JON HONEY­BALL

Jon loses his pa­tience with AV ven­dor in­ti­ma­tions that sug­gest they’re of­fer­ing per­fect se­cu­rity; one, in par­tic­u­lar, causes Win­dows to go hay­wire

PC Pro - - News - jon@jon­honey­ball.com

Jon loses his pa­tience with AV ven­dor in­ti­ma­tions that sug­gest they’re of­fer­ing per­fect se­cu­rity; one, in par­tic­u­lar, causes Win­dows to go hay­wire.

The news that an an­tivirus pack­age has man­aged to go rogue, and de­cide that key Win­dows sys­tem files were mal­ware, caused quite a flurry of tut-tut­ting. But it isn’t the first time this has hap­pened. Ev­ery year or so, it seems that one of the ma­jor AV pack­ages gets an up­dated set of def­i­ni­tions, only to cause huge dis­rup­tion. It grabs core Win­dows sys­tem files and moves them into quar­an­tine, or deletes them, or per­forms some other, quite un­help­ful ac­tion. If you’re un­lucky, you won’t no­tice this un­til the ma­chine is re­booted, and the sub­se­quent re­boot at­tempt fails with the end re­sult a thor­oughly scram­bled OS. If you’re re­ally un­lucky, then the ma­chine just dies be­fore you’ve had an op­por­tu­nity to save your work.

As in the pre­vi­ous in­stances, some­thing went wrong in­side the AV pack­age, and the files got nuked, or scram­bled, or moved away. Fix­ing this isn’t sim­ply a case of “press F5 when you boot and it will sort it­self out”. No, you need to get the files back from the quar­an­tine area, and then put them into the right places, and then try to re­boot. In most cases, it will prob­a­bly be eas­ier to re­cover from your im­age-based backup so­lu­tion. You do have one of those, don’t you? If not, try one of the var­i­ous re­pair meth­ods for Win­dows, and hope it works.

Now I un­der­stand that soft­ware has bugs; I’ve dis­cov­ered a num­ber over the past 30 years. I was prob­a­bly re­spon­si­ble for some in my younger, cod­ing years. But the very ac­tion of a piece of down­loaded code at­tack­ing your Win­dow sys­tem and caus­ing chaos, with­out your au­tho­ri­sa­tion, sounds re­mark­ably like… do you know, it could al­most be a virus? The very process you’re try­ing to pro­tect your­self from is the process that kills your ma­chine. It’s hard to take this sec­tor se­ri­ously when such er­rors oc­cur and are pushed out to the pay­ing pub­lic.

Ah, but the cure is bet­ter than the ill­ness, the AV ven­dors will claim. Af­ter all, aren’t a few mess-ups such as this bet­ter when com­pared to the tril­lions of pieces of mal­ware that come trundling down your in­ter­net con­nec­tion ev­ery time you browse the John Lewis web­site, or or­der some toi­let rolls from Tesco?

They might be right. But here’s the prob­lem: I don’t trust any AV pack­age to se­cure my sys­tem. None of them – be­cause they demon­stra­bly don’t work. If they did, then I could say “Go buy pack­age X”, and you would. And then you’d never have a mal­ware or virus prob­lem ever again. You could sit con­tent in the knowl­edge that your com­puter is go­ing to be fine.

But this isn’t the is­sue. And here is where I be­come re­ally an­noyed at the AV in­dus­try. You can take a whole bunch of mal­ware – it isn’t dif­fi­cult to find; there are plenty of kosher web­sites out there from which you can down­load ter­abytes of mal­ware ev­ery month. And then you can get your pack­age to scan this seething cesspit and see what it finds. And it’s en­tirely pos­si­ble that ev­ery­thing is found, and cleaned, on the first sweep through.

This, you might con­clude, means that the AV pack­age is do­ing its job just fine, and that you’ll be safe. Ex­cept for one nag­ging is­sue – the dif­fer­ence be­tween the macro and the mi­cro. Does the ef­fi­cacy of your pack­age to­day give you any guar­an­tee about how it will work to­mor­row, when that new threat to­mor­row is en­tirely un­known to­day?

The AV ven­dors will whine that they have all sorts of re­verseengi­neer­ing ca­pa­bil­i­ties, and sand­boxes and other fab­u­lous things. All of which mat­ter not one jot, sim­ply be­cause there may well be some mal­ware to­mor­row that gets through. It doesn’t mat­ter how good the soft­ware was last week; what mat­ters is that it will fail to­mor­row. It doesn’t need 40,000 pieces of mal­ware to be cor­rectly iden­ti­fied to­day – it just needs one, just the one, to get through to­mor­row and you’re hosed.

By any sen­si­ble mea­sure of ca­pa­bil­ity, this is a fail­ure. The macro re­sponse is ir­rel­e­vant when it’s one piece of mal­ware that gets through and trashes your com­puter. When it’s the AV pack­age it­self that does this, one’s faith in the whole sce­nario is fur­ther shaken.

Now the AV pack­age ven­dor will claim that it can’t pro­tect you against ev­ery­thing, and thus my an­noy­ance is mis­placed. But go take a wan­der around the web­sites of the ma­jor ven­dors. “We be­lieve that ev­ery­one has the right to be free of cy­ber­se­cu­rity fears” quoth Eugene Kasper­sky. We­b­root – the ven­dor in ques­tion with re­gards to this lat­est screw-up – has a ques­tion and an­swer wiz­ard, which on com­ple­tion rec­om­mends a prod­uct, claim­ing “The per­fect se­cu­rity for you is... Se­cureAny­where An­tiVirus.” Not “rec­om­mended”, but “per­fect”.

McAfee says, “By pro­tect­ing con­sumers across all their de­vices, McAfee se­cures their dig­i­tal life­style at home and away.” Avast: “Our job is to keep you safe. Get Avast for home, busi­ness or on the go, and pro­tect ev­ery­thing you do.” Avira goes for, “It’s the first-ever full se­cu­rity pack­age that not only blocks mal­ware, but anonymizes your brows­ing, and wipes your on­line traces clean – for free.”

You can de­cide for your­self how close th­ese claims are to false ad­ver­tis­ing. But please note that none of the ven­dors of­fers sig­nif­i­cant fi­nan­cial com­pen­sa­tion for fail­ure of their prod­uct to pro­tect you. Which isn’t quite the sort of li­a­bil­ity you’d ex­pect from a com­pany mak­ing such bold claims.

Mi­crosoft isn’t blame­less in this, ei­ther. The mere fact that a piece of mal­ware, or We­b­root in this case, can take a hatchet to your run­ning OS, shows that it isn’t a se­cure oper­at­ing sys­tem. Mi­crosoft is happy to claim that “Win­dows De­fender is your an­tivirus se­cu­rity so­lu­tion that de­liv­ers com­pre­hen­sive and real-time pro­tec­tion against soft­ware threats across email, cloud and web. Be­cause it not only de­tects and re­moves viruses, spy­ware and mal­ware; Win­dows De­fender is the last thing a mal­ware threat ever sees.” Which, if true, means that I have no need at all to pur­chase or in­stall a third-party an­tivirus pack­age. Why would I need to when, “Win­dows De­fender is the last thing a mal­ware threat ever sees”?

What’s the an­swer? If we’re go­ing to use oper­at­ing sys­tems that are, frankly, so laugh­ably easy to ter­mi­nally cor­rupt, and which seem in­ca­pable of pro­tect­ing them­selves, then the only safe way to run them is within a vir­tual ma­chine. That way you can snap­shot it, roll it back when some­thing goes wrong, and even have a base start­ing point from which a ses­sion can be restarted. Why are we con­tin­u­ing to sup­port a mar­ket worth some $25 bil­lion per year when sup­pli­ers’ claims are out of align­ment with the end-user re­al­ity, and when a ven­dor is ca­pa­ble of oper­at­ing in a way that’s in­dis­tin­guish­able from the very is­sue it claims to pro­tect you from?

Mac Pro mis­take

Ap­ple has ad­mit­ted it made a mis­take. Yes, it’s that big a deal – Ap­ple al­most never admits that any­thing is less than merely “fab­u­lous” or “in­cred­i­ble” or “knee-trem­bling”. Okay, I made the last one up. But it has de­cided to try to per­suade us that it re­ally does care about the high-power work­sta­tion mar­ket – and that maybe the Mac Pro wasn’t what a lot of its users wanted.

I think his­tory is be­ing a bit un­fair to the Mac Pro. It does what it does ex­tremely well. I use it as a desk­top high-per­for­mance work­sta­tion, and its pri­mary task is run­ning Win­dows vir­tual ma­chines un­der Par­al­lels. I do a lot of soft­ware test­ing in th­ese VMs, in­clud­ing an­tivirus test­ing. The fa­cil­i­ties of Par­al­lels, and the abil­ity to lock down VMs and their net­work­ing, and ac­cess to fa­cil­i­ties such as VMs, is a god­send when work­ing with mal­ware. The abil­ity to flat­ten a VM and bring it back up again in a few sec­onds is a huge help too, es­pe­cially when you ex­e­cute a bit of mal­ware and the pack­age in­stalled in that VM doesn’t catch it in time. But I could rant about that topic for hours – oh look, I al­ready have.

The down­side of the Mac Pro de­sign was that it had no in­ter­nal stor­age. So those who needed ex­ter­nal PCI cards had to re­sort to us­ing card cages con­nected us­ing Thun­der­bolt. There’s noth­ing re­ally wrong with this ap­proach: I use it my­self for the in­ter­face card to my HP LTO tape li­brary, con­nected via a long length of Thun­der­bolt fi­bre ca­ble. The in­ter­nal stor­age is eye-wa­ter­ingly quick, but oth­ers wanted to plug in their own drives. Again, there are plenty of Thun­der­bolt so­lu­tions to do this in a pow­er­ful and ef­fec­tive way.

Some de­cided that two GPUs wasn’t enough power com­pared to what you can do to­day us­ing a mon­ster sin­gle GPU – but again, it’s a lit­tle un­fair to re­write the ex­pec­ta­tions af­ter the event. And some doubt­less hated the cylin­dri­cal de­sign be­cause it’s a pain to rack­mount, re­quir­ing cus­tom mount­ing hard­ware from third par­ties.

For me, the big­gest is­sue is that it wasn’t upgrad­able. It’s still USB 3. It can’t out­put video at a higher res­o­lu­tion than 4K, so I can’t plug in the lat­est mon­i­tors. It’s Thun­der­bolt 2, not the far su­pe­rior Thun­der­bolt 3 over USB-C (nei­ther of which was around when the Mac Pro was re­leased, of course).

So here is what I think Ap­ple will do. A new box in a desk­top and in rack­mount con­fig­u­ra­tion. Nu­mer­ous Thun­der­bolt 3/USB-C con­nec­tors. In­ter­nal stor­age di­rectly con­nected to the bus, but with some drive slots too. In­ter­nal PCI-E slots, for those who de­mand that. Built-in video sup­port to at least 5K, pos­si­bly 8K res­o­lu­tion. A truly mon­strous GPU fa­cil­ity. All for a price tag that’s eye-wa­ter­ing, but doesn’t quite re­quire your first born.

“If we’re go­ing to use OSes that are laugh­ably easy to cor­rupt then the only safe way to run them is within a vir­tual ma­chine”

Also note that Ap­ple has an­nounced the likely avail­abil­ity of an iMac Pro, a prod­uct that again would ben­e­fit hugely from Thun­der­bolt 3/USB-C. A range of proper mon­i­tors wouldn’t go amiss ei­ther. I note that Dell now has an 8K res­o­lu­tion mon­i­tor – some­thing sim­i­lar would be just the ticket. If Ap­ple de­liv­ers on both, then it can truly claim to be back in the groove.

By the way, a cer­tain birdy in the form of a prod­uct man­ager just told me that there would be no Thun­der­bolt 3 on fi­bre ca­bles this year. Maybe next year, he said. Seems that get­ting In­tel to de­cide upon how it wants to do this is some­what prob­lem­atic, and that we shouldn’t ex­pect any­thing just yet. I’m not sur­prised – it took for­ever for Thun­der­bolt on fi­bre to fi­nally ship, af­ter dead­line af­ter dead­line went whoosh­ing past. But it will come.

Ap­par­ently, Ap­ple doesn’t want fi­bre ports mounted on its com­put­ers. Fi­bre is too sen­si­tive to dust and fluff, and Ap­ple is para­noid about users hav­ing a bad ex­pe­ri­ence. Hence the rea­son it’s stick­ing to elec­tri­cal con­nec­tors that are self-wip­ing/ self-clean­ing on each in­ser­tion.

Black­magic for free

Black­magic De­sign, the com­pany that makes a huge range of pro video and au­dio de­vices, along with cam­eras, has re­leased a new pub­lic beta of its DaVinci Re­solve soft­ware. Think of it as edit­ing soft­ware in the same vein as Fi­nal Cut Pro X.

Six months ago it bought Fairlight, a com­pany with a long his­tory in the pro au­dio world. The orig­i­nal Fairlight sam­pling syn­the­sizer was what started the whole sam­pling era, as typ­i­fied by Frankie Goes to Hol­ly­wood, The Art of Noise, Peter Gabriel and so forth.

In re­cent years, Fairlight has been mak­ing stu­dio-grade au­dio sys­tems specif­i­cally aimed at film and video pro­duc­tion. Re­solve has al­ways had pretty good au­dio-edit­ing ca­pa­bil­i­ties, but the ac­qui­si­tion of Fairlight – and its in­te­gra­tion over a few months – is noth­ing short of breath­tak­ing. High-end video pro­grams, such as Fi­nal Cut Pro X, Re­solve or Adobe’s Pre­miere Pro, aren’t the sort of tools that you just dip into. You need to in­vest time to learn how to use such a for­mi­da­ble ar­ray of ca­pa­bil­i­ties. With the Fairlight ac­qui­si­tion and in­te­gra­tion, Re­solve has made a right­ful claim to be­ing one of the very best. And note that it of­fers a full range of hard­ware con­trol sur­faces too, both for the video and colour grad­ing world and the Fairlight au­dio side, which sig­nif­i­cantly lifts Re­solve above Pre­miere Pro or Fi­nal Cut Pro X.

And the best bit? It’s free: you can get a fully func­tional ver­sion of the app with­out spend­ing a penny. If you want ev­ery high-end bell and whis­tle, in­clud­ing si­mul­ta­ne­ous multi-user edit­ing within the same project, it will cost you the princely sum of $299 per user. To say this is an in­sanely low price is per­haps the un­der­state­ment of the decade. Down­load Re­solve ( pcpro. link/274re­solve) and give it a whirl. You might well like what you find.

Drop­box leaves it in the Cloud Mode

There’s a nice new fea­ture in Drop­box: you can de­cide to leave your files in the cloud and to only down­load a par­tic­u­lar file when you need it. It seam­lessly works with the file sys­tem, so as far as your OS is con­cerned, it’s there in your file man­ager. But when you click on it, Drop­box down­loads the whole file in the back­ground. It’s a su­perb so­lu­tion for those who have large Drop­box in­stal­la­tions, run­ning to a num­ber of ter­abytes in my case.

I don’t want to turn on Se­lec­tive Folder Sync and thus cut out fold­ers I think I won’t need, only to dis­cover that I need them af­ter all. At which point they’re down­loaded in their en­tirety and my lap­top hard disk be­comes full. With Cloud Mode, I can have ap­par­ent ac­cess to ev­ery­thing, but only pull down what I need, when I need it. Once down­loaded, it’s kept down­loaded – the process is just seam­less. If you run Drop­box, give this mode a twirl and see how well it works for you.

One the big­gest an­noy­ances of the iPhone 6 and 7 range is that they don’t sup­port in­duc­tive charg­ing. It’s even more an­noy­ing be­cause in­duc­tive charg­ing has been the only way of charg­ing an Ap­ple Watch since that par­tic­u­lar de­vice shipped. So Ap­ple clearly knows all about it, and has shipped prod­uct us­ing it. But not the iPhone range.

My an­noy­ance is com­pounded when try­ing to fid­dle with ei­ther the Light­ning ca­ble or the desk­top stand I have for charg­ing my iPhone. Get­ting it cor­rectly aligned so that it con­nects up is tricky, dou­bly so in the dark at 2am with­out my glasses on.

So imag­ine my de­light to find a ven­dor on Ama­zon that sells a very thin case for the iPhone that im­ple­ments in­duc­tive charg­ing. There’s a small tag ca­ble at the bot­tom, ter­mi­nated with a Light­ning plug with a 90-de­gree turn. This pops into the socket on the phone, and is pretty much stream­lined. Take a stan­dard in­duc­tive charg­ing pad, drop the phone onto it, and a modern mir­a­cle oc­curs. In fact, it would be quite hard for me to go back to wired charg­ing.

Suf­fice to say, if wire­less charg­ing isn’t part of the next iPhone, then I will be re­ally quite cross.

@jon­honey­ball

Jon is the MD of an IT con­sul­tancy that spe­cialises in test­ing and de­ploy­ing hard­ware

BE­LOW AV soft­ware is fine for to­day’s threats, but can it re­ally guard against what’s to come?

ABOVE The Mac Pro: miss­ing some­thing? Quite a lot, ac­tu­ally

ABOVE Give Re­solve a go – its fea­tures eas­ily put it in front of Pre­miere Pro and Fi­nal Cut Pro X

BE­LOW Drop­box Cloud Mode gives you what you need, when you need it

ABOVE Come on, Ap­ple – isn’t it time that iPhones sup­ported in­duc­tive charg­ing?

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.