What is the purpose of a screen saver? Screen savers served both a technical and a marketing purpose. From a technical perspective, the purpose of a screen saver was to keep an image from permanently being engraved in a CRT-based monitor’s phosphors. But it wasn’t long before screen savers started serving a vanity or entertainment purpose.
One of the very best things security measures you can take is application whitelisting–limiting the apps that are allowed to run on your computer.
The Australian Signals Directorate–the Australian counterpart to the NSA–says doing four things cuts security incidents by a whopping 85 percent. You probably do three of the things. The fourth is application whitelisting.
- use application whitelisting to help prevent malicious software and unapproved programs from running
- patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
- patch operating system vulnerabilities
- restrict administrative privileges to operating systems and applications based on user duties.
I sometimes show my age by making jokes about Bonsai Buddy and Gator and Hotbar, but ads injected in browsers are a problem that’s coming back. And sometimes these ads come with malicious payloads, installing unwelcome software on your computer to maintain persistence.
Problems like this are the reason I tend not to load my browsers down with lots of extensions. Sometimes the functionality is cool, but I’ve always found ways to get what I need done with a stock browser, and then I have a better idea of what I’ve gotten myself into. I’m beholden enough to the agendas of Microsoft, Mozilla, or Google as it is; I don’t need third parties injecting their agendas into the mix, especially when they may be malicious.
And besides that, a lot of extensions tend to be very memory- or CPU-hungry. I have enough memory on most of my machines that I can dedicate 2 GB of RAM to a web browser, but I’m not sure why I should have to.
The fewer extensions you load onto your web browsers, the safer you’ll be, and in the long term, I’d wager the happier you’ll be as well.
After having an incredibly bad week last month, Lenovo started saying the right things, and perhaps doing some of the right things too. But some laptops with the Superfish malware preinstalled on them are still in the supply chain, which means some people are unwittingly buying them.
This isn’t terribly surprising. But there are a couple of things you can do about it, and they’re things worth doing anyway.
So, if you haven’t heard by now, last year Lenovo experimented with preloading its cheapest laptops with spyware that subverts HTTPS, allowing a third party to inject ads on any web page, and providing a convenient place for an attacker to hide behind while messing with your secure transactions.
By the end of the day yesterday, Lenovo had apologized, sort of, and after several sites had provided removal instructions, Lenovo provided its own. After spending much of the day downplaying the security concerns, by the end of the day they were at least reluctantly acknowledging them.
This was really bad, and I’ll explain why in a second, and I’ll also try to explain why Lenovo did it.
I bought a Raspberry Pi over the weekend intending to turn it into a retro gaming system. I’d rather not have a mess of systems and cartridges out for my kids to tear up and to constantly have to switch around at their whims; a deck-of-cards-sized console with everything loaded on a single SD card seems much more appealing.
I followed Lifehacker’s writeup, which mostly worked. My biggest problem was my controllers. NES and SNES games would freeze seemingly at random, which I later isolated to trying to move to the left. It turned out my Playstation-USB adapter didn’t get along with the Pi at all, and was registering the select and start buttons when I tried to move certain directions, pausing the game.
When I switched to a Retrolink SNES-style pad, the random pausing went away. The precision reminded me of the really cheap aftermarket controllers of yore for the NES and SNES. I concluded my controller, which I bought used, was worn out. Ultimately I ended up switching to a Logitech controller, which worked well. Read more
I found a story called Five Malware Myths and take no issue with anything it says. Run antivirus, whitelist your program directories, run EMET, and you’re reasonably protected but not invincible. But nobody is as invincible as the majority of people seem to think they are.
Let’s take them one by one.
Glaurung brought up a good point in a comment yesterday. If you never go online and/or you’re really careful, do you really need to update your OS to something new?
In my professional opinion, it depends. Didn’t you know that would be my answer? Read more
My tell-all about my encounter with “Computer Maintenance Department” was a little heavy on the jargon yesterday. It occurs to me that explaining what some of the terminology means, and the problem with their reasoning, may be helpful. I’ve also heard a few questions through various channels, and I think those are worth answering. Read more
I mentioned Bitdefender 60-second virus scan the other day, but didn’t give it a proper review. It’s time I remedy that.
It’s a small 160K stub that downloads a few more megabytes worth of stuff after you run it. Unlike most other free antivirus apps, this one is intended to be secondary–a marketing tool to show you what your primary antivirus isn’t catching that Bitdefender would, I suppose. But I think it’s useful as a second line of defense, and recommend using it as such.