Sigh

Installed WinXP SP2 a week back, and life is fine so far. It installed flawlessly, seem to co-exist and work with everything that existed. One small problem I had - when I tried to replace Notepad with Notepad2. I realised that the old DLL cache does not work the way it used to work, and there's one more layer of security imposed by replacing files directly from a hidden SP2 source in Windows folder. This might be taking my HDD space, but it's not a major concern. I should say, SP2's an improvement as a whole. As I always say something is better than nothing.

Came across this wisdom of a seemingly old man on ZD Net blog - which is a good bottom line:

"Having been involved in computers since 1968, I’ve found all new software, to include “upgrades", to be an improvement over what we had back then. SP2, from the beta version thorugh the release version, has also contributed signficantly."

Briefcase

MS intoduced briefcase for quick and easy file synchronising for people who're busy. A good thing indeed, but could have been better.

Take for instance, my situation: I work on the same project, using both my Lab machine and home machine, both are PCs. The project has about 100MB data and 700 different files, where I would edit a few of the files in a given day. Copying the whole thing is just annoying: Although in my case I use a thumb drive to move my files around, it takes a lot of time to copy; thumb drives are really bad at copying a lot of small files than copying a single big giant of a file. Since the directory structure is quite complex, 77 folders to be exact, I can't keep track on what's being modified: So I thought of giving Briefcase a try.

To my shock, I realised that briefcase is actually meant for the people who actually use briefcases: wear ties and tuxedos too, perhaps. A one or two Office ducuments, a couple of pictures: you can't actually sync two computers effectively unless you connect them with a cable. The options available are:

• Keep copies of files in both your PC and laptop, and connect them with a cable to sync.


• Keep a removable drive (floppy in MS knowledge base article) and edit them there, while you're working on the laptop, go home and sync.

Obviously option one is not available for me, and how about option two? It may be possible to keep one or two files in a floppy, and even there editing can be a real pain. Think of 100 text files being generated and deleted dynamically, programs compiled, 200 times a day: on the HDD, it takes a second: on a thumb drive, faster it may be than a floppy, it would take ages. So I have to copy the files on to my lab machine.

One guy pointed out (not from MS officially) that you can make a copy of the briefcase to the lab machine manually. However, this practically solves only 50% of the problem because there's no way of updating the briefcase from that copy: you just have to copy it back to thumb drive, which is copying 100 MB and 700 files for changing 10 files that are less than 100 KB each.

Well, I might not be a typical businessman, but this is not WinXP home edition either: or does Windows have a better XP version other than XP Professional for researchers? And briefcase has been there for quite a time now: I don't think it'd improve later. What I ask for is not rocket science; just a way to sync files between two folders just by moving only the files that are modified.

Right now, I've resolved to use good ol' XCOPY, one of the best utilities MS had since the age of DOS. it allows you to selectively copy files depending on archive attribute or modified date. Four batch files to move things from and to thumb drive from two machines, and it's done.

Does anyone know a better way :-/ ?

On hard disk erasures and calling home

Hethu says something interesting:

"If a program is running under Admin privileges, you can do very little to stop it, be it Linux or Windows, simply 'calling home' is just too polite. It can simply format your hard disk, how worse can it be?"

And I promised to explain why the reality is different from possibilities.

First, it siffices to point out that we almost never heard of any hard-disk-erasing viruses so far, except for hoaxes. Why is this the case? I think we all can guess; a mass distructive act like virus spreading can be an act of glory: it's a fight of a kid against world - big corporations, governments etc. All the recently succesful viruses we knew of put entire networks down; attacked microsoft; but no one didn't really harm individual computers to a considerable extent. I think this is because it takes the joy of fight away - like civilian killing in a combat. On the other hand, think about the community perception - when Bush drops bombs on Iraq it's war: but if an american draws graffiti an iraqi car with a spray can, it's vandalism. The latter does negiligible damage compared to the former, but is more disrespected. You don't see a police cop slap on a president's face for bombing.

You see the difference: virus writers generally stay outta 'civilian' casualities. That's the 1337 way of fighting. I don't want to prove this conjecture; reality is more proof than necessary. You can also read A virus is not always the product of a sick mind and Perusing The Virus Author Mentality for better discussions.

In short, the script kiddies don't really want to erase hard disks. The effect of that is something they don't really like. And think, if the kid is too smart, he'd just realise that the erasure of hard disk actually reduces the chance of virus getting spread: the more you keep the machine running, the more you can infect. The first target of any virus writer is to thwart the security and to spread, than to make real personal damage.

Second: who can say it's only the script kiddies who're out there?

If this is not the case, this will be in near future: think of a virus as an email address collector: we all know how the recent viruses used people's address books to spread. What if, instead of just spreading, the virus called home, and gave the list of email address, along with the name of address book owner? A spammer at home will be really happy: first, you get a load of real shiny email addresses instead of the junk you get from web; then, you have the name of at least one of their friends --the owner of the address book-- so you can make your spam look like being originated from him. this will make it difficult to block the spam, and will force the recipient to open them.

If I'm the spammmer who would like a virus like that, would I consider erasing the hard disk? never.

Third: spyware. We have talked enough about spyware; they all work because calling home is possible. And hethu would agree that spyware is evil. You don't just have to accept it's better than hard disk erasure; well it is; but that's a different story altogether. We don't want to get our hard disks erased; we don't want to get our email addresses stolen, our credit cards forged, or our identities robbed either. Just because the possibility exist that someone can kill you, you don't say the police should give up catching robbers and pick pocket guys.

Then a bit about Firewalls.

First, a firewall is a firewall is a firewall. Ditecting viruses is the task of a virus scanner; You can get a virus through email or a removable disk and there's nothing a firewall can do for that. Actually, that's how most of the viruses come in to desktop PCs. And if a firewall gives up saying 'uh oh, now there's a virus in the machine, which can even erase the HDD, so what's the use of my hard work protecting the network?' then it's just silly. Let the virus scanner do it's work and you mind your work, which is gatekeeping the network.

Second, all those spyware and viruses do not need admin rights, which are needed for HDD formatting. So,

1. If MS assumes that majority of the users log-in as admin (and we assumed that all viruses erase HDDs) it's stupid because they have to accept that their firewall is just useless, because it can then be shut off simply.
   
2. If it says most people do not have admin rights, then a virus infection is NOT the end of the story. It's just a matter of protecting the network until someone detects it and cleans.
   

Think - most recent viruses used outgoing SMTP to spred. If you stopped the outgoing connections at the first infected computer, none of these viruses would have spread. This is the case for other viruses like SQL slammer etc which do not use SMTP to spread. Even for viruses lime MSBlast, the correct thing has been to stop the outgoing call in the first place. In a typical case where one infected PC infects more than one others (that's why the growth looks exponential), it's wiser to stop the attack ad the donor end. I have seen so many times how people spread viruses, how networked got jammed, how websites/ SQL servers go down, ALL because outgoing connections were possible from personal computers of unsuspecting people.

'Nuff zed.

Better than nothing, but not good enough

"Yooohoo .. firewall !" "Yessir!" "Turn yourself off please" "Aye Aye, Sir!"

According to David Berlind, that's what happens with Windows Firewall even after much-talked-about secure Win XP SP2. According to him, the firewall lacks outbound traffic blocking, and it allows itself to be turned off programmatically.

Well, only if the user has admin privileges. But this might not have been the best way to do stuff, after so much anticipation on SP2. These two 'features' would make the firewall practically useless unless it gives us 200% assurance on blocking inbound traffic. And I thought the major part of what can happen to a guy like me would consist of outbound traffic: with all these new worms 'calling home' and using built-in SMTP servers to send hundreds of email from my computer, and lots of spyware and adware reporting home with my details. If the firewall blocks outbound traffic, I could detect these stuff. Unless I'm a well known server, the chances that every hacker in world to attack me from outside would not be that much. On the other hand, the guys who expect more inbound attacks than a possible Worm --a big guy with a popular server-- would have an industry standard firewall in the first place.

MS can say, "well, inbound protection is better than nothing, and once you get infected, then there's nothing much to do anyway": well, then this is going the same was as WRM. Nothing significantly better than Voluntary abstinence - and giving up fighting. It could easily do something to reduce the damage on whole world, thinking of DDoS attacks and everything that happen - in reality.

And about that API to turn the firewall off, well, may be MS had a point there: there's a risk running your PC as admin, whether it's Windows or Unix. What's disturbing is the facts: Dave points out that most WinXP users DO log in with Admin powers. I have to assume that he's right with his statistics - which he usually is.