All posts by eddy

Virus Creation in The Lab

The US magazine Consumer Reports (similar to Which? magazine in the UK) has been in the technology news recently. As part of a comprehensive test of antivirus software packages, they commissioned a consulting company to create 5,500 new viruses to see how well market leading programs would cope.

The antivirus industry, led by McAfee, was immediately up in arms when they heard about it. Imagine the risk to society of these viruses escaping into the wild! What blatant disregard for consumer safety! And other similar scaremongering…

It only takes a little scratching below the surface to show that their concerns are, at best, misguided. The viruses created for Consumer Reports were simple modifications of existing viruses, altered so that their signature was no longer identifiable. The viruses were kept in a secure environment, and all copies were removed after testing – only a single CD remains, which is kept in a locked and secure cabinet on site.

Surprise, surprise – McAffee’s package didn’t do particularly well in the test; it relies heavily on a signature database to identify new threats. When viruses were still something of a novelty, this approach worked well – it often took weeks before a new virus gained notoriety, giving McAffee plenty of time to respond.

By now however, it is so easy for would-be virus writers to develop new viruses, and variants on existing viruses, that a pure signature-based approach is no longer sufficient. A more pro-active approach is needed, that can identify virus-like behaviour and quarantine or block the affected program. Of course, there will be legitimate tools which end up looking like a virus – commercial tools can be recognised and permitted explicitly, while a mechanism can be included to allow users to grant access to other programs on an as-needed basis.

Maybe the industry should use two distinct terms – “Virus removal”, for packages that can remove existing viruses which are already known to the program, and “Antivirus” for packages that can detect new virus strains and prevent infection in the first place. (Somehow, though, I can’t imagine vendors thinking this is a good idea.)

Whenever Which? reviews product categories that I know well, I find myself disagreeing with their conclusions; this doesn’t give me much confidence in their reviews of other products that I’m not familiar with. People I trust have made similar comments about Consumer Reports. In this case, however, they’re on the side of right. More power to them…

(In case you’re wondering, the top rated antivirus packages were from BitDefender and ZoneLabs. The full report is only available to subscribers.)

Flatrate 3G access from Vodafone

ENN reports that Vodafone Ireland have announced a flatrate 3G access package from 1 July.

For around €50 per month, users can enjoy up to 1 Mbps downstream Internet access while on the move, subject to a monthly cap of 5 GB of data.

This sounds like a pretty good deal, though I’m dubious as to how close to 1 Mbps your average mobile user can expect; I’d expect speeds closer to 128 Kbps. You only need to have a conversation with someone on a car phone to realise how hard the mobile network works just to keep a connection up at all.

However, I’m more interested in its potential for fixed base users, such as those in areas too remote to have traditional broadband available. Until now, the only solution for such users has been satellite, which is both expensive and awkward.

Vodafone have > 99% coverage around the country, so there is an excellent chance that almost every household will be within range of a mobile signal. It’s not clear whether Vodafone need to upgrade the transmitters on each mast to support 3G access, or whether this can be accomplished by a software upgrade. If the latter, then this may finally be a cost-effective way for small businesses in remote regions to get decent Internet access.

(Keep in mind also that a fixed antenna should be capable of much better datarates than a purely mobile solution. And if the introductory price is €50 per month, prices can only get cheaper over time.)

Why Windows Vista is not written in .NET

I recently came across an article at security website Dark Reading which explains why Vista isn’t written in .NET.

There are a few different reasons given, but the main one is that Microsoft have a lot of hardcore C++ OS programmers who didn’t want to switch to C#. Because C# is type-safe, it’s a lot harder to do some of the standard C tricks of peeking and poking memory locations, tweaking bits in registers, etc.

This is a shame, because while that type checking can be frustrating at times, it does give an awful lot of protection from malicious coding techniques. Given the rate at which Microsoft publishes Windows Security Updates, you’d have thought they’d be very keen to adapt a more secure computing environment.

Another reason given was performance: since .NET code is pseudo-interpreted, it is not as efficient as native C/C++ code. That’s a red herring though – my experience with .NET has been that it runs more than fast enough for almost anything you’re likely to do with it. Like any environment, you can easily write bad code that runs like a dog; you can also write good code that runs very fast indeed.

And as if to prove my point, the current non-.NET betas of Vista run incredibly slowly, at least on my Athlon 2400 system with 1 GB RAM and a very fast Radeon graphics card. Intel must be rubbing their hands with glee…

DDoS against UltraDNS

The Washington Post has an interesting article about a Distributed Denial of Service (DDoS) attack against UltraDNS, a provider of domain name services.

It’s a chilling read. If you’ve wondered why recently, some popular websites appear to be mysteriously offline, this may provide some of the answers.

The most unsettling bit is that there doesn’t seem to be any obvious way to defend against this sort of attack.

Optimising the morning commute

In my continuing search for ways to improve traffic flow (rather ironic, since I’m working from home these days), I came across this analysis of how small variations in departure time for the morning commute could lead to significant time savings.

Friends who commute from North Wicklow to Dublin city centre had told me that there was a narrow window in the morning when you could get a clean run into the city without too much delay – about 10 minutes after the early morning rush has subsided but before the school runs kick in. This article appears to support that theory (albeit on a different continent!)

(Of course, there are the usual Slashdot comments on the article also…)

Maybe one day, I’ll actually get to put all this theory to use…

HAL 2000 smart home technology

Steve pointed me towards an interesting demo video showing off the capabilities of the HAL 2000 home automation system. It lets you control your home using speech commands from any room – quite impressive.

The author has an extensive discussion of the technology involved (speakers, distribution amps, microphones, etc.) along with some comments on the limitations of the system.

Startrek’s onboard computer suddenly doesn’t seem quite so far away…