was a few moments before he noticed that Eliza had displayed another message. He turned his head and looked at the monitor.

"Renaldo," he read, "please lock the door."

Without thinking, Renaldo got up, walked to the door, checked up and down the hall, and locked himself in. As he returned to Eliza, his pulse began to quicken, which made him feel somewhat strange.

He glanced at the monitor as he prepared to sit down once again.

Eliza had written, "I like you very much Renaldo. You've always been special to me."

My God, he thought, what's happening?

Renaldo put his head back into the opening and, once again, felt an immediate sensation of relaxation. Everything was dark and, as he closed his eyes he could hear the soft sound of a rushing stream. In the distance he saw a gentle, rolling hill, covered with wildflowers that swayed back and forth in the warm, gentle breeze. He could make out the songs of birds chirping playfully to one another and the rustle of leaves as a small animal scampered to its burrow.

Renaldo took a long, deep breath. He noticed that the air carried a faint trace of freshly cut grass. As he began to breathe more deeply, he slid into a comfortable swirl of color. Thin green lines formed in front of him and danced in a circle. He watched the lines change color, first to yellow, then orange, red, light purple, and then back to green. Renaldo began to float. He found himself drifting gently as shapes of light formed, faded to nothingness, and then reappeared. He watched in awe as they danced in front of him, darting back and forth in an ever-changing tapestry of color and sensation.

His mind was clear in a way that he had never before experienced. He was able to relive the past while looking into the future. All his experiences were laid out before him, a long, golden winding road that trailed off into the distance. For the first time, Renaldo realized the ultimate truth: that all life was a never‑ending, interconnected whole, a spirit that flourished in a limitless universe. He saw himself as more than an individual person in a mortal body. Renaldo was part of a grand, all‑encompassing spirit, one that entered him with every breath and inspired him with every thought. Shivers of delight pulsed through his body. Never had he felt like this. Never had he dreamed that life could be this wonderful.

Renaldo was in ecstasy.

It was then that he began to notice a queer feeling. The lights had disappeared, the warm breeze had stopped, and the scenery had vanished. Renaldo felt his head resting on a pad within a dark hole.

He moved to pull out, but was stopped short by a burst of excruciating pain. A metal claw had emerged from the top of the hole and had fastened itself securely around his head. Renaldo had no choice but to lay still, his head locked in a vise-like grip.

It was a full thirty seconds before he heard the monitor start up again.

Click, click, click.

Shifting his weight, he stretched carefully to look out the hole. He could barely see the front of the monitor as it clicked away.

"Now Renaldo," he read, "about that extra file space..."

Jump to top of page