Forgot your password?
typodupeerror
User Journal

Journal: AV is Dead

Journal by Deathlizard

First, let me start off with the Notion that All Antivirus sucks. Regardless of the brand, or the Reputation, If you gave me an hour or less and a windows PC with any Antivirus app on the market on it, pay or free, I will give you an infected box. So why does this happen?

1) Hot, Fresh, Just for you! This is not just a slogan you see on McDonalds made to order burgers anymore. Today's Virus Obfuscation techniques are so fast and random, that when you activate an payload dropper (whether it be a Flash, Java, Website, Browser exploit or even a Trojan installer) The Payload that you get will only be statistically seen only once. You and only you will get that version of the virus even though it's using a well known virus kit that would be detected if it was not obfuscated. This technique is the reason why no AV firms detect the Fake antivirus variants or FBI Warnings or cryptolockers of the past even though all of the major codebases were detected by most AV Firms.

2) I'm an Necessary App! People need me to change their search engine, hijack their DNS, spy on them, and pop up ads randomly all over the screen and websites! Read the Slashdot Journal link for some insight on how adware gets on people's PC. Let me make something clear here. Adware is a Virus When a customer comes into my shop and has something like Conduit searchprotect, or Wajam on their machine, I tell them that's a virus because it is. They didn't want it, they got it and it's doing things they don't want. Sounds like a virus to me, yet just about every AV Firm ignores these and lets them gleefully install because they're afraid of getting sued by one of these companies so instead they make guidelines to let them slip through. The first AV I find that reliably removes all Adware as well as viruses without me having to manually remove them or fallback to a removal tool (like ADWCleaner, which is now starting to miss stuff as of late) I will sell in my store.

3) In Soviet Russia, Trojan Exploits You! This Journal link has been on my sig for years now, and is the primary reason why AV doesn't work anymore. This week alone I had no less then three of my customers Directly call Fake Support Scammers because their PC / Printer / Camera didn't work, and they called the phone number on the first link (The Ads) they saw when they searched for "(PC / Printer / Camera) Support" and if you're letting the bad guys in to physically touch your own box you're already screwed and no AV on earth is going to save you.

Right now, I'm telling people three things:

1) Install MSE All AV sucks, The only question is how much do you want to pay for something that sucks. MSE is free, at least blocks most of the ultra bad stuff and doesn't pop up ads of any kind so it's what I install.

2) Install Adblock on all browsers I install Adblock Plus on any machine that leaves the store. if you're going to infect yourself chances are an Ad is going to lead you there. Blocking the ads blocks most of the infection vectors off the bat.

3) Don't Download or Install anything. There is no safe place I can direct people to download files without getting some sort of Adware Virus. This is easier to tell users rather than pay attention to what you download. (See #3 to understand) If they protest, go to your PC, go to ask.com with your adware blocker turned off, type in any program you would think they would download (I use VLC Media player. It never fails to show me adware links) and have them pick the download link, when they get it wrong (chances are they will) download the file and send it to virustotal.com. chances are one of the scanners will detect the Adware dropper from the fake site, Then drill it home about not downloading anything.

4) Another alternative OS isn't going to save you This ancient Journal entry Explains why. Coupled with the other two Journal entries it should paint a pretty good picture that at this point in time, the user itself is the greatest threat, and if you read #3 you know you cant (legally) patch stupid. While an alternative OS (like Linux, OSX or even Chrome OS) can minimize exposure, it does not eliminate it and it will get worse as the OS gets more popular. You also still have a user in control and the Computer user laws apply. I've seen viruses for all three above listed OS'es (yes even Chrome OS. There are some nasty Chrome extensions out there and they infect all of you're logged in chrome Browsers)

User Journal

Journal: Customer Service in a Nutshell

Journal by Deathlizard

Imagine Customer Service as the Early Space Program.

You have Astronauts and you have Monkeys.

Astronauts have problem solving skills that can ultimately sink or swim a mission. They hear orders from mission control but can offer suggestions or even take direct action based on spacecraft feedback if necessary for overall success. They're the guys you send to the moon and back to get moon rocks.

Monkeys see a red light on a console initiated from mission control, which corresponds with pressing a red button on the console. If they press the red button when the red light is on, they get a banana. if they press the button when the light is off, or press any other button when not instructed to, they get shocked. This continues with multiple lights corresponding to multiple buttons to get the desired result. In no way does the monkey have any say so in the control of the spacecraft lest he gets shocked.

Most CSR tier 1 centers consists of Monkeys. The keyword to tell is if you hear "I'm sorry" or "Thank you" a lot. They're saying that cause their screen says to say it. Usually a robot like script reading session follows the keywords. the "Shock or Banana" is the Feedback call / Survey you get after calling one of these CSR's. you vote 1 he gets schocked (fired) and if you vote 10 he gets a banana (paycheck)

CSR tier 2's Still have monkeys but a Astronaut may be lurking around somewhere. The Astronaut is going to sound like a normal human being. he may converse with you outside of the issue at hand. he may skip a few steps to get to the actual problem if he feels that he can without causing issues. This is who you dream of as a CSR. A human with real problem solving skills.

Tier 3 Consists of mostly astronauts. Getting here takes some time but it's your best bet to get your issue resolved. Just Remember that you have to go through the Zoo first before you can get to NASA.

User Journal

Journal: An Open Letter to Search Engines and AV Firms

Journal by Deathlizard

Google. You Seriously need to start monitoring and cracking down on Chrome Extensions ASAP. And start paying attention to your damn Google ads! I'm sick of people installing buldleware virii everytime they search for any of the following:

Firefox
Google Chrome (Thats right! They're hijacking your OWN BROWSER'S ADS ON YOUR OWN SEARCH ENGINE!)
Internet Explorer
Windows Media Player
Openoffice/Libreoffice ETC
VLC Media Player
7ZIP
Quicktime/Itunes ETC
ETC. (I can literally go on forever with this list. Just as a rule of thumb, if it's a popular software download, it's most likely been install hijacked by a Virus Inc.)

Anytime anyone uses adwords to get listed on a legitimate app, and it doesn't go to the Legitimate program's website, I want a big red light to start blinking with 150DB Sirens going off with an Evil Sounding voice that says WARNING!! ADWORDS HIJACK DETECTED!! going down somewhere in your security dept so your security team scours their ad submissions in fear of the big red light of screaming Terror going off. And they better damn well ban that entire domain and any subdomains from ALL ADS FOR LIFE! Either Get Tough and declare war on spam and virus pushers or get steamrolled!

The same goes for you too MS. Fix Bing! See what Google is doing? You're doing the exact same thing and need the exact same remidies! Hell! There's malicious apps in the Windows 8 Store! Just open up the store, search for "getdesktopapp" and see the Virus and Adware crap MS's Own Store is infecting people with! I'm sure there's more of these I'm missing but I've seen these guys show back up three times now. Either offer the app through your own store after verifying that the file is clean of garbageware or remove "Get app from Publisher" functionality from your store. It's asking for Virii infections.

And as for Antivirus firms. (And frankly, I don't care who you are. You ALL suck when it comes to this) Wake The F Up! You detect Gator, A 10 year old adware/spyware mess as a virus, but Conduit SearchProtect is totally legitimate and in no way is a threat to computer users even though it does things that are 10 times worse than anything Claria did? BS! Wake Up, Grow a Pair and start doing your damn job and protect users from malicious apps! It's a shame that the only people that detect these things is the people behind ADWCleaner and the Junkware Removal Tool (thanks BTW for making these two tools since noone else detects adware anymore). Adware is a Virus now. Bundleware is a Virus. Start detecting and removing this crap as malware like you should! It's real easy to find out what to detect. If you install a wanted program (like Adobe reader), and it installs Something the person didn't want (like Ask Toolbar, or whatever garbageware of the day adobe gets paid to infect PC's with) It's malicious and should be flagged as such. I don't care if it's got a Checkmark to not install or who the hell is pushing the junkware or who the junkware creator is. the practice is bad and needs to die.

User Journal

Journal: The Fable of the Wolves and the Sheepherders. (or Why DNT Is Stupid)

Journal by Deathlizard

The Do-Not-Track standard is stupid; in fact, it's so stupid that it makes less sense when used in a fable. So...

Once upon a time, there was a group of 4 sheepherders that tended to their sheep in the far far away land of internetia. Farmer Bill, Steve, Larry and Gary tended their flocks and would try to draw more sheep with either better grass, or shelter from the weather, or protection from predators. it got so competitive that sheep from other farms would jump the fences because some farms offered better comforts than others.

One day, a large pack of wolves (Genus: advertis infectus) started eating the sheep. The farmers responded accordingly. Farmer Bill first bought a "Tracking Protection" Caliber Shotgun. Which sometimes killed some wolves but would take about 10-30 shots before it killed them. Farmer Gary built a doghouse in which the sheep hired a German adblockplus and a Dutch noscript to protect them, which worked very well. Farmer Larry also built a doghouse, but was not as nice as Farmer Gary's doghouse. Eventually a German Adblockplus moved in, but it would get sick due to the cold getting into the doghouse and some wolves would get to the sheep. Eventually, Farmer Bill saw how well the sheepdogs worked and finally built a kennel by his own design to attract sheepdogs directly, but it was so badly designed that very few sheepdogs took the opportunity to live in it, and the few that did couldn't do their job well because they were sick all of the time. Farmer Steve didn't seem to do anything worthwhile and the sheep we so enamored by Steve's aura and immaculate looking farm that they didn't seem to care.

The wolves, losing many a comrade to the Sheepdogs, decided they needed to take action. First they asked the grass to stop growing if the sheepdogs protected the sheep that hired the sheepdogs, but the grass didn't stop growing. Finally the Wolves went to the World Carnivore Collection Consortium (W3C) and proposed the following treaty.

The farmers would have a can of Red Paint handy that the Sheep could use to put a Red X on their back. Any Sheep with the red X on their back would not be touched by the wolves. However, according to the rules, the Farmer could not paint the sheep themselves.

Farmer Gary and Steve adopted the practice quickly. Some Astute sheep noticed that the sheep with the Red X never got attacked by wolves and put the Red X on themselves, while other sheep didn't trust the wolves and still hired the sheepdogs. Farmer Larry wasn't too fond of the paint, since he secretly had a wolf as a pet, but eventually he made the red paint available as well as built a better doghouse for the Sheepdogs.

Farmer Bill, on the other hand, saw an opportunity to turn this into a feature that could protect his sheep and draw some sheep from other farms, since so many sheep jumped his fence to go to the nicer pastures of Firefox Ranch and Chrome Acres. But he had to find a way to follow the rules but get as many Sheep to put on the Red X as possible. Then he had the solution. His solution was to ask the sheep if they wanted the default pasture experience. If they wanted the Experience, all they had to do was put a Red X on their back. Eventually all of the sheep in the 10th pasture had a red X on their back.

The wolves noticed all of the Red Xs at the IE Corral and started crying foul. When Farmer Bill said he was following the rules and wouldn't change the policy, they first changed the treaty to not allow farmers to tell the sheep about the red paint, but the damage was already done, So the wolves decided to take a different approach to combat the problem. First they went to the Apache Fertilizer Co. and convinced them to add something to their fertilizer that when ingested by any Sheep in the IE corral, that it would dissolve the red X on their back. Other Wolves, such as the one named 'Yahoo' decided to ignore the Red X on the IE sheep altogether and started attacking the sheep Regardless if they had paint on their back or not.

Some Sheep as well as the other three farmers, start to hate what Farmer Bill did. They start to shout things like "The IE Corral is ruining the treaty!" and "Sheep with a Red X are now at risk!" The other Sheep that hired the Sheepdogs, however, didn't seem to care, because they know that a wolf is a wolf, and when it's hungry it will jump on any sheep Red X or not. They know that the sheepdogs work, and that treaties and words don't.

I guess you can say the moral of this story is, Don't expect Wolf Protection from Wolves

Microsoft

Journal: .NET Firefox Plugin Story Counter.

Journal by Deathlizard

If you had the .NET Framework Assistant plugin for Firefox and wanted to get rid of it, you would have had to get the update from Here or Here, install it, and then uninstall version 1.1, but apparently, Microsoft and Mozilla agreed to blacklist the plugin, then they agreed to unblacklist it, so the above is relavent again.

Why is this in my Journal, you ask? Because it seems like once a month someone from Slashdot posts yet another version of this story complaining how evil the plugin is, So I figured I might was well make this post permament so it saves me from typing and posting this again next month.

BTW, the story count is 6 for the people playing at home. Good luck finding these with Slashdot's search engine, but Google finds all.

Mozilla-Unblocks-Microsofts-NET-Addon
Firefox Disables Microsoft NET Addon
Sneaky Microsoft Add-on Put Firefox Users At Risk
MS Issued a Fix For Its Unwanted FireFox Extension
Microsoft Update Quietly Installs Firefox Extension
Microsoft Update Slips In a Firefox Extension

Security

Journal: Computer User Laws (In Soviet Russia, Trojan Exploits YOU!)

Journal by Deathlizard

There is a set of laws that I like to keep track of for computer support purposes. Here is some of them.

Laws of computer stupidity
1) 99% of computer users do not know what they are doing.
2) Computer users do not read.
3) If a computer user can click on it, they will.
4) You can patch software, but you can't (legally) patch stupid.

Just about every security exploit you've ever seen exploits at least one of these rules. The exception to this is a self propagating worm, such as blaster, since it takes the human element out of the equation.

#1 deals with the populous as a whole. for example, in the US there are roughly 300 million people. that means roughly 3 million computer users know what they are doing. so basically, the population of Iowa has to do tech support for the entire US population. This also applies to smaller populations. such as Businesses, Universities and even developers, although it can vary much wider in smaller populations.

Anyway, considering that rule, you must assume that trying to explain security issues or even computer usage is going to go in one ear and out the other when it comes to most of the populous. This makes it very difficult to stop most of today's malware threats because most virus scanners can't keep up with the sheer number of malicious apps per day. So the best way to handle #1 in the security context is to minimize the infection vector as much as possible and to limit the choices that they can make regarding crucial decisions and make automatic choices when the choice is clear. This is why most AV software today does not include an ignore option and most automatically clean. Which leads me to #2

#2 deals with all users, Even the 1% users. and is caused by habit. People tend to not read anything. You could have a box pop up saying clicking OK in this box will format your hard drives, with an OK or Cancel button, and I would safely bet that you'll be recovering drives for a sizable amount of people.

To handle #2, the best method is to have the user do a captcha of some sort. Many OS'es do this with the administrator password prompt when you try to do an elevated privilage. It's not foolproof but it's better then nothing.

#3 is similar to #2 If presented with a button, a person will click on it. that simple. it doesn't matter what that button does, they will click it. even if they read on the button and it says to format hard drive click here. even if they know that is bad, people will click the button simply because they think the button is lying, that is until their hard drive is gone.

handling #3 can be difficult. like #1, you don't give the user something to click on. you hide or restrict it so that only experienced users that need to use it can. If it's not needed at all, don't even make the button. Although this isn't going to help if the button is designed to be malicious. (Like a malware site) This makes #3 the most exploitable of the rules.

#4 is a new rule added. basically its there for the training crowd that believe that training is all you need to fix the above. That almost never works. people will forget, people will ignore and people will just not care. Handling #4 is to apply yet another rule taught to me by one of my college professors in my user interface design class. the "premise of monkey" rule.

The Premise of Monkey
If you can't train a monkey to use it, you can't train a human to use it.

It basically comes down to simplicity. limit choices to the basic necessity of the programs functionality. The simpler it is, the easier it is to train and the less long term problems you'll have with user error. If you can't fix stupid, make the interface for the stupid to use. I know it's got that idocracy vibe to it, but it works.

Now you're probably wondering how this leads to a system getting infected. For the example, lets say someone gets a pop up that says roughly "0MG! j00 907 7EH V1RuZ!!" Rule #1 applies, so 99% of computer users are going to believe what the popup says when the 1% know it's a malicious site. Rule #2 means they'll not read the message from their real virus scanner saying they're infected because the blinking red "D4n93R!!!" banner and Big Red Pulsating Shield with a Big White X from the malware site is easier to understand than the text message from the virus scanner they've had for the past 5 years. Rule #3 means they'll press the "Cl1Ck h3r3 70 Cl34N. H0n357!" button and then press Run, and then bypass the "This is a malicious File!" Prompt, then Press Allow, and Then Put in their Password, ETC. and Rule #4 means It'll get infected 20 more times after you've formatted the drive 19 times to remove the last 19 rootkits because they keep infecting it the same way over and over and over again.

The Internet

Journal: How your ISP Defines "Unlimited Internet"

Journal by Deathlizard

Before I go any further, let me make it clear that I'm for Bandwidth Management as long as it's Net Neutral. Which means if your going to throttle bandwidth, throttle all bandwidth protocols equally and never block any ports or services (This method is somewhat followed by the Netequalizer packetshaper, which agnosticly targets bandwidth hogging connections and only on peak demand by default). The only level of protocol filtering I would even think of supporting is if an ISP wants to Prioritize their own Network offerings over all other traffic, Such as VOIP. I'm for this just because if there's heavy traffic on my node, I would still like my phone to ring when someone calls. As soon as they start restricting or blocking other VOIP competitors such as Vonage and MagicJack to goad you towards their offerings, I'm done with them.

That being said, Comcast finally announced their new Protocol agnostic filtering service, and while it looks a lot better then their old "P2P MUST DIE!!" system that their currently using, People are still ranting about the 250GB cap. Every time a Download cap is announced, I see this post constantly online and it drives me nuts.

"[ISP X] Advertises Unlimited Internet. Since they now cap, I'm going to sue"

Guess what. Even with the Download cap, their still fully compliant with the "Unlimited Internet" moniker.

How you ask? Remember AOL? Remember all those disks you got that said "[X] Hours Free" where X is a number of hours? Back in the early 90's, most Dial up ISP's used to charge you Internet access by the hour. After a few years, they decided to change that to monthly. Some ISP's however, used to have an hour cap per month (primarily to free up a modem on their modem bank). The first ISP I ever used had this in their TOS, and you couldn't use more than 250 hours per month. If you did, they would turn you off until you paid for another month. Eventually, once they got enough modems to handle their user base, they dropped this from their TOS. I'll give you one guess how they advertised this TOS change.

Basically, When they say "Unlimited Internet", What they actually mean is "Always on Internet". Why don't they just say "Always on Internet"? it depends on the ISP. Some ISP's do use that in their advertising. Some felt however that it scared people into thinking that their always online connection meant that their computer had to be on all the time, or that their computer could get infected by some magical virus that can infect your PC even when your PC is off (This is no joke. An Uncle of mine was leery of his Always on DSL line, and insisted on not using the Auto Connect Feature on his PPPOE connection.) since "Unlimited Internet" sounded better to a marketeer than "Always on Internet" or "750 Hours a Month", they ran with "Unlimited Internet"

I'm no fan of caps, but as long as they don't cut you completely off during your monthly pay cycle (IE they drop you to modem speeds if you hit the cap) Their advertising of "Unlimited Internet" in their advertising would be truthful. It may not be completely honest, but either is those infomercials that say you'll use a food dehydrator every single day.

Intel

Journal: Intel Turbo Memory is awesome.

Journal by Deathlizard

I recently had to swap out my aging IBM R51 with a brand new Lenovo R61 at work. It's been a great PC so far, but one of the features of this laptop worked so well that I had to post about it.

The R61's we go this year have Intel Turbo Memory installed. Otherwise known as Robson, this is the Intel Flash cache that supposedly speeds up your PC and saves battery life by turning an ordinary Hard drive into a Hybrid drive. Since I needed to learn Vista more since I work on a lot of alternate language laptops, I decided to take the Vista plunge and run Vista Ultimate on it.

I noticed immediately that the PC was more responsive with TM on than when it was turned off, Especially on Boot up. Boot up times were cut by 1/2 and in some case 1/3rd. Programs that were frequently used seem to load up faster. Turning the TM off, (which I had to do, since Symantec Ghosts' Boot wizard would not run with TM enabled.) noticeably dropped the performance.

Battery life wise, I didn't notice much of a difference, but it does seem to help out, since I could easily run the laptop for 3-4 hours with TM enabled. The laptop seems to last longer than the same laptops running XP (which doesn't use the TM Module) and considering the process hog that Vista is, The Laptop running Vista's battery should last a lot less than the XP systems.

I've read reviews that state TM works better when there is less RAM present. The Vista System I'm using has 4GB of ram (only 3GB is accessible since Lenovo only offers Vista Business in 64bit) on top of a Intel T9500 processor. I've also set the hard drive performance to Enhanced write performance, which caches everything it can to RAM for faster read/write speed. Even with this amount of RAM and performance specs it is very noticeable when TM is disabled VS Enabled.

Right now, TM is only supported by Vista. I would like to see it supported on another platform, such as OSX or Linux, to see if any similar performance gains could be achieved. I doubt it will ever be supported in XP, even though it looks like it was supported at one time. Maybe the netbook Trend will bring TM to XP in the future.

As for Vista itself. This is the first time I've actually used Vista for one of my personal PC's. So far it hasn't given me any major problems. (other than the Ghost boot wizard, which so far is the only program that crashed as was worked around.) It is definitely slower than XP. I would say that its responsiveness is similar to our last year R61's running XP (which have 2GB of ram and a slower 1.7GHz Core 2 processor.) It would definitely be slower if the TM Module were not installed in these PC's. It also eats three times the RAM at 1.4GB. So far however, It's been OK running on this Laptop since the specs are high. I'll know more a few months from now if it can redeem itself or prove all the naysayers right, but so far it's been a smooth ride.

Mozilla

Journal: I used to hate IE Security Zones, Then I got Firefox... 1

Journal by Deathlizard

With all the hype surrounding Firefox 3 these days, I decided to finally give it a try. The last time I used a Mozilla product was back during the Mozilla 1.7 days. Back then I liked the way Mozilla was laid out, but then Firefox took the spotlight and pushed Mozilla into obscurity. add a few annoying bugs here and there and I just stayed with IE.

The first thing I noticed is that it has a robust plugin system. I quickly added some plugins for some settings I use in IE7. Unfortunately, there is one feature You cannot add to Firefox as far as I can tell, and that's Security Zones.

For the longest time, I looked at security zones as a dangerous security problem in IE. They were exploited a lot in the beginning, and some of the settings were set too low, Especially when it came to the Intranet and Trusted Site Zones. But after playing with them for some time, I saw the potential that Zones give you security wise.

For example, there's a Program out there called Spywareblaster that really puts security zones to good use. Basically it's a blacklist that adds known badware sites to the restricted zone. Spybot Search and Destroy also uses this in their immunity function.

Now when I browse in IE, every once in awhile I'll notice that I'll be browsing not in the Internet Zone, but in an Unknown zone(Mixed) zone. That usually means that the site I'm browsing is most likely calling an ad provider that's not too friendly. This alone stops most drive by downloading and obnoxious flash ad's with sound right there. In Firefox however, there is nothing like security zones in it, From what I can tell, it has a default method of browsing that it applies to all sites. The only things I found in Firefox that had site by site restrictions was for images and cookies. Which I guess is a start, but it would be nice if there was an exception section to block scripting too.

Since I didn't see this functionality built into Firefox, I started looking for plugins that would add similar functionality to Firefox. The closest Thing I could find however was Noscript which is a free security enhancement for Firefox. It does work good and increases security dramatically but it's not quite the same. For one thing it's a Whitelist system. Noscript Assumes that all sites are bad, and you have to allow sites on a site by site basis. While this is the most secure way of handling scripts, it also requires a lot of work for the user, especially if the user browses a lot of sites. From my experience, it works the same as 2003 server's Enhanced Security configuration without all of the annoying prompts that IE likes to show. Basically if you go into IE, set the Internet Zone to high security, changed the security of trusted sites from low to medium, and added every site you frequently browse to your trusted sites zone, you would have the same functionality. Although In IE it's more of a pain to add sites to zones than it is in Noscript, which is a bar above the status bar.

I guess what I would like to see is something akin to security zones in Firefox. It doesn't have to be like security zones as much as a "exception" section similar to the one for the "load images automatically" and "accept cookies from sites" options except for "Enable JavaScript". That will allow users to add a domain to it and disable all scripting from that particular domain and will function as a blacklist. You could also add Whitelist functionality as well but Just Like IE's Trusted Sites zone, it could lead to sites adding themselves to the whitelist in order to attempt infection, Although I don't see how this would affect Firefox much since if a Site added itself to the whitelist it would still have to go through the Firefox security channels unlike the IE Trusted Site zone, which by default used to bypass IE security altogether until IE7 fixed that.

Generally speaking however, I'm pretty happy with Firefox so far. It's definitely come a long way since the Mozilla days.

Edit: I noticed that someone made a Firefox Extension called YesScript that adds a blacklist feature in Firefox. Although it's a relatively new plugin, it works well. The only problem is that I can't figure out a way to add a group of sites to the program easily. If it had an option to import restricted sites from IE it would be perfect, since SpywareBlaster fills in Restricted sites for IE. It has a minimalistic user interface that's basically an icon that you click on to allow or deny a specific site which changes color if it's black or white listed, although I wish that it also had an option to select specific domains contained in a site. (such as AD banner domains)

It's a step in the right direction and this plugin is looking promising.

Edit: I finally found an acceptable answer in AdBlock Plus. It's a add on for Firefox that blocks malicious sites similar to Spywareblaster. It also automatically updates and blocks by reference as well as by URL. It's definitely the protection I was looking for without the nagging "Cancel or Allow" protection I was not.

User Journal

Journal: The Amish Method

Journal by Deathlizard

I posted this a few weeks ago on a news story about the College Opportunity and Affordability Act. It's so good I'm keeping it here for archival purposes, since at some point it might happen and I can say "I told you so!".

Frankly there's only two ways you can stop piracy from happening on college grounds.

1) Buy everyone in the school music accounts to download music thus raising the tuition, Which enrages students and punishes students who prefer going to buy their music at music stores, and will ultimately result in retention levels dropping in an already competitive market as it is.

Or

2) The Amish Method. Cut the Internet cable since there's nothing on the market that can assure 100% piracy free Internet, ban all computers since they can make MP3's using a line in jack and a CD player, and ultimately ban electric power from everywhere on campus, since they could possibly use electricity to copy a tape with a boombox or operate an electric guitar.

But if you just cut the LAN Internet cord and force the students to go elsewhere such as DSL or Cable modems to get their Internet the problem is solved right? Wrong! It doesn't matter. Have a computer lab in the college? well that can be used to download music or burn CD's or even make an MP3 file using the sound card's line in jack. you better have that policy in place to spy / restrict that lab to only authorized personnel. Of course I guess you can disable the Internet and sound card and CDROM's and USB ports so that it's basically a dumb terminal, or use DOS 6.22, (Can't use Windows. Sound recorder is there and it makes it easy to pirate. Maybe Windows 386 would work.) but if you go that far down the line, you might as well switch over to typewriters. They have far less maintenance, are cheaper, and are surely more pirate proof when it comes to movies and music.

And remember. They can pirate with that Stereo in their room or play their favorite music rift on their electric guitar using college supplied electricity. So once they do pirate the music using their liability free network connection, they can burn it to CD and play it in their stereos or instruments and BAM! Everyone in that Dorm that heard it is a pirate! You better have a policy to arrest that guy, since he used your power grid network to broadcast his pirate booty to the entire dorm. Maybe fine the entire dorm since someone may hum or whistle it down the hall.

At least the english, math and history professors would be happy with #2, since calculators would be banned and people would have to be forced to write their thesis's on parchment. Of course, Victrola's would have to be banned too, but it's hard finding a wind up one these days. Maybe they'll come back in vogue.

User Journal

Journal: Genuine (Dis)Advantage for Businesses 1

Journal by Deathlizard

Recently, there are a lot of articles talking about how business is generally staying away from Windows Vista, and they're giving all of these reasons such as compatibility, reliability, system requirements and the like, but the real reason you're not seeing the business side jump all over this OS isn't because of just these things. It's the Genuine advantage.

For example. here where I work, we had Vista running everything most office workers need; Office, IE, SCT, Even wIntegrate, which is an ancient terminal program from 96. There was three reasons we didn't go to vista. One was the System requirements we were not quite ready to meet, another was that F-secure (our virus scanning system) did not have an official Vista version at the time, but the real reason we decided to stay with XP even if all the above problems were resolved was simple. The Genuine Advantage is for lack of a better word a total pain in the ass.

In Vista there are two ways of handling corporate keys. One with a Key Management server and the other with a Multiple Activation Key. Under KMS. You are required to have a KMS server on your network, tie it to DHCP and give it your VLK (which can be changed if your old key is pirated and propagated to networked PC's). once you do that it will activate any Business version of vista automatically every 3-6 months without entering any keys, but if the computer is no longer on the network (say a Laptop) after 3 months, the system locks you out in a reduced functionality mode which can only be described as useless.

The Second method; MAK isn't much better. basically MS handles the KMS for you. this means that you don't have to worry about traveling users not being disconnected from your network for too long since it works over the Internet, but now MS is handling your activations, and you have to contact them every time you hit your quota in order to activate more windows, which isn't as bad as it sounds. According to MS activation isn't counted against your licence count, and you can request indefinitely. However, if MS sees a huge activation spike. (say your activation rate average goes from 100 a day to 10000000 a day) they disable your key (which brings us to reduced functionality mode for all MAK'ed PC's) and then you must go to each and every MAK managed PC and change the key to a new one supplied by MS.

So basically, to use Vista you either have a server on your network and pray no one's laptop cripples while their on a business trip, or you contact MS until the break of dawn and pray that no one pirates your key so you don't have to touch 1000 Crippled PC's with the Dreaded "YOU ARE A PIRATE!" message. Add to the mix that under both of these systems, your company is sailing the high seas if one disgruntled employee decides to give out your corporate key to WAREZ R'US, or if the system is completely disconnected from the network (to be used as a secure storage platform or to run dedicated equipment for example) and you got a product that companies will avoid like the plague.

As for the other excuses, Most businesses would have upgraded to vista over time. The gleaming example of this is windows 2000 to XP. There was no technical reason to go from 2000 to XP, but many businesses did it anyway over time and a service pack release. Now with vista, you got companies that are flat out saying they have no plans for vista at all and are looking at Linux and MacOSX as alternatives, and I can guarantee that Their IT dept's are most likely looking at what hell they would have to go through to appease Vista Genuine Advantage and are throwing it out the window. It would be a safe bet that if MS changed the licencing scheme for Vista from Key Management Server/Volume Activation 2.0 back to Volume Activation 1.0, (the old method) adoption would be much higher than it would be right now. Office 2007 doesn't have the "YOU ARE A PIRATE!" system built in it and still has the old VLK licencing system like XP. I can guarantee that it's adoption in business is much higher than Vista. I know we're using it here, but Vista is sitting on the shelf.

Maybe, hopefully, MS will see this and realize that the Genuine Advantage is looked at as a Genuine Disadvantage for business, is making corporate IT departments around the world look at their OS competitors and their earlier business friendly versions of windows, and in the long run, the money it's saving by stopping privacy is not worth losing the corporate business that they've established over the past couple of decades.

Data Storage

Journal: Is There a Flat-File Web Based Download Library Manager? 1

Journal by Deathlizard

I'm looking for a web application for my site that can handle a file archive for some programs that I've wrote, Particularly, something that allows me to upload files, posts screenshots of the programs and leave feedback (ratings, reviews, ETC)

Unfortunately, I do not have that many MYSQL databases for my web hosting account. I know I could switch hosts, but the price I'm paying for my current host is ideal and is basically overkill for what we use.

I've seen scripts like RW::Download, CFiles, and PAFileDB but they all require mysql databases. I've also looked in the CGI Resource index with not much better luck.

So, has anyone in the vast Slashdot community used anything similar to these above apps that uses a flat file database? Do they even exist? I really don't care if it uses PHP or perl, but I don't have the SQL database to spare for any of the programs I've ran into so far. File ratings would be nice and commenting would be ideal. File uploading by administrators of the system would also be nice but not exactly critical since I can FTP into the site. I would like for it to also have it's own page generation, that way I don't have to make a site full of links that I would need to update every time to add new files or functionality.

Security

Journal: Anti-Virus software that works with Windows Vista

Journal by Deathlizard

The below is a list of anti-virus software that is either in development for Windows Vista, or a beta is available. I will update this as I find out about more working scanners. Post a comment if I'm missing one and I'll add it.

Trend Micro
Computer Associates
Avast
Sophos
AVG
Mcafee
Symantec
Microsoft

Just posting this if you just happened to buy into the hype that Vista is somehow stifling competition in the AV market.

Security

Journal: Vista's UAC is Useless 2

Journal by Deathlizard

One of the perks of my job is that I have to stay ahead of the game when it comes to the technical aspects of computer operation, which usually means beta testing new OSes. So over the last couple of days, I've been playing with the RC1 release of Vista. From what I've seen so far, however, I have come to a simple conclusion.

User Access Control in it's current and default setting is absolutely useless.

I don't know what Microsoft is thinking here, maybe it's going to change down the line after release, but as it stands right now, it's useless, and here's why.

First off, when you first install Vista, it asks you to set a password for the administrator account, Which is so far better than WinXP, but that's it. That account is your primary account. It doesn't force or even encourage you at install to create a user account and run that as your main account like most Unixes do. In other words, it creates accounts just like XP with a slight difference in what the administrator account can do to the PC so it's slightly better than XP. This of course is a bad thing. But it gets worse.

To expand the above, that "Administrator" account isn't really an Administrator account. It's more like a "Super Power User" account (probably since it is your default account after all). This so called admin account can do a lot of things a real admin can do, but there are a lot of things it cant, such as releasing an IP Address using ipconfig. This restriction is in the right direction when it comes to how the default account should respond but they shouldn't be doing this to the only account that can possibly recover from a bad situation. If a PC gets infected with something that is Deep Penetrating, your going to have a really bad day trying to clean it out with this account's access level.

Second, They did adopt a deep penetration stopgap like the Unixes, and anything you run that can adversely affect your machine is protected similar to Unixes root access prompt, but with one major flaw: No Password Prompt on the default administrator account! I can understand if the account didn't have a password but it should damn well prompt you if you have one set. Now, it does prompt the administrator password if you are running a user account, but let's face it, most users are going to use whatever Vista defaults to, and as of today, it's this neutered administrator account. I've said in the past (read my "Mythbusting Computer Security" journal entry) that I believe that the password prompt is useless since an Idiot user will just put it in and deep infect themselves anyway, and I still stand behind that, but there are three reasons why these dialogs work relatively well in UNIX:

1) The frequency of the prompt itself. When it comes up in Unix, you Know it's something big because you don't see it that often unless your installing something or messing around with system settings. In Vista Simply copying files from your profile to your Spare drive can get you this dialog, Although RC1 is light years ahead of Beta 2 in this regard.

2) A Threatening presence. Your using your computer when out of the blue this box shows up wanting an Admin password for this program to do it's thing. This forces people to 1) read the dialog and 2) think; since they need to conjure up their password. This will never protect a computer from a stupid user, but that simple pause will make cautious people second guess their judgement. When you have a simple yes/no prompt, a user will get so indoctrinated with the prompt that they will simply say yes no matter what they are running. Don't believe me? how fast can you click on "yes to all" when you're copying files into an already existing folder? Do you even read the dialog anymore? Did you realize you could be overwriting newer documents with older revisions of the same document?

3) Protect the system from other people messing with your computer if you happen to be away from your desk, since they would have to know your log in password in order to screw things up.

So, basically, if you want to know how Vista feels and you don't have access to the Beta, simply download service pack 2 and install it, download a program, and run it. That security dialog you see is basically UAC for the administrator, albeit with a little less graphic flair and frequency. Now imagine seeing that dialog dim the whole screen and pop up when you click on anything in the control panel and you got the Vista Experience.

What can be done to fix it? For starters, Make the Administrator account a Real Administrator, not a "super power user" with administrator as the user name, and force a password for the account. Second, the User's default account should be a "user" or "Power User" account and anything you do that needs UAC approval would require the administrator password. This would work exactly like the Unixes work and would stop most of the problem's I've mentioned here.

Actually XP does something similar to this at initial install. When you initially install XP, there's the administrator account and a "Your Name" account. the problem with XP is that the "Your Name" account is a full blown administrator. All they needed to do was force you to set a password for the administrator account and make that "Your Name" account a "user" or "power user" instead of a full blown "administrator". That would have fixed most of the security problems in XP right there. This coupled with Vista's UAC's permission elevation would have been Ideal.

Update 10/8/06: RC2 has come out and there are some minor changes. For one, it looks like they have gone back to a model similar to XP. Instead of having the "Super Power User" Account called "Administrator", they have decided to go back to the "Your Name" system that XP Uses. My guess is that testers didn't like their own account being called Administrator and MS wanted to do more account Salting for extra protection. (Not like a malicious program couldn't get the account location anyway from a variable) However, that appears to be the only change. It also still has the same prompting characteristics as RC1 using "Adminstrator", so this article is still relevalent. I didn't test to see if the true Administrator account is accessable in any form, but I do know that it doesn't ask for a password for "Administrator" anymore. Hopefully it's truly blocked from being used in normal mode.

Sony

Journal: How the PS3 will kill off Bluray.

Journal by Deathlizard

I though of something when Sony was taking about how cheap the PS3 was since Bluray was implemented, and it's doesn't look good for Bluray. Basically, the PS3 is going to kill off Bluray, and I'll tell you why.

Lets say you're a manufacture of equipment and are choosing which player to make. The HD-DVD player is easier to build and cheaper, while the Bluray player is more expensive but has more storage and possibly better quality video. Now, when you look at your bottom line you can sell an HD-DVD player for $500-$700 but your Bluray player will sell around $800-$1000.

Now, here comes Sony with their BluRay equipped $500-$600 PS3. You know that you'll be selling your Bluray player at a loss if you sell it any less than $800 and you know anyone that wants a Bluray player will just get a PS3 since it's cheaper. You also know you can't compete against it with Bluray but can easily compete with an HD-DVD player and even the XBOX 360 plus HD-DVD will be in that $500-$700 competitive range your player will be in.

As a manufacture looking out for your Shareholders, what are you going to build?

Basically, the PS3 will be the only Bluray player in the market because it will drive the market away from it and toward the cheaper HD-DVD. That is until Bluray drops in price, and by then, the format war will be over and HD-DVD will be the winner.

BTW Yes, There will be a ton of PS3's out there. But First off, on the day the PS3 launches, your going to have an already established base of HD-DVD players out there at a cheaper price, and the 360 HD drive out there for $200 if you really want High Def movie viewing through your 360 for whatever reason. If you want Bluray, it's either a Sony PS3 at $500-600 or a Sony Bluray player at $1000 since no other company will dare make a bluray player and try to compete against the PS3 at a price $200-$400 cheaper than they can physically build their own player at, meanwhile, you'll have HD-DVD players out there from multiple manufactures competing against each other driving the price down on HD-DVD players way below the PS3 price point. the same thing happened with a majority of their other formats; Betamax, UMD, MiniDisc, Memorystick and even 8MM Video cassettes to a point (they took off in cameras but not in the VCR dept.)

A lot of people point out as a counter argument to the above the huge support for Bluray in the Movie industry. First off, none of the movie companies (except Sony Pictures. Duh.) said they were exclusively supporting Bluray. They're all supporting it because they think the PS3 is going to take off and build a userbase. Kinda like what they thought the PSP was going to do for UMD, Which so far has shown disastrous results in the movie sales department. As soon as these companies sense trouble (and Sony's not helping with Delays, Prices, and the like) they'll start supporting both formats, if not dump Bluray for HD-DVD. The same goes if HD-DVD flops, the HD-DVD supporters will drop it in a heartbeat and go both formats or all Bluray. So at this point, I would just assume that every movie company will support the format that wins, instead of them supporting either Bluray or HD-DVD

The other Argument I constantly hear is the Storage Difference Between Bluray and HD-DVD. Sony did one hell of a job promoting space as the big reason for Bluray, but in reality, it doesn't mean anything other than you have the option to run longer length movies at higher bitrates. Why is it a moot point? Because the new formats support much higher compression movie files than DVD. look at the UMD movie format. (another Sony Format) It had 1.8GB of space but can supposedly equal a 480i DVD (4-8GB) in video size, length and quality. How does it do this? it supports MPEG4 which has much higher compression than MPEG2 at the same quality level. Bitrate wise, you can only go so high before you can't tell the difference, so the only real advantage bluray brings to the table is less disk swapping when you watch Titanic or LOTR, and the jury is out if you would even need to swap disks on the HD-DVD medium for any of these movies considering the new compression schemes both these players use. Simply put, Bluray may be great for storing computer files, but the size difference isn't going to make a huge difference quality wise to your movie viewing experience.

As in certain cults it is possible to kill a process if you know its true name. -- Ken Thompson and Dennis M. Ritchie

Working...