Favorite software list updated

I’ve updated my Favorite Software list. These are programs I have installed on the computer I use every day. I trust and recommend every program on this list.

Since I last updated the list, I’ve added several programs and deleted just a handful. Gone are Napster, Hello (from Picasa), and Snapstream BeyondTV.

The list of newly added programs includes a few that I have been using a lot lately:

BlogJet is an amazingly useful tool for creating and posting entries to a blog, with support for just about every blogging platform out there
Laplink Gold 12.1, despite some ease-of-use problems, is still the most powerful file-synchronization and remote-control program around
Onfolio 2.0 is quickly turning into my favorite research tool, with excellent capabilities for keeping track of Web pages and RSS feeds
WinRAR Archiver has supplanted WinZip as my favorite archiving tool

Visit the Favorite Software page for the full list.

How this blogger does it

Phil Rodemann has some kind words and a question: How do bloggers do it?

What tools should a committed blogger use? If you are committed to drawing traffic, what helps keep the workload to a manageable level?

I have two tools that make my life easier. One is NewsGator Outlook Edition, which bringsin my favorite RSS feeds automatically. Phil, be sure you sort your feeds into folders. I subscribe to 200+ feeds, but there are only a handful I consider indispensable, and they go into an Essentials folder. When I subscribe to a new feed, it goes into a New Additions folder, where I can monitor it for a while to see if it’s a keeper.

For posting, I use a wonderful little utility called BlogJet. It acts as a universal front end for Movable Type, WordPress, Blogger, and about 20 other bogging packages. (I especially recommend it as an alternative for the horrible Blogger editor.) Its best feature: You can save drafts of posts locally and work on them when you feel like it.

Those two tools make me efficient. I’ve also found that anyone can be more confident and prolific by writing more often. Short posts are fine and useful.

And keep an eye on your referrer logs to see who’s linking to you. You can find someinteresting stuff that way.

Microsoft buys Groove

I was surprised to see this press release:

Microsoft will make its growing business and technology bonds with Groove Networks permanent today as it announces plans to acquire the Beverly, Mass.-based provider of collaboration software for ad-hoc workgroups.

The acquisition will add Groove’s products to the lineup of Microsoft Office System products, servers and services, as well as bring the development talent and technology leadership of top Groove executives to Microsoft. Groove founder Ray Ozzie, the creator of IBM’s Lotus Notes, will become Chief Technical Officer of Microsoft, reporting to Microsoft Chairman and Chief Software Architect Bill Gates.

I haven’t used Groove in a few years, mainly because I haven’t worked on any projects where I needed it. But it is genuinely cool and useful business software – kind of like BitTorrent meets Office. And the news that Ray Ozzie is going to Microsoft is big. He’s one of a handful of extraordinarily smart people in this industry, and he will make a difference at Microsoft.

Photo album software recommendations?

I need some recommendations. I have a retired friend who is about as non-technical as a person can get. He loves his digital camera, though, and he’s a social animal. Every time he goes to a party or on a trip with his many friends he snaps a lot of photos. For the past few years, he’s been creating photo albums with PrintMaster, printing them out using his high-end inkjet printer, and giving them away.

But now he wants to take those phot albums online instead. He has an account with a very good Web hosting company and he owns his own domain. What he’d like to do is:

Pick a group of photos to use for an album.
Add titles and captions.
Upload the album to his Web space.
Put a link on his home page.
Tell all his friends to go check his Web page to see the pictures.

Ideally, he wants something that can handle all these tasks from a single place. He doesn’t want to learn HTML (and I don’t want to answer the 10,000 questions he would have if he tried). He can handle FTP if it’s automated but please – no command lines. Being able to put the pictures on his own domain is important, so forget about any of the commercial photo-hosting services.

What would you recommend?

Comment spam under control

Since this blog opened for business in December 2002, y’all have left 700 or so comments. But the number of comments that haven’t been posted is more interesting. For several months last fall, I stopped accepting any new comments, while I figured out the best way to cope with comment spammers. I settled on MT-Blacklist, an add-in to the Movable Type software that runs this blog. Since December 15, 2004, here’s how effective it’s been.

Comment_spam_stats

That’s an average of 146 blocked comments per day, 90% of them rejected automatically. I honestly don’t know what I would do without this add-in.

I’m also not sure what I would do if I ever met a comment spammer face to face.

More on Virus Hunter and BitDefender

Recently I reported on iDownload’com’s Virus Hunter, which bears a strong resemblance to the highly regarded BitDefender. (See “iDownload: A case history in unethical marketing” for more details.) I wrote to BitDefender and asked them to explain the relationship. Today, I received this reply from a spokesperson for BitDefender:

iDownload is indeed our partner and we license our technology to them; iDownload licenses further our technology to their customers under the name of Virus Hunter.

The marketing and sales operations are entirely iDownload’s responsibility (including refund policy, pricing etc). We have notified the company about the conditions under which the certifications can be used and hope such situations will be avoided in the future (as you see the respective references have been removed already).

Since I published my story two days ago, iDownload has removed the unauthorized reference to ICSA Labs.

iDownload: A case history in unethical marketing

Earlier today, I wrote about the efforts of a company called iDownload to suppress apparently accurate descriptions of their product by several anti-spyware activists.

Since that time, I have done more research on the company, and I can report exclusively that they have used the trademark of a widely respected security certification firm without authorization to sell a questionable product. Here are the details.

iDownload sells an assortment of what purport to be security products. If you visit their products page, you can see this logo and descriptive text for Virus Hunter:

Vh_logo

The company claims the product is certified by ICSA Labs. This is a prestigious honor and not lightly awarded. ICSA Labs is a division of CyberTrust, which was formed recently by a merger of TruSecure Corporation and BeTrusted. Its staff and management number some of the world’s foremost authorities on computer security and information technology. To earn ICSA Labs certification, a product must pass a series of stringent tests, and it can be removed if it fails the testing at any time.

When I reviewed the list of certified products at ICSA Labs’ Web site, I did not see any mention of Virus Hunter. So I fired off an e-mail to Larry Bridwell, Content Security Programs Manager for ICSA Labs. I received the following response within three minutes:

VirusHunter is NOT certified by ICSA Labs nor has it ever been submitted for testing.

We have sent a letter by post requesting that the certification claim be removed.

When I looked more closely at the Virus Hunter information pages, I found all the warning signs of an operation that should not be trusted:

No contact information for the company.
No details of the company’s management or ownership.
No privacy policy.
Exaggerated claims of security, including references to a nonexistent virus lab.
Appeals to fear: “DOWNLOAD NOW Hurry before you lose your system! If you have contracted a nasty virus, your system could be rotting away as you read this.”
Phony testimonials, including one claim that “Virus Hunter’s engine was awarded a perfect score…” with no link or even name of the source, only a date.

Vh_testimonial

The citation doesn’t mention the publication’s name, and a review of the leading publication that does tests of this sort, Virus Bulletin, does not turn up any tests of Virus Hunter – in its February 2004 issue or any other time. Interestingly, a legitimate product called BitDefender makes a remarkably similar claim in a press release on its site, dated in February 2004:

Bitdefender Standard was awarded the VB100, the Virus Bulletin certification that the product is able to detect all the viruses which are currently extant in the wild. Once again, BitDefender passed with flying colours, and the test team noticed an improvement in the overall detection rates from previous tests.

Is there a relationship between BitDefender and Virus Hunter? Yes, according to the Technology Integration section of the BitDefender Web site, which lists Virus Hunter as a “reference” on a list that includes legitimate companies like GFI, Laplink Software, and Sunbelt Software. In fact, Virus Hunter is identical to BitDefender Standard except for a few logos. See for yourself:

Virus Hunter Professional (click for larger image)

Bit Defender Standard (click for larger image)

As you can see, they’re identical except for the logo, and the text in the linked “virus warnings” on the Virus Hunter Web site is absolutely identical to listings from the BitDefender encyclopedia, which is why I stated with confidence earlier that there is no “Virus Hunter labs.”

In fact, anyone who buys this version instead of the official BitDefender product is getting ripped off.

BitDefender Standard has a free 30–day trial. Virus Hunter doesn’t.
BitDefender Standard costs $29.95. Virus Hunter costs $34.95 for the download, and the company charges a mandatory shipping and handling fee of $4.95 for physical delivery of a CD to customers in the Continental United States. That’s a total of $10 more than the original BitDefender product.
BitDefender will accept a request for a refund. At the Virus Hunter site, the terms read: “iDownload maintains a strict no-refund policy.”

Vh_terms

Now, why would anyone want to do business with this company?

Oh, one more thing. IDownload sells its software through a secure Web site. I inspected their SSL certificate and was knocked over when I saw who had issued it:

Vh_cert

Yes, ChoicePoint, Inc., the same company that is currently “under fire for being duped into allowing criminals to access its massive database of personal information…” According to an Associated Press story, ChoicePoint has hired a retired Secret Service agent to help revamp its screening process and has “announced plans to rescreen 17,000 business customers to make sure they are legitimate.” I hope they look very closely at iDownload.

ClearContext e-mail survey

I have previously written about an Outlook add-in called ClearContext, which use to keep my Inbox organized and recommend whole-heartedly.

The folks at ClearContext are currently running an e-mail survey to help them plan their next version. Fill out the survey and you get a $5 coupon on their software plus a chance to win a free copy. It doesn’t take long.

Copernic Desktop Search gets an update

I’ve recommended the free Copernic Desktop Search over X1 and other contenders. Copernic just released a new Copernic Desktop Search v1.5 Beta. I’ve installed it and it appears to work well. As with any software that includes the word “beta” in its description, you should exercise greater-than-usual caution. But so far, so good.

The security software industry wants you to be afraid

I’ve been writing a lot about the flaws in the commercial security software business lately. Today, Joe Wilcox at Microsoft Monitor inadvertently provided an excellent illustration of why this industry is so fundamentally flawed. Joe had an experience with a Symantec software package today that made him think Symantec is doing a great job of protecting him. Based on his post today, I think he came to exactly the wrong conclusion. He wrote:

A few minutes ago, Norton AntiVirus 2005 warned that it had detected and blocked an attempted intrusion into my computer. Huh? I quickly clicked on the pop-up warning before it retracted into the Windows toolbar. My wireless router has a built-in firewall, Outlook wasn’t retrieving e-mail and the Web browser was closed, so I wondered from where the intrusion could come. According to NAV 2005: MSN Messenger 7 Beta.

NAV 2005 identified the virus as the “Master Paradise Trojan,” which is by no means new. If my flu-drugged memory is accurate, the virus is circa late 1990s. So, why am I seeing it now? That’s a question I’ll seek to answer later today.

But the attempted intrusion, assuming NAV 2005 correctly identified the virus, is reminder the many ways a virus can infect a Windows operating system–in this case through instant messaging. [emphasis added]

That’s a big assumption. I read Symantec’s write-up on the MasterParadise Trojan horse program, and I also read F-Secure’s description. This program runs on Windows 95, 98, and NT 4.0, none of which Joe is running. The remote user can configure it to use any port to make a connection. Symantec says, “There have not been any reports of this program breaking through a firewall.”

So what happened? I believe Joe got a false positive from a firewall. Now, I get annoyed when I get a false positive. I consider it a failure on the part of the security vendor. Missing a real threat is much worse, of course, but a false positive is still a failure and can lead to unpleasant consequences if it convinces you to delete a perfectly innocent file or remove a program that’s perfectly safe. At a minimum, a security program should give me the technical details of what it discovered so I can troubleshoot for myself.

Here’s what I think really happened. Any application installed on your computer can attempt to create an outgoing connection. When it does so, it uses the well-known port number for the remote service and assigns an arbitrary port number to listen on. You can see this very easily for yourself by running netstat from a command prompt. Each line shows a local (incoming) port number and the port used for the outgoing connection. In this case, it sounds like one connection from the Messenger beta used the arbitrary port number 3129, which turned out to be the same as the default port used by this ancient Trojan.

This recent post from a Java newsgroup quotes the following response from Symantec to a nearly identical issue:

I understand from your message that you are receiving the following
alert from the Norton AntiVirus (NAV):

“Default Block Master Paradise Trojan horse” blocked communication.

Kenneth, this alert message does not indicate the presence of the
Master Paradise Trojan horse on your system. This issue can happen if
javaw.exe is using the local port 3129 on your system. This port is
usually used by Master Paradise Trojan horse program.

Please note that there is a block rule for Master Paradise Trojan horse
under Trojan Rules section in Internet Worm Protection. This rule
monitors activities and communications through the local port 3129.
When it finds a communication through the local port 3129, it will
display this alert message.

Carl Siechert and I warn about this potentially confusing issue in Windows Security Inside Out:

Trojan horse programs often use port numbers that are also used by legitimate programs and system components. Do not assume that a system has been infected simply because you see a program listening on a port number that is known to be used by a particular Trojan horse. For example, the “Sockets de Trois” Trojan often uses port 5000, but so does the legitimate Simple Service Discovery Protocol (SSDP) Discovery Service. In addition, your computer assigns incoming ports using arbitrary numbers beginning with 1024. One of these dynamic port numbers might match a number that’s also used by a Trojan horse program; be sure to look at the port number on the destination computer before concluding that your computer has been compromised.

But that’s not what Joe did. Instead, he concludes (incorrectly, I believe) that he dodged a cyber-bullet:

NAV 2005 detected and quashed the attempted intrusion on my HP Pavilion zd8000 notebook. HP did right by shipping the portable preloaded with the security software and providing a colorful eight-page pamphlet, “Get Secure: Protecting Your Computer.” If not for NAV 2005’s instant-messaging monitoring, looks like the Master Paradise Trojan would have infected my test computer. So, I’m feeling quite charitable to both HP and Symantec. Perhaps the best marketing is the consumer’s good experience, and one no vendor should ignore.

This conclusion is misguided, in my opinion. And it illustrates everything that is wrong with the commercial security software business. Joe feels good because the software told him it had protected him, even though the likelihood that this was an actual attack is microscopic. The lesson that Joe is unwittingly sending to the vendors in question is, “Give me more false positives, because the more times you tell me you’ve protected me from something, the more I’ll feel like I’ve gotten my money’s worth from your software.” If he had a better security program, it would have realized that this outgoing connection was just fine and would not have given him any warning at all.

That is just wrong. On a healthy computer with multiple layers of security, most threats should be blocked or neutralized before the user ever sees them. Getting lots of warnings is a sign that one of those layers isn’t working as well as it should. But that’s exactly the opposite of what motivates developers of security software today.