Order of the Bath

Adobe started to lose it some years ago when some marketing wizard decided to re-brand Acrobat Reader and call it Adobe Reader. You still find even experienced system managers confusing the names and you are never quite sure if they are talking about the real Adobe Acrobat or just the Reader freebie.

So when they announced Adobe 9 I wasn’t sure at first if they meant the full product or just the Reader (or both). Especially as we have only just had the emergency patch for Reader 8.1.2. “What patch?” do I hear you ask. Well, to digress, it was very important because it fixed a security hole that could allow those safe files called PDFs to compromise your system. Open up Reader now and click on Help > Check for Updates and it should download a thing called “Security Update 1″. Not that you would realise when it is done because for some stupid reason, the version number is not changed so it still says Version 8.1.2. While we are on the subject, if you download the Windows patch by hand it is called AcrobatReaderUpd812SU1_all.msi so it seems even Adobe are confused by the name.

Now the rest of this is hearsay as I haven’t tried it myself yet but it seems that the new Adobe 9 has bundled together the PDF Reader which we generally tolerated with Flash, the product that Adobe bought from Macromedia and which we all love to hate. It also includes Acrobat.com and Adobe Air, neither of which I have heard of. That is a 33MB download and 200MB+ install for something to just read PDF files! Also beware of the Free eBay desktop which is automatically ticked for you.

I won’t be bothering on my Mac—Preview does the job for me just fine and my Windows systems can stick with Version 8.

There is growing concern among web site owners, their hosts and web marketing experts that AVG 8 is causing increased costs. The issue is LinkScanner and what it does to traffic. I have already commented that, for those users on limited bandwidth such as dial-up, it should be disabled and I have provided instructions on how to do this. But if it is also significantly affecting the other end of the internet—the web hosts—then AVG may be forced to modify it.

The way it works is that if you do a search using the major engines (at least Google, Yahoo and MSN Live) then you get a page of results, generally 10 at a time. AVG LinkScanner then steps in and visits every one of those results and checks the results for malware and sets a flag (Good, Doubtful or Bad) against each one to warn of potential problems.

The issues for users are:

• The increased bandwidth caused by the requests and results could have an impact on performance and possibly on any quotas you may have. This will be particularly true for dial-up users but could also affect capped broadband. On the other hand, users may judge that the benefit offsets the costs.
• Your logs and/or cache could show that you have visited sites that you had no intention of going to. This could have embarrassing or legal implications.
• This could also be reflected in any profiling that your ISP or the sites themselves are doing which could affect the advertising you receive (it could also be regarded as an asset as it may upset statistics gathered by Phorm type systems ). A possible impact is that a site may think you have already seen a particular advert and not deliver it again—you never know, it may have been the offer you were waiting for.
• If the scanner itself were compromised then it is getting a lot of potential data to further infect your system.
• Because much malware is served via adverts, and adverts are rotated on every visit, the green tick may give you a false sense of security.

The issues for site owners and their friends are:

• They will see increased traffic, bandwidth which they have to pay for. Larger sites may need to deploy extra servers and connections to cope with the additional load.
• Sponsored results will also be visited and the agencies will charge the customer for each visit and it increases the apparent Click Through Rate with bogus visits. Update: Apparently AVG 8 goes direct to the raw URL and bypasses the Click Through detector so that the customer will not be charged. They will, however, still see the increased traffic.
• Ordinary pages that are funded by advertising appearing on them will see an apparent drop in Click Through Rate because the user never sees the ad to visit it.
• Web statistics become [even more] unreliable due to the increase in “bounces” i.e. visitors that come in from search and don’t go to any other pages.

At present the traffic is detectable for what it is, so concerned web owners can allow for it either in their analyses or even suppress responding to them. However, if that remains the case, then it will also be detectable by any malicious hosts or content to fool the scanner into returning a clean bill of health. It will be interesting watching the news in the next few weeks to see how this is resolved.

“Geheime Staatspolizei, die Papiere bitte!”

“Homeland Security, boarding pass and ID please!”

Can you tell the difference? I can’t. The second is now standard for internal flights in the USA even though it is unconstitutional and goes beyond the legal requirements. Some of us are sure that the same thing will come here if we are not careful.

Thanks to a comment by Ravan on Bruce Schneier’s blog for the idea.

For some time I have been having problems with registered users. Not the dozen or so users that I know about who either contribute to the site or are left over from the days when I insisted on registration before commenting. No, these are ones where “people” have found the registration page, created a profile but I have never heard from them since. I have been looking for a way to clear them out, which is not easy because I have no way to tell if they have actually commented using that profile and if I delete those, then the comments disappear with them. I have been looking around for a plugin to help and in the mean time I have been deleting ones with email addresses in Russia, Bulgaria and Poland—it is not xenophobia, just that I know that there is a 99% chance that they are spammers.

One possible plugin that I have tried is loginlogger. This keeps a track of when people have logged in. I was hoping it did a bit more but even that has been fascinating. Apart from my own connection, which I know about, I had well over 100 failed logins over a 2 hour period last night, and the usernames were quite repetitive; brutal2008, Reiki, kazikr, broker1980, watroba50, smiglidigli, bombastik2008, etc. occur quite often. These names don’t appear in my roster (but they may have once and I have deleted them, I don’t keep track) but doing a Google search on them reveals a common pattern; most hits are either on SEO sites or are Polish or Russian sites or in those languages.

So my policy seems to be justified—that is where the spammers are. To avoid the problem in the future I could have disabled registration altogether. It isn’t used a lot, but I like to give regular commenters the option of having their profile stored if they want to. So what I have done is install the Sabre plugin. This is a very flexible registration control system with options for Capcha, arithmetic tests, email confirmation and other validation tecniques. I am hoping that with minimal effort I can foil the majority of automatic bot registrations.

Despite some messages to the contrary, AVG 7.5 End of Support date is 31 Dec 2008. Changes to this policy are not anticipated but this is the link to watch. Even some notices out of the product itself say other dates.

These are WRONG.

Now that it is available, upgrading from AVG 7.5 to AVG 8 is a logical step but there are some decision points to be made along the way so it is best to be prepared for them.

[Note that the Free edition has some quite rigid conditions about home use only.] First you have to find it. The link I gave before is still good but it is a few clicks of Grisoft determinedly trying to get you to buy the full suite. Some of the links on the way are a bit misleading. One says that AVG Anti-Spyware is being discontinued but others that it is now included with the Anti-Virus package. The eventual download location is either their own site or C|Net downloads.com.

When you come to install it there is no need to un-install the previous version. You will need to login to an admin account. Leaving a lot out, the sequence of events is:—

• Standard or Custom install—you will need custom if you don’t need the email scanner.
• For the Custom install, Un-tick the email scanner if you don’t want it.
• Un-tick the AVG Security Toolbar if you don’t want it. Everyone seems to want you to get one of those and if you loaded them all you wouldn’t have enough window left to browse in.
• Un-tick the “Enable Daily Scanning” box if you don’t want it. I find that it is a long process and very heavy on resources (though they have put in some sort of load-limiter now). I would rather do them when I want to—and certainly not daily.
• There is a tick box for informing AVG about potentially dangerous web sites that you come across. I haven’t checked the privacy statement for this yet so I would be cautious.
• Definitely SKIP the updates at the moment as the install is not really ready for them.
• Skip the registration for the time being.
• Now you will need to reboot (it prompts you).
• When it comes back the System Tray icon will probably be red. Right click to open the AVG User Interface.
• Click Update Now and it should go ahead and do it.

That is the install complete but you need to check one other thing. One of the features of AVG 8 is the AVG Search Shield, sometimes called the Link Scanner. This intercepts results from the search engines (Google etc.) and inspects them for malicious content—try it and see the little green icons after every hit. Quite how it does that I am not sure but it seemed to take a log time and have a lot of internet traffic. I would imagine that on a dial-up connection it would be impossible. The search engines themselves do some quality checking, if this is doing it real time then it would be better but at what cost. The other thing that bothers me about this is that it could be that you are automatically visiting sites that you wouldn’t otherwise touch with a barge pole (porn etc.) and it will leave the evidence of this in your cache even if it never displays it.

If you decide that you don’t want this facility there are two ways to switch it off. You can use the AVG interface, but if you switch it off there it will forever say that AVG is not fully functional. The other way is with the browser controls. It works using a browser plugin (both IE7 and Firefix, I don’t know about Opera or Safari) and these can be disabled. Go to Tools —>Manage Add-ons—>Enable or Disable Add-ons in IE7 or Tools —>Add-ons in Firefox. This will need to be done on EACH ACCOUNT on your computer.

Now you can register at leisure, if you can figure out how. I haven’t yet! It is worth remembering that, despite all my griping, this is still a free service for which we are grateful.

Update: 20 Jun. As far as I can tell, the Firefox plugin which drives LinkScanner is not Firefox 3 compatible. It will be interesting to see how they update it.

If someone you passed in the street stopped you to point out that your trousers were undone, you might get a bit embarrassed as you quickly did them up and you might stutter a bit as you thanked them. What you would certainly not do is flag down a police car and report your informant as a pervert for looking in the first place.

So why, when someone with a bit of knowledge discovers and reports a weakness in a web site, do some major organisations immediately call in the lawyers and take them to court on “hacking” charges. This has got so bad that security researchers, even professionals, are now wary of reporting such flaws direct to the owners. Instead they must publish publicly and anonymously to protect themselves. That means that the criminals have access to the information at the same time as the administrators making them much more vulnerable to attack. To be convicted of theft it has to be shown that you not only took something but also intended to permanently deprive the owner of it. Something similar needs to be added to the various computer misuse laws around the world.

However, in a far sighted move, Microsoft have said publicly that they will not take action in cases like this. Indeed they positively welcome being told.

They were quite efective even though we all hated them—the fuzzy, misshapen, blurred letters that we had to read and type into the box to verify that we were human not some robot spam generator. But recently, two big systems, Google’s gmail and Microsoft’s live mail have been cracked. There are other types about such as simple arithmetic and counting monkeys but they wouldn’t last long if used on high volume, high profile systems like these. They all suffered from being more or less inaccessible to the disabled anyway. So now that CAPTCHA can’t keep the crackers out, where can we go next? And whatever, for the accessibility reasons they must be dropped altogether now.

There are a lot of possibilities out there; one-time pass codes texted to your mobile or RSA key-fob dongles for instance, but they are all far to expensive for the many places that you (the end user) would like to use and you (the site owner) would like to attract customers.

…when the ISP’s are selling your browsing data direct to the advertisers anyway. If you are a BT, VirginMedia or Carphone Warehouse customer who values your privacy I suggest you start looking for proxy anonymizers. Anonymizer.com and proxify.com are well known ones but I can’t vouch for any of them.

This is a problem a colleague at work came across with a home machine. His wife said that suddenly strange words started appearing on the screen. Suspecting some virus she disconnected the network immediately and called her husband. When he tried to use a bootable Linux CD to investigate the problem he had trouble closing down because windows were being selected randomly. Resorting to the kill button (hold down the power button for a while) he rebooted but strange words started to appear during the boot sequence as well.

What is your diagnosis?

He first suspected a BIOS virus but those haven’t been seen since the late ’90s. Then he spotted that one of the words showing up was the name of a neighbour’s child. Light dawns! A chat with the neighbour revealed that they had just replaced the battery in their wireless keyboard and the extra power must have been sufficient to be picked up by the identical receiver on his wife’s PC.

The implications are left as an exercise for the reader.

Thanks to Frank and his (internal) blog for the details.