Update:From the many informed comments at Bruce Schneier's blog I learn that the infected computer in the story quoted below was not an on-board computer. It was a ground-based maintenance computer. Which makes a lot more sense to me, since I don't think Windows has been qualified for avionics software.
_______________________
Again, in fairness, we don't know that this was a Windows-based system. As with the BP oil rig, those investigating are keeping carefully quiet. But when someone speaks of infections like this, Windows is the first thing that pops into my mind:
Authorities investigating the 2008 crash of Spanair flight 5022 have discovered a central computer system used to monitor technical problems in the aircraft was infected with malware.
An internal report issued by the airline revealed the infected computer failed to detect three technical problems with the aircraft, which if detected, may have prevented the plane from taking off, according to reports in the Spanish newspaper, El Pais.
...The malware on the Spanair computer has been identified as a type of Trojan horse. It could have entered the airline's system in a number of ways, according to Jamz Yaneeza, head threat researcher at Trend Micro.
We do know that it was a Windows virus that got loose on the International Space Station two years ago. Fortunately for the astronauts, "Not all of the 71 laptop computers currently aboard the station run Windows".
Microsoft's 2010 software suites present "the most complicated lock-in decision in years," and many customers will be justified in sticking with the 2007 versions of Office, Exchange and SharePoint, Burton Group analysts said this week at the Catalyst conference.
Microsoft is pushing its weight around in 2010 by offering numerous tools that used to be provided only by third-party vendors, and embracing the virtualization and software-as-a-service delivery models, analysts said.
"Microsoft wants more of your money," said Burton Group analyst Guy Creese. "This is going to be a pretty complicated decision, one that may lead to lock-in. ... If you go forward with all of the 2010 products you will be a Microsoft shop for the foreseeable future because the offering is so monolithic."
It bears repeating: Microsoft is trying to lock you into their products -- and lock themselves into your wallet. If you are sticking with Microsoft because it is too expensive or too difficult to switch, consider this:
1. It will be more expensive and difficult if you adopt the 2010 Microsoft products. Microsoft is determined to make it as hard as possible for you to switch away.
2. When figuring the cost/benefit tradeoff, consider tomorrow's costs as well as today. Once you are locked in, you'll have to pay even higher prices for your Microsoft licenses.
It will never be cheaper to switch than right now.
There are lots of reasons not to use Internet Explorer. Traditionally it has been one of the biggest security risks in a Windows PC. But now I learn, from the Wall Street Journal, that Microsoft deliberately chose to make it hard for you to get privacy as well:
In early 2008, Microsoft Corp.'s product planners for the Internet Explorer 8.0 browser intended to give users a simple, effective way to avoid being tracked online. ...
In the end, the product planners lost a key part of the debate. The winners: executives who argued that giving automatic privacy to consumers would make it tougher for Microsoft to profit from selling online ads. Microsoft built its browser so that users must deliberately turn on privacy settings every time they start up the software. (Emphasis added.)
So even if you set your browser for "privacy," it doesn't stay set. Unlike, say, Firefox or Opera, which remember the privacy settings you choose. I tell you three times: do not use Internet Explorer.
P.S. At this time, I won't recommend Google Chrome as an alternative. I haven't heard of any specific flaws, but Google is notorious for its disregard for privacy and trying to "monetize" user information, so I wouldn't be surprised to learn that Chrome is also advertiser-friendly.
In complete fairness, we don't know that this "blue screen of death" refers to anything that was provided by Microsoft. It's certainly possible that some other software vendor chose to use a blue screen when their product locks up. But still, one wonders...
A computer that monitored drilling operations on the Deepwater Horizon had been freezing with a "blue screen of death" prior to the explosion that sank the oil rig last April, the chief electronics technician aboard testified Friday at a federal hearing.
"Blue screen of death," or BSOD, is a term most often used to describe the display shown by Microsoft Windows after a serious crash that has incapacitated a PC.
...The machine had been locking up for months, Williams said, producing what he and others on the crew called a "blue screen of death." "It would just turn blue. You'd have no data coming through," Williams said today, according to the New York Times' story.
With the computer frozen, the driller would not have access to crucial data about what was going on in the well.
...While he did not identify the operating system running the balky computer, the phrase "blue screen of death" is typically used to describe a Windows crash.
Microsoft declined to comment on Williams' testimony and characterization of the crash screen. Transocean did not respond to e-mail seeking comment.
By the way, the buzzword (buzz-acronym?) for this category of computer application is SCADA: Supervisory Control And Data Acquisition. SCADA is used everywhere -- power plants are one big example -- and there are frequent news stories expressing concern about viruses or foreign crackers getting into SCADA systems. In my humble opinion, no "mission critical" system should ever run Windows; but I have an admittedly dim view of Windows reliability. (I also think that SCADA systems shouldn't be connected to the Internet, but that's another subject.)
July 21 - The recently discovered Stuxnet malware, which takes advantage of a zero-day Microsoft Windows Shell vulnerability, is being used in targeted attacks to penetrate industrial control systems, particularly in the United States, according to security researchers.
The malware has been active for several days, targeting supervisory control and data acquisition (SCADA) systems, which are used to manage operations at places such as power plants and gas and oil refineries, to obtain data. The United States, Iran and Russia have been hit the hardest, according to security firm ESET. Almost 58 percent of all infections have occurred in the United States.
Of particular concern:
The flaw permits a malicious .lnk file to be executed by simply plugging in an infected USB device, Randy Abrams, director of technical education at ESET, told SCMagazineUS.com on Wednesday.
“The user doesn't have to click on anything at all,” Abrams said. “You can disable AutoRun, but that doesn't prevent this vulnerability from being executed.”
Up until now it was thought that disabling AutoRun made it safe to put a USB memory stick into your PC. But now it's not. Only insert USB memory sticks from trusted sources. And by "trusted" I mean someone you trust to keep his computer virus free.
I'm still swamped with work, but I stumbled across this today and thought Windows users might appreciate a new alternative: Nitro PDF Reader is a new, free, PDF reader. I haven't tried it myself, but this review on Download.com is favorable:
To put it mildly, the feature set is robust. Users can comment on PDFs using notes and text markup, fill out forms, print to PDF, or create one by dragging an existing document into Nitro, share and comment with others, and securely sign a document. This may sound like standard PDF boilerplate, but it's important to emphasize given that they're all free here, and they all work well.
I gather it's still in beta testing, and they'd appreciate comments from users.
"100 Free Windows Software For Your Daily Use" (MakeTechEasier, January 2010). Ten programs in each of these ten categories: Office, Security (including antivirus!), Graphics, Instant Messaging, Social Networking, Media Converters, Music Management, Email, System Tools, and Backup.
No, I'm not going to summarize their links. MakeTechEasier put all 100 on a single page; it doesn't get any more convenient than that.
Since I disdained Microsoft's security software yesterday, I should offer an alternative. Here's an article from TechRepublic describing "10 obscure antivirus tools worth checking out". The short version:
My comments: I've tried BitDefender for Linux with satisfactory results. If I recall correctly, the Windows version needs you to renew the free license every year...a small annoyance.
Friends have recommended AntiVir. I haven't any first-hand experience to relate, yet.
I was disappointed in ClamAV. It's very slow, on both Windows and Linux, and I found the Linux version to be ferociously CPU intensive (it was the only application that regularly caused my laptop to shut down from overheating). It might be nice for mail servers, but I wouldn't use it to scan a desktop system.
I dislike "trialware," partly because I'm so often installing on a computer that I see once a year. I'd rather use a "free for home use" product. I don't mind if they try to "upsell" to a deluxe paid product, as long as I can continue to use the free product indefinitely...and if you like the product, I encourage you to show your financial support. But I won't support products that deactivate themselves after the trial period (as opposed to just no longer accepting updates) -- they're basically holding your PC for ransom.
One warning about products that include firewalls: don't enable two firewalls on the same system. If you're going to use a third-party firewall, be sure to disable the Windows firewall (available on Win XP and later).
I included Microsoft's offering because it was on the original TechRepublic list...but I wouldn't use it, myself.
And now I need to update our own list of security tools. (I wish I'd had Dr.Web CureIt! when I was trying to clean my Mom's PC last December.)
Our friend Charles C. sends a link to this item: "Ten free apps to install on every new PC". Let me add that they mean every new Windows PC. The article is worth a read, but I'll give the bare-bones list here:
This looks -- mostly -- like an excellent list. Before I begin to quibble, let me point out that the first five are also available for Linux. (Three of them are open source.) And I wish something like Karen's Replicator was available for Linux.
Now, the quibbles: I was unimpressed with Foxit Reader for Linux; when I tried it two years ago, it was "nagware". That may have changed, and that may be different on the Windows version.
Also, as a matter of principle, I will never, ever use iTunes, or an iPod, or buy music from Apple. But that's based on my personal beliefs and not on any technical issues. (Whereas my objections to Microsoft are both personal and technical.)
Finally, I'd use something other than Microsoft Security Essentials. When I reviewed anti-virus products recently for my Mom's new PC, it scored rather badly. And as a matter of prudence, I think Windows users need someone other than Microsoft to ensure their computer's security. When you've got a doddering old locksmith installing crappy locks on your front door, and forgetting to install anything on your back door, do you then hire him to be your night watchman?
Update: I forgot to mention -- again -- OpenDisc, which collects a superb assortment of open-source software for Windows PCs, including the three mentioned above.
The problem started around 2 pm GMT when McAfee pushed out DAT 5958 to users of VirusScan Enterprise. The virus definition falsely identifies a core Windows file as infected, quarantines it and then shuts down the machine. When restarted, the PCs are unable to load Windows, a glitch that mires them in an endless reboot cycle.
Even when I go quiet for a few days, my correspondents keep sending me items of interest. Thanks to the Millers for this one:
People who manage public computers face daunting security and anti-malware threats. Microsoft acknowledged this fact when it introduced Windows SteadyState, an add-on for Windows XP and, later, Vista.
SteadyState essentially resets a computer whenever a user signs off, thus protecting his or her identity and data. It lets administrators restrict how users can interact with the computer -- administrators can, for example, block access to programs, Web sites, the Control Panel, and disk drives.
SteadyState can also set time limits on user sessions and import user accounts (so that once you've set up an account on one PC, you don't have to start from scratch on the others you manage). And when a user logs off, a feature called Windows Disk Protection erases all changes, ensuring a consistent user interface.
However, not only is SteadyState incompatible with Win7, Microsoft says it has no plans to introduce a Windows 7-compatible version. That's leaving some IT managers scrambling for replacement technology and others vowing not to upgrade to Windows 7 at all.
Of course, where some see a Microsoft blunder, others see a Linux opportunity.
There are lots of ways to solve this problem under Linux, but none of the ones I can think of offhand are easy or automatic:
1. You can run your shared-access PC from a Linux "Live CD." It's impossible to corrupt the operating system, and you can get a clean start with every reset. Disadvantage: live CDs are slow; also ties up the CD-ROM drive.
2. You could boot a RAM-resident Linux (e.g., Puppy Linux) from CD or USB stick. But rebooting is more complicated if you remove the CD. And you need a lot of RAM, and may not support content like Flash, WMV, and PDF.
3. You could run inside a virtual machine like Virtualbox. This can reset a machine to a known state -- and can even run Windows. But a knowledgable user can tinker with Virtualbox and possibly corrupt the system. Also, resetting to a known state may require some Linux/Virtualbox knowledge.
4. You can run a commerical product like Returnil. (Not an endorsement; I've never used it.) But this costs money.
I don't think any of these handle time limits or billing (as would be needed for an Internet cafe), access control, or user accounts. But surely there is something available in the Linux world.
Update: a friend writes with another suggestion: "If you wanted to provide public internet access, one way to do it would be diskless terminals running Linux. The diskless terminals could boot over a LAN via NFS or NBD to a file server. The server could be configured to provide read only access to the operating system and the required binaries. The terminals could be configured to automatically reboot at log off. Having no disks on the terminals would reduce the costs and maintenance associated with providing the terminals."
applications: The software that lets you do things with your computer (word processor, Internet browser, email, etc.). The programs you see and use.
distribution: Also called "distro." An operating system (usu. Linux) combined with a selection of application programs, in a ready-to-install form. Different distributions are customized for different purposes, e.g., desktop computing, music editing, Internet server, and so on.
FOSS: "Free / Open Source Software," a catch-all term. Sometimes F/OSS or FLOSS.
free software: Refers to free as in freedom, not free as in free beer. Specifically, the freedom to run, study, share, and modify the software.
howto: A short tutorial telling "how to" perform some task. See, for instance, the Linux HowTos.
Linux: Strictly, GNU/Linux. A free operating system, modeled on Unix, developed since 1991 by volunteers around the world.
open source: Refers to software whose source code can be examined, modified, and redistributed. Similar to but not exactly the same as "free software."
operating system: The software that manages your computer's hardware (disk drives, display, network connection, etc.). The stuff "under the hood" that makes your computer work.
repository: An on-line library of application programs for a particular distribution, in a ready-to-download-and-install format. In many distributions, programs can be installed from the repository with just a few mouse clicks.
Unix: A computer operating system originally released by Bell Labs in 1970. It is still widely used in several commercial variants, and in the open-source BSD Unix.
We Recommend
RSS Feeds
Our news can be syndicated by using these rss feeds.
Advice (6)
