Questions and (possibly related) answers

Questions come in. Answers go out. Sometimes the answers are even related to the questions. That happened three times this week with questions about antivirus applications, wireless routers for home use, and notebook computers suitable for college. When it comes to antivirus programs, you probably have more choices than you think you do. The most secure WiFi settings may not be right for home use. And selecting a notebook computer requires looking at more than just who makes the processor.

Which antivirus program is right for you?

I received a message from someone who was seeking good antivirus software. He'd been using Norton Antivirus, but didn't like what it was doing to his computer. He didn't particularly want to try McAfee, either, because he's heard how much of a resource hog it is.

I immediately thought of Grisoft AVG. It's well known in Europe and gaining ground in the US. The free version is good, but the paid version offers a more complete control panel. Support is by e-mail and is quick (paid version). www.grisoft.com

Also a good choice: NOD32 from Eset. It's a bit pricey and has a complicated user interface, as I recall, but a good application. www.nod32.com

Both of these tread lightly on system resources.

Avast Antivirus has free and paid versions. The free version requires obtaining a key from the manufacturer. It's good for 14 months and is renewable. A little more cumbersome than AVG, but quite competent. www.avast.com

CLAM is a free (open source) antivirus application. I haven't tried it on a Windows machine, but there is a free front-end for Windows at SourceForge (http://sourceforge.net/projects/clamwin/) and it might be worth a try. I use it on the Macs with the OS X front end. When you obtain a front end for CLAM, you'll receive CLAM with it or pointers to it. If you're really ambitious, you can obtain the source code and compile your own.

Another well-regarded antivirus program (no free version, but a 30-day free trial is available) is from Kaspersky, a German company. www.kaspersky.com

Yet another option comes from Iceland: F-Prot offers a free DOS version, but you have to pay for the Windows, BSD, and Linux versions. www.f-prot.com

So there's no shortage of options if you want to get away from Norton and McAfee.

GENERAL NOTE ON AV SOFTWARE: All of the ones I've listed (including McAfee and Norton) will stop most viruses most of the time. All of them will occasionally miss something. To be fully protected, keep your operating system up to date (security patches), install a firewall (software, at least, and preferably hardware), and be sure to activate the most effective antivirus software known: wetware (the stuff between your ears). Caution and common sense complement your other security measures.

You may be wondering -- if one antivirus program is good, shouldn't two be better -- and the answer is NO! Install and use only one. They get in each other's way. One will see the other as a virus. When it comes to catching infected files, they're all about equal.

Symantec may add the Foo.Fighter.w32 definition 23 hours 10 minutes before AVG gets it, but AVG will find the Paul.McCartney.w32 virus and add it 12 hours 6 minutes before NOD32 gets it, but NOD32 will add the Leonard.Bernstein.w32 virus 3 days before Avast gets it, and ...*

In practice, few viruses spread fast enough for this to be important.

*No, the names are not indicative of Itunes gone haywire.

And if you have a Mac, you don't need antivirus software ... right?

Wrong. Well ... the short answer is still probably that you don't and Macs running OS X will always have some protections not available yet to Windows users (maybe in Vista) -- specifically that no user should be running with "root" privileges.

If OS X succeeds in brining more users into the Mac community and the Mac becomes a bigger target, things will change. Even Macworld and (surprisingly) Mac Addict are beginning to mention this.

So far I'm satisfied with CLAM (I think the Mac front end is also at Sourceforge). OSX Tiger automatically sets up its built-in firewall if you establish sharing of any kind.

So although it's still not essential, I prefer to be ready. The Mac users who deny the need for AV software now and forever are not being realistic.

Protecting your WiFi signal

A listener in California (Internet listener; our signal doesn't go that far west) is installing WiFi in his home.

Netgear tells me that I can use WEP authentication and WPA-PSK authentication, and fails to tell me the advantage of either. It does indicate what a Nice Idea it would be if I could manage to configure all the other machines on the same network the same. It also doesn't say if this is an 'either-or' or a 'two is better than one' situation.

WEP is the original security setting for wireless. A lot of people consider it "broken" because it's not particularly secure. I guess if something that is supposed to provide security doesn't, it could be considered "broken".

Wired Equivalent Privacy (WEP) is part of IEEE 802.11b and provides total security as long as those pesky RF signals stay inside your house. In reality, it's not quite that serious, but there are problems that make it somewhat insecure. In response, the Wireless Ethernet Compatibility Alliance (WECA) says that WEP was never intended to be the sole security mechanism for a WLAN even though it is included in most networking products.

The steering wheel in your car is not intended as the sole mechanism for providing maneuverability, either.

WPA is the technology WECA now says is secure and it will remain that way until it's proven to be insecure and WECA announces that it was never intended to be the sole security mechanism for a WLAN even though all of the manufacturers have switched to it.

WiFi Protected Access (WPA) replaces WEP and provides more sophisticated data encryption, along with user authentication. WEP may still be adequate for home use, but should no longer be trusted in a business environment. WPA is a subset of and will be compatible with the IEEE 802.11i security standard.

PSK indicates phase-shift keying Phase-shift keying which shifts the phase (d'oh!) of a transmitted signal instead of shifting the amplitude (610 WTVN is AM) or the frequency (WNCI is FM) to convey information.

It's probably mentioned here because it's the original method used, but is in the process of being phased (sorry) out. PSK was written in to the original IEEE 802.11 specification. Complementary code keying (CCK) in which each data packet cheerfully greets every other packet it encounters (no, not really) is being specified for future systems because it's faster and less vulnerability to interference.

So ... despite what you've probably concluded from the blather presented here: For home use, I would probably continue to activate WEP.

A notebook computer for school

I have been looking for a laptop recently and was wondering about processors. I have done some research and from most of what I read, the Pentium M is getting the best reviews. I was wondering how the AMD Athlon 64M stacks up to the Pentium M, since the machines with the Athlons sell for a considerable amount less. I have used AMD processors in two previous desktops and my current one, and have no regrets. I just don't want to make a thousand dollar mistake with a laptop. This being back to school time, I would guess other listeners might be interested as well.

That's a good question and I've been mulling it over for a bit. I've decided that it probably doesn't matter a lot. Both Intel and AMD have technologies designed to reduce heat and prolong battery life in portable machines. The technologies differ in implementation, but produce similar results.

If you have a need for video processing, an Intel CPU would probably still be the better choice (and if you really want to work on video, you probably should have a Mac.) If not, then other things would take precedence.

Features (Firewire, USB, DVD, hard drive size, expansion options for memory) would be more important than the CPU. Screen size and resolution would be important. And near the top of the list for me is reliability. Toshiba, IBM (now manufactured by Lenovo on China), and Dell are solid and reliable -- although Lenovo is still, to some extent, and unknown.

I would avoid buying at Sam's, Best Buy, and Wal-Mart because sometimes these organizations have "special" models that aren't the same as those you'll find at computer shops (MicroCenter, CompUSA). I might consider buying a computer from Circuit City.

Notebook computers are not something I'd buy from a local assembler and, although I rarely recommend service contracts, they're a reasonable purchase when it comes to notebook systems.

Messages from Apple

Apple is in the dangerous position of having announced that a major hardware change is coming while not wanting to lose sales during the interim. It's a tough perception to fight. If you want a Mac and you want it now, the right thing to do is to buy what's available now because it will continue to work with existing and future software. That's a tough sell, though, so Apple is doing what most marketers do in similar situations: They're cutting the price (but not by much).

A heavily personalized direct-mail piece arrived at the house a couple of weeks ago. It not only had my name (four times) but it also had a URL that featured my name (3 times): www.G5doesmore.com/william.blinn.

The first thing I did was to try mistyping my name and I was somewhat surprised to find that it really is significant. Without the proper name, visitors get an error message. In this case, I'd changing the directory name to "foo.bar". No sale.

It's an offer for photographers.

There may be other offers, but this was one targeted for photographers. It wanted to know about my current Apple computer (there was no option for "none", so this is a mailing that's being sent only to known owners of Apple computers.

It wondered whether my workflow was primarily Photoshop, InDesign, or something else.

Then it wanted to know how much time I wasted every day waiting for the computer, what my hourly rate is, and how many photographers the studio has.

Once given that information, the Apple website suggested how much I could save by buying a new G5 machine.

It suggested that I would save nearly $1600 in the first year. The trouble with calculations such as this is that they assume time spent doing nothing could be used entirely for billable work. If the speed of the computer costs me 2 minutes per job and I accomplish 10 jobs per day, maybe I'll have another 20 minutes worth of billable time per day, or maybe I'll just take a longer lunch hour.

But let's assume that I'm interested and I want to go to the next step.

So I click the link that offers to tell me about the great deal Apple has for me. Well, unfortunately, that takes me to ...

A page that lets me fill out enough information for apple to call me. Earlier, the site mentioned $100 off if I buy a system with a bunch of bundled applications. In other words, it's not really much of a sale.

Even worse, it's a "take what we have in stock" sale because the discount prices do not apply to any custom-configured machines. That's made apparent only in the small print:

Oh, well. I wasn't planning on buying a new Apple right now anyway.

Typing fast

"Time spent sharpening the tools is never wasted." That's something that journeyman carpenters are known to say. If you work with sharp tools, you're more likely to get the job done right the first time and you're less likely to injure yourself or other workers. The same philosophy applies for those of us who use computers.

When I use the Mac notebook, I have to create a secure connection to a server at the office if I want to collect e-mail from there. To do this, I've been opening the terminal and typing "ssh -L25:wile.somewhere.com:25 -L110:wile.somewhere.com: 110 -username wile.somewhere.com -N -f" (some information has been changed to protect my privacy). I don't need access to office mail from the Mac very often, so I've been putting up with the process of routinely typing "ssh -L25:wile.somewhere.com:25 - L110:wile.somewhere.com:110 -username wile.somewhere.com -N -f".

To be entirely truthful, I knew that the Bourne again shell was smart enough to retain the old commands in a non-volatile buffer, so I could usually use the buffer to get the command so that I didn't have to type "ssh - L25:wile.somewhere.com:25 -L110:wile.somewhere.com:110 -username wile.somewhere.com -N -f". Near the end of July, I spent some time doing other things in the terminal and the command I needed was 100 or 200 commands back in the buffer.

I didn't know about the bash command that searches the buffer and that's when I decided it was time to refresh my memory on the subject of Unix aliases. That took a few minutes, but I edited .bash_profile and added this line: alias wile='ssh -L25:wile.somewhere.com:25 -L110:wile.somewhere.com: 110 -username wile.somewhere.com -N -f' and now instead of having to type "ssh -L25:wile.somewhere.com:25 -L110:wile.somewhere.com:110 - username wile.somewhere.com -N -f", all I have to type is "wile".

If you find yourself having to repeat any long, complex operation on any computer -- Windows, Mac, or Linux -- it's time to find a way to make the process something you can repeat with a keystroke or just a few keys. Now I can type "ssh -L25:wile.somewhere.com:25 -L110:wile.somewhere.com: 110 -username wile.somewhere.com -N -f" in less than a second.

Nerdly News

Surly Apple comments

I've mentioned a time or two that Apple CEO Steve Jobs has a rather inflated opinion of himself. As evidence, I present a commencement address at Stanford University, up El Camino Real a bit from Apple's headquarters. Much of what Jobs has to say (http://news-service.stanford.edu/news/2005/june15/jobs-061505) is reasonable and even inspiring, but consider this section in which Jobs describes "dropping in" on a calligraphy class and the impact it had on the world of computing:

"[The Mac] was the first computer with beautiful typography. If I had never dropped in on that single course in college, the Mac would have never had multiple typefaces or proportionally spaced fonts. And since Windows just copied the Mac, its likely that no personal computer would have them."

So if Jobs hadn't invented proportional typefaces on the Mac, nobody else would have thought of it? Bullfeathers! In fact, proportional typography was already available on the PC (and possibly on Apple computers) when Jobs invented the Mac. The proportional typefaces didn't always display well on the screen, but computers were capable of creating output with proportional typefaces.

You'll note that I'm not even mentioning Jobs' claim that "Windows just copied the Mac" and that I'm also not even mentioning that most of what Apple "invented" had already been invented at the Xerox Palo Alto Research Center. (Examine a map and you'll see that Stanford University, Palo Alto, and Cupertino are adjacent.)

Jobs perhaps might also feel that if Chrisoforo Columbo had not gone sailing in 1492 that the New World would never have been discovered, but that's not the way science and history work. Usually several people have similar ideas and one of them makes the idea public before the others. But if "the inventor" had never existed, the scientific principle or the invention or the discovery would have come to light at about the same time anyway.

So, Steve, you've done a lot. People should read your commencement address for the inspiration it contains. But if you hadn't "invented" proportional type for the Mac, somebody else would have done it for some other computer.

Surly Windows comments

It's been another big week for Microsoft. The patch frenzy continues at the company tries to fix some particularly nasty problems. The Computer Emergency Readiness Team (CERT, until Homeland inSecurity got involved, "Computer Emergency Response Team") describes the problems: "Microsoft has released updates that address critical vulnerabilities in Windows and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on an affected system."

This month's patches:

VU#965206 - Microsoft Internet Explorer JPEG rendering library vulnerable to buffer overflow

Microsoft Internet Explorer contains a flaw related to JPEG image rendering that may allow an attacker to remotely execute arbitrary code.

VU#959049 - Several COM objects cause memory corruption in Internet Explorer

Microsoft Internet Explorer allows instantiation of non-ActiveX COM objects, which may allow an attacker to execute arbitrary code or crash Internet Explorer.

VU#998653 - Microsoft Plug and Play contains a buffer overflow vulnerability

Microsoft Plug and Play contains a flaw in the handling of message buffers that may result in a local or remote denial-of-service condition and arbitrary code execution.

VU#490628 - Microsoft Remote Desktop Protocol service contains an unspecified vulnerability

An input validation error in the Microsoft Remote Desktop Protocol (RDP) service may allow a remote attacker to cause a denial-of-service condition.

VU#220821 - Microsoft Print Spooler service contains a buffer overflow

A buffer overflow in the Microsoft Print Spooler service may allow a remote attacker to execute arbitrary code on a vulnerable system.

SIX critical vulnerabilities! If you don't have WindowsUpdate automatically update your computer and you haven't visited the website this week, now is the time to do so! Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code with SYSTEM privileges or with the privileges of the user. If the user is logged on with administrative privileges (which most Windows users are), the attacker could take complete control of an affected system. An attacker may also be able to cause a denial of service attack.

Let us know what you think. Write to:
Bill Blinn --
Joe Bradley --

Have a question? Ask it and you might pick up a prize for stumping the chump. Send your question to . And ... good luck!

Privacy Guarantee:

I HATE SPAM and will not sell, rent, loan, auction, trade, or do anything else with your e-mail address. Period.

Joe

(Photo by Sally)

Bill

(Photo by Scampi)

As if you didn't already get enough weather on the radio!

If you do not see a Weather Underground banner above and you use ad-blocking software, please set your application to allow images from "www.wunderground.com" to appear.

Annoying legal disclaimer
My attorney says I really need to say this: The Technology Corner website is for informational purposes only. Neither Joe nor I assume any responsibility for its accuracy, although we do our best. The information is subject to change without notice. Any actions you take based on information from the radio program or from this website are entirely at your own risk. Products and services are mentioned for informational purposes only and their various trademarks and service marks are the property of their respective owners. Technology Corner cannot provide technical support for products or services mentioned on the air or on the website.