From: Subject: =?Windows-1252?Q?Overview_of_VB=9297?= Date: Thu, 3 Mar 2005 21:36:43 -0500 MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----=_NextPart_000_0026_01C52039.181AA030" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 This is a multi-part message in MIME format. ------=_NextPart_000_0026_01C52039.181AA030 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Location: http://www.softpanorama.org/Articles/vb97.shtml Overview of VB=9297

May = the source be=20 with you,
but remember the KISS principle ;-)

Softpanorama: (slightly skeptical) Open Source = Software=20 Educational Society

3DGoogle=20 = =20 =20

v.2.01; Oct. 21, 1997

An Overview of The = Seventh=20 International Virus Bulletin Conference (VB=9297).=20

The conference was held  Oct.2-3, 1997 in SF. The partially = accurate=20 program of the conference is available on http://www.vi= rusbtn.com/VB97/programme_tables.html.=20

I would like to single out the following five presentations that IMHO = deserve=20 attention:=20

1. David J. Stang: "In pursuit of prevalence: a look at 'In the = Wild'".

2. Jimmy Kuo: "Free Macro Anti-virus Techniques".

3. David Aubrey-Jones: "Macro Attacks on Office =9197"

4. Dmitry Gryaznov: "Scanning the =91Net'"

5. Martin Overton: "FAT32 - New Problems for Anti-virus or=20 Viruses?

The most impressive was the presentation by David J. = Stang. Its=20 title could probably be changed to "'In The Wild List' Is Dead". = Although David=20 diplomatically stated that "This article is NOT an attack on the = developers of=20 any wild list" it was actually a RIP for the  "In The Wild List" = urban=20 legend. IMHO this is probably the main result of VB=9297. Better late = than never=20 ;-). I hope that after this presentation the new editor of the Virus = Bulletin=20 will abandon the "In The Wild" urban legend.

Overview of the Best Presentations

David J. Stang: "In pursuit of prevalence: a look at "In The = Wild"

I had never  listened to David before and the fact that he = worked in=20 NCSA in the past makes him a little bit suspect  (NCSA is the major = proponent of the "In the Wild List" :-), but he gave a very good = presentation. I=20 believe most people connected with AV testing will (silently :-) agree = that=20 the  "In The Wild List" is unscientific (i.e. subjective), = misleading (if=20 used in AV scanner testing) and generally serves no identifiably useful = purpose.=20 It's a little bit  like the shadow of academician Lysenko's = heritage (for=20 those lucky souls who did not know about Lysenko and Lysenkoism, see the = definition in the "Sceptic's dictionary" at http:///). A=20 meaningful "In the wild list" is just not possible due to regional = differences.=20 For example there is a product called V-HUNTER (http:///)=20 that for many years detected and disinfected only viruses that were = found in=20 Russia (it does not cover polymorphic viruses - they are covered by = DrWeb,=20 though). The list of viruses that it contains, even if we exclude = polymorphics,=20 has very little to do with the "In the Wild List".

IMHO the "In the Wild List" is an artificial mix. As such,  it = should=20 never be used for evaluations of the quality of the AV software. Often = it does=20 not include viruses that became widespread for a month or two (a very = long=20 period in the AV industry). At the same time it includes viruses which = probably=20 never managed to get into a particular country,  and in this sense = are no=20 different from any virus that can be found on "Virus CDs" or in = collections=20 available via the  Internet.

Although I have publicly criticized the  "In the Wild List" = several=20 times, nobody has taken the  time  to put all the relevant = arguments=20 against it on paper. David's presentation does the job just fine. If any = publication uses the "In the Wild List" in 1998,  I recommend it be = viewed=20 with great suspicion or just thrown in the garbage, where it probably = belongs=20 ;-).

David Stang made a good field study of virus distribution in several=20 different countries and formulated four reasons why a good wild list in = not=20 possible (I paraphrased them as follows):=20

  1. The problem of scanner precision. Scanners are so = imprecise=20 that for a new virus even if two scanners report the same name (which = is=20 seldom the case) it is unclear whether it is the same virus, two = strains of=20 the  virus or just two different viruses (one mistakenly = misidentified=20 due to bugs in one of the scanners).=20
  2. The problem of under-reporting and late reporting. = "In the=20 Wild List" is not objective and relies on "good will"  = i.e.  =20 on the reports from  antivirus vendors/researchers. Antivirus = vendors are=20 generally reluctant to release information about viruses that their = scanners=20 does not detect/disinfect or does not handle well. That means that = such cases=20 were underreported or reported late. Not only AV vendors have no real=20 incentive to report about new cases unless they are already = incorporated into=20 the scanner, they themselves are not always able to obtain = reliable=20 information from their customers about infections by old viruses for = last=20 month, especially if the virus is disinfected by a particular scanner = without=20 problems  (corporate customers are one important example; = disclosure of=20 such statistical information in corporations is often regulated).=20
  3. The problem of complete absence of proactive value. = Viruses=20 can spread much faster that updates to the list.  So "In the Wild = List"=20 is never up to date. Often it is seriously misrepresent the situation. = For=20 example if a new type of virus appears it will not be promptly = reported. As=20 everybody know the Concept virus took the world by surprise. But it = took =20 half a year before one half of the 27 respondent countries reported = the virus=20 to the "In the Wild List", even though the virus was the most = widespread in=20 many or all of this countries during that period.=20
  4. The problem of limited value as a prevalence table. = Purging=20 the viruses from the list is even more arbitrary than their inclusion, = so the=20 list cannot be used as a reliable prevalence table. Again, AV vendors = have=20 neither real incentives no reliable information from customers to = report about=20 the disappearance of a particular virus for a particular month. =

Again, IMHO the main reason is that prevalence is so different = between=20 regions of the world that a global prevalence list make very limited = sense=20 after, say, a dozen most widespread viruses. See below for the = discussion of=20 Dmitry Grayznov's presentation about one possible alternative - "In The = Usenet=20 List". It is an objective, but it has several serious problems that need = to be=20 solved before it can be viable for AV scanners testing.

Jimmy Kuo: "Free Macro Anti-virus Techniques"

For some strange reason Jimmy Kuo=92s presentation was put on the = technical=20 track. IMHO it was the most useful for practitioners presentation at the = conference. Jimmy did a really useful job of collecting and classifying = the=20 methods of improving macro virus protection in MS Word without using = macro virus=20 scanners of VxD. I would like to applaud Jimmy=92s vendor = neutral-approach that=20 was used in the paper. The text of this paper is available on http://www.nai.c= om/services/support/vr/free.asp=20    I strongly recommend downloading and reading it. Several = additional=20 useful techniques should be mentioned:=20

  1. Use MS Word 97, if possible. Macro viruses that have protected = macros will=20 NOT be converted correctly to MS Word 97 (see below);=20
  2. Use RTF as an alternative format for attachments.=20
  3. For Word 6.0 users only: Installation of SCANPROT macros in the = STARTUP=20 directory instead of NORMAL.DOT  (not recommended for Word 95 = users -=20 they need to upgrade to Word95a or, better, Word 97;  Word 97 = users have=20 the highest level of macro virus protection among MS Word users = including the=20 built-in functionality of SCANPROT).

A combination of copying the NORMAL.DOT template from a special = backup=20 directory, SCANPROT installation in the STARTUP directory and the use of = RTF=20 proves, as my own experience shows,   to be a very inexpensive = and=20 efficient corporate framework for fighting macro viruses. These methods = are=20 especially useful for organizations that are afraid of using VxD for = stability=20 reasons.

As for RTF, I have had a positive experience with it in a large = corporate=20 environment, despite the fact that the CAP.A virus fools the user. This = virus=20 saves the document in native MS Word format instead of RTF even if the = user=20 tries to save it in RTF. At the same time, it   is very easy = to check=20 on the mail gateway (or in the mailbox) if the attachment was really = converted=20 to RTF. One only needs to check the first 5 bytes of the file. So the = check can=20 be really quick, much quicker than scanning the file for macro = viruses.

David Aubrey-Jones: "Macro Attacks on Office =9197"

This was an interesting presentation that tried to systematize macro = virus=20 protection features that are available in MS Word 97. Although Microsoft = could=20 and should do more, they have made a number of important and significant = changes=20 in Office 97 that makes the threat of macro virus infection less likely. = The=20 following features (with the exception of   No. 1) are generally = poorly=20 documented and communicated to the public.=20

  1. A built in macro warning dialog (like SCANPROT for Word 6.0; = enabled by=20 default).=20
  2. A scanner/disinfector built in the Word Basic converter =20 (WWINT32.DLL).=20
  3. A feature that disables old Word Basic macro copying commands when = the=20 destination of the copy is locked for viewing (i.e. the project is = password=20 protected).=20
  4. The ability to protect projects can be applied to = NORMAL.DOT,  making=20 it impossible for macro viruses to infect NORMAL.DOT without the user=20 supplying the password.=20
  5. Execute-only macros cannot infect NORMAL.DOT (the vast majority of = macro=20 viruses contains =91execute-only=92 or =91protected=92 macros that = have some=20 (primitive) form of encryption).

The last feature is probably the most important. In Word 97 only = =91projects=92=20 can be protected, while in Word 6 any single macro can be protected. = A =20 Microsoft white paper "Word Basic Migration to Visual Basic for = Applications"=20 (available as a self extracting archive wbmigrat.exe from http:///) lists the following four important = restrictions:=20

  1. Macros in protected projects cannot be copied.=20
  2. Macros cannot be copied into protected projects (so if you protect = NORMAL.DOT it will be protected from viruses).=20
  3. The ExecuteOnly argument functionality of the Word Basic MacroCopy = statement has been disabled.=20
  4. The Organizer does not list macros in a protected document. =

Generally, switching to Office 97 is a pretty smart move from the = point of=20 view of macro virus protection.

Dmitry Gryaznov: "Scanning the =91Net=92"

VirusPatrol is a free service, provided by Dr. Solomon, to protect = users of=20 newsgroups from virus infections by the daily scanning of major Usenet=20 newsgroups. Dmitry Gryaznov=92s project was really innovative in several = aspects=20 and, to a certain extent, proved that Dr. Solomon is one of the market = leaders.=20

First, probably the best way for a virus author to quickly distribute = a virus=20 is to mail it to one or several popular USENET groups. Also,  files = and=20 documents that contain a particular virus (for example a resume that = contains=20 the CAP.A virus) are an indicator of a prevalence of the virus. Attached = executables and documents are scanned using heuristic analysis. = Suspicious=20 samples are analyzed and a detection and clean-up routine is = incorporated in=20 FindVirus. VirusPatrol issues an alert to the newsgroup warning other = readers=20 not to download the infected file. In this way a virus outbreak may be=20 prevented. Service is not intrusive. Readers of the scanned newsgroups = will be=20 aware that they are being protected by Internet VirusPatrol only when an = alert=20 is issued within that group. The list of viruses found on the scanned = newsgroups=20 over the past two months is available via=20 http://www.drsolomon.com/vircen/vp/index.cfm. It is really  = instructive=20 reading.

The second important aspect of this pioneering work is the ability to = create=20 something like an "In the Usenet List". I believe that Dmitry should = take some=20 steps in this direction. There are several problems that need to be = resolved,=20 such as the posting of virus collections and posting viruses for = distribution in=20 provirus newsgroups. The simplest way is to exclude them. A second = approach is=20 to introduce a rating for each virus found according to the newsgroup = and to use=20 a  lower rating for virus distribution newsgroups. Let's briefly = discuss=20 four major objections mentioned above against the "In The Wild List":=20

  1. The problem of scanner precision. Still valid, = although only=20 one scanner is used and bugs are limited to this particular scanner. = Still not=20 all viruses will be reported.=20
  2. The problem of under-reporting and late = reporting.  The=20 list is objective and this problem seems to be less important.=20
  3. The problem of complete absence of proactive value. = Still=20 true, but heuristics provide some (limited) proactive detection.  = As=20 virus authors try to distribute viruses via USENET, a  proactive = value=20 depends on the quality of the heuristics. At least some proactive = value can be=20 anticipated. More experience and information is needed.=20
  4. Problem of limited value as a prevalence = table. =20 Probably limited for the first dozen only. More experience and = information is=20 needed.

Martin Overton, FAT32 - New Problems for Anti-virus or Viruses?

Martin Overton provided an interesting discussion of FAT32 that = appeared in=20 the Service Pack 2 for Windows 95 and is a preferable file system for = today=20 3G+  hard drives. The paper is available on http:///   He demonstrated that many DOS = viruses=20 (including MBR and boot sector (DBR) viruses) work adequately under = Windows 95=20 and FAT32. At the same time most antivirus vendors were very slow to = implement=20 proper handling of FAT32.

Some of his findings appear to be completely opposite to postings by = notable=20 researchers on the alt.comp.virus group. The most important of them is = that=20 DBR  viruses really cannot be removed from FAT32 = partitions by=20 non-FAT32 compatible anti-virus software.

That means that customers with FAT32 installed, who paid for such AV = products=20 as AVP 3.0, F-prot Professional 3.0 and ThunderByte (as well as probably = several=20 others) were paying not for protection from a large subset of boot = viruses that=20 infect the boot sector [DBR] instead of MBR, but for vapor. Of those = that do=20 support FAT32, both McAfee ViruScan 3.03 and Norton Antivirus 3.0 = constantly=20 gave false positives after a cold-clean-boot [Virus found in memory]. = Those that=20 successfully support FAT32 and didn=92t produce false alarm include: Dr. = Solomon=92s=20 AVTK 7.72 and VET 9.44. Sophos Sweep supports FAT32, but refuses to = remove=20 FORM.A as they consider a FAT32 partition infected with a FAT16 boot = virus a=20 problem that requires help from their support desk.

Concluding remarks

IMHO one important problem was completely overlooked: the problem of = the=20 reliability of AV products. AV products not only add to the cost of = ownership=20 of  the Microsoft and Novel platforms. More often that not AV = products,=20 especially NLM s and VxD drivers, negatively affect the underling OS = stability.=20 Like other categories of consumers, AV consumers need some kind of = consumer=20 protection from problems like those reported by Martin Overton. The = level of=20 testing of AV products (QA) really needs to be improved. I will add just = one=20 example:=20

        ... ... ...
  =

The author plans additional research into this subject.

---

Dr. Nikolai Bezroukov

Copyright 1997, Nikolai Bezroukov

Permission granted to freely copy and redistribute (including posting = on web=20 pages, usenet, BBS, bulletin boards of on-line service providers) = provided this=20 copyright notice is included. 

Copyrighted material contained within this document is used in = compliance=20 with the United States Code, Title 17, Section 107, "for purposes such = as=20 criticism, comment, news reporting, teaching"

Disclaimer: All comments or statements are solely my own, and do not = reflect=20 or represent any organization's that I may be associated with.

Copyright =A9 1996-2005 by Dr. Nikolai Bezroukov. http://www.softpanorama.org/ = was created=20 as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free = time. Submit = comments

This document is an industrial compilation designed and created = exclusively=20 for educational use and is placed under the copyright of the Open Content = License(OPL).=20 Original materials copyright belong to respective owners. Quotes are = made for=20 educational purposes only in compliance with the fair use doctrine.=20

Standard disclaimer: The statements, views and opinions = presented=20 on this web page are those of the author and are not endorsed by, nor do = they=20 necessarily reflect, the opinions of the author present and former = employers,=20 SDNP or any other organization the author may be associated with. We = do not=20 warrant the correctness of the information provided or its fitness for = any=20 purpose.

Created: May 16, 1996; Last modified: October 24, = 2004

------=_NextPart_000_0026_01C52039.181AA030 Content-Type: image/gif Content-Transfer-Encoding: base64 Content-Location: http://www.google.com/logos/Logo_25wht.gif R0lGODlhSwAgAPfYAAAAhAADbAAPuQAMmwAJcgAPowAbxwAZtgAbqQAUeAAnxAAtzwAouQEglwsi cyw7cXR7lQAx1wAuxwAoqRM5uBUyixk6o0BOe2BqiquzzShGmjNKj0hZjHaHtYeVvIKLo7K4ygE4 vhhFsShSt0BhtVlzsWR/wVRpn2h6qG97mqKtyJOarM7Y8K2yvwpK1HWRz5Cq4uHk6w5Y5jFiyUp3 zmuT52SH0WuO2L/F0eLo9La4vPn7/+Dh43mb2Iek24KbyJuy27K90cbO3FqJ1nSj8ZKt2qu93LXI 5snV6dfc5L3O5d3h5fL1+Pz9/t3e3+vx9fr9/+Xo6unt7/b4+dTb3fL29vz//8/R0fn++6q0rKaw qABmAABgAAFtARhIGD+HPzZeNn/Gf47DjpzTnGV+ZZGokcHcwYmYiZ+pn+n26djk2Pf59/Hy8e7v 7hWBFGC8X4DIf4jJhZLLkOTm4f//+f7++/r69/////b29Nvb2fr6+fTy6PLWZNrKiee2CvDEKPDc kPa/CfC7E+OyEt/c0uSmAIxtGMuoQMqzcKCRZdjOsb+5qLOvo/qyAM6VALuKCIZoH766sPj28aJw AXRQAuzq5t7c2I1bAO7s6enk3a+lmfn39dfV08fGxebTyfbz8uKrm9rQzeTc2ty0rOJ7adnJxttP O+lZRdBvYeiUh+axqdQaBdYpE8taS8WJgujAu8mtqq8QAMITAck2J7g2KbZRSLJcVa9uaNKUj/DP zNQLAIg3Mp1CPIdKRteinta7uccGAIQcF2wfHH5MSoxgXtGsq7KXlr2lpNcAANQDALwBALIAAKcA AJMDAHUAAFgAAIwDAWgFA3gYF8a3t9nT0/35+erp6ezs7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAANgALAAAAABLACAA AAj/ALEJHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3IgQypQmHBeuMSPnjRs1GKcUoUGCxIgZ N47cCWkQSxoxbshgVCICRZKZeoJYWNBACE2DY7qcuXhkAoiDDx60OVow6dKKSUJ8QIhDD9WCcrqg sTgkAZ2Hm1SlSjVqk8E9gOIq8lrwCQsqTqgYYYFNzpaxA1+tfSVQh2EdPHQUXOLiwsNStFz9ciWL FSyCfQ4pUoTIjyBFA+30MNHBhQwRHXJgi7NFi8BPrW4Vu6WL1hNsig8XNBICg8NQsUINdAJM2TSB fR7tGEioUKFO2O4MOSHQCYMGTgSydm0l9kBczIbh/x6vmCARBr4ZVjG1q6CrZNKwzfGjqSCiRpCw KQlxZeAPA45hAwcXrr3CjBQCZdKKMMYs1IMEDzQEyirEFCSKLs7EAIgjkRRESCOXtEFEAdAJtIQC DggExxZZYEMKNNe8gootxzEURAQJ7GHQE0gksQQSd5ACjHgE3cFKNNPw8QgjBUERyCWc1KAABKEh EOCALZ7SzDG+iPIQGwsgsBVBOdxQAg0uaIANKskIY5Ap0VDDhyOJGPQHJZUIIUACbAgkRADZYRMG Fy22skx9EZlgQAOWEAQSNj8cQOUoyEBDRUGzPINNH/gZNAglAnUQQAVHKDECDgOF0Ro2uCATzKMP ff9iwQEUxGBQERNQiU0ty/RCECbQNMiEI0sSlMkkiwxkTQZojqldFy2yoYwythQ000JRJFCAAkYU 1EMA6VUBDTS4DESLrwIpMskkmQh0xyN1FuRDBBsQ9AYXVx3TzDKzeIJNLrhU05ATHBAwwAg2+ADD CxpwgGp1vThjiyu13IIFQYsYMgkimSFiEBM+HCAACVNgo8cXXoBRxsXGROMMNM3wkgtEmLTwAQoe qCDEtQW18csvkiCUiSKe9DlQHUWQUIIHHzhggAZ1DHTHGgNZQU0pXn4lER5DaGCrQNZYMMAKWtME xAR5FCRFAemVvRENAzRaUANku72RCQJwsFsFZ9kkrZEdGwAwwQ1AAGEDCdf4HRIOKXBwQgdBKC75 5JRXbvnlNAUEADs= ------=_NextPart_000_0026_01C52039.181AA030 Content-Type: text/css; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Location: http://www.softpanorama.org/CSS/main.css BODY { BACKGROUND-COLOR: #ffffff } H1 { COLOR: red; FONT-FAMILY: arial, helvetica, sans-serif; TEXT-ALIGN: = center } H2 { COLOR: blue; FONT-FAMILY: arial, helvetica, sans-serif; TEXT-ALIGN: = center } H3 { FONT-FAMILY: arial, helvetica, sans-serif; TEXT-ALIGN: center } H4 { FONT-FAMILY: arial, helvetica, sans-serif; TEXT-ALIGN: center } P.a1 { FONT-SIZE: smaller; FONT-FAMILY: arial, helvetica, sans-serif } TABLE.swb { BACKGROUND-COLOR: cyan } TD.swb { BORDER-RIGHT-STYLE: solid; BORDER-BOTTOM-STYLE: solid } TABLE.nb { BACKGROUND-COLOR: #ffffcc } TR.nb { FONT-WEIGHT: bold; TEXT-ALIGN: center } TD.nb { BORDER-TOP-STYLE: solid; BORDER-RIGHT-STYLE: solid; BORDER-LEFT-STYLE: = solid; BORDER-BOTTOM-STYLE: solid } TT { COLOR: blue } CODE { COLOR: blue } ------=_NextPart_000_0026_01C52039.181AA030 Content-Type: application/x-javascript Content-Transfer-Encoding: quoted-printable Content-Location: http://pagead2.googlesyndication.com/pagead/show_ads.js google_ad_url =3D '';=0A= google_date =3D new Date();=0A= google_random =3D google_date.getTime();=0A= google_org_error_handler =3D window.onerror;=0A= =0A= function quoted(str) {=0A= return (str !=3D null) ? '"' + str + '"' : '""';=0A= }=0A= =0A= function google_encodeURIComponent(str) {=0A= if (typeof(encodeURIComponent) =3D=3D 'function') {=0A= return encodeURIComponent(str);=0A= } else {=0A= return escape(str);=0A= }=0A= }=0A= =0A= function google_write_tracker(tracker_event) {=0A= var qloc =3D window.google_ad_url.indexOf('?');=0A= var img_src =3D = 'http://pagead2.googlesyndication.com/pagead/imp.gif?event=3D';=0A= img_src +=3D tracker_event;=0A= if (qloc !=3D -1 && qloc+1 < window.google_ad_url.length) {=0A= img_src +=3D '&' + window.google_ad_url.substring(qloc+1);=0A= }=0A= var img_tag =3D '';=0A= document.write(img_tag);=0A= }=0A= =0A= function google_append_url(param, value) {=0A= if (value) {=0A= window.google_ad_url +=3D '&' + param + '=3D' + value;=0A= }=0A= }=0A= =0A= function google_append_url_esc(param, value) {=0A= if (value) {=0A= google_append_url(param, google_encodeURIComponent(value));=0A= }=0A= }=0A= =0A= function google_append_color(param, value) {=0A= if (value && typeof(value) =3D=3D 'object') {=0A= value =3D value[window.google_random % value.length];=0A= }=0A= google_append_url('color_' + param, value);=0A= }=0A= =0A= function google_get_user_data() {=0A= var javaEnabled =3D navigator.javaEnabled();=0A= var tz =3D -google_date.getTimezoneOffset();=0A= =0A= if (window.screen) {=0A= google_append_url("u_h", window.screen.height);=0A= google_append_url("u_w", window.screen.width);=0A= google_append_url("u_ah", window.screen.availHeight);=0A= google_append_url("u_aw", window.screen.availWidth);=0A= google_append_url("u_cd", window.screen.colorDepth);=0A= }=0A= =0A= google_append_url("u_tz", tz);=0A= google_append_url("u_his", history.length);=0A= google_append_url("u_java", javaEnabled);=0A= =0A= if (navigator.plugins) {=0A= google_append_url("u_nplug", navigator.plugins.length);=0A= }=0A= if (navigator.mimeTypes) {=0A= google_append_url("u_nmime", navigator.mimeTypes.length);=0A= }=0A= }=0A= =0A= function google_show_ad() {=0A= var w =3D window;=0A= w.onerror =3D w.google_org_error_handler;=0A= =0A= if (w.google_num_ad_slots) {=0A= w.google_num_ad_slots =3D w.google_num_ad_slots + 1;=0A= } else {=0A= w.google_num_ad_slots =3D 1;=0A= }=0A= =0A= if (w.google_num_slots_to_rotate) {=0A= w.google_prev_ad_formats =3D null;=0A= if (w.google_num_slot_to_show =3D=3D null) {=0A= w.google_num_slot_to_show =3D w.google_random % = w.google_num_slots_to_rotate=0A= + 1;=0A= }=0A= if (w.google_num_slot_to_show !=3D w.google_num_ad_slots) {=0A= return;=0A= }=0A= } else if (w.google_num_ad_slots > 3 && w.google_ad_region =3D=3D = null) {=0A= return;=0A= }=0A= =0A= w.google_ad_url =3D 'http://pagead2.googlesyndication.com/pagead/ads?';=0A= w.google_ad_client =3D w.google_ad_client.toLowerCase();=0A= if (w.google_ad_client.substring(0,3) !=3D 'ca-') {=0A= w.google_ad_client =3D 'ca-' + w.google_ad_client;=0A= }=0A= w.google_ad_url +=3D 'client=3D' + escape(w.google_ad_client) +=0A= '&dt=3D' + w.google_date.getTime();=0A= =0A= google_append_url('hl', w.google_language);=0A= if (w.google_country) {=0A= google_append_url('gl', w.google_country);=0A= } else {=0A= google_append_url('gl', w.google_gl);=0A= }=0A= google_append_url('gr', w.google_region);=0A= google_append_url_esc('gcs', w.google_city);=0A= google_append_url_esc('hints', w.google_hints);=0A= google_append_url('adsafe', w.google_safe);=0A= google_append_url('oe', w.google_encoding);=0A= google_append_url('lmt', w.google_last_modified_time);=0A= google_append_url_esc('alternate_ad_url', w.google_alternate_ad_url);=0A= google_append_url('alt_color', w.google_alternate_color);=0A= google_append_url("skip", w.google_skip);=0A= =0A= if (w.google_prev_ad_formats) {=0A= google_append_url_esc('prev_fmts', = w.google_prev_ad_formats.toLowerCase());=0A= }=0A= =0A= if (w.google_ad_format) {=0A= google_append_url_esc('format', w.google_ad_format.toLowerCase());=0A= if (w.google_prev_ad_formats) {=0A= w.google_prev_ad_formats =3D w.google_prev_ad_formats + ',' + = w.google_ad_format;=0A= } else {=0A= w.google_prev_ad_formats =3D w.google_ad_format;=0A= }=0A= }=0A= =0A= google_append_url('num_ads', w.google_max_num_ads);=0A= google_append_url('output', w.google_ad_output);=0A= google_append_url('adtest', w.google_adtest);=0A= if (w.google_ad_channel) {=0A= google_append_url_esc('channel', w.google_ad_channel.toLowerCase());=0A= }=0A= google_append_url_esc('url', w.google_page_url);=0A= google_append_color('bg', w.google_color_bg);=0A= google_append_color('text', w.google_color_text);=0A= google_append_color('link', w.google_color_link);=0A= google_append_color('url', w.google_color_url);=0A= google_append_color('border', w.google_color_border);=0A= google_append_color('line', w.google_color_line);=0A= google_append_url('kw_type', w.google_kw_type);=0A= google_append_url_esc('kw', w.google_kw);=0A= google_append_url_esc('contents', w.google_contents);=0A= google_append_url('num_radlinks', w.google_num_radlinks);=0A= google_append_url('max_radlink_len', w.google_max_radlink_len);=0A= google_append_url('rl_filtering', w.google_rl_filtering);=0A= google_append_url('rl_mode', w.google_rl_mode);=0A= google_append_url('rt', w.google_rt);=0A= google_append_url('ad_type', w.google_ad_type);=0A= google_append_url('image_size', w.google_image_size);=0A= google_append_url('region', w.google_ad_region);=0A= google_append_url('feedback_link', w.google_feedback);=0A= google_append_url_esc('ref', w.google_referrer_url);=0A= google_append_url_esc('loc', w.google_page_location);=0A= google_get_user_data();=0A= =0A= w.google_ad_url =3D w.google_ad_url.substring(0, 1000);=0A= w.google_ad_url =3D w.google_ad_url.replace(/%\w?$/, '');=0A= =0A= if (google_ad_output =3D=3D 'js' && w.google_ad_request_done) {=0A= document.write('');=0A= } else if (google_ad_output =3D=3D 'html') {=0A= if (w.name =3D=3D 'google_ads_frame') {=0A= google_write_tracker('reboundredirect');=0A= } else {=0A= document.write('');=0A= google_write_tracker('noiframe');=0A= document.write('');=0A= }=0A= }=0A= =0A= w.google_ad_frameborder =3D null;=0A= w.google_ad_format =3D null;=0A= w.google_page_url =3D null;=0A= w.google_language =3D null;=0A= w.google_gl =3D null;=0A= w.google_country =3D null;=0A= w.google_region =3D null;=0A= w.google_city =3D null;=0A= w.google_hints =3D null;=0A= w.google_safe =3D null;=0A= w.google_encoding =3D null;=0A= w.google_ad_output =3D null;=0A= w.google_max_num_ads =3D null;=0A= w.google_ad_channel =3D null;=0A= w.google_contents =3D null;=0A= w.google_alternate_ad_url =3D null;=0A= w.google_alternate_color =3D null;=0A= w.google_color_bg =3D null;=0A= w.google_color_text =3D null;=0A= w.google_color_link =3D null;=0A= w.google_color_url =3D null;=0A= w.google_color_border =3D null;=0A= w.google_color_line =3D null;=0A= w.google_adtest =3D null;=0A= w.google_kw_type =3D null;=0A= w.google_kw =3D null;=0A= w.google_num_radlinks =3D null;=0A= w.google_max_radlink_len =3D null;=0A= w.google_rl_filtering =3D null;=0A= w.google_rl_mode =3D null;=0A= w.google_rt =3D null;=0A= w.google_ad_type =3D null;=0A= w.google_image_size =3D null;=0A= w.google_feedback =3D null;=0A= w.google_skip =3D null;=0A= w.google_page_location =3D null;=0A= w.google_referrer_url =3D null;=0A= w.google_ad_region =3D null;=0A= }=0A= =0A= function google_error_handler(message, url, line) {=0A= google_show_ad();=0A= return true;=0A= }=0A= =0A= window.onerror =3D google_error_handler;=0A= =0A= if (window.google_ad_frameborder =3D=3D null) {=0A= google_ad_frameborder =3D 0;=0A= }=0A= =0A= if (window.google_ad_output =3D=3D null) {=0A= google_ad_output =3D 'html';=0A= }=0A= =0A= if (window.google_ad_format =3D=3D null && window.google_ad_output = =3D=3D 'html') {=0A= google_ad_format =3D google_ad_width + 'x' + google_ad_height;=0A= }=0A= =0A= if (window.google_page_url =3D=3D null) {=0A= google_page_url =3D document.referrer;=0A= if (window.top.location =3D=3D document.location) {=0A= google_page_url =3D document.location;=0A= google_last_modified_time =3D Date.parse(document.lastModified) / = 1000;=0A= google_referrer_url =3D document.referrer;=0A= }=0A= } else {=0A= google_page_location =3D document.referrer;=0A= if (window.top.location =3D=3D document.location) {=0A= google_page_location =3D document.location;=0A= }=0A= }=0A= =0A= google_show_ad();=0A= =0A= =0A= ------=_NextPart_000_0026_01C52039.181AA030--