Some security-ish short takes

Windows 7 SP1 is coming soon. Possibly as soon as this weekend.

Historically, service packs tend to get off to a bit of a rocky start, so I’m not going to be installing this right away. But since it’s so imminent, I’m not going to be installing Windows 7 on anything else yet either. I’ll probably give it a couple of weeks, then slipstream and install. Being the first on the block to install a service pack usually isn’t a good idea. Seems to me that in one Slashdot poll several years ago, given the choice between installing a service pack on the first day or watching the movie Master of Disguise, the really bad Dana Carvey movie won out. There’s a reason for that.

Microsoft Security Essentials, Take 43,291. And while we’re picking on Microsoft, my biggest beef with Microsoft Security Essentials is that it doesn’t update itself quickly enough. But you can make it check for updates as frequently as every hour. Directions are at http://lifehacker.com/5733597/change-microsoft-security-essentials-update-frequency

They cite this as a good thing to do on laptops. I completely agree. My laptop gets used just sporadically enough that it has trouble staying updated, and usually, when I use it on the road, it’s not up to date at first, and it’s when you’re using strange networks that you most want to be up to date.

Frankly I think it’s a good thing to do on your desktop too. When the signatures get updated, would you rather get the updates right away, or tomorrow? I’ll vote for right away.

When I was administering antivirus for a living, when I updated my AV server, my clients got the updates within an hour or so. Sometimes it was within a few minutes. That system wasn’t even directly connected to the Internet. So if that system needed its updates that fast, so do home PCs.

Passwords. It’s now possible to test 400,000 passwords per second using Amazon’s services, at a cost of 28 cents per minute. So, testing 24 million possible passwords costs 28 cents.

Strengthen your passwords. Going to 16 characters with two uppers, two lowers, two special characters and two umlauts is overkill, but you want to be using more than 8 characters, and use at least one number, one upper and one lowercase letter, and one special character like a punctuation mark. If your password is something like “popcorn,” well, let’s do the math. It takes one second to test 400,000 passwords, and there are arguably a million words in the English language, so cracking a simple one-word password should take a maximum of two and a half seconds and cost 3 cents.

If you found this post informative or helpful, please share it!

2 thoughts on “Some security-ish short takes

  • Pingback: Cloudy day « Awed Manor

  • January 15, 2011 at 12:01 pm
    Permalink

    I have a laptop I use sporadically and I long ago got into the habit of booting it up (or waking it up) and manually updating as soon as it is connected to the internet. A registry hack only increases the chance that the laptop gets updated, not guarantee it. Manual update only takes four clicks of the mouse. The hack requires considerably more effort and isn’t for the weak of heart, as well one has to redo the hack each and every time MS releases a newer version. I’ll stick to manual updates!

Comments are closed.