A couple of weeks ago I went along to a Microsoft briefing on Trusworthy Computing. Say what you like about Microsoft’s record on security, but the simple truth is that the firm has made huge strides in building and configuring more secure systems. One of the most important aspects of Microsoft’s strategy are its efforts to get developers to understand how to build more secure apps. Solid security is not something you can drop on an application like tinsel on a Christmas tree- it has to be inherent, or at least designed. In other words security is hard.
State of the art in the security industry is far from impressive. Security and complacency go hand in hand. Just think of the tens of millions of customer IDs lost on USB sticks and stolen laptops in a year.
But what about products? Moro, a free clientside protection suite, otherwise known as Security Essentials, is coming soon to replace OneCare. I say coming soon, but the software is already available in some geographies, though not the UK yet (about which more later).
Best of Bleed?
Security Essentials includes antivirus, personal firewall, spyware scanner, and a rootkit and trojan removal engine. Good. While it would be great if all the client security firms played nice with one another, made agreements and architectures that minimised system resource contention and so on, we could choose best of breed. Traditionally, for example, I use ZoneAlarm for personal firewall, a job it does well. But as soon as you start trying to make security tools from different vendors work together Windows performance really takes a hit. And the admin overhead grows. Everything wants to be a default. Pick me pick me pick me.
I am far from an expert on security software. In fact I usually rely on Firefox and ignoring executables to keep me out of trouble. The approach has served me well. But having told Microsoft they had made real strides in security it should have been obvious I would get a really bad virus.
Last Thursday, a week after the TwC event, my machine suddenly went bonkers, and not in a Dizzee Rascal way. I had popups from my desktop toolbar telling me to “enter my credit card number and buy some protection here”. Yeah right. The only possible new vector I can think of was that I had just downloaded and started using Google’s new Outlook sync software. Sounds daft, but I am pretty sure that my previous settings made emails in my spam folder unreadable. After installing the new software, and starting to use a new profile, I noticed I had looked at a few spam emails. Like I say, I am not a client security expert but I understand there are some Windows attacks that can work just by reading an email. I am not accusing Google’s software or anything – it was probably just bad timing – the perils of coincidence and meaning. But it was an important reminder that system security is often a question of configuration. Bloody junk mail.
I struggled with my machine all day.
Microsoft OneCare proved to be utterly bloody useless.
It kept telling me everything was fine and dandy while my machine was utterly h0rked. I do hope that Security Essentials is better – early reports suggest it is.
How Open Solaris Saved My Sanity
Last year I had some positive experiences with Open Solaris on a laptop but of course I never made it my default. But when you’re shut out of the cloud you need an in. RedMonk runs Google Apps so I knew data loss wasn’t my real problem. But I couldn’t even burn an Ubuntu disk. A bootable Windows disk wouldn’t get rid of the root kit. So what to do?
Then I remembered the bootable disk I had. OpenSolaris – share freely. You know what? It worked just fine. I loved the fact Open Solaris just worked, including wifi, with my Thinkpad. Certainly not Ubuntu slick or functional. But it. just. worked. I was into Google Docs and able to work again.
I struggled until Friday afternoon I think, when I suddenly thought – wait a minute, what about the Rescue and Repair software on my Thinkpad x60s? Press f11 during boot and hey presto – into the Thinkpad software. First thought “oh bugger” – i had shut off automatic backup some time back in September 2007! But I knew all my data were backed up on external drives. I like to backup in triplicate and memory is cheap!
So I hit the button. Within an hour I was running an old system image, pre virus, and all was well with the world again. Thanks IBM and Lenovo guys – you rock! Of course calling out the huge value of the OEM installed software here does rather contradict my point about suites above, but since when did an argument only one have one side?
I have spent the last couple of days doing some futzing around, trying out Sophos, updating to Windows XP Service Pack 3, pondering Moro when its available. In case you’re wondering why I still run Windows its a one word answer- Outlook. The Gmail UI just doesn’t do it for me. So I am working again on Windows- and the two parties I most thanks to are Sun and IBM/latter Lenovo. go figure.
disclosure: Sun is a client. So is IBM. and Microsoft. I love Thinkpads. We pay Google.