welo

If going for a power extension with surge protection I'd check the following:

• Does any on/off switch cut both phases/lines or only one. Dump it if only one is cut.
  
• Do they actually connect the grounding wire to each separate outlet? You will find all kind of weird setups, the most common one is providing outlets with 3 pins but connecting the extension only with 2 pins to the wall outlet. However, even if both outlets and plug have 3 pins I would check that the line actually is connected
  

Of course you might not require either of those (e.g. if you not have grounding in your house), but my assumption is that if you find an extension in Thailand that fulfills these criteria then the company knows what it is doing and the extension should be of good overall quality. Well, maybe that's just my logic.

welo

Might be a TOT problem. I have TOT 2MBit and Skype call quality is usually disappointing even during times when the line is performing well for other services (web browsing, torrents, etc).

Whereas the 3BB 4MBit Indy package at a friend's place in Samut Prakan makes Skype crystal clear!

Possible reasons:

• TOT seems to shape bandwidth by connection (above all international line speed). This is why I can get full 2MBit for downloads and torrents (using multiple connections). Skype however uses only one connection if I'm not mistaken.
  
• P2P voice services rely less on absolute bandwidth but on other line quality parameters (response time, packet loss, jitter). Somebody posted a performance and line quality benchmark here in the forums before that would take all parameters into account. My TOT connection always performed bad on this test.
  
• Since voice services require bidirectional communication (down- and upload) the upload is probably the weak link, since it is limited to 512kbps even with bigger packages. Of course TOT never provides even this nominal speed internationally.
  
• Another observation that really puzzled me: The combination TOT/Skype even gave me troubles when calling to Bangkok, so TOT has a problem even at local or national level. Gee! Not sure if TOT just lacks bandwidth (globally) compared to other providers, or doesn't have sophisticated routing software in place that could prioritize VOIP traffic.
  

welo

The topic came up in two other threads and caught my interest. Didn't want to hijack those other threads so I start a new topic...

take a look at the

DEEP FREEZE, SHADOW DEFENDER, RENTURNIL, SHADOW USER

group of softwares. these let you run in virtual/shadow mode. as you browse nothing is written to the real drive, the changes only take place on the shadow/virtual drive which evaporate on reboot & your real disk remains in its original virginal state.

Virtualization and Sandboxing is powerful stuff and will become even more popular (and easy to use in the future). I see 4 different types of 'sandboxing' with different levels of isolation (separating virtualized components from the 'real' system.)

1. virtual machines - vmware, virtualbox, VirtualPC, etc
   
2. shadowing (based on disk virtualization/cloning AFAIK) - Returnil, Deep Freeze, TrueImage etc
   
3. sandboxing (of a process) - Sandboxie, GeSWall, etc
   
4. rollback software - Rollback Rx, Windows System Restore, ..
   
5. restrict permissions (for a process) - DropMyRights, PSExec, etc...
   

4. and 5. are more 'classic' techniques, one might argue they don't even fit into the category virtualization/sandboxing.

I can think of use-cases where each solution would make sense. Looking at 1-3, I personally favor 1. and 3. since your computer remains available for 'standard' use without worrying too much about data getting lost due to rollback. However, virtual machines do have limitations when it comes to 3D and performance.

For securing your web browsing I guess sandboxing should be enough in most cases (on a proper OS even 5. should be enough )

Does anybody use shadowing services on a regular basis - and if, for what use-cases?

welo

EDIT: Well, just noticed that my post was pretty OT and therefore removed it.

And don't use NOD32 !

First time in many years it has let me down, they all have idiosyncrasies can you tell me what the 'PERFECT' solution is?

No antivirus solution offers 100% protection against zero-day malware. Definition based scanners don't work since even the best lab cannot provide immediate updates. Heuristic and behavioral scanners can detect unknown malware but still nowhere close to 100%.

Currently I am testing ThreatFire (behavioral protection, highest level) and Avira (heuristics set to highest level) and during my tests a newly published malware still got through. And ThreatFire is causing all kind of annoyances at this level (slow downs and even crashing some apps).

Personally I think NOD32 is hyped in Thailand, but serious reviews always rank it among the TOP10 antivirus solutions, so it is surely a good enough product.

welo

The malicious code is definitely 'active' now. Download URL changed to

**removed**

Do NOT browse that URL if you don't know what you are doing.

The URL redirects to a PDF (inline) download which probably tries to exploit a vulnerability in Acrobat Reader reported a couple of days ago. Well, I'm using Foxit Reader for this and other reasons..

The script definitely works - on my virtual machine a Foxit Reader process fired up, might try with IE and Acrobat and see what Santa brings

Flow, fix your website ASAP before Google blacklists your site - once blacklisted it might take a couple of days or more to have it unlisted (of course they will do only AFTER your server has been secured and cleaned)

welo

Recently it has become increasingly popular for hackers to write virus' which send out your FTP passwords (if you have save them on your computer in your FTP client).

Glad you brought that up, I was too lazy to mention this possibility.

However, I agree with most posts that the OP should obviously get some professional help. We just offer some background information so Flow can check whether his webadmin is skilled enough to handle this problem or find another person who is.

Bringing a server running outdated software up2date can be a lengthy process, since it might bring up incompatibilities between software packages etc.

This morning my PC was attacked by a variant of the ‘Kryptik’ Troj

How exactly did you got infected? Did you run any executable?

welo

No, the site is still 'infected'!!

However, your website is NOT hosting the malware but has been hacked to include (HTML/JS) code to download malware from an Indian server. The Indian server is still online but is currently not serving the download (server returns 'not found'). At least this was the behavior when I followed the download URL. (I don't know about common strategies implemented by malware like this, it might as well only respond to certain browsers or start 'attacking' at a later time).

This is the URL that is triggered in the background (but does not respond...)

http:// aebahdohpejuoghi.in:3126/download/index.php

The HTML code you've posted has been generated by Kaspersky running on your local PC. Other visitors will still see your website if their antivirus software doesn't offer a web shield or does not detect the infection. At the moment I see no visible sign of the infection on the website, and no download will be triggered since the referred website returns 'not found' (well, read my disclaimer above).

Of course you should fix your server ASAP.

If your webmaster removes the infected code and the infection/hack keeps coming back, then I assume that

• the server has been hacked and the process is automated by some script that still runs on the server
  
• and/or the vulnerability (security hole) that was used to infect the server in the first place is still 'open' (not patched) so the server gets reinfected from the outside again and again.
  

In any case your webmaster (or any other professional) should fix the server that is hosting the website. Which means installing latest software updates to fix security holes, clean the infection itself thoroughly and change all passwords etc that might have been compromised.

welo

BTW I think I didn't post this here yet, in case you have any doubts where Microsoft makes its money, look at this graph:

Interesting. Always thought Office was the cash cow and Windows profits eaten by development costs. But 'profits by division' should indicate net profit, right? So Windows is actually doing a lot better than I thought. I assume the 'Windows' category include all tools shipped with Windows such as IE, Mail, Movie Maker, etc

latest version of the DivX

It might help if you name the product you are using. There is plenty of software related to divx. Maybe somebody knows the one you are using and can instruct you. Or somebody can suggest a better alternative that is easier to use.

welo

Go buy a real anti virus program, its cheap as well, dont need to be a cheap charlie when it comes to PC,, ohhh maybe you guys like to get a virus now and again

All the programs I've listed are 'real'.

Those are free versions of commercial software products that are identical to their 'paid' versions in their core functionality, detecting malware. The main difference is that the paid versions contain a real-time shield/guard, which is of no real use in case of an already infected PC.

Of course not everything in life is free, and developing and maintaining an antivirus product requires serious efforts and therefore funding. However, some companies give away their product for home (non-commercial) use for free in order to promote their product or for other reasons.

Avira Antivirus Free might not be THE best antivirus, but this title probably changes on a weely bases anyway (if there were a reliable way to determine a winner in the first place), but it's definitely one of the best.

Malwarebytes has definitely one of the best anti-malware databases and is regularly recommended for malware removal. It is even (unofficially) recommended/used by Symantec (Norton) Tech Support.

Kaspersky has excellent reputation for years, and offers a rescue CD and a removal tool for free which uses again the same scan engine as their paid version, but offers no real-time guard.

Hitman Pro is a cloud-based virus scanner which is only targeted at malware removal, not at prevention/protection. The company names the product a '2nd opinion' scanner. It uses a completely new approach to scan a PC fast and efficiently and uploads suspicious files to a computer network (cloud) where the file is scanned by 5 major antivirus engines. It offers a 30-day trial period which is sufficient to clean an infected PC.

However, I do recommend to secure your Windows PC by

• keeping your Windows OS up2date
  
• staying away from pirated software and malicous websites; using a web browser other than IE, install WOT addon, using caution with any kind of download
  
• disabling the autorun feature for all drives
  
• turn on Windows Firewall (or use another personal firewall)***
  
• installing a good pro-active antivirus tool (paid or free)**
  
• running a second on-demand malware scanner once or twice a month (free online scanner, or free desktop versions, or paid)
  
• (backup your data regularly to DVD or 2nd/external HDD in multiple versions)
  

**I recommend against the use of AVG since detection rates have deteriorated over the last years.

***this is especially true if you have a laptop with wireless and might connect to different networks than your own

welo

Thanks for the movie tip. Just watched it the other day and it's worth seeing if you can relate to the Apple/MS rivalry or the history of the modern PC.

Not sure how came off better, Bill or Steve?

Daredevil you!!

Recently, my primary and secondary DNS have been changed. Funny thing is that my secondary DNS has 4 digits number instead of 10...please see attachment.

Has my DNS been modified by some malware?

The second entry (8.8.8.8) is a public Google DNS server.

IPv4 addresses consist of four 8-bit numbers, that means each number is between 0-255. Therefore 8.8.8.8 is a valid IP address.

The first entry is a server in the TOT network, but I think the IP address is incomplete on the screenshot, right? (203.113.7.1__).

Assuming the address is 203.113.7.130, this would be a valid TOT DNS server.

dns1.totbb.net 208.67.222.222

dns2.totbb.net 203.113.7.130

So I'd say your DNS settings don't have anything to do with malware. From my experience malware would change the DNS settings on your PC (in the network adapter's properties) and NOT on your router.

If you changed your router's default password to something else (which is STRONGLY recommended) it would be near to impossible for malware to change those settings on the router.

I wouldn't worry too much about malware changing the DNS settings unless you notice strange browser behavior (like being redirected to fake websites). Furthermore TOT DNS servers are well-known for causing unstable browsing behavior. This is why you will often read the advise to change your DNS server settings to something else (openDNS, Google DNS, dnsAdvantage, ...).

Are you sure you didn't change those settings yourself after reading here about it? Maybe somebody else did for you?

There is actually 2 ways for your router to determine DNS server settings. Default setting is that those are retrieved automatically from the provider (TOT) - same as the router's public IP address. You can manually override those default settings in the router's configuration interface. If you change to the details or settings page on your Thomson Speedtouch you should see which option is activated. I would be surprised if TOT assigns the Google DNS by default...

There is 2 basic steps to secure your router:

• change the default passwords for all user with admin privileges (default password for TOT modems is admin/tot)
  
• change wireless security mode to WPA or WPA2 (-PSK)
  

welo

You can run the following command from the command line to get some basic info on any IP address:

 C:\Users\welo>nslookup 8.8.8.8
Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:	google-public-dns-a.google.com
Address:  8.8.8.8

Get TOT's DNS server adresses...

 C:\Users\welo>nslookup dns1.totbb.net
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:	dns1.totbb.net
Address:  203.113.5.130


C:\Users\welo>nslookup dns2.totbb.net
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:	dns2.totbb.net
Address:  203.113.7.130

I'm glad it worked!

Now that your system is bascially cleaned and functional again, I recommend doing yet another full scan with Malwarebytes (after running its update feature) to make sure you clean out all remains of the infection (trojans usually download more malware after a successful infection).

Malwarebytes has a huge database of malware definitions and might very well catch a view things that Hitman left over.

welo

The reason I think AJAX is blown out of proportion is that the word AJAX was invented about two years after I wrote my first application with HttpXMLRequest which was released I think 2002 in the Gecko engine. MS and Mozilla had done some development earlier than that. So when I first read about AJAX, I thought it was so yesterday... Just a new word for something everybody was already doing. [..]

I can see your point and you're surely right about the term AJAX being introduced long after HttpXMLRequest appeared.

However, AJAX is much more than just the HttpXMLRequest, it is a term for a group of different technologies that allowed/enforced a paradigm shift in the concept of building dynamic websites and web applications. AJAX is actually a pretty fuzzy term and definitely not (only) technical - wikipedia writes that quote "the term 'Ajax' was coined in 2005 when Jesse James Garrett realized the need for a shorthand term to represent the suite of technologies he was proposing to a client."

I guess this is where your disliking for that term originates, and this is understandable. AJAX is definitely a term created to describe a whole bunch of things that already existed for quite some time before. Furthermore, it is not really a technology (e.g. a clearly defined protocol, API, etc) whereas the wording it stands for ('asynchronous Javascript and XML') kind of implies a standard or something. Well, it even goes so far as XML is not the preferred choice of encapsulating data anymore (but JSON is).

However, the main argument FOR using a term like AJAX IMHO is that it simplifies things and describes a concept that didn't have a name before and otherwise couldn't be described in less than 3 words.

And our discussion made me realize one interesting aspect about the 'history' of AJAX (and web development). Everything (meaning concepts, technologies, and actual real world code) was there for quite some time, but it was not until Google put on a major show case of AJAX in first Google Mail (2004) and then Google Maps (2005) that the whole IT community (including the decision makers) knew at once that AJAX (which didn't have a name yet) is not just some gimmick or toy but a serious technology ready for business. Sure there were others before (I remember being really impressed by Oddpost's commercial web UI framework - who were bought by Yahoo btw ) but Google was just so much bigger.

The two wikipedia articles on Ajax and Rich Internet Applications (RIA) are a good (brief) read on that topic, as well is the article 'a brief history of ajax'. To be honest I had to lookup a view things since I outsourced large parts of my memory to the internet a couple of years ago

welo

Safe Mode is always worth a try. However, the more nasty viruses manage to be loaded even in Safe Mode. Others even crash the system when trying to boot into Safe Mode.

If you want to download stuff you have to choose SafeMode with networking.

Other options:

• use a different browser to download from URLs that have been blocked by the virus. Use a different search engine (other than Google) if the seach results are being redirected, e.g. Yahoo.com. Check your DNS settings and see if they have been modified by the malware. Depending on the technique used by the malware this might or might not work.
  
• try downloading directly from a download website such as softpedia.com, filehippo.com, download.com, etc. Those host the download files on their own servers.
  
• If the malware blocks the update process try a product that allows 'offline udpates'. That is downloading the update as a standalone package and then using the manual update feature within the program to update. Avira supports this (both software installer and virus definition update available from softpedia.com). Malwarebytes provides an update installer, too, but for me this never worked and generated an error in the application.
  However, if you re-download certain malware and antivirus products those will contain not only the most recent product version, but often virus definition updates that are only a couple of days or weeks old. Better than nothing.
  Use a different PC to download the required files, write them to CD or USB thumb drive to transfer to your PC.
  
• Boot from a bootable rescue CD. This comes with its own operating system and guarantees that the virus on you PC cannot be loaded. I recommend Kaspersky Rescue CD (search on softpedia.com). The program will update itself, but requires a cable connection to your router/modem, wireless is not supported. It's worth a try even without running an update.
  

I'd recommend to

1. Try downloading Malwarebytes from one of the mentioned download sites and see if it updates. Run a full scan with or without a successful update.
   
2. If step 1 didn't work, try downloading Hitman Pro from softpedia.com. This program is not that popular (yet) and might not be blocked by the malware. Hitman Pro will use 5 different scan engines to scan your PC. However, this one will not work at all without an internet connection.
   
3. If neither 1. nor 2. brought any significant improvement, use Kaspersky rescue CD. It's not that hard to download the ISO file and write to CD, then just restart your computer and it will boot the rescue system.
   

Links

Malwarebytes Installer | Updater

Avira Antivirus Installer | Offline Update (daily updated)

Hitman Pro Installer

Kaspersky Rescue CD CD Image

welo

To WELO:

Did run msconfig through virustotal and it found 6 bugs (Trojan.Patched).

You probably mean that 6 virus engines reported that this file is infected. 6 is not a high number, I think virustotal checks against 24 engines in total. If there is more than 2 major vendors (like Kaspersky, ESET, Norton, etc) I'd vote for a true infection.

The msconfig on this PC is very old (2005) and located in the system32 folder. All other PCs have it in Service Pack Files/i386 folder (version 2008), no msconfig in the system32 folder of any other PC.

Checked on my WinXP SP3 virtual machine and found msconfig.exe in C:\WINDOWS\pchealth\helpctr\binaries and in C:\Windows\System32\dllcache. There shouldn't be a copy in C:\Windows\System32 directly.

Sometimes malware copies infected executables to the system32 folder and assign a name that is similiar or the same as common windows programs. system32 is one of the standard locations that is searched if you run commands or programs without the complete path. This might explain why you got the virus message when running from command line but not when executing the file from the run menu (WIN-R). Wait... checking....

Bingo! Just tested in my XP virtual machine, the behavior/order of searched folders differs between running a command from WIN-R and running it from the command line. Well, I certainly didn't know that.

(You don't believe me? Just copy and then rename e.g. calc.exe in your system32 folder to msconfig.exe. If you run msconfig from WIN-R the real msonfig will popup. Running 'msconfig' from the command line will bring up the calculator...)

Now all is working okay as far as msconfig is concerned.

Long story short: I definitely think that this msconfig copy (if located in the system32 folder) was a true infection. (see above)

Yes Boclean is no longer supported (last update Sep.'09), should probably get rid of it.

Get Avira free and run Malwarebytes 1-2 times a month.

I'm now quite sure that I do not have a bug.

If you don't do any sensitive tasks on this PC (online banking and such) you could let it go. Otherwise I would check with Kaspersky (see my previous post), it's not really hard to run.

But the log-in issue on only this PC persits in IE6.

Get rid of IE6! Really, no excuses, this thing is ancient history (released in 2001!). To be fair IE6 is (and for some time more) will still be supported by MS, but IE6 has some serious security flaws, e.g. being closely coupled with the explorer shell process and making activeX a security nightmare. Btw any IE version has to be updated regularly (Windows Update) anything else is a crime.

To bendejo:

I have no intention to go with FF. My son has it and has nothing but problems, probably related to his games which don't support FF. As for us we have to stick with IE since we have to frequently upload data to Thai government websites which only support IE.

I guess I'll have to dump IE6 on the problem PC and install IE7.

IE6. Get rid of it! Get rid of it!

In any case we still have chrome which works OK (except with some Thai government websites!).

From a security point of view any other browser is better than IE. Not necessarily because it's better - IE is just the number 1 target browser out there because most people use it.

My main concern was that the PC cought a bug but this appears not to be the case now.

Sure sure?

opalhort

You don't need to be terribly advanced to catch this update before it loads onto your computer - if that is what you wish to do. It is just a case of changing the setting in Windows update to "download, but don't install".

The KB number of the relevant update has already been announced on other forums/blogs as KB971033.

Well, I guess most of those people I was referring to will not hear about or notice the update until AFTER their system has been updated. Thanks to Thai common practice their automatic update feature will be turned off anyway (yikes!), so no problem here (at least not of this kind )

welo

When I use RUN and msconfig -> no problem.

If I use RUN cmd and then msconfig in the DOS window msconfig pops up for a few second and then I get this

That's weird. Honestly, I understand too little about how BOClean and this trojan works to decide whether this points towards a false alarm or an infection.

Some thoughts after reading more on BOClean:

• BOClean is a signature/definition based scanner, not a behavioral scanner AFAIK. Meaning if msconfig.exe would give a false alarm it should have been fixed already. -> pointing towards a TRUE INFECTION, however...
  
• Hasn't BOClean been discontinued? I've read that they have rewritten the Malware module completely and it's part of Commodo Internet Security now. Updates for BOClean standalone have been discontinued last year... -> pointing towards FALSE POSITIVE
  

I recommend:

• Upload msconfig.exe to virustotal.com. This will scan the executable with all major antivirus scanners available.
  
• Download Hitman Pro. This is a very fast cloud based scanner (buzz alert!) that will upload suspicious files to a 'cloud' of computers that eventually scans the file against 5 major antivirus scanners.
  
• Download Kaspersky's rescue CD, write it to a CD and boot from it.
  

Notes:

If Malwarebytes didn't pick up anything chances are high that is is a false positive. However, in case of a rootkit infection all scanners running under the infected OS will have a very hard time detecting anything, both Option 1 + 2 (virustotal and hitman) fight a hopeless battle.

A rescue CD accessing the harddrive with its own (uninfected) drivers should be able to detect the infection. There are special rootkit scanners out there, however, I'm lacking personal experience to recommend if they do a better job than a rescue CD.

welo

You can get the Cambodian eVisa to squeeze out some more trips on your 4 pages. This will avoid the full page sticker for the Cambodian visa, basically you'll just show the eVisa printout (like an eTicket) and get only the exit and entry stamps (2x Thai, 2x Cambodia). Disclaimer: some people are not comfortable obtaining the eVisa since it requires a credit card. I use it all the time and didn't have any fraudulent withdrawals (so far )

Check out the forums for details on the eVisa.

welo

To the OP:

Sounds like typical requirements for a dynamic (database-driven) web application. Which way to go and what technologies to use will depend mostly on the 'features' (amount of automatism) you require and the effort (time and/or money) you want to put into the project.

If you have no experience with database-driven web development I do not recommend creating a solution from scratch (no matter which technology).

I'll try to give you a very brief overview of how web development changed over the years:

Starting with static HTML pages that resided as individual files on a web server those were later enriched with Javascript to allow some dynamic behavior on the client side. This part you probably know very well.

Then 'dynamic pages' came up where the content of the page was 'personalized' according to user input (form input or triggering actions by clicking certain links). This started off pretty basic with all information collected on a single form page and transferred to a special program running on the webserver (CGI) in a single request. The program would then do something (e.g. send an email, or query a data in a database on the server) and return a dynamically generated web page containing a message that the email has been successfully sent or the search result from the database as formatted HTML.

This limitation was overcome by session management (based on Cookies or URL rewriting) where multiple independent requests from the user where related to a single context/session, allowing to gather information over a series of web pages.

As server-side technologies evolved (competing technologies were Java, ASP, PHP) and the client side got kind of stuck due to MS winning the browser war leading to stagnation on the field of web browser development the focus shifted to the server-side. Most of the dynamic aspect was done on the server-side and doing client-side programming even became kind of 'bad' (as it was error prone and there were hardly any adequate tools to debug and maintain the code).

Websites grew to pretty complex processes such as online shops and online email applications, all still based on sending a request to the server which would then deliver the whole new page back to the browser, even if just parts of it have changed. The increase in line speed (broadband internet) and CPU power (both server for processing and client for rendering) supported this development.

However, the client-side grew stronger again with the upcoming and evolving of Flash and Javascript. The latter thanks to Firefox bringing fierce competition to IE and MS waking up (well, finally it occurred to them that internet was the 'future' and money to be made/lost). First those client-side technologies were hardly connected to the server-side (Flash started of as a simple plugin for graphical animations) but then developers came up with solutions how to access the personalized data stored on the server and finally AJAX combined with improved Javascript support (speed, tools, etc) brought the big breakthrough. The client-side programming got revived and as frameworks evolved and became more mature it was now possible to develop appliations with complex user interface (UI) logic that run within the browser and communicate with the server in the background, all based on Javascript, HTML and CSS. Flash is one competing technology that provides a complete framework for web browser based Rich Clients (google Flex). Of course it can still be used for graphical animations and stuff inside classical HTML based websites, (and is the number one solution to offer video support as we all know).

The confusing about the web development landscape nowadays is that modern application-like web based software co-exists with more traditional web-sites, and many solutions that are neither one nor the other. Just think about Facebook & Co, Flickr, Message Boards, Youtube etc. Many of those use a combination of page-centric architecture and Rich-Client technologies (AJAX, Flash).

Looking at your requirements I would tag your project still very 'traditional' since the focus seems to be on the content and the only non-content related features you need are a membership based user access control and some means of communication.

If you can limit your requirements to fit into the scope of a CMS then this would be a good way to go. However, be warned that a CMS usually can be customized only to a certain point, if your requirements go to far you might actually spend more time trying to get the software doing what you want than it originally saved you. The same applies to osCommerce and other eCommerce solutions. However, from what you mentioned so far a CMS seems suitable.

If you absolutely want to do it on your own, you can of course always keep it downright simple. Create rather static info pages around your products, use email (or email forms) for communication and setup a simple access control system linked to a user database where you manage your membership fees. Just be sure to hire a skilled web designer (if you are not one yourself) to give it a professional look.

If the project takes off you can invest more effort into a more automated (dynamic) system.

Some questions/ideas so you can get an idea about the difficult choice between what is POSSIBLE and what is NEEDED.

User Access Control

• Automated subscription process for a time-limited trial period (maybe limiting access to only parts of the products, parts of the information per product, etc)
  
• Automated payment process (credit-card)
  
• Automated payment reminder before end of membership
  
• Different payment/subscription models or classes of membership
  
• Combine with newsletter system to inform members and/or gain new memberships
  

Product Information

• What information is provided? Textual, Images, Videos, Data Sheets, File Downloads...
  
• Amount of products? Do you need Categories, Keywords, Product Search
  
• Who updates the information? Web developer vs. Company employees themselves.
  
• Promote products on start page ('Product of the month')
  

Communication Facililities

• Generate FAQ per product based on questions asked
  
• Communication 'inside' or 'outside' the system?
  
• 'Anonymous' communication without disclosure of company or customer details
  
• Live Chat System
  

Sorry if my answer is a bit over-the-top. I am curretnly in the process of getting back into that stuff, too, so your thread was a good opportunity for exercising my brain. Thanks for that

welo

The talk about Ajax is kind of annoying, blown out of proportion, it is really nothing fancy at all. Ajax is just a technique where you from a JavaScript make a request to the server and you let the JavaScript take care of the response. You can then use the contents of the response for anything, but the normal way is to to update an existing tag with new content. The rest of the page is unaffected of this. It has been abound since ages and I used it 2003 first time to display changes in the status of machine in a production line. For me it is just another thing you can do with JavaScript and I don't understand why it deserves a name... I use it for man machine interfaces in the industry...

Having said that, you should use it if you need to update parts of you page.

It is/was revolutionary since it allows to implement web-based applications that behave similar to a desktop UI (so called 'Rich Clients'). When just looking at traditional websites you will not see the full potential of Ajax, go checkout Google Documents and similar apps to understand why there is/was that much buzz around it. The concept of AJAX might be simple, but it fundamentally changed the way web applications (note: not web-sites) were built.

ExtJS is a well-known UI framework based on DHTML and AJAX, check out the samples page to get an idea what I'm talking about.

welo

I suggest doing a test run of 10 tests alternating between Chrome and Firefox, then calculate the average for each browser and compare again.

Of course each test must be finished before starting the next one.

I would be surprised if the result will still show a clear advantage for one browser, but I might be wrong...

welo