Consumer routers drive security professionals like me crazy. I’m happy to say I finally found a router that doesn’t drive me nuts. I want you to buy an Asus RT-AC66U. I’m going to tell you why, and I’m going to tell you how to configure it. Here’s how to set up an Asus RT-AC66U and how to optimize an Asus RT-AC66U.
To the uninitiated, the world of Android ROMs can be more than a little confusing. Since Android is based on Linux and therefore large portions of it are licensed under the GPL, enthusiasts are free to create and release their own builds.
That’s where some of the confusion comes from. When you buy an Android device, it comes with Android pre-loaded of course. Then, when Google releases a new version of Android, it releases it to the vendors and to the phone companies. If your device is really popular and you’re really lucky, you’ll get an update from either the carrier or the vendor. Usually the update comes with some ridealong software, which you may or may not find useful.
Enthusiast-built Android ROMs tend to come out much sooner than official ROMs sanctioned by the manufacturer, and they don’t come with the bloatware either, so they tend to run a lot better. My venerable Samsung Galaxy S4G phone, which is nearly three years old, runs better on an enthusiast-built ROM than it ever ran with the vendor-provided one, and the enthusiast-built ROMs are much more up to date. Read more
Are you curious why there’s no Cyanogenmod for the Sero 7 or Sero 7 Pro tablets? Or why there’s only one aftermarket ROM for it, released way back in May, with no updates?
I realized why this week. Hisense has not yet released the GPL source code for the tablets. And without developers being able to look at the kernel source, you’ll see very little, if any aftermarket firmware for these tablets.
Is the Windows Firewall safe enough? I wish more people would ask that question rather than make assumptions.
I wish I had a nickel for every time I’ve heard an unsubstantiated statement like “Windows firewall is junk.” I went looking, and the best I could find was this, an editorial that said it doesn’t do enough to address outbound connections, particularly on a program-by-program basis.
OK, point taken. But “enough” is a moving target.
You may have a question about open-source licenses on your CISSP exam. I don’t remember the specifics and wouldn’t be able to repeat them anyway, but I had a question on my exam where knowing the differences was helpful in finding the right answer.
And I had to deal with an issue this past week involving open-source technologies where the licenses made a big difference.
UEFI is a technology that forces a computer to only load a digitally signed operating system. This has some security benefits, as it makes parts of the operating system unbootable if they become infected, since the viruses won’t be digitally signed by a reputable vendor.
Great idea, right? From a security perspective, absolutely. The more attack vectors for viruses we can eliminate, the better off we’ll be. But Microsoft’s policy on ARM systems shows how it can be abused.
Antivirus software is the worst culprit in PC slowdowns. I am not alone in this belief. I don’t suggest going without (not completely) but it’s certainly possible to save lots of money, eliminate subscriptions, eliminate most of the overhead, and still practice (relatively) safe computing while running Windows.
Use Clamwin, the Windows version of ClamAV, and don’t engage in risky behavior (more on that later).Clamwin is free, GPL software, meaning you never have to pay for or renew it. It lacks a realtime scanner, which is the main resource hog for PCs. This may leave you vulnerable to infections, but think about where the majority of infections come from: E-mail, downloads, and drive-by installations. Clamwin comes with hooks into Outlook to scan e-mail attachments for you, and Clamglue is a plugin for Firefox that automatically scans all downloaded files. Of course you’re using Firefox, right? Using a non-Internet Explorer browser is the most effective way to prevent drive-by installations. I don’t use IE on my personal PCs for anything other than running Windows update.
Realtime protection made lots of sense when the main distribution point for viruses was infected floppies, but those days are long gone. This approach protects you against modern viruses without making your multi-gigahertz computer run like a Pentium-75.
I do suggest periodically scanning your system, something that even antivirus packages with realtime protection do. It makes you wonder how much confidence they have in that resource-hogging realtime protection, doesn’t it? Weekly scans are usually adequate; daily scans are better if you suspect some users of your computer engage in risky behavior.
Risky computer behavior
The last virus that ever hit any computer I was using was LoveLetter, which was way back in May 2000. The only reason I got that one was because I had a client who got infected and she just happened to have me in her address book. I don’t know the last time I got a virus before that.
It’s not because I’m lucky, it’s because I’m careful. There are lots of things I don’t do with my computers.
I stay off filesharing networks. Not everything on your favorite MP3-sharing site is what it claims to be, and there are people who believe that if you’re downloading music without paying them for it, they are entirely justified in doing anything they want to you, such as infecting you with a computer virus.
I don’t open e-mail attachments from strangers, or unexpected e-mail attachments from people I know. For that matter, if I don’t recognize the sender of an e-mail message, I probably won’t open it at all, attachment or no attachment.
I don’t run Internet Explorer if I can possibly avoid it. Internet Explorer’s tight integration into the operating system makes it far too easy for people to run software on your computer if you so much as visit a web page. Google tries to identify web pages that might be trying to do this, but a safer option is to use a different web browser that doesn’t understand ActiveX and doesn’t have ties into your underlying operating system.
I don’t install a lot of software downloaded from the Internet. A good rule is not to install any “free” software whatsoever unless it’s licensed under the GNU GPL or another similar open-source license. If you don’t know what that means, learn. Open source means the computer code behind the program is freely available and outside programmers can examine it. If a program distributed that way does anything malicious, someone’s going to figure it out really fast. If I’m going to download and install something that isn’t open source, I only do so when somebody I trust (be it a trusted colleague, a magazine columnist, etc.) recommends it.
I don’t rely on software firewalls. I have a separate cable/DSL router that acts as a firewall and sits between my computers and the Internet. So when the random virus comes around looking for a computer to infect, my firewall doesn’t even speak their language (it doesn’t run Windows and doesn’t have an Intel or AMD processor inside), so the potential infection just bounces right off.
Use a web-based e-mail service instead of a program like Outlook or Outlook Express if you can. If you use something like Yahoo Mail or Hotmail, that company’s servers scan your incoming and outgoing e-mail for viruses, so if someone sends a virus to your Yahoo account, you won’t get it. Does your ISP scan your e-mail for you? If you don’t know, you probably should consider getting your e-mail from someone else. Your antivirus should catch it, of course, but it never hurts to have someone else looking out for you too.
If you avoid these practices, you can join me in throwing out your commercial, for-pay antivirus software and reclaim a lot of computer performance too.
Generally speaking, I tell people not to install free software on a computer anymore unless it’s licensed under the GNU GPL or another similar open-source license, because open-source software is the only type of software that has any high degree of likelihood of not containing adware or spyware or other malware.
The problem with that advice is that the people who know what it means probably already follow it, and if you follow this Farquhar’s Law (there are many) to the letter, you miss out on gems like Irfanview.I’ve recommended the Tinyapps.org web site for a long, long time, but some jewels like Mozilla are much too big to qualify for that list.
While neither list is likely to have every safe, free application available, checking those sites for software that does what you want gives a broader range of choice than simply making a blanket statement like “Don’t install anything that isn’t Free (as in speech) Software,” or “Don’t install anything that isn’t GPL.”
If you want software that you can copy and redistribute and, if you wish, modify, with little or no restriction, then of course your best bet is to check out Freshmeat.net and look for software with a license that’s OSL approved.
Contrary to what it may seem, strings-free freeware isn’t a totally lost art. You just have to look a little harder these days, that’s all.