Microsoft Security Essentials, why it’s less than perfect

MSE (Microsoft Security Essentials) did get some very good reviews, and overall it’s not a bad anti-virus and spy-ware package. It has a native 64bit version and its free, and does provide adequate protection for the average user who doesn’t wonder off onto stay sites, or use cracked software. But I wouldn’t call it an ideal package for novice users.

  1. It has a serious usability flaw: The program does not automatically update itself. This means that the green systray icon turns red, and requires the user to manually update this. Now if there is one thing we should all know about usability, something the MSE team strangely don’t know, is that novice users can be scared or weary of anything relating to a virus, including the use of the anti-virus software. You see, when you ask a novice user to “update your anti-virus software”, the novice user might not, because they are too afraid to do something wrong. As far as they’re concerned something is already wrong, and they’re already worried, and who can blame them, the AV product 2-3 times a week is telling them – your system could be at risk. If you’re an advanced user, it’s just plain annoying, and makes no sense at all. AV product knows its out of date, knows where to get the update from, knows that by not updating it’s putting your system at risk, but it just sits there knowing all of this, expecting you to manually update it. Bottom line – never run this product on anything that is unattended. If you’ve installed this on your wife’s PC or your 60 year old mother, who uses the computer for the odd email, then expect to get a call every time the AV out dates, and you’ll get asked – “Something is wrong, what should I do?”, even if its clear to you, it’s certainly not clear to the notice.
  2. The real-time protection is hackable even by a script kiddy. In hacking terms, the script kiddy is a very entry-level hacker, and also very common. Anyone with a devious nature and a bit of programming knowledge can become a script kiddy, and a decent AV product should at least protect you against the layer of attacks coming from such a low skilled group of for lack of a better word – “hackers”. Anti virus packages typically provide you with 2 levels of protection, one of these is real-time, which means, files are scanned for viruses before you execute them, when a file is finished downloading, when a file arrives in your inbox, etc. Real time scanning is not exactly state of the art, its been around for a long time, and I would consider it essential given the high number of threats coming in from email and internet browsing and downloading. So why do I say its very easily hackable? Well here is a fact that may shock/surprise you. Once real-time scanning is enabled in MSE, all you need to do to turn it off is overwhelm it. This is because once MSE becomes overwhelmed it automatically shuts down real-time scanning. So what does this mean? All a hacker needs to do to shut down your real-time scanning is somehow get a file onto your computer (yes even the very virus, but it could also be a completely harmless file) that confuses the real-time scanning engine, either by (a) containing too many files (innocent or not) (b) script files (even in smallish doses, and even innocent) and ladies and gentlemen your MSE real-time virus scanning will turn itself off, and your system will become unresponsive.
  3. Based on the above point MSE HATES PHP. PHP is a scripting language that programmers use to create business applications for the web. MSE treats all script files as potential threats, and so when confronted with the .php extension MSE deep scans the script, however…. MSE does not have the intelligence to detect potential threats in PHP files, instead what happens is MSE locks up, real-time scanning gets disabled, all this happens after explorer crashes, and restarts. Even if you might not in danger of getting hacked that very second, it’s still extremely annoying for anyone running PHP scripts for legitimate purposes.

Because of these 3 points, I’m slowly loosing my patience with this otherwise average product. It did during my initial review look like a viable option for those of us running Win7 64bit, but now I must conclude it’s not designed for the power user in mind.

Advertisements

Preview your web pages in IE (6,7,8)

The market has long been screaming for a way to test multiple versions of Internet Explorer on the same installation of windows.

Along comes Microsoft Expression Blend 3 Super Preview (free download),  which claims to be able to test your pages in IE 6, 7 and 8 all on the same machine, and without installing previous versions, the paid version can even do Firefox.

Now I know a lot of the web development community are excited by this product, but I personally am not too sure this app will find its way into my list of useful web development tools.

This product is free for a reason. I can’t see this as a viable option really for a serious HTML handcoder / Javascripter.

So what exactly is wrong with it. It starts off looking really good, the installer is clean, and the app has a decent enough interface.

  1. Its too slow. It takes so long to load pages into the preview it goes against the flow of the way I design. This is to make small changes, save and check in each browser. This way when an issue comes up I can correct it without having to rewrite too much code. Unfortunately during testing, I found that a refresh could take up to 40 seconds per page on my live site. I am constantly saving and checking and so this product would just drive me crazy with all the wait time.
  2. I guess the main reason I dislike it: Its called super preview, but it doesn’t give you a live preview option, where you can click around and test the functionality of your site. It only loads a static view and after that the JS or dynamic content cannot be checked, unfortunately.

So if you really want to know how to test in IE 6, 7 or 8. Here are some options for you.

http://stackoverflow.com/questions/574463/running-ie6-ie7-and-ie8-on-the-same-machine

What’s up with Swine Flu H1N1

I remember about 2 years ago I took a flight when the media first started hooking onto Swine Flu, and already at this stage I noticed a fair amount of people wearing masks, to protect themselves from infection. Back then I had my reservations, and recently we’ve been getting bombarded by the Media about the threat of this new deadly strain of flu (H1N1) and how we should all get vaccinated.

So I decided I would do some research because next week the country I live in Czech Republic will begin vaccinations. For starters 10% of the general population of Czech will receive a vaccine.

In my studies which really didn’t take long – I’ve realized there are 2 ways to consider H1N1.

  1. What the media are telling you
  2. What the statistics are telling you

I prefer to go with the statistics.

If you ask the average person – “Do you feel in danger of dying of the flu?”and yes I mean the normal kind – most people would laugh at you, and say “No the chances of me dying of the flu are rare, and there are plenty of ways to treat flu, should I get sick.”

But if you ask the same person who actively watches the news – “Are you afraid of contracting the Swine Flu H1N1 strain, most people will tell you “Sure its deadly, and I’m afraid of it, I don’t want to use public transport, and I’m worried I might catch it from someone at work or while out shopping.”

Lets just for a minute here look at who exactly is dying of what? For statistics I will use the US, because the US is an easy country to find information about.

The Flu

source : An estimated 100,000 hospitalizations and about 20,000 deaths occur each year from the flu or its complications. (http://www.wrongdiagnosis.com/f/flu/deaths.htm)

Each flu season is unique, but it is estimated that, on average, approximately 5% to 20% of U.S. residents get the flu, and more than 200,000 persons are hospitalized for flu-related complications each year. About 36,000 Americans die on average per year from the complications of flu.(http://www.cdc.gov/flu/about/qa/disease.htm)

N1H1

H1N1 Deaths Reach Over 1,000 in U.S. (http://www.foxnews.com/story/0,2933,569392,00.html)

Nearly 5,000 people have reportedly died from swine flu since it emerged this year and developed into a global epidemic (http://www.cbsnews.com/stories/2009/10/23/health/main5413623.shtml)

Now wait, hang on a second…. surely an epidemic means that H1N1 is actually killing more people than regular flu? Surely it means its taking over, and surely it means that if you get it you’re likely to die?

Well lets look at another quote :

“Many millions” of Americans have had swine flu so far, according to an estimate he gave at a Friday press conference. The government doesn’t test everyone to confirm swine flu so it doesn’t have an exact count. (http://www.foxnews.com/story/0,2933,569392,00.html)

Something smells funny, and its not the swines!

European scientists and health authorities are facing angry questions about why H1N1 flu has not caused death and destruction on the scale first feared, and they need to respond deftly to ensure public support.

Accusations are flying in British and French media that the pandemic has been “hyped” by medical researchers to further their own cause, boost research grants and line the pockets of drug companies.

Britain’s Independent newspaper this week asked “Pandemic? What Pandemic?” (http://www.foodconsumer.org/newsite/Non-food/Disease/major_victory_with_swine_flu_scandal_191120090720.html)

These are just a few things I’ve found in my research. I think one thing people always tend to lack is perspective, especially when all you ever hear when you turn on the news is more reports about Swine flu deaths, but the perception is misleading.

If every smoking related death where reported worldwide we would have Around 5.4 million deaths a year worldwide.

How many people have died from H1N1 worldwide – nearly 5000

Drinking : 2 million a year vs H1N1 5000

Car accidents : 1.2 million a year

Child birth complications: More than 2 million babies and mothers die worldwide each year from childbirth complications.

Yes – people still drink, people still smoke, and you can still buy these products at nearly every shop in every country on this planet. Mothers still have birth, and people are born, however its worth noting at time of writing you are 400 times more likely to die at birth than dying from H1N1.

Think about that next time you shudder in fear from media panic.

Is adapting early taboo?

I’m a developer who uses Microsoft technology, I have been for over 10 years, and have been a Windows user since 3.1 and before that MS DOS. Before I used DOS, I owned a ZX-Spectrum that was a small home computer with a whole 48k of memory.

When I reflect over these computing years, I have to say something has changed in the way we perceive new products, particularly if they’re Microsoft products. In the early days, any computing progress was welcomed and at times only a select few got access to new and emerging Betas. Things certainly have changed.

Microsoft lately release beta versions into the wild, and people like me adapt and start using them. I had Vista when it was called Longhorn and barely even worked. I used asp.net when it was still called asp+, I had the offical RTM Windows 7 2 months before it launched in New York. I now have Google Wave, and I’m experimenting with Visual Studio 2010.

Companies release beta versions to the public because of 2 main reasons.

  1. Companies like Microsoft realized that beta versions of their product were getting leaked, because the technically minded wanted more insight into up and coming products. Technically minded people are great at surveying a product, and identifying missing features or finding bugs.
  2. The deadline for any product is always yesterday, and its nearly impossible to catch and trap all bugs. Its also expensive to pay testers

Testers are a rare breed in all my development experience I have never worked on any product that has been tested to death. If anything most products only undergo about 3-5% of the testing that they should go through. This is why people like Jeff Atwood say – All software sucks. So if we don’t test our products who will? Well usually the client ends up taking on some of this testing, no one admits this though, and the customer ends up just being a frustrated user who reports the odd bug. But why not get software specialists to test products? Along comes Betas – essentially what Microsoft are saying is – HERE GUYS PLEASE TEST OUR PRODUCT!

Not that this is a bad thing – because for this testing service you do get early access to a product that you might otherwise have to wait an extended period of time for. I don’t mind any of this, of course you can always look at it dogmatically and think – “Why should I be testing for them?” The answer is you shouldn’t be, but if you don’t, you can be sure there are 1000’s of other developers out there willing to dedicate their time, so you can be sure this release model is here to stay, and its already become the standard of how software is released.

From a Microsoft point of view – I don’t think they fired their testers in exchange for free beta adapters. I don’t think they had great testing capacity in the first place – hence events like a blue screen of death at the Win98 launch or the utterly useless demonstration of speech recognition that shipped with Vista. So this new model can only benefit the end user.

What I do have a problem with is the negative attitude I face in the industry when wanting to adapt early. The .net framework is the best example I can think of. Version 4 is on the horizon but it seems most companies are still afraid of anything above v2. In my experience I’ve had to really struggle to get guys using v3.1 or v3.5 and because of this, in the time I’ve been using v2 I’ve lost out on all that new experience, and sad to say my LINQ is nearly non existent. Now v4 is coming out, and so all I say is “here we go again”.

Learn as much v4 cool stuff as you want, grab that VS2010 Beta and peek at the cool new language features in C#, but is it really helpful? you can be sure us early adapters will just get frowned at for another 2 years before prudent IT departments stop being afraid of it and brand it as safe to use.

So this is the frustration in being an early adapter, you get into new tech early, and end up having no real use for it until its been screened by the most anal retentive and gets globally accepted. Rinse repeat.

Win 7 Breaks VPN Clients

If you’re like me, you’re already a huge fan of Windows 7. Its simply the best OS Microsoft have produced to date. But as good an operating system that it is, it has one serious draw back. Most existing VPN clients don’t work with it.

In my line of work I use 2 custom VPN clients at the moment, and there simply isn’t a work around to get these clients working, except for running XP Mode.

Microsoft assure that VPN client vendors are upgrading their software to work with Win 7, so future versions should be fine, but at this very minute, if you’re using VPN on a daily basis, then be aware of this issue, more information can be found here: http://technet.microsoft.com/en-us/library/dd787668%28WS.10%29.aspx