Believe Nothing I've Said About Antivirus So Far!

Question: "After reading your latest newsletter, I am a bit confused. I am looking for new antivirus. Currently using avast and not thrilled with it. If I am interpreting your letter correctly, there still isn't one you recommend?" Correct, and I was beginning to be more than a little disheartened by what I was finding. But now I've found something that, after just a few days, seems like a winner. But I'm not going to tell you about it.

Not yet, anyway. As I wrote in reply to the question: I'm puzzled, too, but I think I've found something good -- and it's a huge surprise to me. It'll be at least a week until I can make a decision. Hang in there. I think I'll have a recommendation for you soon. This has been one of the most frustrating searches that I've conducted in a very long time. It has been a search with lots of false leads, dead-end alleys, and unkept promises.

Recapping the story to date: Many years ago I dumped Norton Antivirus because it had become such a resource hog. When the replacement, AVG Antivirus, started causing the same kind of problem, I tried (and threw out) more than half a dozen highly recommended programs, some of which caused severe damage when I uninstalled them.

Some caused simple tasks such as collecting e-mail to consume 5 minutes or more while others only doubled or tripled the time that the task should have taken. Others had interfaces that were just too cute. All of them fought with other installed applications and the battles created a disk saturation problem. Drive C would jump to 100% transfer capacity and stay there for several minutes, sometimes joined by other drives.

My computer probably isn't like yours: At 4 years of age, it's a bit underpowered. But it has a huge amount of disk space and I use an online backup service that must keep an eye on files to see when they're changed so that they can be backed up. This process and others all call on Windows process ID 4 and the real-time antivirus protection watches all disk reads and writes. You may have a more modern computer or you may have less disk space; the combination I have creates a perfect storm that can make the computer extremely sluggish when disk access peaks.

Last Sunday, I installed another antivirus application and the effect was remarkable. It was if I had bought a new, faster computer. If this application manages to keep me happy for another week, I'll tell you about it.

But you'd better be sitting down when I do.

Is 2010 the Year of Linux?

Around 1985, I asked if the age of the CD-ROM had arrived. It hadn't. I asked the same question for the next couple of years and eventually the age of the CD-ROM did arrive. But it was a short-lived victory and was superseded by the age of the DVD. In the early 1990s, I began asking if we had reached the year of the digital camera. Eventually that year arrived and the Eastman Kodak Company began trying to find a way to reinvent itself, something it's still trying to do. For the past several years, I've been asking if this is the year of Linux and the answer has always been negative. That may not change anytime soon.

As much as I like the idea of open-source software and as much as I like the way Ubuntu has developed its Linux distribution, this is not the year of Linux. I doubt that next year will be. Nor the year after that.

The Linux faithful will scream when I say this, but there is no software for Linux systems.

It's true that there are thousands of applications that have been written for Linux, but where is  the application that can match Office? It's not Open Office. Where is the application that can match Photoshop? It's not The GIMP. Where is the application that can match Dreamweaver? Where is the application that can match SnagIt? Or Thumbs Plus? Or Timeslips? Or Nero? Or SecureCRT? Or Xara? Or Digsby? Or Carbonite?

Not Hitting the Target

If there's one target that Linux should be hitting, it's the office. If you work in an office, what do you need? You need an office suite that includes a word processor and a spreadsheet program. You probably don't need high-end word processor features. Despite what I said a moment ago, Linux and Open Office are adequate for the vast majority of office workers. You need an e-mail program. Linux has applications that will meet most office workers' needs. So why isn't corporate America flocking to Linux?

I think that it's because the managers need access to an Exchange server or a Sharepoint server and you can't get there from Linux. At least not easily. For managers to be able to communicate with the worker bees, everybody needs to be using the same system (or so the theory goes). That's probably why mail room clerks are always given a key to the executive washroom--so they can use the same system the bosses use. (Sorry; just a bit of hyperbole there.)

Managers could use one system and workers could use another system, but don't hold your breath waiting for this to happen. There's too much fear on the part of corporate IT and Microsoft is pretty good at sowing fear, uncertainty, and doubt; the FUD factor rears its unattractive head.

So I think I'll stop asking if this is the year of Linux or if next year might be because it seems increasingly clear that, although Linux will continue to be a logical choice for some people, Linux is the operating system of the future.

And it always will be.

Have You Looked at Opera Lately?

Opera is the browser that tried to bring sanity to an insane world. More than a decade ago, when Microsoft and Netscape were battling for world supremacy based on which could introduce the most non-standard "features", Opera's philosophy seemed to address building the best possible standards-compliant browser. Netscape is dead, although a few die-hards continue to use it. Microsoft's browser is generally scorned but it's still the browser that's used by the largest number of people. Firefox's add-ons make it the browser I couldn't live without. So why is Opera now my default browser?

I have a lot of browsers installed. Internet Explorer is there. Firefox used to be my default browser. Google Chrome is installed. Apple's Safari is there. If you dig deep enough, you may find other browsers on the system. Until recently, Firefox was the default.

The default browser is the one that answers when the computer user clicks a link and I think that I can make a good case for choosing Opera your default, even if you're a Firefox fan.

When you click a link, you expect your default browser to open and to display the website that's referenced by the URL. But the very thing that makes Firefox my favorite browser makes Firefox my most annoying browser: When it loads, Firefox checks to see if any updates are available for the browser or for any of the add-ons. If so, the page you're trying to load will fail as Firefox obtains the updates.

Although I could turn off this behavior, I prefer to leave it enabled.

When Firefox finds an update as it's trying to open a Web page, it throws an error that's not even close to being a good explanation for what has happened. You'd think (or I would think) that the developers would be smart enough not to get in the way of an HTTP request or at least to display a message that explains what the problem was. I like Firefox and indeed I can't do what I need to do without some of the add-ons. But I don't have to open every site in Firefox.

Opera is smart enough to open the site that I've called for. So is Google Chrome, for that matter, but Chrome continues to be crash-prone.

Even if your primary browser is Firefox, making your default browser Opera could make a lot of sense. Give it a try and let me know what you think!

Browsers worth installing and trying:

Short Circuits

Are You STILL Using Internet Explorer?

If so, why? Microsoft has once again had to resort to an out-of-cycle emergency patch to fix a browser flaw. This one has been instrumental in allowing attacks against Google and other companies such as Chemical Abstracts. Unlike Firefox, which is patched frequently, Internet Explorer is typically patched only on the monthly Microsoft "patch Tuesday".

But Microsoft said this week that the amount of attention the current problem has garnered is causing "confusion about what customers can do to protect themselves." The spokesperson continued: Because of what is perceived (correctly) to be a serious threat, Microsoft will release a security update "out-of-band" for this vulnerability.

It wasn't really "out-of-band", though. An out-of-band delivery would have arrived by some means other than the Internet. Out-of-cycle, yes. Out-of-band, no. And maybe that indicates how much stress Microsoft was feeling as a result of the threat, mixing up band and cycle.

The next patch Tuesday is scheduled for February 9th and Microsoft concluded that would be too long to wait. Microsoft says that attacks, mainly from China, have so far been unsuccessful except on Internet Explorer version 6. It's important to note that version 6 was replaced by version 7 and version 7 has been replaced by version 8. But not everyone upgrades promptly.

The emergency update was released on Thursday and, by now Windows update should have installed it or at least notified you that it's ready to be installed.

According to Symantec, the antivirus company, the exploit that attacks unpatched versions of Internet Explorer is on "hundreds of websites," some of them legitimate and run by respectable companies. Still, the largest danger comes from visiting sites with hacked software, free pornography, and the like.

What we're seeing is essentially the first wave of a new kind of attack. Despite being aware of the threat for more than three months, Microsoft put off taking action until now. You may feel that is unacceptable; I certainly do.

It's just one of many reasons that I use Internet Explorer only for trusted websites that insist on using ActiveX controls.

Malware, Google, and China

What brought the current Internet Explorer flaws to everyone's attention is a series of attacks, aimed at Google, that originated in China. And that whole mess underlines serious new threats by malware, malicious software that can quickly and easily take over a computer.

I happened to be in a high-tech company office this week when an employee said that her computer had started displaying "bad pictures". It turns out that, while she was on a lunch break, she had received a message from a family member about some new pictures on MySpace. When she visited MySpace, an alert popped up that looked like something from AVG. The warning said the computer was infected and asked if she wanted to perform a scan.

She said yes.

That was a very bad decision, but one that's somewhat understandable. I saw the pop-up message later. It had graphics from AVG, the antivirus application that the company uses. (If the company had used some other provider's antivirus application, the malware would have masqueraded using that applications' graphics.)

Within seconds, the machine was unusable. Websites popped up constantly, each with an advertisement.

The malware wouldn't allow me to run the Task Manager, so I couldn't kill whatever process was running. Access to the Registry Editor was also blocked. In short, the computer was toast. The company's IT staff had to take the computer out of service and it's currently waiting to have its hard drive formatted.

Security experts say these kinds of attacks are increasing quickly. The attacks have been thoroughly monetized by malware that searches for financial information, passwords, and the like. Once the information has been captured, it's sent back to the malware's creator.

Google recently complained about a series of attacks that originated in China. The attackers were able to steal some of Google's intellectual property. Other companies were affected, too. Many in Silicon Valley, but also companies such as Chemical Abstracts with its headquarters here in Columbus.

Symantec catalogs these things and more than half of the nearly 6 million samples of malware in Symantec's library were created in the past year and a half. That's more than was created in the previous 2 decades. Trend Micro, another antivirus provider, surveyed more than 100 companies. Every single one of them had been affected by malware of some sort and more than half were found to have malware installed that was capable of transmitting sensitive data to the criminals who created the code.