Register to post in forums, or Log in to your existing account
 

Post new topic  Reply to topic     Home » Forums » Zugg's Blog Goto page Previous  1, 2
Zugg Posted: Fri Feb 03, 2006 7:44 pm
Another day lost to virus hackers
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23377
Location: Colorado, USA

PostPosted: Mon Feb 06, 2006 7:16 am   
 
HELP ME! I'M ADDICTED!

Razz Heh, yeah, I'm totally addicted to Firefox extensions. They really did a good job making it easy to try, install or uninstall extensions. To bad it requires restarting Firefox, but with SessionSaver running, I'm always right back to exact where I was when I closed Firefox, so it's *very* painless.

While playing with AdBlock tonight (a *great* recommendation), I also came across WizzRSS which finally integrates a very nice RSS viewer with the browser. I feel like I've rediscovered the web all over again.

I really can't believe it took me so long to be "converted". I should have switched to Firefox months ago.

And I'm *really* glad I decided not to pursue the eMobius email idea. Mozilla is improving their software a *lot* faster than I ever could. I'm going to try Thunderbird tomorrow night during my "playtime" and see if it's just as good as I expect it to be. If I can find the COM interface for Thunderbird then I can change my customer database software to pull emails from Thunderbird instead of Outlook, and then I could dump Outlook.

If you know if there is a COM interface for Thunderbird, please post links.
Reply with quote
Rorso
Wizard


Joined: 14 Oct 2000
Posts: 1368

PostPosted: Mon Feb 06, 2006 10:29 am   
 
seamer wrote:
I was reading a debate on open source vs closed source software recently. In summary I came away with, 'just because it can be fixed by hobbyists doesnt mean it will be fixed by hobbyists'. The goals of after-work coders differ to the goals of business-hour coders. On one hand, you have a group of people actively trying to maintain the prestige of their financial cash cows, and on the other hand you have a bunch of people donating whats left of their daily concentration after working 10-12-14 hours in a cubicle. The business-hour people may not be paid to work overtime when security alerts are released, while the hobbyists are just too tired/drained to really care about some new Russian Exploit that may or may not be abusable within the next 3 decades anyway. I believe this summation is applicable regardless of company size or target userbase of the product, and there will always be exceptions to how I've summarised.

My opinion on this matter is that there are huge issues with "closed source software". There is nothing that says that it is a good idea to fix bugs as a company. In fact avoiding doing so might decrease maintenance costs(if you determine you wont lose too many customers, or you could require money for the bug fixes).

Also the world is crazy at the moment with copyrights, and "trade secrets". A security expert disassembling a program to find weaknesses could probably get the DMCA thrown at him. An evil hacker doing the same could press the right buttons and hold the entire Internet hostage. By then it is too late.

I think the scream from companies about weak copyright protections, and about people pirating software will in the end have a very scary effect. Just look at the Sony rootkit(aka DRM) which shows that some companies are ready to do almost anything to protect their investments. You are very unlikely to see something like this in open source software. An issue with these DRM protections in general is that it limits the user. To use software/music in a legal manner is actually a downgrade. E.g you have to put the CD in drive each time you play that game, or you can only listen to the music on some types of hardware. Something fun to mention here is that it does happen that CDs crack(break). Someone once told me this happened to them and it took their CD drive with it. I didn't believe it until the same game CD cracked for me from taking it out from the CD case carefully. Because of the copy protections you weren't able to take a backup so you lose money this way.

Not to mention how you have to PHONE Microsoft if you need to reinstall WinXP Home too many times. Some users simply won't do that(either because of social issues, or principles). Actually talked with one that got into that issue and his conclusion was kinda "well I don't need that stupid computer, anyway" Rolling Eyes.

Edit: By the way. Has anyone considered that by sending in an infected .exe file of say Word to an antivirus-company might be breaking the EULA you accepted at installation? Same with the core dumps you send to Microsoft when a program crashes. It sends pieces of copyrighted material away. If the OS enforced this through some DRM methods it is well possible it could turn into a nightmare.
Reply with quote
seamer
Magician


Joined: 26 Feb 2001
Posts: 358
Location: Australia

PostPosted: Mon Feb 06, 2006 11:20 am   
 
The good thing with closed source software is that the owner/creator is forced to fix it if s/he wants to make any money from it and so is at the mercy of the invisible hand of the market (fix it or have a failed product), the bad thing would be being charged for the patch or having to wait 6 months for it.

With open source software anyone can submit a patch, but can you trust what theyve sent? There was one particular bug a couple years ago when someone merged a user-patch into source for something critical (linux kernel maybe?) that introduced a backdoor into the code. I dont remember if it was intentional or a mistake, but the outcome was the same. Proof-reading code you didnt write is tedious and boring, would a typo of $i instead of $i++ be an obvious pickup to most people?

In my sig I have "Active supporter of coffeemud.homeip.net, the premiere java-based mud", I dont code but I do alot of support from a player/admin side of things. I'm amazed at how many people just rely on one-two coders to fix everything while they go and code their own new features without submitting these new features to the main code (not slamming these people, its just a hobby for us all). Open source is a brilliant path to explore and I wish it the best of luck but I'm wary of people who whine about bugs and then go and code new things for themselves without sharing them with the rest of that particular community.

I think the market saying open source software is only successful when there is a large corporation behind it. It's pretty ironic if you think about it :P AOL for firefox, IBM for linux, Sun for OpenOffice suite...what other OSS projects are out there with mega sponsors and have a large user base? What happens if these companies tighten their belts, will the projects fold or be cut adrift and be left to the wild wilderness to play with it?

I'll stop rambling now, I forgot what I was originally going to say Embarassed
_________________
Active contributer to coffeemud.net, the advanced java-based mud system.
Reply with quote
Rorso
Wizard


Joined: 14 Oct 2000
Posts: 1368

PostPosted: Mon Feb 06, 2006 12:29 pm   
 
seamer wrote:
The good thing with closed source software is that the owner/creator is forced to fix it if s/he wants to make any money from it and so is at the mercy of the invisible hand of the market (fix it or have a failed product), the bad thing would be being charged for the patch or having to wait 6 months for it.

Well only if the bug is so bad that it affects the return of investment badly. Say there is a bug that affects 5% of the users badly and you determine that fixing the bug is more expensive in the long run than ignoring it. Then you could decide to avoid fixing the bug. People might sue you or stop buying your product but the statistics might still say that you win in the end.

Quote:

With open source software anyone can submit a patch, but can you trust what theyve sent? There was one particular bug a couple years ago when someone merged a user-patch into source for something critical (linux kernel maybe?) that introduced a backdoor into the code. I dont remember if it was intentional or a mistake, but the outcome was the same. Proof-reading code you didnt write is tedious and boring, would a typo of $i instead of $i++ be an obvious pickup to most people?

In my sig I have "Active supporter of coffeemud.homeip.net, the premiere java-based mud", I dont code but I do alot of support from a player/admin side of things. I'm amazed at how many people just rely on one-two coders to fix everything while they go and code their own new features without submitting these new features to the main code (not slamming these people, its just a hobby for us all). Open source is a brilliant path to explore and I wish it the best of luck but I'm wary of people who whine about bugs and then go and code new things for themselves without sharing them with the rest of that particular community.

Open source is very closely connected to "freedom" in many ways. It is after all about sharing, but denying people the right to not share would remove the freedom of choice. It is much more honorable to share something because you want to do that, not because you are/feel forced to do so. When it comes to a game like a MUD you also need to realize that it is a huge competition to stay the best. It has to be unique in some ways to attract players. After all there's around 1800 MUDs out there. It is much different when a project is, for example, a MUD client where everyone benefits from sharing features.

Whining is natural I think. If there is no whining going on at all in a project then you probably have an issue somewhere. I have seen people yell at "whiners". In the end that doesn't solve much. Perhaps the codebase IS very buggy and you need to consider waiting longer before making a public release. Another issue could be poor feedback to the users. The "fix my bug yourself" attitude will just make the users and creators enemies.
Reply with quote
Darker
GURU


Joined: 24 Sep 2000
Posts: 1237
Location: USA

PostPosted: Mon Feb 06, 2006 3:21 pm   
 
Bla bla, firefox, bla bla, extensions, bla bla, open source...

Back to the root issue:

You've backed up to another hard drive or dvd or something now... right? So when your systems go kaputt again, you only have to restore your backup. right?

:)
_________________
Darker
New and Improved, for your Safety.
Reply with quote
bortaS
Magician


Joined: 10 Oct 2000
Posts: 320
Location: Springville, UT

PostPosted: Mon Feb 06, 2006 3:38 pm   
 
Hey Darker, my thoughts exactly!

I changed from Norton Ghost to Acronis True Image. Much better product IMHO. Twisted Evil
_________________
bortaS
~~ Crusty Klingon Programmer ~~
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23377
Location: Colorado, USA

PostPosted: Mon Feb 06, 2006 6:51 pm   
 
Darker and bortaS: Actually, no. For our critical stuff, like software source files (CVS repository, etc), customer database, etc, I have selected backups running that save stuff to other hard disks on other computers on our internal network.

And on my development system, I'm running RAID mirroring for better disk reliability.

But for most of our systems, I don't have any full backups. I simply cannot afford that many disks. I'd have to spend a couple thousand dollars to get enough disk space to ghost all of our disks.

Now it's true that I have little experience with ghost...I don't know how long it takes to ghost a 100GB disk partition. And I don't know how you really automate this so that you always have a valid image. For example, you can't just keep one ghost image, because if it's done automatically at night, then you might end up ghosting a disk that is already infected with something.

You have to go back to the traditional backup schedules and maintain a nightly ghost image, but also some sort of weekly image in case the nightly image gets corrupted somehow. Doing all of this correctly takes a lot of disk space.

It's one of the big problems everyone is facing these days...hard disks have outgrown our backup systems. The only economical solution is to buy more disks and use ghost to image them. But this can get expensive.

But I'll research Acronis True Image. I tend to be "anti-Norton" these days.

But I'm certainly open to more advice on how to do this properly. Maybe the image software can compress stuff so that I don't need so many 200GB disks? Can you store multiple ghost images on a single drive somewhere else on the network? How fast is the ghosting process? It's been many years since I last played with Norton Ghost and I don't remember much about it.

For right now I've just got Windows Backup running during the night.
Reply with quote
bortaS
Magician


Joined: 10 Oct 2000
Posts: 320
Location: Springville, UT

PostPosted: Mon Feb 06, 2006 9:31 pm   
 
Zugg,

I hear your pain on disk storage. This is what I've done...

I created an image of my newly installed Windows XP with all of the patches. True Image compressed my 4 gig clean image to 2.1 gigs. I then used a wizard in the app to create a recovery CD and burn the image to DVD. The second image was 50 gigs, and True Image compressed it to 21 gigs. I haven't burned this one yet, but True Image will let you break the image across DVDs.

I got me a DVD burner from TigerDirect for about $45. That was a good investment for me. Restoration doesn't take that long. It is dependant on how big your image is. My clean WinXP image gets reloaded in something like 15 minutes. That's a whole lot faster than having to reinstall Windows XP again.
_________________
bortaS
~~ Crusty Klingon Programmer ~~
Reply with quote
Vijilante
SubAdmin


Joined: 18 Nov 2001
Posts: 5182

PostPosted: Mon Feb 06, 2006 11:15 pm   
 
I happen to agree whole heartedly with bortaS. I have used DriveImage Pro for years and it preforms similar to the description that has been given for True Image. My image system is clean install from cd, followed by another for current updates, then another with programs installed. Generally the first 2 fit on a single DVD and the third takes its own DVD. Further backups are generally just important data files like email storage, desktop, and other frequently changed items; all that would be covered in your current automated copy system. Having the 3 backup images lets me rapidly restore my system to a given point and maintaning them is not that tough. You can generally store an image to another hard drive to make the restore that much faster.

For example you just tossed Chiara's old system. Take its hard drive out and mount it in her new one. Then build the back up images mentioned and date them. Leave it mounted in the system, but disconnect its cables and you now have a secure backup that is only seconds away from restoring the system. Very few virus or hacking activities corrupt data files. That becomes the only thing you have to back up.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23377
Location: Colorado, USA

PostPosted: Tue Feb 07, 2006 3:40 am   
 
But I'm still a bit confused...how do you handle an existing system. Obviously my development system doesn't have a clean partition fresh from installation. Everything is in one partition on the disk. So can True Image (or DriveImage) just select files from certain directories (like /Windows and /Document and Settings?)

Also, obviously I can't just use Chiara's image for all of our other computers. We've got Chiara's computer, my Development system, my laptop, our email server (and my gaming system while I'm protecting stuff with all of our MP3 files on it). So it still sounds like we are talking about a lot of CDs and backup storage.

If I take my development system as an example, it takes far longer to reinstall all of the applications, especially all of the 3rd party Delphi components. It seems that using a DVD to backup an image of Windows doesn't help much. It just saves doing the Windows reinstall and patch. But I'd still have to reinstall all apps from scratch.

For a simple computer like Chiara's it might work ok, although since it already came with recovery images I think that is probably sufficient. But for my complex development system, it seems like the only real solution is to maintain an entire disk image of the entire system (Windows plus all apps and data). If it didn't take too long to create an image like this, I could update it on a weekly basis. Then I'd always have my entire system state from within a week. That seems a lot better than making separate images of just the Windows system.

Chiara's new computer *does* have a DVD writer, as does my laptop, so we can probably archive images, but I don't really see my 40GB development system fitting on a reasonable number of DVDs. It still seems that using another large disk (like Chiara's old system disk) might be a better place to store stuff.

Anyway, I'm still curious as to how fast True Image is. How long did it take you to create your 50 gig image that you mentioned? And maybe a bit more information on how you created the different images would be useful. I need to be able to do all of this on the existing development system...I don't have time to rebuild it from scratch and make images as I go.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23377
Location: Colorado, USA

PostPosted: Tue Feb 07, 2006 3:58 am   
 
Hmm, this is very interesting...

On Chiara's new computer from eMachines, it displays something like "Press F11 to restore system" when it first boots. This is the same prompt mentioned in the Acronis True Image software. Her computer has both a recovery CD, as well as a separate recovery partition on the hard disk. I wonder if eMachines is using True Image for this recovery partition. It sounds very similar to what I've been reading on the Acronis site.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23377
Location: Colorado, USA

PostPosted: Tue Feb 07, 2006 4:26 am   
 
Ahh, OK, *now* I'm starting to understand this a bit better. I didn't realize that True Image could perform incremental or differential backups for the *disk image*. I thought they were just talking about normal file/folder backup. But it looks like it can maintain the entire disk image and keep a full image backup (on a monthly basis, for example) and then keep a single weekly differential image, along with a daily incremental on top of that.

Looks like this all runs pretty quickly in the background. And it looks like it runs just fine across network drives. So I should be able to have True Image perform an image backup each night, and then if I ever have a catatrophic failure, I've restore the entire image, OS, data, and everything, all at once.

Looks like it also has compression, so I'll just have to try it to see how fast it is. True Image definitely looks like one of the best solutions I've seen (thanks for pointing me to this bortaS !)

Perhaps with Chiara's old disks I can put together something reasonable.
Reply with quote
Rainchild
Wizard


Joined: 10 Oct 2000
Posts: 1551
Location: Australia

PostPosted: Tue Feb 07, 2006 4:49 am   
 
I'll give word up to the Acronis products, I haven't used True Image but the ones that I have used (partition wizard, migrate easy, privacy expert) worked really well. The I'm sure the others will answer your questions about true image, but I was under the impression that it could do incremential backups as well as extracting just a certain file or directory from the whole image if you needed, so you should be able to after the initial big backup, burn smaller backups as you go along.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23377
Location: Colorado, USA

PostPosted: Tue Feb 07, 2006 6:30 am   
 
OK, they've got my business:

1) 15-day trial. No "crippled" features, just the time lock...just how I like to evaluate software
2) Clean interface, no crashes...software that works!
3) My *entire* Development system (2 partitions, 80GB total used) was backed up to under 30GB in about 30 minutes. That's small and fast.
4) The price is good. They aren't charging hundreds of dollars like professional backup systems.

I'm sure I'm just scratching the surface of this program. Again, my huge thanks to all of you guys for the help and recommendations on this.

That's the problem with owning your own programming business...you have to spend all your time programming! I hardly have any time to evaluate products like this and find the quality stuff over all of the trash that's out there. I'm lucky to have such helpful people on these forums. Hopefully I'll never need to fully initiate this disaster recovery system, but I feel a lot safer now.

Soooo much better than the Microsoft Backup utility ;)
Reply with quote
seamer
Magician


Joined: 26 Feb 2001
Posts: 358
Location: Australia

PostPosted: Tue Feb 07, 2006 11:04 am   
 
Forgive the mini hijack, I figure since there are a few backup artists here I ought to give it a try ;)

I have several users on a machine with a bunch of personal data each. Microsoft backup tool utterly bites when restoring user data since the accounts already have to exist before it imports properly. How can I backup their data and dump it on a clean install of XP with minimal fuss and full compliance?
_________________
Active contributer to coffeemud.net, the advanced java-based mud system.
Reply with quote
Tornhelm
Beginner


Joined: 24 Nov 2002
Posts: 20
Location: Australia

PostPosted: Tue Feb 07, 2006 1:47 pm   
 
I know this is a bit late, but I would seriously recommend moving from AVG which is fine for most things to Avast which is another of the non Profit++ Anti-Virus companies and has the free/paid versions. I used to use AVG virtually forever and then started having problems with a virus that AVG wouldn't pick up - first run of Avast and it picked up half a dozen things that AVG let through.

And bortaS I disagree with one of your extensions - AdBlock. Instead visit www.extensionsmirror.nl and look at AdBlock Plus and Adblock Plus Filterset.G Updater (both on the same page). Adblock Plus includes whitelisting options (for sites you want to support by loading the ads but dont want to see) and Filterset.G Updater is a free set of Adblock rules that get rid of 99% of the ads and is regularly updated with false positives and better rules.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23377
Location: Colorado, USA

PostPosted: Wed Feb 08, 2006 7:51 am   
 
OK, now I'm feeling pretty safe...

I went ahead and bought a 250GB disk, along with a DVD writer. I've got True Image installed on all of our computers. I've got it set up for my Development system to save a Full image Monthly and Weekly, and then save a Daily Differential backup as well. So at any given time, I should have the past 7 days of files, along with the most recent monthly.

On Chiara's computer I just have it doing the weekly and daily differentials without the monthly.

My laptop only has a wireless network connection, so doing a full image backup is *slow*. It claims it will take 7 hours, compared to the 13 minutes for my local disk and 35 minutes for Chiara's disk over the 100 Mbit LAN (smaller disk though).

With the RAID array on my Development system, it's the most reliable system we have. But I'm putting the Monthly on a different computer for redundancy. I've also got a full image stored on DVD now.

While I was messing with new hard disks, I also hooked up the SCSI disk from the old Superb WinNT zuggsoft.com server and made a full image of it. Now I can recover some personal SCA files that I forgot to transfer to the new linux server ;)

So, unless something really wierd happens, I should be covered now.
Reply with quote
Nezic
Apprentice


Joined: 10 Oct 2000
Posts: 119
Location: Colorado

PostPosted: Mon Feb 20, 2006 12:36 pm   
 
I read a faq/article about Trusted Computing that was linked from a site that was linked from Slashdot.

Written in 2003, I believe, and it was very chilling to read: http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
Reply with quote
Display posts from previous:   
Post new topic   Reply to topic     Home » Forums » Zugg's Blog All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
© 2009 Zugg Software. Hosted on Wolfpaw.net