Saturday, May 08, 2010
Local Media #fail
On Thursday Caroline Lucas, leader of the Green Party, won the election in the Brighton Pavilion constituency, becoming the first British Green MP.
Duly reported by the Malvern Gazette as "Greens win historic first seat", and in the Worcester News as "Greens win historic first seat".
BBC Hereford and Worcester failed to do any better.
"Why should they?", I hear you all cry in unison.
Well, here's a hint, I had to edit the Malvern St James Wikipedia entry to reflect the election results.
Yes folks, Caroline Lucas was born and educated in Malvern.
Our local media is full of banal stories about locals and former-locals making and doing good, but this time, they completely failed, preferring to merely regurgitate the Press Association's stories.
A hint to the Beeb and NewsQuest hacks in Hylton Road. Always look for a local angle, you might be surprised at what you find (after a ten second Google search).
You're worse than useless.
Postcript, May 12th:
"A Worcestershire-born politician will make history today when she's sworn in as the Country's first Green MP. Caroline Lucas, ...." reported BBC Hereford and Worcester news this morning. Well done!
Edited on: Wednesday, May 12, 2010 7:38 AM
Categories: Comment, Environment
Thursday, April 22, 2010
McAfee, ClamAV, McAfee: Why keeping security software up to date is mandatory, not optional
1: On March 31st, McAfee's support for their V1 format antivirus DAT files ended, and with it come the end-of-life for VirusScan 8.0. Plenty of warning had been given, and they'd even extended the end-of-life date by three months. Yet, come April 1st, McAfee's Community Forums were filled with tales of people whose antivirus had ceased updating. There was a twist to this tale, however. One customer was using a V2-supporting antivirus program, but it still wasn't updating. It turned out that updating to a later version of the McAfee Agent solved his problem.
2: The ClamAV Users' mailing list has become a bit of a flame-fest of late, all due to Sourcefire's withdrawal of support for versions pre-0.95. They'd announced all this six months ago, but users were still caught unawares. Unfortunately, the developers effectively "turned off" older versions when they issued a pattern update using a data format only supported by ClamAV 0.95 and later. And how the affected users howled.
3: Back to McAfee yesterday, and we find peoples' PCs being screwed up by a bad DAT update. Those who escaped unscathed were those who had read, comprehended, and implemented a setting change discussed in the last VirusScan 8.7 patch release notes. More luck than anything else, in this case, though.
Notice a common theme to all of these?
Due diligence, or lack of it. Not by the vendors, but by the users of their products.
Security software, by its very nature, requires frequent updates. Improvements to increase reliability, detect new classes of threat, and so on. It is critical to the security of an organisation's assets.
So why, oh why, are people sticking their heads in the sand and not keeping things up to date?
Fools.
Edited on: Thursday, April 22, 2010 11:26 PM
Categories: Comment, Computer Security
McAfee Mayhem
Yesterday afternoon McAfee released their 5958 anitivirus DAT pattern and unwittingly unleashed a denial of service attack on thousands of PCs around the world.
The update mistakenly detected the W32/Wecorl.a virus in the system file svchost.exe, promptly quarantining it, and rendering the affected PCs almost useless.
The McAfee users' forum was soon full of posts from upset customers.
This afternoon, McAfee sent out an email to its security alerts mailing list from Dave DeWalt, President and CEO, full of spin over this incident.
"In the past 24 hours, McAfee identified a new threat that impacts Windows PCs. Researchers worked diligently to address this threat that attacks critical Windows system executables and buries itself deep into a computer's memory.
The research team created detection and removal to address this threat. The remediation passed our quality testing and was released with the 5958 virus definition file at 2.00 PM GMT+1 (6am Pacific Time) on Wednesday, April 21"
So far so good, and thanks for telling us how this came about, much appreciated.
"The research team created detection and removal to address this threat. The remediation passed our quality testing and was released with the 5958 virus definition file at 2.00 PM GMT+1 (6am Pacific Time) on Wednesday, April 21."
The timing seems right, good, good.
"McAfee is aware that a number of customers have incurred a false positive error due to this release. Corporations who kept a feature called “Scan Processes on Enable” in McAfee VirusScan Enterprise disabled, as it is by default, were not affected."
Nice spin, but that doesn't quite wash. From the Virusscan 8.7i Patch 3 release notes:
Issue: With the improved functionality of the on-access scanner memory scan, lower and middle ranged systems may see a performance impact at startup and after a successful AutoUpdate of the engine or DATs. Currently the Process on enable option is enabled by default on the shipping version of VirusScan Enterprise 8.7i. McAfee recommends that in a managed environment, disable this option prior to deployment of the Patch, until the impact of memory scanning can be determined for your environment. It is not possible to maintain both the more comprehensive scanning that comes with Patch 1 and later, and the former level of scanning. Therefore, only the more comprehensive scan is used.
NOTE FOR CURRENT AND NEW USERS:
* The Patch installation does not modify current settings to disable the Process on enable option.
* The VirusScan 8.7i NAP and extension that are included with the Patch do change the McAfee Default policy, but do not modify the My Default policy, or any custom policy settings that were made prior to the check-in of the new NAP/extension.
* The VirusScan Enterprise 8.7i Repost with Patch now installs with the Process on enable option disabled, unless the Maximum Security option is selected during the installation.
The emphasis in red is mine. So no, it was not the default apart from clean installs of VSE 8.7i Patch 3 repost into a virginal ePO. Tut (to put it mildly).
The CEO's email continues:
"Our initial investigation indicates that the error can result in moderate to significant issues on systems running Windows XP Service Pack 3."
That seemed to be the consensus on the McAfee forum, too.
"The faulty update was quickly removed from all McAfee download servers, preventing any further impact on customers. We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base."
I'm not sure how quickly it was removed, a notification timed at 12:47pm CDT (18:47 GMT+1) stated it had been removed. I think several customers would quibble about the precise meaning of "quickly" in this context.
Less than one half of one percent of a very large number is still a large number. Actual numbers would have been more meaningful.
"McAfee teams are working with the highest priority to support impacted customers. We have also worked swiftly and released an updated virus definition file (5959) within hours and are providing our customers detailed guidance on how to repair any impacted systems."
Within hours? Bad DAT released at 2pm GMT+1, replacement after 7pm GMT+1. So that's 5 hours between releases. Could a solution have reasonably been released sooner? The spinmeister doesn't tell us. 5 hours is a long time when people have PCs dying all around them.
As a result of this fiasco, widely respected Windows commentator Ed Bott no longer recommends McAfee security software. Ouch, that's going to hurt.
Securosis' Mike Rothman asks Who DAT McAfee Fail?. Not a totally stupid analysis, but he fails to consider reality. He suggests delayed updates as a workaround, giving sysadmins time to react to duff updates. But, McAfee, on a good day, releases DAT updates once daily. Not good enough to catch new threats, alas. But it is worse than that. New detections can take up to three days to appear in the DAT files. Yes, really! And even more delay in fighting malware's the last thing we need.
Oh yes, I almost forgot to tell you. We were lucky. I'd read that bit in the release notes and configured McAfee's ePolicy Orchestrator appropriately. Only one PC (out of several thousand) misbehaved, detecting the non-existent virus. Fortunately, McAfee Virusscan's attempt to clean it had failed, leaving the PC in a healthy state. I suspect that detection was the result of a rare (but known) bug where policies aren't correctly applied. Needless to say, McAfee's antivirus was stripped off and reinstalled, without any further issues.
This blog post is an expanded version of a post originally made in the McAfee Community Forums
Postscript, April 27th: Over at PCMag's "Security Watch", Larry Seltzer has some interesting comments on the Lessons of the McAfee False Positive Fiasco. Be sure to follow the links in his story. Neither he nor Ed Bott cover the "end user responsibility" angle that I do, alas.
Edited on: Tuesday, April 27, 2010 9:05 PM
Categories: Comment, Computer Security
Sunday, December 20, 2009
Merry Christmas
Edited on: Sunday, December 20, 2009 4:53 PM
Categories: Comment, Environment, Waffle
Wednesday, October 28, 2009
Oops!
Mandy Sets Date for Blocking Immoral Oil-consuming
Slaying two of those proverbial avians with one satirical blog post.
What if the government applied as much zeal to curbing fossil-fuel consumption as it does to curbing filesharing? Would we see news reports like this?
Mandelson, speaking at the government's pompous politician strutting conference, confirmed that the petrol tanks of persistent offenders could be blocked - but only as a last resort from the summer of 2011.
He added that a "legislate and enforce" strategy was the only way to protect the planet. "Three strikes is a reasonable way of describing our approach," he said.
The strategy, which will be officially set out in the government's ecological economy bill in late November, will involve a staged process of warning notifications with fuel suspension as a last resort.
"It must become clear that the days of consequence-free widespread oil consumption are over," Mandelson said. "Technical measures will be a last resort and I have no expectation of mass suspensions resulting."
The legislation is expected to come into force in April next year.
The effectiveness of the warning letters to persistent immoral oil-users will be monitored for the first 12 months. If immoral oil consumption has not dropped by 70% by April 2011, then cutting off people's fuel suppliess could be introduced three months later, from the summer of that year.
"If we reach the point of suspension for an individual, they will be informed in advance, having previously received two notifications β and will have the opportunity to appeal," Mandelson added. "The British government's view is that consuming the planet's fossil fuels is wrong and that, as an economy based on greed, we cannot sit back and do nothing as this happens."
Mandelson said that the strategy was a "proportionate measure that will give people ample awareness and opportunity to stop breaking the planet". "The threat for persistent individuals is, and has to be, real, or no effective deterrent to destroying the planet will be in place," he added.
There would be a "proper route of appeal" for those that do have their oil access suspended, Mandelson said. He added that he did not want to see oil companies "unfairly burdened" by the new system.
"Oil Companies and rights-holders will share the costs, on the basis of a flat fee that will allow both sides to budget and plan," he said.
The staged roll-out of the strategy will see OfOil assess the effectiveness of the warning notification system on cutting immoral oil-using, backed by the threat of legal action in about April 2011.
If the 70% reduction is not achieved the use of technical measures to cut off persistent offenders' fuel access will be introduced by about July 2011.
Should this system be introduced repeat offenders will be warned they are infringing and then, in a second letter, told that technical measures could be implemented. Further infringement will lead to the offenders' names being put on a "serious infringers list", with oil purveyors then "obliged to exercise technical measures".
No timetable was given by the government for the speed with which the process can go from a warning letter to fuel suspension.
When infringers are informed that they face having their fuel access suspended, they will have 20 working days to appeal to an independent body, to be established by OfOil. The suspension will not come into force until the appeal has been heard.
If the first appeal is unsuccessful the infringer can lodge a second appeal within 20 working days.
My apologies to Mark Sweney and The Grauniad for the shameless rip-off.
Thursday, September 03, 2009
Wrong Numbers, Episode 3,000,000,000
Once again, the media are all bleating the "wonderful" news about oil. BP, apparently, has discovered a large 3,000,000,000 barrel reservoir of oil 35,000 feet down in the Gulf of Mexico.
As per usual, they seem totally unable to join the dots and connect oil consumption with CO2 emissions, so they've almost all copied BP's gushing (pun intended) press release with no mention of "that which must never be mentioned in connection with oil", and lo, BP's stock market price jumped upwards.
This is getting quite tedious, folks. It is hard to know whether these journalists are complete idiots and gullible fools, pathetic hacks reduced to regurgitating vested-interests' press releases, or intentionally malevolent.
Three billion barrels represents under six weeks' worth of global oil consumption. We'd need to find ten such fields annually just to keep standing still. Needless to say, we don't.
Lou Grinzo puts it all into context in his The Cost of Energy blog.
Jeremy Leggett, who really should know better, wrote an almost-insightful piece in today's Guardian about it. But even he fails to stress that the consumption of this resource is one of the worst things that we could possibly do.
And nobody's asking the obvious questions:
Is consuming the new oil that BP has discovered tantamount to a crime against humanity and the planet?
Is drilling for oil knowing full well (my apologies for another bad pun) that the oil discovered will be burnt spewing CO2 into the atmosphere, morally reprehensible?
My answer to both questions is a resounding yes, what's yours?
Edited on: Thursday, September 03, 2009 9:42 PM
Categories: Comment, Environment, Waffle
Having a Giraffe
I blame BNO News' @mpoppel for all this. There was I one day in July, quietly minding my own business, when he tweeted this:
Forget the heffalump in the living room, a giraffe in one's back yard is much more appealing!
So I sent my friend Liz a totally perplexing text message reminding her to check her (minuscule) back yard for wayward giraffes when she got home. Needless to say, there were none. Her imaginary piggiflu-infected pet pig which she keeps out there had remained undisturbed, albeit somewhat lonely.
After much banter, I was led to Ola Helland's wonderfully crazy onemilliongiraffes.com. He's aiming to collect one million hand drawn (or hand crafted) giraffes by 2011. Please help him out and get drawing. If I can do it, so can you!
Here's my contribution:
Thursday, June 18, 2009
Iran
Today, I'm going to take a trip in time back to December 1977.
There was I, in the transit lounge at Tehran's Mehrabad Airport, awaiting my connecting flight. It was snowing heavily outside, the first snow of the winter, the locals informed us.
The place was crawling with the Shah's heavily armed militia who, somehow, had completely lost the ability to smile.
And so it was that I got chatting to an airport worker, who like me, was in his early 20s.
He expressed, enthusiastically, his aspirations for, what was to him, a free Iran under Muslim rule.
Today, as millions of Iranians continue to peacefully demonstrate against the obviously fraudulent presidential election results, I'm reminded of this young man, so earnestly longing for Iran to become a better place.
Wednesday, May 27, 2009
Taking the....
... dosh.
Peter the Profligate Luff, in another desperate attempt to make himself appear squeaky clean, digs his own grave:
his claims over the past four years have included £2,600 for redecorating the office in his Worcester home, £900 for replacing an exterior door, £428 for roof repairs and £243 spent on replacing a window.
He said: βIt seems reasonable to me that a maintenance cost is something I would claim for β to claim for enhancements would be wrong.β
Legitimate or not?
It's his home, but what proportion of its upkeep should be allowed against expenses?
Is the office used solely for his parliamentary duties, or is it multi-purpose? Were the roof repairs directly over the office? Was the door to the office? Was the window in the office?
We're not told, and should have been. Bad reporting yet again, Worcester News.
The comments to the article are worth a read. There are, thank god, a few smart people left in Worcester.
Logik's comment sums it all up:
"Here is the test of reasonableness as far as I am concerned. Had you had to fund all this out of your own pocket, would you have bought the same items and would you have spent the same amount of money. If not then the cost to the taxpayer is unjustifiable."