Bitdefender 60-second virus scan: a review

I mentioned Bitdefender 60-second virus scan the other day, but didn’t give it a proper review. It’s time I remedy that.

It’s a small 160K stub that downloads a few more megabytes worth of stuff after you run it. Unlike most other free antivirus apps, this one is intended to be secondary–a marketing tool to show you what your primary antivirus isn’t catching that Bitdefender would, I suppose. But I think it’s useful as a second line of defense, and recommend using it as such.

Read more

Just say no to black boxes

When the PS3 was released, one of its advertised features was that you could install Linux on it and use it as a Linux computer. I doubt many people did it, but it was a useful feature for those who did.

Sony later took that ability away in a firmware update. You could choose not to install that later firmware, but then you gave up other capabilities.

Now, some enthusiasts have figured out various ways to get that capability back, and Sony is so thrilled about that, they’re suing.

Sony is in the wrong.
Read more

Why Firefox will probably always have mixed acceptance in corporate environments

I saw an article in Information Week today about Firefox in the enterprise.

The fanboys on both sides took offense, of course.

I’m a longtime Firefox user and an IT professional, but yet I agree with the premise that Firefox will always have trouble in that environment.The biggest reason is inside the firewall, in the corporate intranet. Some commenters complained about lazy in-house design, but that’s not the whole story. Many web-based enterprise applications are designed for Internet Explorer and only Internet Explorer. One app that I support takes it a step further, and only works with IE 5.5 or IE 6. That’s going to be a problem when the order comes down to deploy IE 7. The product is discontinued, so at that point we’ll have to either migrate to something else, or have people connect to a terminal server so they can run IE 6.

I have another web-based application I support (but if I ever change jobs I’ll deny ever hearing about it) that works with IE 7, but if and only if an administrator logs on and manually registers some ActiveX controls. That product is called Microsoft Project Server 2003 Web Access.

Yes, you read that right. Even Microsoft can’t properly support its own web browsers.

Any corporate web-based app that uses ActiveX will never run on Firefox. Those that check for a specific IE version might run on a hacked version of Firefox, but if you ever have any problems, you’re on your own. Corporate suits don’t like that.

And since computers and applications tend to live almost forever once they’re deployed, IE’s stranglehold on those environments may not be measured in years. We may be talking a decade, or even more.

I’ll submit the refrigerator-sized VAX systems I walk past nearly every day in the server room as evidence of the longevity of some systems. The computers themselves may not be quite 20 years old, but the applications they’re running are at least that old.

Firefox also tends to go against corporate culture in other ways. One of the first questions a corporate suit will ask is who they can sue if it breaks. Never mind that if a Microsoft product breaks, they probably waived all legal rights as part of the EULA. The guys in corner offices who wear ties know more about that than anyone who works on computers. A wave of the hand makes that problem go away.

Yeah, right. But don’t bother trying to tell them that.

A second problem is that many IT decisions are made, or approved, by people who admire Bill Gates’ wealth. Since Bill Gates became the world’s richest man by selling computer software, his computer software must be the best, period, end of story.

Many of the books decision-makers read perpetuate this belief. One example is the highly popular and influential book Naked Economics by Charles Wheelan. In many circles, this book is a must-read. I have to admit I’m getting as much out of this $11 book than I got out of my college economics class, if not more. But Wheelan trots Gates out again and again as a master visionary, a master programmer, and lots of other things that he clearly isn’t. The examples serve to make Wheelan’s point, which is the most important thing, but they also perpetuate the myth that Bill Gates is the greatest computer scientist and visionary of all time, when the fact is he’s an astute and ruthless businessman who happened to find himself in the computer industry. His track record as a programmer and visionary isn’t all that great.

But because of this myth, spread largely outside of the computer industry proper, many influential people will insist on using the Microsoft product any time there’s a choice. They’re not interested in Wordperfect or Quicken or Dreamweaver or Firefox any other product not made by Microsoft, as long as Microsoft makes something that competes with it.

The Millionaire Mind by Thomas Stanley explains this mentality somewhat. When a person’s job is to make money, they don’t want to do product research and they don’t want to take chances. When they buy tires, a dishwasher, or a refrigerator, they walk into the store and buy the most expensive one, because the most expensive one must be the best. They don’t want to spend time doing market research because they could spend that time making money. And they want something they believe won’t break, because time spent dealing with broken stuff is time they can’t spend making money.

Basically, any time spent discussing or researching a purchase is time that can’t be spent making money. So in the mind of a bean-counter or an executive type, it’s much cheaper in the long run to just choose the Microsoft product and forget about it.

The logic is completely faulty–it’s an excellent example of a red herring logical fallacy, as Bill Gates’ wealth has nothing to do with the quality of his competitors’ products–but arguing that point isn’t likely to get you anywhere. Even if the decision maker is wrong, the time spent arguing about it is probably worth more than the potential savings by going with a different product.

At home, none of this matters. And at home, I’ll keep using Firefox. I’ve been using Firefox since 2002 when it was an obscure project called Phoenix, so I think you can call me a longtime fan.

Firefox made remarkable progress from 2002 to now, while IE has gone from IE 6 to IE 7 in the same timeframe.

But in the corporate world, very little of that matters. Incumbency has its advantages. Some companies will embrace it because of its many advantages. In other companies, users will sneak it in the door, the same way they snuck in PCs in the 1980s and 1990s while the mainframe-centric IT staff wasn’t looking. But in the majority of companies, it’s likely to stay shut out, perhaps because something important requires IE, but if not, the mere absence of Microsoft’s name on the product will be enough to keep it out of some doors.

I don’t expect to ever have Firefox on my PC at my current job. It’s my employer’s loss, but it’s not my decision.

The worm that’s not a worm

I got mail at work today. The subject:
David you have an e-card from Alex.

Well, about the only person I know who calls me David is my mom. And I don’t know anybody named Alex. And why would a guy be sending me an e-card? Not wanting to explore that possibility any further, I disregarded it.

Then I remembered reading about something like that somewhere, so I went back and looked at it.

Short story: A really sleazy e-card company is sending out e-mail containing nothing but an URL at, which sends down ActiveX controls and installs some spyware that, among other things, sends bogus cards to everyone in your Outlook address book. That’s where I got that e-card message from. I was in this guy’s address book, for whatever reason. (Turns out he’s the webmaster at work. Funny how the webmaster and the hostmaster can go for long periods of time and never meet, eh?)

Officially, this isn’t a virus or a worm because it’s a company doing this crap, rather than a bored loser who lives in his parents’ basement and you have to click on an EULA (which most people do blindly anyway) for it to activate. I fail to see the difference, but I guess I’m weird that way.

I originally wrote that the anti-virus makers didn’t consider this a worm, but Symantec seems to have relented. You can get a removal tool at Symantec’s site.

If you want to protect yourself pre-emptively, locate your hosts file (in C:\winnt\system32\drivers\etc on NT/2000/XP; I’m wanting to say it’s in C:\Windows\System on Win9x; on most Unix systems it’s in /etc, not that it matters since this not-a-worm runs on Windows) and add the following entry:

More cleanly, you can ask your network admins really nicely if they can block at the firewall or DNS level.

If you have inadvertently unleashed this monster, first, close Outlook immediately. Normally, I’d advise getting right with everyone else before cleaning things up, but since there’s the risk of making things worse if you do it that way, clean house, then start apologizing.

Next, download the removal tool.

If you want to be really safe, go into the control panel and remove anything that appears to have anything to do with Next, I’d go to and download Active Xcavator and remove anything having to do with Next, I’d head over to LavaSoft and download Ad-Aware and let it shoot anything that moves.

Next, apologize profusely to the guy who runs your mail server (ours got clogged up for hours processing all the mail from and to everyone in your address book. I can’t offer you any advice on the best way to do that. Except I’d use something other than Outlook to do it. Head over to to find yourself a small freeware mail client. Assuming you’re not on an Exchange server, I’d suggest pulling the network plug before firing up Outlook again to get those e-mail addresses.

Meanwhile, it would do no good whatsoever if everyone who’s gotten one of these annoying e-cards (whether they opened it or not) opened a command prompt and typed ping -t and left it running indefinitely. No good whatsoever. It’s still a distributed denial of service attack if all of the participants participate voluntarily and independently. Right?