symantec

Another meaningless security report…

Dave Farquhar Software , , , ,

So Symantec is saying that IE is more secure than Mozilla-based browsers because there were 25 security vulnerabilities disclosed in the first half of 2005 for Mozilla, as opposed to 13 for IE.

Such reports are fine for Clueless Information Officers. Let’s analyze this like someone who actually knows what to do with that thing that sits between your ears.First and foremost, Mozilla lacks tight integration into the operating system, making it fundamentally less dangerous. Internet Explorer is like a bank that leaves its vault open after hours because it locked the front door. Since Mozilla lacks those ties that go directly into the operating system, it’s like a bank that locks the front door and the vault. The more locks the crook has to crack, the better.

Also, past performance isn’t necessarily an indication of future gains. People who invest know this all too well. Remember, the first half of 2005 was when Mozilla was seeing explosive growth. It was still a young product and had a lot of things to shake out.

But the potential is certainly there. Let’s look at Apache vs. IIS. You see fewer Apache vulnerabilities than IIS, even though Apache’s source code is visible for everyone to see, and even though Apache is a much larger market. Mozilla has this same potential.

In the meantime, Mozilla is still a minority browser. Since most hackers these days are motivated by profits, they’re going to do the same thing any other businessman does: Look for volume. Internet Explorer still has 12 times the exposure that Mozilla does. And Internet Explorer is often used in corporate environments, since many corporate intranets rely on IE-specific technology. That makes it an attractive target, since it’s easier to get through a browser than it is a corporate firewall. And once you do manage to get in, there’s a lot more good stuff inside a corporate LAN than there is inside a home LAN.

And by Symantec’s own admission, “at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred.”

That tells us the Mozilla developers are working faster than the would-be Mozilla hackers, and it also suggests that hackers are looking harder at Internet Explorer.

Also, Symantec is being selective about the flaws it’s looking at. The article states that it only counts confirmed flaws. IE has 19 unconfirmed flaws versus 3 unconfirmed flaws for Mozilla. So IE has 19 unconfirmed and unfixed flaws plus 13 confirmed flaws, for a total of 32. Mozilla has 25 confirmed flaws plus 3 unconfirmed and unfixed, for a total of 28.

I don’t know about anyone else, but I’m more concerned about those unconfirmed and unfixed ones. As long as I’m running the current version of either browser, I’m protected against those 25 big bad flaws (for Mozilla) or the 13 (for IE) from earlier in the year. I can’t do anything about those 19 unfixed Internet Explorer flaws.

Frankly, I think Symantec is just trying to get a headline on a slow news day, and maybe trying to kiss up a bit to Microsoft, with whom it’s always had a very close relationship since Symantec traditionally has been willing to write the pieces of software that Microsoft for whatever reason doesn’t want to touch.

I’m sticking with Mozilla Firefox. Not only is it the safer browser when you look at the things that actually matter, it’s also the better one.

I’ve been messing around with Backup Exec 10

Dave Farquhar Software , , ,

Veritas is trying mightily to unseat Microsoft as my least-favorite software company. I do believe Backup Exec to be the worst piece of software of any kind on the market. In fact, babysitting Backup Exec is the reason I haven’t been around much.

I’m looking to version 10 for some relief (and the much-needed 1.0 quality that Microsoft usually delivers around version 3–when Veritas will deliver it probably is an interesting Calculus problem).The downside to version 10: I’m told there’s no more Windows NT 4.0 support. Can’t back ’em up. I haven’t actually tried installing the remote agent on an NT4 box to see if it’s unsupported as in we-won’t-help-when-it-breaks or unsupported as in no-can-do. Smart businesses hocked their NT4 servers a couple of years ago. I won’t say anything else, except that not every business is smart.

More downside: If a tape fills up and you can’t change it because the server is offsite and/or behind locked doors that require approval from 14 middle managers and a note from your mother to get to, under some circumstances Backup Exec 10 will hang indefinitely while cancelling the job. Version 9 had the same problem. Bouncing the services will usually relieve the hang, but sometimes you have to reboot.

It’s tempting to put Backup Exec and your tape drive on your biggest file server to get faster backups. But trust me, if you put it on a server that’s dedicated to backups–its day job can be as a domain controller or some other task that’s shared by multiple, redundant mahcines–you’ll thank yourself. It’s very nice to be able to reboot your Backup Exec server without giving your seven bosses something else besides the cover sheet on your TPS reports to grumble about.

If you must put Backup Exec on your file server, set up DFS and mirror the file shares to another server. It doesn’t have to be anything fancy–just something that can prop things up while the server’s rebooting. And run Windows 2003, because it boots fast.

The upside: I can make Backup Exec 9.1 die every time by creating a direct-to-tape job and running it concurrently with a disk-to-disk-to-tape job. The tape portion of the second job will bomb every time. Veritas technical support tells me that bug was fixed in 9.1SP1. It wasn’t. But it’s fixed in 10.

There are some other features in 10, like synthetic backups, that promise to speed backups along. That would be very nice. It would also be nice if it would be reliable.

I’m not going to put it in production yet–when I first deployed 9, it fixed a lot of problems but it made a whole bunch of new ones–but maybe, just maybe, Backup Exec 10 will do what it’s supposed to do well enough that I can work something close to regular hours again.

Otherwise I’ll look forward to Backup Exec 11 and hope that it features more changes than just a new Symantec black-and-gold color scheme and wizards featuring Peter Norton. We’ll see.

Fixing a computer that shows the wrong partition size after resizing

Dave Farquhar Troubleshooting, Windows , ,

So, I’ve got these Windows 2000 boxes that didn’t have enough space, so I resized some partitions. No error messages, no problems. I reboot, and the drives still show their old size, even though in Disk Administrator they show the right size.

What gives? Microsoft acknowledges this issue in Windows XP, but hasn’t released a fix yet. But these aren’t XP, they’re 2000.

I’ve got a crazy solution.

If you have a copy of Ghost by Symantec, take a Ghost image of the partition that’s sized wrong. Then, immediately after creating the image, write the image back to the partition you just Ghosted.

Makes no sense, right? Well, but Ghost doesn’t do a bit-by-bit copy. It makes sure it gets good copies of your files, but it saves an interpretation of the partition, rather than the partition itself. So when it writes it back, minor errors that were there before get wiped out.

Now, why there can’t be a disk utility that does this same thing to a partition without the imaging runaround, I don’t know.

I just know I’ve brought a lot of computers with weird disk problems back to life over the years by making Ghost images of them and then writing the image back. This one today is just the latest in that long line.

Ghost won\’t let me use my monster hard drive!

Dave Farquhar Software , , , ,

Here’s a familiar problem, I’m sure.

You need to back up your laptop, so you buy a monster (200+ GB) USB or Firewire hard drive. And then you can’t use it in Symantec/Norton Ghost, for one of two reasons:

1. You can’t format a FAT32 partition bigger than 32 gigabytes.
2. Ghost chokes when it tries to make a file larger than 4 gigabytes.These are limits of the operating system, not Ghost. But there are workarounds.

To format a FAT32 drive bigger than 32 gigs, you need a DOS boot disk. If you don’t have a Windows 95OSR2 or Windows 98 DOS boot disk handy, you might try bootdisk.com, or download the latest version of FreeDOS, which now supports FAT32.

You’ll have to use good old FDISK and FORMAT, which is clunkier than Windows XP’s computer management, but at least it’s possible.

Ghost can choke when the image file exceeds 4 gigabytes in size because FAT32 won’t let you make a file larger than that. It’s a limit of the FAT32 file system. The workaround there is to split up the image. Pass Ghost the -SPAN -SPLIT=4095 parameters when you launch it to get around that problem.

How did I miss Symantec buying out PowerQuest?

Dave Farquhar Software

PowerQuest, best known as the makers of PartitionMagic, got bought out by the monolith Symantec–soon to be the only large maker of utility software in the universe–back in December.

This eliminates DriveImage as a competitor to Ghost, gives Symantec a killer consumer app in PartitionMagic, and also gives Symantec the enterprise-class PartitionMagic-like apps.PartitionMagic was a good product. I hope Symantec doesn’t dummy it down too much. But for the past year or so, I’ve been booting Knoppix and running qtparted whenever I need to resize partitions. Long ago I made a boot CD containing the DOS version of a semi-recent copy of PartitionMagic (whatever the last version I bought was), but qtparted handles filesystem types that PartitionMagic won’t touch, so the free alternative is more useful to me. Besides, it’s legal for me to use qtparted on any of my computers or anyone else’s. I don’t think PartitionMagic can be used on more than one PC without additional expense.

If the secret ever gets out about Knoppix and qtparted, PartitionMagic stands to lose a big chunk of its market.

How DOS came to be IBM’s choice of operating system

Dave Farquhar Retro Computing , , , , , , , , , ,

The urban legend says Gary Kildall snubbed the IBM suits by making them wait in his living room for hours while he flew around in his airplane, and the suits, not taking it well, decided to cut him out of the deal and opted to do business with Bill Gates and Microsoft, thus ending Digital Research’s short reign as the biggest manufacturer of software for small computers.

Read more

The Compaq DL320 and Ghost

Dave Farquhar Hardware , , , , , ,

We got another Compaq Proliant DL320 in at work. This one’s a Windows 2000 print server (grumble grumble–we’ve been playing with HP’s Linux-based print appliances and so far I really like them).

But anyway, since rebuilding a Windows server is a much bigger deal than rebuilding a Linux server (all our other DL320s run Debian Linux), we tried building a recovery image with Ghost.

Only one problem: Ghost 7.5 doesn’t see the DL320’s IDE drives. DOS sees them just fine. But Ghost 7.5 doesn’t see them, and neither did MBRWork, a freeware partition-recovery tool that’s saved my bacon a few times. There’s something odd going on here.

In desperation, I dug out an old copy of Ghost 5.1c I found on our network. It’s from mid-1999. Oddly enough, 5.1c sees the Proliant’s CMD 649-based UDMA controller just fine. The only problem is, Ghost 5.1c doesn’t handle the changes Windows 2000 made to NTFS. It’ll make the image just fine, but when I went to try to restore it, Ghost crashed.

So I pulled out an unused copy of PowerQuest Drive Image. Drive Image worked fine. Mostly. It made the image at least. One thing I noticed was that Drive Image’s compression was a whole lot less effective than Ghost’s. The other thing I noticed was that Drive Image’s partition resizing didn’t work right. I’d re-size the partitions so they’d fit on another drive I had (I wanted to test the backup to make sure it worked, but not on the live, production drive) but no matter what I did, it reported there wasn’t enough room on the drive.

“Ghost would be so much better in every way, if it worked,” I said in frustration.

“Isn’t that true of everything?” Charlie asked. I guess he didn’t think that was the most brilliant observation I ever made. Not that I did either.

We’ve got support with both Symantec and HP, so we really ought to call them and see if they have a resolution. HP talks out of both sides of its mouth; on the one hand, I found statements on its Web site that Ghost is unsupported on Proliant hardware, and on the other I found some tools that claim to help with system deployment using Ghost.

But since this DL320 is being used to drive a printer that costs about as much as any of us make in a year, and it’s being set up by a guy who’s being flown in early this week at $2,000 a day, I’m not positive that we’re going to get a good resolution to this. I suspect we’ll just end up using Drive Image and keeping an identical drive on hand in case Windows 2000 gets suicidal on us. The price of an IDE drive is pocket change on top of all this.

But when you’re running Linux and GNU tar is a legitimate option as a backup and recovery tool, I love the DL320. It’s small, fast, and cheap. It’s funny when tools allegedly written by college students as a hobby work better and more consistently than commercial tools you have to pay for.

Well, I guess I should say it’s funny when that happens and it’s someone else who has to deal with it.

The worm that’s not a worm

Dave Farquhar Windows , , , , , ,

I got mail at work today. The subject:
David you have an e-card from Alex.

Well, about the only person I know who calls me David is my mom. And I don’t know anybody named Alex. And why would a guy be sending me an e-card? Not wanting to explore that possibility any further, I disregarded it.

Then I remembered reading about something like that somewhere, so I went back and looked at it.

Short story: A really sleazy e-card company is sending out e-mail containing nothing but an URL at friendgreetings.com, which sends down ActiveX controls and installs some spyware that, among other things, sends bogus cards to everyone in your Outlook address book. That’s where I got that e-card message from. I was in this guy’s address book, for whatever reason. (Turns out he’s the webmaster at work. Funny how the webmaster and the hostmaster can go for long periods of time and never meet, eh?)

Officially, this isn’t a virus or a worm because it’s a company doing this crap, rather than a bored loser who lives in his parents’ basement and you have to click on an EULA (which most people do blindly anyway) for it to activate. I fail to see the difference, but I guess I’m weird that way.

I originally wrote that the anti-virus makers didn’t consider this a worm, but Symantec seems to have relented. You can get a removal tool at Symantec’s site.

If you want to protect yourself pre-emptively, locate your hosts file (in C:\winnt\system32\drivers\etc on NT/2000/XP; I’m wanting to say it’s in C:\Windows\System on Win9x; on most Unix systems it’s in /etc, not that it matters since this not-a-worm runs on Windows) and add the following entry:

127.0.0.1 www.friendgreetings.com

More cleanly, you can ask your network admins really nicely if they can block friendgreetings.com at the firewall or DNS level.

If you have inadvertently unleashed this monster, first, close Outlook immediately. Normally, I’d advise getting right with everyone else before cleaning things up, but since there’s the risk of making things worse if you do it that way, clean house, then start apologizing.

Next, download the removal tool.

If you want to be really safe, go into the control panel and remove anything that appears to have anything to do with friendgreetings.com. Next, I’d go to www.cognitronix.com and download Active Xcavator and remove anything having to do with friendgreetings.com. Next, I’d head over to LavaSoft and download Ad-Aware and let it shoot anything that moves.

Next, apologize profusely to the guy who runs your mail server (ours got clogged up for hours processing all the mail from not-our-friendgreetings.com) and to everyone in your address book. I can’t offer you any advice on the best way to do that. Except I’d use something other than Outlook to do it. Head over to TinyApps.org to find yourself a small freeware mail client. Assuming you’re not on an Exchange server, I’d suggest pulling the network plug before firing up Outlook again to get those e-mail addresses.

Meanwhile, it would do no good whatsoever if everyone who’s gotten one of these annoying e-cards (whether they opened it or not) opened a command prompt and typed ping -t www.friendgreetings.com and left it running indefinitely. No good whatsoever. It’s still a distributed denial of service attack if all of the participants participate voluntarily and independently. Right?

Klez is nasty!

Dave Farquhar Windows , , ,

If you haven’t ever actually seen Klez in person, count yourself lucky.
I had my first run-in with it last night. I was working on a friend of a friend’s computer and everything about it was goofy.
Read more

Big trouble

Dave Farquhar General , , ,

Getting in trouble. At work, we use a content-filtering application called Websense to keep people from visiting sports sites and porn sites and checking their stocks at work. Prior to its installation, one of the most commonly visited sites in our firewall logs was ESPN.com. Well, I set off Websense this afternoon:

Status: The Websense category "Sports" is filtered.

URL: http://www.symantec.com/sabu/ghost/compatible_drives.html

As you can pretty clearly see from the URL, I was wanting to see if the CD-R drive we have is compatible with Ghost 7.5. Websense didn’t see it that way.

I printed that message out and hung it on my cubicle wall. That’s what we do with bizarre and amusing Websense messages.

So I just had to do a little research. It would appear that Sabu is the name of a professional wrestler. I learn something new every day. But that raises the debate of whether professional wrestling is a sport. Websense and I disagree once again.

Hey, I never said I learn something useful every day…

And that leads me straight into this:

How I once almost accidentally stole a piano from some Mormons. It was my junior year of college, and I was living next door to the Lutheran church just off campus. I was walking out to my car, which was parked on the church parking lot, when a guy walked up to me.

“Can you get me into that church?” he asked, pointing over his shoulder with his thumb.

“Why do you need in the church?” I asked.

“I’m here to deliver a piano,” he said.

I had no idea what the church would want with a new piano, but seeing as I hadn’t set foot in the place all year, what did I know? I had a key for emergencies, and this seemed like one. “Hang on,” I said. “I’ll run in and get a key.”

So I came back out with a key, unlocked the door, and the guy wheeled the piano off his truck. “Any idea where they want this?” he asked as he wheeled it through the door.

Seeing as I didn’t even know they were getting a piano, I definitely didn’t know where they wanted it.

“We’ll just leave it here in the Narthex,” I said. “That way Pastor will see it first thing when he walks in, and he can move it where he wants it.” (That’d teach him for not being there when a piano was due to be delivered.)

“This is 305 S. College Avenue, isn’t it?”

I paused. I didn’t know the church’s address off the top of my head, but seeing as I lived next door at 206 S. College Ave., I knew the church’s address wasn’t an odd number. So I told him that.

“Where else is there a church on College Avenue?” he asked me.

There was none. I racked my brain for a minute. “Let me step outside and see what the building number is.” This was Columbia, after all. Maybe they did put even- and odd-numbered buildings on the same side of the street, for all I knew. They do everything else screwy in that town. Then a thought hit me out of the blue. “I wonder what the address of that Mormon thing across the street is?”

So I peered across the street at our squarish, utilitarian-styled neighbor. “Institute of Religion. Church of Jesus Christ of Latter-Day Saints,” the sign read. Then I looked for a building number. Indeed, it was the address the piano delivery guy was looking for.

He thanked me and wheeled the piano out the door and back into his truck.

I locked the door back up, then went back inside to put the key away. “Have I ever got a story for you,” I said to the first guy I spotted.