The Legacy Sunbelt Software Blog

I have a lot of respect for Anne Mulcahy, Xerox’s CEO who has announced her retirement.

One thing that I like about her is that she gets innovation:

To be sure, a company’s R&D investment pool looks tempting in tough times. And draining it might save a few jobs or help make the quarterly results less painful. However, if you fail to fund the future, all you’ll be left with is a really lean company trying to churn old ideas into new business…When Xerox went through a downturn of its own making earlier this decade, everywhere I went, lenders and investors were demanding I cut our R&D spending. But to me, Xerox innovation was sacred. Why avoid financial bankruptcy only to face technological bankruptcy down the road?

Some of the tech CEOs I know right now who are in trouble are, in many cases, the ones who have not spent enough on R&D — the core of innovation in a technology company.

There is an attitude often in financial circles (and among non-technical managers), that research and development is not the vital lifeblood of an organization. It can be off-shored, or outsourced, or heavily cost-managed. I know several companies where the financial backers are soaking the company for cash flow, but not investing heavily in new technology.

An organization starts with a product. It doesn’t start with a sales, finance or marketing department. It starts with something that’s produced. And in technology, the people who make your products are your R&D department. Without a product, you have nothing.

The sometimes painful truth is that the business of technology is very R&D intensive. There are cycles, where you make a new product, make money off of it, and then go into another major new R&D phase. This is an ongoing process.

However, what is commonly observed is a company spends on innovation, gets successful, and then doesn’t realize that it actually needs to keep spending on innovation. The companies that would qualify for this list are legion.

Simply straight-lining your R&D expenses at some magical percentage of total revenue is not the right approach. A company must invest in R&D with relevancy to its current situation. Right now, almost 40% of our staff is dedicated to R&D, a staggering figure for some people. But we’re at an absolutely essential time where innovating is the most important thing we can do, to remain competitive. It pays off — our growth is 70% year-over-year. So we keep investing, and investing. We’re making money, but we’re also spending money on making sure that two years from now, we continue to have the most innovative products. (Our percentage of R&D won’t always be this high, because as revenue goes up, the percentage dedicated to R&D goes down, but the current ratios are relevant to where we need to invest now.)

So to those developers out there facing budget cuts, fight back. Teach your managers that you need the money to make the products that the company will need in the future — so they will have jobs themselves.

In short: Innovate or perish.

Alex Eckelberry

Last year, I met with a prominent journalist who I respect, and he let on to me that some Microsoft execs had been telling him that they don’t run antivirus because Vista is so secure.

Oh really? Hmm… Give me Steve Ballmer’s email address… I could have fun with this.

The idea that you can’t run security software just because you’re running Vista is flat out wrong.

So no offense to the writer, but here’s an article that really needs a retraction:

• Turn off Vista’s overly protective User Account Control. Those pop-ups are like having your mother hover over your shoulder while you work.

• Uninstall your anti-virus software. I’m serious. Symantec Norton 360 spent so much time trying to protect me from problems I don’t have that it dragged my Toshiba’s performance to a crawl. So I uninstalled it. Instant speed boost.

Surprisingly, the article didn’t get much attention when it came out last week, except for some mentions (like this ComputerWorld blog post). Unfortunately, it’s now spreading through syndication.

But really — this is just terrible and dangerous advice.

If you’re fed-up with the bloat of your AV product, get a leaner one. I make one. And there are others as well.

Want reasonable performance tips? I posted some similar advice a couple of years ago on optimizing the performance of your PC, and this LifeHacker article from a while back debunks some common performance myths.

But no way — no way — should you not be running an antivirus product. This is not my self interest speaking, as I’ve blogged about free tools you can use.

It’s just a simple fact.

Alex Eckelberry

Presto TuneUp is the new rogue security suite from the makers of
VirusDoctor rogue security application.

Sites involved:

64.213.140.69 Prestotuneup com
64.213.140.69 update1.prestotuneup com
64.213.140.69 update2.prestotuneup com

You can also find traces of other rogue security product left on Presto TuneUp product web site.

Bharath M N

Johnny Long (one of my favorite whitehack hackers) has an entertaining video about his life. Worth watching/listening to.

The Long Journey To Africa from Johnny Long on Vimeo.

Alex Eckelberry
(Thanks Mubix)

Good reference. 

Alex Eckelberry
(Thanks Donna)

Well, it’s a start.  PDF and SWF exploits are a major infection vector right now.  Getting security updates rapidly and proactively are essential.

Vulnerabilities are no longer an opportunity to bash Microsoft.  All software vendors (and even more for ubiquitous developers, like Adobe, Winzip, etc.) have to be extremely proactive on this front.

Blasted three months ago for being slow to fix a zero-day vulnerability in its popular PDF viewer, Adobe today promised it will root out bugs in older code, speed up the patching process and release regular security updates for Adobe Reader and Acrobat.

Link here.

Alex Eckelberry

Has to be Sophos.  Because of this.

I just wish I’d have thought of it first.

Alex Eckelberry

This is so creepy I don’t really know what to say.  It’s also a great way to keep lots of security people employed, picking up the phone.

But if you happen to know what to say, you can create your own billboard here! 

Alex Eckelberry
(Thanks Rob)

You may have noticed a bit of a different voice here in the blog.  Tom Kelchner, our recently-hired research manager, is now guest blogging. 

Tom has worked for many years in the anti-virus industry, as an Information Security Analyst with ICSA Labs, and then as Senior Threat Engineer with the EarthLink Threat Research Group in Orlando, Fla. He is a former newspaper reporter in Harrisburg, Pa., and government public relations specialist, having served as Deputy Press Secretary to former Pennsylvania Governor Robert P. Casey. He also served as an electronics technician on various submarines during a six-year enlistment in the U.S. Navy.

He does not, however, blog about surfing, commodities pricing or blown CPUs. 

Alex Eckelberry

Microsoft has rather quietly announced on the Microsoft Software Developer’s Network blog (link here) that the memcpy(), CopyMemory() and RtlCopyMemory() commands will be retired soon in an effort to eliminate the threat of memory overwrites.

The blog piece said, “I am ‘proud’ to announce that we intend to add memcpy() to the SDL C and C++ banned API list later this year as we make further revisions to the SDL.”

The command, available in Microsoft and many C-related languages, has been responsible for the problems that led to a number of Microsoft Security updates including:

• MS03-030 (DirectX)
• MS03-043 (Messenger Service)
• MS03-044 (Help and Support)
• MS05-039 (PnP)
• MS04-011 (PCT)
• MS05-030 (Outlook Express)
• CVE-2007-3999 (MIT Kerberos v5)
• CVE-2007-4000 (MIT Kerberos v5)

Developers can easily update code by replacing calls to memcpy() with a safer call to memcpy_s(), which requires an extra parameter: the size of the destination buffer.

Sunbelt Software Vice President Michael St. Neitzel said: “That’s what I’ve been doing for years. When you’re dealing with buffers, you really have to make sure you don’t overwrite them. A string that is not null terminated can easily override string buffers, since in Windows they typically have a defined size such as the fixed path length.

“A bad programmer will manage to do this insecurely. It’s like giving a powerful sports car to an amateur. The anti-lock brakes, electronic stabilization program and automatic speed reducing aren’t going to protect him from having an accident. But an experienced driver can disable all of those things and not scratch the car. Driver, developer – both may make mistakes.”

Tom Kelchner

It’s tonight. Readwriteweb has a pretty good overview of the event, including this:

• Wolfram Alpha is not a general purpose search engine – it does not directly compete with Google and if you treat it like Google, you will inevitably be disappointed
• check out the copious amount of examples from the homepage – they will give you a good idea for the type of queries that Alpha can handle best
• here is one thing we can almost guarantee: you will be disappointed at first (especially if you were expecting a Google killer)
• Alpha is a great tool, but it takes some time to learn about its limits and strengths. Unlike Google, some searches simply won’t return any result at all

Article Link.

Alex Eckelberry

This might be one of the first indications of a not-so-good trend.

In the “Gadgetwise” column of the N.Y. Times, under the title “Five Controversial Ways to Speed your PC” (link here) writer Paul Boutin suggests uninstalling anti-virus applications as a way to speed up a PC. He also said the threat from viruses and malware was overhyped.

Well, we don’t think it’s ever been overhyped and we REALLY don’t suggest turning off malware protection.

Yes, in recent years, many malware scanners have slowed down, largely because of the vast, exponentially rising surge of new threats. Some of the big name scanners seriously need to be rewritten.

Boutin specifically mentioned in his column that Symantec’s Norton 360 “dragged my Toshiba’s performance to a crawl.”

There is nothing more frustrating than a really slow machine when you’re trying to get something done, and, yes, I remember turning off an anti-virus application many years ago. It was the days before the World Wide Web. Boot-sector viruses were a problem. My machine had no contact with the outside world except for an internal email system and occasional disks. I did turn the scanner back on before I shut down the machine for the day and I didn’t leave disks in the drive. So, I don’t think that was a badly reasoned choice. But, that isn’t true today.

One not infrequently sees estimates that a huge percentage of all the traffic on the Internet is devoted to, well… ahem… viewing photos and videos of people with no clothes on. That means a lot of people are visiting sites that are notorious for the distribution of malware. Even sites where the people in the pictures keep their clothes on have been loaded — intentionally or by hackers — with malware that you can download accidentally. Wanna buy a completely useless AV Scanner for $49.95? Can I interest you in a nice browser plug in that will give you just loads of advertising and show you what a slow machine REALLY looks like?

And, God, don’t even get me started on the crap that people (or botnets) forward in e-mail. A good estimate is that more than 90 percent of e-mail is spam and a frightening amount of that is intended phish your bank account or Paypal account login or anything else with a monetary value that might be on your PC or in your head.

It’s here, it’s weird and it’s coming to a PC near you in a couple of new ways every day.

So, if you’re thinking of joining a trend and turning off your malware scanner to squeeze some more speed out of the old Toshiba, just consider a faster scanner, like Vipre.

Sunbelt Software’s Vipre was written from the ground up last year and achieves its lightening speed from some rad new technology. (Check it out here).

Tom Kelchner

Dear Lord. One wonders how many lives may have been or will be potentially ruined by this:

“As a matter of public safety, the Alcotest should be suspended from use until the software has been reviewed against an acceptable set of software development standards, and recoded and tested if necessary. An incorrect breath test could lead to accidents and possible loss of life, because the device might not detect a person who is under the influence, and that person would be allowed to drive. The possibility also exists that a person not under the influence could be wrongly accused and/or convicted.”

Link here (via /.). Further commentary by Schneier here.

Alex Eckelberry

Actually, a very good article in this issue of Processor. Nothing radically new here, but the writer understands the problem and states it clearly.

“The day of the [AV] scanner being the main line of defense is dead . . . it’s just that most people don’t know it yet,” says AVG’s Thompson. Last year alone, AVG added more than 650,000 signatures to its antivirus engine. “There are 20,000 to 30,000 unique binary samples every day. The bad guys know how to beat a scanner.”

It’s also worth noting that tests that focus on virus detections are completely useless in evaluating an anti-malware solution. Today’s malware is a totally different, vicious animal — and detection is also only part of the picture. Remediation is as important as detection to enterprise customers.

More here.

Alex Eckelberry

The so-called “Google tax”, where an adwords vendor pays for traffic that would have gotten to them anyway, is a long-running problem that most marketers simply pay as a cost of doing business.

To understand the problem, you can simply search for a popular corporate name like “delta airlines” — the “first” result is a paid adword (“sponsored link”) from Delta.  Many people click on the paid link, not realizing they just cost Delta some money.  Delta very likely knows this but takes it as a cost of doing business — they do want to make sure you go to their site.

These types of problems are a part of any marketers cost of doing business.  Years ago, we had the problem of adware pushing affiliate links to sites which a user would have gotten to anyway (like someone searching for “Dell” and getting a popup for a Dell affiliate — Dell ends up by paying a commission to someone they didn’t even need to). 

Ben Edelman came out with an interesting piece yesterday which expanded on the problem.  If you’re involved in PPC marketing, it’s worth reading his article.

Alex Eckelberry

 

Robert LaFolette, our creative director, put together this propaganda video of Clearwater, Florida for the Clearwater Downtown Partnership. The photography featured is his from a new book, Clearwater in Pictures.

Yes, it really does look this nice. And yes, we’re still hiring…

Alex Eckelberry

Yes, it’s humor.

I want a REAL VIRUS. One that causes mass chaos across the entire
planet, and does so in the real world, not just in stories created by
bored news reporters trying to make a buck. Hell, why not create a
computer virus that actually spreads the swine flu to every linux user
on earth. After all, most windows users hate linux users, so lets
wipe them off the face of the earth. If you recall, linux users like
to boast that they’re so called “superior” operating system is virus
free. Lets prove them wrong and put them in their rightful place once
and for all. I dont know about you, but I’m damn tired of them
thinking they are superior human beings to everyone else just because
they are too damn cheap to actually pay for a copy of Windows, and
would rather spend their entire lives in some cheap rented basement
filled with damp mildew because they are too busy trying to get their
computers to work, than to actually get a job.

Alex Eckelberry

The internets are buzzing — pictures of an allegedly naked Rihanna were posted on Friday.

Inevitably, the curious or libidinous will search for these pictures. And they just might find a few suprises.

Right now, if you search for “rihanna nude” on Google, you might get some odd results.

The third search result is a page on Microsoft’s Technet, pushing malware. And just further down, is another link which leads to malware.

Here’s how the technet.com page looks (this has already been reported and should be gone soon):

Which when clicked, leads to a celebsxx net, a malware site pushing a malicious fake codec.

Further down, a seperate search result leads to a page at uvouch.com, with a similar fake video image, which when clicked leads to another malicious fake codec site, fonblog net.

The malware campaign itself is nothing special. Just a fake user profile, with a simple animated gif linking to a malware site.

Same type of thing happening with Malin Ackerman (female star of the Watchmen).

…and plenty of other celebrities. A search of the Uvouch site itself is telling. The top results here all point to similar malware links (Megan Fox, Zoe Saldana, Tila Tequila, and so on):

So, no big surprises here. A spicy subject. Sex. Not-so-perfectly secured social networking environments. The result? Boattloads of people getting infected.

Alex Eckelberry

Proxybl is a new blacklisting service that lists open proxies (commonly used in malware, but sometimes used for legit purposes).

Nice site.  You can visit it here.

Alex Eckelberry

Apparently advertised on newstarget.com, this product just about takes the cake for serving a large load of horse manure.

The advertisement:

NON-U.S. INTERNET SECURITY SOLUTION CD AVAILABLE: FAR BETTER THAN NORTON ETC

It has now been established that the National Security Agency (NSA) works with/controls Microsoft, Norton, McAfee, and others, in pursuit of the Pentagon’s vast BIG BROTHER objective, directed from the ‘highest’ levels (not the levels usually referred to) which seek to have every computer in the world talk direct to the Pentagon or to NSA’s master computers.

This should come as no real surprise since the cynical spooks even assert this ‘in-your-face’ by advertising ‘INTEL INSIDE’, which says exactly what it means. More specifically, NSA has made great strides in this direction by having a back door built into Microsoft VISTA. Certain computers, especially those labeled with the logo of the ‘fully collaborating’ firm Hewlett Packard, have hard-core setups which facilitate the remote monitoring and controlling of personal computers by NSA, Fort Meade. We now understand that if you are using VISTA* you MUST NOT enable ‘file and printer sharing’ under any circumstances. If you say ‘YES’, so to speak, to ‘file and printer sharing’, your computer becomes a slave at once to NSA’s master computers. DO NOT ENABLE SHARING.

Unfortunately, this abomination is so far advanced that this may not be the only precaution that needs to be taken. As long as Microsoft continues its extensive cooperation with NSA and the NSC (National Security Council), the spying system which assists the criminalized structures, and thus hitherto the Bush-Clinton ‘Box Gang’ and its connections, with their fraudulent finance operations, NSA may be able to steal data from your computer. The colossal scourge of data theft is associated with this state of affairs: data stolen usually include Credit Card data, which the kleptocracy regards as almost as good as real estate for hypothecation purposes. Even so, you can make life very much more problematical for these utterly odious people by NOT USING U.S.-sourced so-called Internet Security and anti-virus software. Having been attacked and abused so often, we offer a solution.

We use a proprietary FOREIGN Internet Security program which devours every PC Trojan, worm, scam, porn attack and virus that the National Security Agency (NSA) throws at us. We are offering this program (CD) to our clients and friends, at a premium. The program comes with our very strong recommendation, but at the same time, if you buy from us, you will be helping us finance ongoing exposures of the DVD’s World Revolution and the financial corruption that has been financing it.

The familiar US proprietary Internet Security programs are by-products of US counterintelligence, and are intended NOT to solve your Internet security problems, but to spy on you and to report what you write about, to centralized US electronic facilities set up for the purpose. You can now BREAK FREE from this syndrome while at the same time helping us to MAINTAIN THE VERY HEAVY PRESSURE UPON THE CRIMINALISTS WE HAVE BEEN EXPOSING, by ordering this highest quality FOREIGN (i.e., non-US) INTERNET SECURITY SOLUTION that we have started advertising on this website. This offer has been developed in response to attacks we have suffered from the NSA nerds who appear to have a collective mental age of about five years, judging by their output.

• To access details about the INTERNET SECURITY SOLUTION, just press THE LIVE LINK YOU HAVE JUST READ, or else press SERIALS in the red panel below. This opens up our mini-catalogue of printed intelligence publications. Scroll right down to the foot of that section, where you will see details of this service. When you buy this special product, you will also, as we clearly state above, be paying a special premium by way of a donation to help us finance these exposures.

The premium contains a donation for our exposure work and also covers our recommendation based on the Editor’s own experience that this INTERNET SECURITY SOLUTION will make your Internet life much easier. Some versions have a ‘Preview before downloading’ feature.

*VISTA: Virtual Instant Surveillance Tactical Application.

The cost? $300!

If you want to read more for humor purposes, you can find an article at the “World Reports” website at worldreports.org/worldreports/internet_security_solution (I’m not linking to them, so they don’t get any SEO benefit, but the site itself looks safe enough).

Now, if these guys ever got into the snakeoil registry cleaning business, they could really cash in.

Alex Eckelberry