Tag Archives: anti-virus software

Security woes at work

I got flagged for having failed an automated security scan at work. I explained that the scanner program was wrong, and that I was running anti-virus software. The next month I got flagged again, explained again. This time they said the problem was that I wasn’t running the exact version on the internal download site.

I said yes, of course I wasn’t. The version on the download site was over three years old, and caused Windows 2000 instability resulting in BSODs. So I’d purchased a supported version, legally, and installed that. I pointed out that the security standards didn’t require that I run an outdated version; they just required that I run a version with up-to-date virus definitions.

I was told I would continue to show up as a security hazard, because they had no intention of fixing the scanner software. At this point, I said “Fuck it” and wiped Windows off the hard drive entirely, replacing it with Linux. I replied telling them what I’d done and asked them to remove me from their junk mail list and stop bothering me.

On the plus side, I am now 100% Microsoft free, both at home and at work.

I also got a new ThinkPad. Or rather, a less old ThinkPad. All previous attempts to get an upgrade had been refused but the auditors are coming in a week or two, and my 600X was out of warranty and would have been flagged as a problem, so basically the local Mordac was embarrassed into having to find me a replacement. So I now have a T23 with 768MiB of RAM, which is a major improvement. I’ll be giving back the 600X as soon as I take out my own RAM which I had to buy because Mordac wouldn’t give me any more than the 128MiB it came with.

The T23 definitely isn’t as sturdy as a 600, and the keyboard is a bit crap, but it’s a lot faster. It might even be fast enough to make GNOME usable, not that I’m going to try. (I read that Havoc Pennington might be pushing to move GNOME over to .NET, which strikes me as an excellent idea—it would keep the developers busy for ages while simultaneously dooming GNOME.)

.mac FAQ

Q: Will the new for-pay .mac service be more reliable?
A: No.

Q: Will there be a phone number to call for technical support?
A: No.

Q: Will there be an e-mail address to report outages?
A: No.

Q: Will there, in fact, be any support at all?
A: No.

Q: Will the 100MB of storage come with an increased bandwidth limit for web sites?
A: No.

Q: Will you be telling us what the bandwidth limits are?
A: No.

Q: Will you support CGI, servlets, JSP, or anything else beyond static HTML files?
A: No.

Q: Will I be able to get access to my web logs?
A: No.

Q: What about backup—our files are safe if we back them up to iDisk, right?
A: No. Apple does not guarantee the integrity of any files on iDisk, even if placed there by the Apple Backup software.

Q: Well, we can at least use the Backup software to back up our computers to CD-R, right?
A: No, not if you have any files bigger than 650MB.

Q: What about using my external tape drive, DVD drive or Firewire hard drive?
A: No, Backup only works with Apple-supplied internal drives. And only if you’re a .mac member.

Q: So the backup software doesn’t back up from my local hard disk to my local CD burner, unless I have a .Mac membership and an active net connection?
A: Correct.

Q: OK. The service also includes anti-virus software. Are there any Mac OS X viruses at all?
A: No.

Q: If I don’t use Microsoft Office, do I need to worry about macro viruses?
A: No.

Q: Umm… OK. So how much for this invaluable service?
A: $99 a year. Plus tax. In advance.

Q: Can I get two accounts, for me and my wife?
A: Sure, that’ll be $198 plus tax. In advance.

Q: No, I mean can I get a second account cheap if I buy one?
A: Oh, alright then, quit whining. You can get a second account for $10 a year if you buy one full account.

Q: And it’ll have the backup, anti-virus, and web functionality?
A: No, only an e-mail address.

Q: Ah… but at least it’ll be a full e-mail account, right?
A: No, you’ll only get 5MB of space. But that’s nearly enough to hold five days’ spam.

Q: Is there a satisfaction guarantee?
A: Yes. Apple reserves the right to terminate your access to the online services and the software, without cause, without notice and without refunding your money, if it’s not satisfied with your behavior.

Q: What kinds of things am I not allowed to post on my web site?
A: Anything “lewd” or “vulgar”, anything “embarrassing” to anyone, or anything that counts as advertising for any product or service.

Q: So you want $99 a year for an e-mail address, useless backup software, anti-virus software I could buy for $50, and web space limited to inoffensive pictures of fluffy kittens? $99 even if I only want to keep the lifetime e-mail address that you previously said was free?
A: Yes. Pay up now, in three weeks we’ll delete your files and bounce your mail.

Q: I have one more question… What exactly are you smoking out there in Cupertino?
A: I think it’s crack.

MacWorld

Well, what a freakin’ disappointment that was.

I joked a while back that since Apple couldn’t shift enough of the current iMac because of the pricey screens, they would probably introduce a new Cinema Display iMac, priced hundreds of dollars higher.

Unfortunately, they did, and it looks kinda ungainly. And that’s it for new hardware, except for a 20GB iPod.

Sure, some of the features in the next OS X release look cool, but we already knew about those. Yes, it’s nice that they’re shipping it ahead of schedule (in 5 weeks), but I do hope they’re not really going to ask everyone to pay full price for the upgrade.

It seems clear that Apple isn’t interested in the handheld market. iPod is now going to let you browse your calendar, but there’s no data input and the screen’s still tiny. The only PDA option is Palm, which hasn’t improved noticably in the last 5 years and doesn’t seem about to either.

There was also a load of wank about how you’d be able to send postage-stamp-sized digital photos and calendar summaries to your mobile phone via GPRS or Bluetooth. Yeah, great. When the Cingular guy said that they hadn’t found a compelling killer app for GPRS, but that maybe this was it, you could hear the desperation in his voice.

Oh, iTools is getting revamped as .mac. It’s going to give you 100MB of storage, anti-virus software, backup software, and a web-accessible shared calendar. The downside is it’s going to be $100 a year. I want to know how much bandwidth I get before I shell out cash for iTools; right now sites get shut down if they get a few hundred hits.

Don’t trust Microsoft—no, really

Well, the inevitable has happened: some hackers have managed to get hold of a valid Microsoft security certificate. This will let them sign their virus or trojan horse programs, and Windows will believe that the code was written by Microsoft and run it without warning. The signed malicious code could be sent by e-mail or embedded in any web page as an ActiveX control.

The article suggests that users just need to check the signature date and refuse to run the ActiveX control if it’s the wrong date—but that’s not true. The default options in Windows are to trust all Microsoft-signed code unconditionally, so the 99% of users out there who haven’t messed with their security settings in depth will never even see a dialog. This blows a massive hole through the security of almost all Windows systems. Anti-virus software won’t help either. The only form of protection is to turn off ActiveX, and don’t use e-mail software that runs ActiveX components sent in HTML e-mail.

Hopefully this will once and for all end the war of words between the Java approach to security (which works) and the COM/ActiveX approach (which doesn’t).