Archive for December, 2004

Call from Behzad in SB

Tuesday, December 28th, 2004

Just go a surprise from my friend Behzad in Santa Barbara. He needed some help with some work he was doing for a professor. He didnt know how to use a shell so he gave me a call for some help. Nothing a few grep and sed commands couldnt fix relatively quickly. People always seem to be amazed when I tell them I’m answering their call in Argentina even though they called my US number. If vonage could only get some of the touch tone issues I keep having fixed I would recomend their service to everyone. Then again if I were in the states they’d replace this ATA and they claim it would fix my troubles. Then again googling finds tons of problems with the ATA they want to give me so who knows.

Scoble responds, but doesnt really say much.

Tuesday, December 28th, 2004

Thanks to Robert Scoble for the response and the traffic. Anyways, Robert Scoble responded to but didn’t really say much. Basically he pushed his 14 point security plan for Windows again. I still think its way too expensive to get the illusion of security under Windows. Most of it ammounts to buy more software / hardware or buy newer versions of Microsoft products. If you are running Windows and can afford to follow his advice you probably should or else you’ll find yourself in as Chris and Kevin. However, I still recomend just replacing it with a better product like a combo of Linux, OpenOffice, and Mozilla. You’ll find yourself more secure and you’ll save yourself a ton of cash. Windows is just too damn expensive as is, why fork over all that additional cash to secure it when something cheaper and better exists? Maybe the increasing cost of securing Windows is why I have not been able to find a single unpriated copy of Windows while traveling here in Argentina 🙂

4 New Security Bugs in Windows

Friday, December 24th, 2004

I wonder what Scoble has to say about . His recomendation cant possibly be upgrade like it was last time can it? All four of these bugs exist in all recent versions of Windows and Longhorn wont be out for years. It can’t be firewalls since all four of them involve just loading a file or image. And didnt MSFT just end of life NT 4? Does that mean anyone running NT 4 is out of luck? Lets count how many days till MSFT releases a patch, I bet it doesn’t come out till after new years if not the end of January. I wonder how Scoble will defend this.

Planet-Geek.com Discusses Linux Compatible Web Games

Wednesday, December 22nd, 2004

Looks like Planet-Geek.com is is reviewing web games for Linux and Mac. The latest is a Pirates MMORPG game from Yahoo Games. Hopefully they keep up the good work and continue to add reviews.

Robert Scoble Misses Chris Spence's Point

Tuesday, December 21st, 2004

Robert Scoble responded today to Chris Spence’s “Open Letter to a Digital World” and he totally missed the point. Chris recently had to spend over 5 hours removing spyware and malware from his wife’s computer. Scoble’s arguement against using Linux appears to be that it won’t run Microsoft’s products:

OK, I’m off to switch. A few problems: does Outlook run on Linux? Reliably?

Actually, yes it does using CodeWeaver’s CrossOver Office product, which is based on the open-source project WINE. But a better answer is: who cares? many of the security issues that windows users often experience such as viruses and malware are caused by insecurities in Microsoft’s Outlook application. Why not use alternatives such as Novell / Ximian’s Evolution which are designed to run natively under Linux?

Does Linux have a ton of ink-enabled applications for my Tablet PC?

To tell you the truth I dont really know what ink-enabled applications. A quick GIMP a bit too. They NeverWinter Nights, Unreal Tournament, need I go on? Check out LinuxGames, HappyPenguin’s Linux Game Tome, Icculus.org’s Linux Game List, or GarageGames Clearly theres a ton of amazing games for Linux.

The real answer for most people isn’t to switch to something else where their software that they have already invested in may or may not run (ever buy a copy of Adobe Illustrator? I have and it cost me more than $500).

Well I’m going to have to upgrade that software anyways when SP3 comes out or when Longhorn comes out. Every Microsoft update causes so many incompatibilities with older software that many users would have to repurchase their software anyways. Why not use this as an opportunity to switch to Free / Libre or Open-Source software? or at least buy a comercial version that works on a secure OS such as MAC OS X or Linux?

The real answer is to spend an hour (I’ve done this dozens of times, and despite the rumors it really only takes an hour to put in place some very advanced security) and put in place 14 layers of security. If you do that, you won’t need to spend five hours cleaning off your machine.

14 layers of security? Are you serious? How many home users are going to go through all of this effort? Why not just run something that comes secure out of the box? After , you want me to spend how much on antivirus, firewall and anti-spyware prodcuts? Lets add this up:

  • Windows XP SP 2: free, although MSFT did almost charge for it and could easily charge for SP 3 or SP 4
  • Get a good anti-virus program: and
  • Software Firewall: Zone Alarm ($70 / year), ($39.95),
  • hardware-based firewall:
  • Run the latest version of Outlook ($109 full version)
  • Antispyware apps: Spy Sweeper 1 Year Subscription ($29.99), ,
  • Steps 9 through 14 are just administrative techniques and are good ideas so I’ll give credit where its due. Although 9 sounds like “disable all the *extra cool* features because they’re unsecure so shouldnt have included them to begin with”.
  • So no including the cost of Outlook 2003 ($109) the average total on reaching the 14 level security scheme Scoble suggests is about $200. $200 is a lot of money just to feel like I’m running a secure operating system. That doubles the cost of any Windows XP Home license or about 2/3 the cost of a Windows XP Pro license. $200 is a lot to shell out for most people.

    I realize Scoble works for Microsoft and probably gets many of these products free or at least heavilly discounted so its not an issue for him, but what about the rest of use? What about those who live in 3rd world countries and cannot afford to upgrade from Windows 95 to XP let alone buy all of these 3rd party apps?

    Most Linux distros would come with everything Scoble suggests (except for the hardware firewall) at no extra cost. You would get Open Office (an MS Office replacement), Evolution (an Outlook replacement), Mozilla / Firefox (an Internet Explorer replacement), ClamAV (antivirus), iptables / ipchains (2 way software firewall), and way more. Distros are available that come with all of this right out of the box why waste time and money making Windows feel secure when you can get the real thing from free and secure operating system such as Linux.

    Moving on, Scoble ignores the last two thirds (2/3) of Chris’ letter. He seems to completely ignore the issue at hand, which is the insecurity of Microsoft’s Operating Systems.

    But let us assume you can afford to pour your hard earned money at this problem and you’ve bought the newest versions of all MSFT software and you’ve spent over $200 on getting 14 layers of security in place. Great, what happens when the next vulnerability is announced and MSFT decides to wait a month or years to issue a patch? What if MSFT decides to never release a patch or make you wait till Longhorn comes out and then pay for it? You’re basically screwed. This would never happen with open-source. When Red Hat decided to cut off support for the 7.2, 7.3, 8.0 and 9.0 versions of Red Hat Linux their competitors came in and filled the gap. You can now get updates from 2 different providers: Fedora Legacy or Progeny Transition Service. Who do I go to when MSFT decides to stop patching Windows 98? Who do I go to when Microsoft decides a security issue isnt worth fixing?

    Microsoft would probably argue they fix all bugs in a timely fashion and that all this is hogwash. What about the Secunia report which Chris references?

    Anyways, its 4am here in Buenos Aires and I’m starting to lose my focus. The point I’m trying to make is that Chris is right MSFT’s Operating Systems are not a good choice for anyone but those who want to become full time security experts and even then they’ll need plenty of spare time and money to throw at the problems they’ll surely run into. Robert, if thats what you want to spend your time and money on thats fine with me, but most users dont. So next time you are at Aunt Thelma’s house pop in a copy of Xandros, Knoppix, or some other easy to use distrobution I bet she never notices the difference. I know my father didnt and he hasnt had to call me with virus, spyware or corruption since then.