FTDI needs to be charged under the Computer Fraud and Abuse Act

FTDI is a company that makes computer chips for USB peripherals. Their chips are frequently cloned, which is an issue they have a right to deal with. But they have to be careful.

Breaking suspected cloned chips that consumers bought in good faith is the wrong answer. If I did that, it would be called hacking, and I would be sitting in jail right now, and probably would be facing a quarter-century in prison. Read more

Bitdefender 60-second virus scan: a review

I mentioned Bitdefender 60-second virus scan the other day, but didn’t give it a proper review. It’s time I remedy that.

It’s a small 160K stub that downloads a few more megabytes worth of stuff after you run it. Unlike most other free antivirus apps, this one is intended to be secondary–a marketing tool to show you what your primary antivirus isn’t catching that Bitdefender would, I suppose. But I think it’s useful as a second line of defense, and recommend using it as such.

Read more

End of the innocence for Mac security

Antivirus vendor Kapersky has identified a new trojan horse targetting Macintoshes.  It spreads a botnet based somewhere in China via an infected Microsoft Word document, typically sent as an e-mail attachment.

The spin is that if you don’t use Word on your Mac, you’re safe. That’s true–this week. But going forward, it’s going to take more than that. Read more

01/31/2001

Mailbag:

Music, HD, Linux modem

Sick. Something you’ll (hopefully) never see: DefragCam. I can blame one of my twisted coworkers for that idea.

A sad referrer showed up in my logs yesterday. It was a search request, from Hotbot, on the string, “I’ve never had a girlfriend.” I’m pretty sure that phrase appears as part of a sentence in Are we talking about more than just sunsets? but as part of a phrase. I seem to remember writing, “I’ve never had a girlfriend outside the winter months,” or something like that. I have no way of knowing where that request came from. Probably a bored, lonely teenager. More people have never had a girlfriend than anyone’s willing to admit. Including a majority of teenagers.

It’s only a problem if you let it be one. Unfortunately a lot of people do, and that makes them vulnerable to all sorts of scum, like advertisers and fringe religious fanatics and seedy individuals, all promising things they can’t or won’t deliver.

Not that I’m much of an advice-giver (unless you’ve got a slow computer, then I’m pretty good), but the best suggestion I’ve got is to find something you’re good at. Lose yourself in that. If you’re not good at anything, find something you enjoy and lose yourself in it. You’ll get good at it. That alleviates the boredom, and it builds confidence, which makes you good at other things. Does it make girls notice you? Only indirectly. But it’s better to be a winner who only occasionally has girlfriends (and remember, ideally you should only be in a successful relationship once anyway) than to be a loser who always has a girl.

I hate to sound callous, but given the choice between having a book published to my name, or having any of my ex-girlfriends back, I’d choose the book. I wouldn’t even hesitate. When I find a girl who’s cooler than writing magazine articles, and she thinks I’m pretty cool too, then I’ll know it’s time to settle down.

I guess that’s the other good thing about losing yourself in other interests. If a girl starts hanging around who’s more interesting than those things, great. If she’s not, that’s your subconscious mind’s way of telling you to keep looking.

A new way to benchmark. Finally, there’s a multitasking-oriented benchmark, available from www.csaresearch.com . Keep an eye on these guys. I didn’t use any benchmarks in Optimizing Windows, because they don’t reflect real-world performance and they generally test your hardware, not the operating system as it stands on your machine. This benchmark uses new methods that try to take multitasking into account, so it will do a better job of reflecting how a system feels. It was like I was telling my sister yesterday. If I put two computers in front of her, she doesn’t care which one puts up better numbers. She knows which one’s faster. But with a lot of the benchmarks today, the faster machine doesn’t put up the best numbers. Or a PC might put up numbers that appear to kill another, but when you sit down to use the two, you can’t tell a difference.

Time for a review. I’ve been so critical of reviews lately I decided to try my hand at writing one myself, to see if I’ve still got what it takes.

Linksys Etherfast Cable/DSL Router

Broadband Internet connections are increasingly common, and it’s hard for a single PC to use up all the available bandwidth. Plus, more and more homes have multiple PCs, and it’s a shame to spend $50 a month for Internet access and limit its use to a single PC. A number of third-party programs for sharing an Internet connection exist, and recenolution. These devices are about the size of a hub, plug into your cable/DSL modem, have a built-in firewall, and include one or more ports. You can plug your PCs into these ports and/or plug in a hub or switch so you can support a larger number of PCs. Another advantage of a standalone router is additional security against hackers. A Unix box can be very secure, but if a hacker does get into it, he can do a lot of unpleasant things, to you or to someone else (but make it look like you’re the one doing it). A hacker can’t do much to a router besides mess up its configuration. You can reset it and reconfigure it in five minutes. So the security of one of these devices is very tough to beat.

One of the most popular standalone cable/DSL routers is the Linksys BEFSR41, also known simply as the EtherFast Cable/DSL Router. It’s widely available for around $150. The best price I could find on it was $131. I tested the 4-port version. A 1-port and 8-port version is also available. The 1-port version is less expensive but requires a separate hub or switch. If you already have one of those, you can save some money, but the 4- or 8-port version is ideal since it includes a built-in switch. I have an 8-port dual 10/100 hub; the Linksys router therefore gives me three additional higher-speed network ports, since switches are faster than hubs. Most people will probably want the 4- or 8-port version, because it’s easy to get spoiled really quickly by a 100-megabit switched Ethernet LAN.

Configuration is wickedly easy. Plug it into your cable/DSL modem, plug a computer into it, turn all of it on, configure the PC for DHCP if it isn’t already, then open a Web browser and go to http://192.168.1.1 . Feed it the factory password (which is undoubtedly documented all over the Web, but I won’t document it here as well), then make the changes you need. Most people won’t have to do any configuration other than changing the configuration password. If you want to put it on a different subnet, do it, then run winipcfg, push the release all button, then the renew all button, reconnect to the router, and make other changes if need be.

Administration is easy too. Just connect to the router via its Web interface, and click on the Status tab. You instantly get your network status. If your ISP drops your connection, hit the Release, then the Renew button. From the DHCP tab, you can tell the router how many clients to support. You can go to the advanced tab to configure port forwarding or a DMZ if you want such a thing–most of us won’t.

The only thing I had difficulty doing was upgrading the firmware from the browser interface. The router must not have liked the version of IE I was using. However, nothing stops you from downloading and running the firmware upgrade directly–as long as you’ve got a Windows box handy. Mac and Linux users may have problems there. Firmware updates seem to come every couple of months.

The firewall built into the router is unable to pass Steve Gibson’s LeakTest, but all hardware routers have this weakness–it’s virtually impossible for a hardware router to tell the difference between innocent traffic and malicious traffic caused by a Trojan Horse. However, the router passes ShieldsUp! ( www.grc.com ) with flying colors.

The speed of the connection is certainly acceptable; with me running a caching nameserver on the Linux box it replaced that machine should be able to outperform any standalone router any time. Of course this is purely subjective; the speed of the Internet changes constantly. Nothing stops me from running a caching nameserver behind this router, which will help performance significantly. Local network performance on the built-in 10/100 switch is outstanding.

Appearance-wise, it’s a solid product, made of two-tone blue and black plastic but it’s not cheap plastic. Styling is modern but tasteful–no wild colors or translucent parts. It has indicator lights up front, a reset switch up front, and ports in the back. It also has built-in legs, so presumably it’s stackable with other Linksys hardware (I don’t have any Linksys switches or hubs, so I can’t check that).

The only flaw I can really find with this router is that the MAC address can’t be changed. Some ISPs authenticate against the card’s MAC address, which allows them to control how you connect to them. It also prevents you from using this type of device. Some competing routers allow you to change their MAC address, so they can spoof that card and get around the limitation.

I read of problems using it with services that use PPPoE (PPP over Ethernet). My service doesn’t, so I can’t test this. Buyer beware.

I was disappointed that the 45-page manual didn’t have an index, but it had a lot of nice information in it, such as pinouts for Ethernet cables. It’s written in clear, plain and straightforward English. Manuals of this length and quality are rare these days.

I think it’s a decent product, but for my purposes I want something else. I don’t want something so easy to reset to factory defaults and configure. Why? It’s getting corporate use, and I want it to be complex enough to scare people away. I want the user interface of an HP LaserJet printer control panel. It’s a pain to configure, so therefore end-users don’t mess with it. I’m not sure if I’ll find such a beast, but you bet I’ll look for it.

Mailbag:

Music, HD, Linux modem

LoveLetter is just a symptom of worse things to come

The virus parade continues. I saw some really disturbing speculation on BetaNews today. Of course there’s the news of 10 variants on VBS.LoveLetter. Worse yet, there’s speculation of what kind of havoc a trojan horse jumping on ICQ could cause. I don’t know if ICQ is scriptable, but what if someone implemented a program that contacts the ICQ network (possibly by borrowing code from one of the open-source Linux ICQ clones), then sends itself to all of your ICQ contacts? A lot of ICQ users indiscriminately accept and run any file sent to them. Just another conduit. Hopefully it’s beyond most virus writers. (Most virus writers are on my programming level. If I download a real program, you know, like an open-source Linux utility, I’m pretty clueless about four lines in. I can follow virus code, because it’s simple.)
Microsoft really needs to start giving a rip about security. I know it’s fashionable to bash MS, but I was bashing them back in 1990 and never really stopped, so hear me out. There’s just far too much exploitable scripting capability in contemporary MS products. Worse yet, these languages don’t abort on errors anymore, which creates a breeding ground for new viruses. When two viruses merge, the code still executes. The gibberish that in days of old would have stopped the program today gets passed over and the program keeps running. I can see popping up a dialog box that says “Run-time error,” with two buttons (continue and abort). I longed for that years ago when I still aspired to be a programmer. But no, that’s not dummy-proof enough.

Well, guess what? Now our computers are so dummy-proof that they’re time bombs. Thanks Bill. Now we still can’t get any work done. Used to be because it was too hard to figure out. Now it’s because our computers keep getting their system files wiped out.

I saw an Amiga 1200 on eBay for about $75 the other day. Time to throw these MS-infected PCs out the door of a low-flying plane over the Redmond campus, (yes, I know there’s a perfectly good possibility they’ll hit someone) and replace them with real computers that are reliable and not afraid of asking the user a question.

But I know good and well I’ll probably just abandon Windows as a primary OS and just run it in VMWare sessions. At least then, when Windows decides to take a dump all over itself (or let some virus do it), the mess is confined. Not that I have a virus problem because I open things in Notepad before doing anything with them, but we’ve already been through that.

Another observation. This one’s shorter, I promise. Are we so love-starved that we’ll open some attachment called “love letter” without even looking at it? That all of our better judgment gets suspended until it’s too late? (I ask as U2’s “Who’s Gonna Ride Your Wild Horses,” which might as well be about my last serious relationship, comes on over my.mp3.com–very funny.)

Hey, there’s a song in there somewhere. “Love by Outlook.” Hmm. Time to go give the synth a workout.

Oh yeah. That question I asked. I don’t have a good answer for it. An evangelist in Columbia thought he had the ultimate answer. Didn’t work. So I ended up moving to St. Louis to get a new start. New old familiar territory, got a new job, signed a book deal, and life was good again. I doubt that’ll work for everyone else. But it’s a lot better than an e-mail attachment.