Monday, February 22, 2010

My Son's Reading Obsession

I'm working in my home office, and my son wanders in. He mumbles to himself as he looks through the large built-in bookcase for something to read. "Hmm, Dinosaurs, no... Introduction to Physics... OK", I hear him say, as he wanders off with Introduction to Physics in his hands. Now, if he understands any of it by the time I finish working for the day, I'll REALLY be impressed.

Posted via email from Adrian's posterous

Friday, February 12, 2010

Antivirus has failed for long enough!

I just read on a LinkedIn discussion, about how Kaspersky created some fake executable files, and then created REAL detections for them. Within ten days, 14 other AV vendors had blindly added detection for these files as well!

I've been a strong anti-AV advocate for as long as I've been using computers. In corporate environments, I feel it is a necessary evil, as you have little control over what risks individual users might take. On personal machines, however, I've always felt that AV is more of a disruption than the potential risk of getting a virus. What do I hate so much about AV software?

  • It Doesn't Work - I've set up my friends and family with a variety of AV software over the years, and they still get infected.
  • Performance - Depending on whether you have an AV client with a small footprint, like the new Panda Cloud AV software (which I recommend if you are looking for a good free AV client), or a full big-vendor suite, there will be a performance cost. It doesn't seem to be much with the smaller clients, but I've seen the larger ones make a computer completely unusable.
  • Add-Ons - Speaking of big AV suites, some of these come with an unbelievable amount of crap that you neither asked for, or needed. They even have the gall to include software that "improves your PC's performance". You could be installing VPN, Backup, Tune-up, Email proxy/scanning, web proxy/scanning, web filter, firewall, encryption, file shredding, and who knows what other software, when all you wanted was anti-virus. I've seen systems with 30+ active processes belonging to the anti-virus vendor suite.

I am the "Virus Sanitation Engineer" for my family and friends. Do I put AV software on their machines? Absolutely. Do they still get infected with malware anyway? Absolutely. I think that a few precautions can make AV software largely unnecessary.

  • Use a Web-Based Email Client - Not only do all web-based email clients scan attachments and emails for malicious files or content, but most malicious content sent via email will not execute when opened in a browser.
  • Delete or Ignore Anything you Don't Explicitly Trust - I know you're curious, but really, don't click it. Don't open it. Just delete it. If you are really that curious, take precautions before checking it out.
  • GMail - GMail also has a nice feature that can help protect you: Weary of that Powerpoint presentation or Excel attachment that has been forwarded to you from people you don't know? Open it in Google Docs. Any malicious office macros embedded in the document won't run.
  • Don't Use Internet Explorer - There may be a day when it is safe to use, but we're not there yet. Until then, use Firefox with the NoScript add-on installed (best scenario), or Chrome. Or Safari. Or Opera. Just not IE. The last TEN infections I cleaned up for friends and family computers were all due to Internet Explorer use.

    Though it isn't a 100% guarantee you will never get infected, these four simple suggestions have worked extraordinarily well for me, and my wife (who was already doing what I suggest here before I even met her!).

    As for the enterprise, I'm hoping whitelisting and other technologies that work on a principle of trust, rather than maintaining a database of known malicious software, will eventually be able to replace antivirus software.

Tuesday, February 02, 2010

Penny Arcade Censored

Penny Arcade has long been one of my favorite comics. In fact, I'm shocked to notice that I've now been reading Penny Arcade for more than seven years! Anyway, I've printed out some of my favorite comics to use as bookmarks over the years.

Tonight, my son (a voracious reader) noticed I was using a comic as a bookmark and took interest in it. Many Penny Arcade strips are not for children, and perhaps not even for the weak-hearted. I tried taking the, "oh you wouldn't get the humor, you'd have to understand x and y for it to be funny" route. He was not discouraged, and continued trying to sneek peeks at it.

This particular strip just had some bad language in it, and I thought he might actually be old enough to get the humor, so I decided to make a quick sanitized version.