Friday, September 17, 2010

Check Point's Zone Alarm Resorts to Scareware to Push Sales

::.A brief departure to the world of Windows and malware.::

There is one computer in my house that has Windows on it, and today I booted into it and was greeted by this lovely little pop-up telling me there's a new piece of malware out there that can steal banking information, and I should buy some firewall software to protect myself.



It looked like scareware, smelt like scareware, and acted like scareware, so I went into panic mode; locking down the internet connection, scanning active process, scanning files on the disk, checking the registry, et cetera. After a bit of googling on a secure Linux box (Backtrack anyone?), it looked as if this wasn't something pretending to be Zonealarm... it was Zonealarm, who has evidently decided that the 'scareware-approach' equates to higher sales, which of course is 'good-business'.

I'm going to go ahead and list all the problems I have with this:

A) People don't like scareware. Scareware pisses people off, and pissed-off people are less likely to buy a product from the company that pissed them off. This concept seems like common-sense to me, but has evidently escaped the geniuses over at Check Point's marketing department.

B) If it looks/acts like scareware, it is. According to Wikipedia:

Scareware comprises several classes of scam software with malicious payloads, or of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user.

This is pretty much to what Check Point is doing: intimidating people into buying their product under the guise that they are somehow less susceptible to a particular piece of malware because of it. What makes it ok for Check Point to resort to such schemes? It's unethical in every sense of the word. It's not 'just a friendly warning' when it links to a site claiming your product is evidently the only one in the world capable of dealing with such a threat, without providing any data on just how you arrived at that conclusion. Dropping the name of an independent organization isn't proof, it's 'pseudo-proof' and no more viable as proof than making up the data as you go along.

C) This newfangled form of marketing is identical to the classic scareware scam. This makes it difficult to explain to people "If you ever see any pop-ups claiming you have virus X, and you should purchase software from Company Y to remove it, don't do so. It's scareware, they're trying to scam you.", because now a supposedly legitimate company is doing the exact same thing. Suppose someone writes a virus in the future that pretends to be Zone Alarm warning you about a new virus, and that you should upgrade to be protected from it... How do you know what's really behind it? Is it Check Point's marketing team hard at work again, or an actual threat? We've previously relied on the idea that no respectable software company would resort to such tactics, but Check Point has blurred that line all the way from here to the bank.

D) Marketing fiascoes and licensing issues are the number one reason I tend to rely on free software (free as in freedom). I think you'd be hard-pressed to find a piece of software licensed under the GPL (or similar) whose developers would allow something like this... But I digress. When you click on the "See Threat Details" button, you are taken to this page (EDIT 10/04/2010: Page no longer contains information regarding ZeuS.Zbot.aoaq), where Check Point makes a very juvenile attempt to lead you to believe that "Only ZoneAlarm's suite protects against ZeuS.Zbot.aoaq virus." Just out of curiosity, how many firewall/AV solutions were tested by VirusTotal before concluding that Zone Alarm was the only Security program that detects ZeuS.Zbot.aoaq? Furthermore, on VirusTotal's website, under the list of companies that provide them with their respective anti-virus engines, Check Point and Zone Alarm are not even mentioned (I wonder what the significance of that is).

E) Check Point took a lengthy piss on their customers with this one. I've used Zonealarm on Windows boxes for years, and recommended it as a firewall every chance I got. Needless to say, I feel betrayed that they would ever resort to such shameful marketing techniques to push a product that could otherwise stand tall on its own merits. Check Point has soiled Zone Alarm's name, alienated their customers, and stooped to a low that can not be easily forgiven.

Check Point, You've lost a customer.

Thursday, August 5, 2010

Open-Source is a Wonderful Thing

In the relentless pursuit of perfection, I've decided to compile Chromium from source code and see how much of a performance increase, if any, would follow. The computer in question is my netbook, powered by i686 Arch Linux with an XFCE DE, but running on an Intel Atom N280 @ a measly 1.66GHz, so I'll take any performance boost I can get.

Using Arch's build system, and GCC 4.5's new 'atom' CFLAG, I began compiling the latest version and 5 hours later it was completed. I ran two benchmarks on both the pre-built i686 binary supplied by the chromium package in the Arch repositories, and my compiled version: Peacekeeper, and Sunspider. Results are as follows:

Peacekeeper Browser Benchmark (Units are 'points', more is better)
Sunspider Javascript Benchmark Results

Conclusion? From this point onwards I'm going to compile as much as I can manually, rather than using pre-built binaries, but I'm going to do it on the Phenom II x4 box. Compiling on an atom is somewhat reminiscent of the early '90s.

Thursday, July 29, 2010

Reviving the Desktop

Been busy lately. The ~10 year old drive in my Phenom II box finally kicked the bucket (random chance whether BIOS would recognize it at boot, bad sectors galore, et cetera), so I bought a new one: A 1TB WD Caviar Black (WD10000LSRTL). I was a bit apprehensive shipping it from Newegg with all the horror stories of drive damage as a result of UPS' shipping procedures, so I opted for the retail packaging ($10 extra, w/o free shipping). The drive arrived, and was immediately plugged in so I could double check it's SMART attributes, as well as run badblocks on it to check for bad sectors and everything came back a-ok.

First a fresh copy of Windows 7 was installed (In a fit of rage, I formatted the NTFS partition on the old drive and turned it into an Ext4 storage partition). That went fairly without incident, save for the hours I spent finding and installing all the programs I use, updating drivers, et cetera. At this point I'm obligated to mention that whenever I install Linux, it takes me about 5 minutes to open a terminal and tell the package manager to download everything I need, and then I can go about my day until it finishes. In Windows, it takes significantly longer, especially with having to use your web browser to navigate to each program's site individually, and painstakingly sit through dozens of "Next, Next, Next, I Accept, Finish" install 'wizards'... But I digress. After all the programs were installed, as well as my full Steam game library, I let the disk defrag for a few hours. Defrag finishes, and I can get on with more important things; Namely, saving my Arch setup. I put way too much work into it with the compiz effects, my custom scripts, and everything else to just let it go to waste by reinstalling from scratch.

I used a fairly standard partition setup on the Arch box with separate /, /boot, and /home partitions. This was by far the easiest part of the day. I put both drives in the tower, and booted into whatever livecd I had lying around (I think it was the server edition of ubuntu 8.10) and mounted the partitions in the appropriate places. Then just copied everything over using the 'a' argument, which preserves the files exactly.

I.e.:

# mkdir /mnt/old /mnt/old/boot /mnt/old/home \
> /mnt/new /mnt/new/boot /mnt/new/home
# mount /dev/sda3 /mnt/new/boot
# mount /dev/sda5 /mnt/new/home
# mount /dev/sda4 /mnt/new/
# mount /dev/sdb3 /mnt/old/boot
# mount /dev/sdb5 /mnt/old/home
# mount /dev/sdb4 /mnt/old/
# cp -av /mnt/old/* /mnt/new/


Easy, peasy, and the box now runs fine (after making the appropriate changes to Grub's menu.lst and the fstab of course). Next in line is the netbook, which is going to get a fresh Arch install in time for LinuxCon (Currently running a rather useless Chromium OS since the wireless drivers are refusing to cooperate). Originally I was going to install Gentoo on it, but compiling on an Atom is a special kind of hell, and until I have the patience and the time to do it, Arch is a much better choice. Plus I can always use the Arch build system for the packages I'll be using the most.

Saturday, May 15, 2010

Switching from Azureus to Deluge

I've always been a fairly happy customer with Azureus, it did what I wanted, it's very fully featured, and highly extensible given the army of plugins available on their sourceforge. However lately I've been wanting some things that Azureus couldn't very easily provide me, so I undertook the task of switching from Azureus to Deluge, without a moment of downtime I might add.

First off, there was the task of actually handling the files, that was simple enough. Make copies of everything in another base folder... done. So I more-or-less copied the contents of my ~/Azureus Downloads folder to the newly created ~/Deluge (not to be confused with ~/.deluge) folder. Then I had to go around finding all the actual .torrents for those files, again fairly simple. A lot of back and forth but ultimately a simple task. Then came my favorite part, the actual configuration.

Configuring a newly installed program is particularly enjoyable to me, and as I got deeper and deeper into Deluge's options I realized that I had found exactly what I was looking for, exactly what I had been missing in Azureus.

For starters, the WebUI is nothing short of spectacular. Azureus's WebUI was only capable of fairly simple things: Starting/stopping torrents, setting speeds, a few options, et cetera. Deluge's WebUI offers damn-near the same amount of options and features that the GTK interface has; It even looks virtually identical. Pretty much anything you can do via the GTK interface can be accomplished using the WebUI. The greatest part about it though? It's live! The data updates every 2 seconds or so, versus waiting a predetermined amount of time (by default 30s) for Azureus' WebUI to refresh the entire interface.

Another great Deluge feature is that it sorts torrents by tracker: something I spent a good chunk of time and effort attempting to do in Azureus. In Azureus I wound up having to create groups for each tracker and having to manually add a torrent to a group every time. Deluge does it for you, which is great for keeping things clean and organized.

Azureus had groups, Deluge has 'labels', however Deluge's labels are capable of being configured to behave a certain way (at least to a higher extent than the settings available to groups in Azureus). That is to say, you can use labels to apply a pre-defined set of rules to any torrent that is a member of the label, things such as dl/ul speed, connection limits, upload slots, autostop, completion moving, and more.

Deluge is infinitely more organized than Azureus was, in all regards. You can sort torrents by tracker, label, or 'state'. There are several different states: all, downloading, seeding, active, et cetera. Downloading shows torrents that are downloading, seeding shows torrents that are seeding, and active only shows torrents that are transferring data in one direction or the other (i.e. no idle torrents). Now by Deluge standards, the only sorting option that Azureus offered was All, very unorganized, very convoluted. If you wanted organization you had to take matters into your own hands by creating groups or something else. Deluge comes with organizational skills by default, and I'm already quite fond of this.

But by far, my favorite thing about Deluge is that it doesn't share the same cache-size limitation that Azureus has as a result of the JVM. Bittorrent is hell on hard drives, so a large cache means less disk thrashing. With Azureus I was able to get my cache up to about 90MB while remaining (relatively) stable. With Deluge, I gave it 65,536 16KB blocks, or 1GB of RAM to play with. I know what you're thinking: 'bloat-city'. I don't see it that way. I run Linux, not Windows so I don't have an operating system that's already sucking down half of my system resources to begin with. I can afford to dedicate a GB of RAM to Deluge alone, because the rest of the system rarely exceeds 512MB of RAM usage, even while operating at higher stress levels than normal. Why let the resources sit there unused?

Deluge is also written in python, my favorite programing language, so I'm looking forward to having a new platform to experiment with.

I do feel obligated to state for the record that I never was unhappy with Azureus, I just wanted certain features and options that were not available to it. Azureus was great to me, and I learned a lot because of it. So I present the final stats from my Azureus installation, who has faithfully served me since day one.

Friday, May 7, 2010

Ubuntu 10.04

I firmly believe that one can never have too many computers. I have my Arch/Win7 dual-boot Desktop for general use, my Mint server which does too many things to name here, my Arch netbook for school (portability is key when you have to lug something around all day), and my laptop, which has become a sandbox of sorts. I've designated it the 'laboratory-box', basically meaning I use it to toy around with things that I don't want to risk doing on one of my main boxes, or may simply not have the room for on those computers.

Now I use GRUB's legacy version on my desktop, but was curious about GRUB 2. The laptop was OS-less at the time (an fsck gone horribly, horribly, wrong) so I figured I'd install the new Ubuntu; I get to take it for a test-drive, and play around with GRUB 2... the whole two birds, one stone bit.

It's everything you would expect from a new Ubuntu release: Some minor changes here and there, as well as a few more noticeable improvements. First off, the exit/maximize/minimize buttons being on the left side of a window's title bar instead of the right drove me nuts... for about 5 minutes. You get used to it surprisingly fast, don't be put off by it, embrace it. The default theme and background is also better looking than the brown trend previous releases had. Aesthetics aren't huge to me, but in the interest of total honesty it was one of the first things I noticed. Now on to the good stuff...

Rhythmbox now features the Ubuntu One Music store, which has a surprisingly large selection, and the greatest part? It's all DRM-free. A commonly asked GNU/Linux-noob question is 'can I get iTunes running on Linux?'. Sure there's music players galore, take your pick, but up until this point there was no real viable Linux equivalent of iTunes and the iTunes store. Now you can pick up your computer, boot into your FOSS OS, load up (the also FOSS) Rhythmbox, and buy some DRM-free music. Only drawback is you need mp3 support, which is proprietary. However, if you're so inclined you can always convert it to FLAC, I wouldn't recommend using Vorbis only because converting one lossy format to another lossy format is like listening to a record that's been played a thousand times but in other situations I'm a pretty big fan of Vorbis.

As previously mentioned this Ubuntu install was also the first chance I've had to toy around with GRUB 2. I have GRUB 2 on my Mint-Server (which runs Helena, based off of Karmic) but since Mint's the only OS on it, and it's on 24/7 I haven't had much call to play with it. At first I was completely overwhelmed by how much more complex the configuration files structure was compared to GRUB legacy's relatively straightforward menu.lst, but after digging through some documentation, and toying around with it for a while I began to see its potential. I have a feeling that I'll be discovering just how versatile it is this weekend, when I plan on dual booting this Ubuntu install with FreeBSD.

Thursday, May 6, 2010

Changing GRUB's Boot Order

When you install GNU/Linux, chances are you installed GRUB (the GRand Unified Bootloader) as well, especially if you have multiple operating systems installed on the computer. GRUB is that menu that appears shortly after you boot up your computer that allows you to select which operating system you want to boot into.



By default, GRUB's first choice is the GNU/Linux distribution used to install it. For example, say you have a computer with Windows 7 on it, and decide you want to give Linux a spin. After the installation is complete booting your computer will take you to a rather simple menu that asks you which operating system you want to boot into, the Linux distribution you've installed, or Windows.


It's here a problem arises. After a certain number of seconds without user interaction, GRUB will automatically choose the first option listed, which is generally the OS used to install it. This means that if you have a dual-boot Windows/Ubuntu setup, and you want to boot into Windows, you'll have to monitor your computer while starting to prevent it from automatically launching into Ubuntu. This guide will cover how to re-arrange the order of the items that appear on the GRUB boot-menu, as well as other minor customizations.


First things first: There are two versions of GRUB out there, grub, and grub2. Newer distributions such as Ubuntu 10.04 have switched to GRUB 2, but GRUB (now referred to as the 'Legacy Edition') is still fairly common. This guide will cover the procedure for both GRUB versions. Of course you still have to tell which version of GRUB you are using. Run "grub-install -v" in the terminal and it will give you a version number. .97 is the Legacy edition, anything above that is GRUB2. Ubuntu 10.04 ships with version 1.98 which is GRUB 2.


GRUB Legacy


Modifying GRUB is fairly straight-forward, you can make changes by editing the GRUB Menu's configuration file: '/boot/grub/menu.lst'. After altering the file, you will need to save it, and in order to save it, you need superuser privileges. If you try to open it in gedit or kate you won't be able to save it. You'll need to launch your preferred text editor as a superuser in order to save the file after revision. Try using these in terminal to accomplish that.



GNOME:
gksu gedit /boot/grub/menu.lst
KDE:
kdesu kate /boot/grub/menu.lst

Now for the actual configuration file itself, here's mine:





# Config file for GRUB - The GNU GRand Unified Bootloader
# /boot/grub/menu.lst


# DEVICE NAME CONVERSIONS
#
# Linux Grub
# -------------------------
# /dev/fd0 (fd0)

# /dev/sda (hd0)
# /dev/sdb2 (hd1,1)
# /dev/sda3 (hd0,2)
#

# FRAMEBUFFER RESOLUTION SETTINGS

# +-------------------------------------------------+
# | 640x480 800x600 1024x768 1280x1024
# ----+--------------------------------------------
# 256 | 0x301=769 0x303=771 0x305=773 0x307=775
# 32K | 0x310=784 0x313=787 0x316=790 0x319=793
# 64K | 0x311=785 0x314=788 0x317=791 0x31A=794

# 16M | 0x312=786 0x315=789 0x318=792 0x31B=795
# +-------------------------------------------------+
# for more details and different resolutions see
# http://wiki.archlinux.org/index.php/GRUB#Framebuffer_Resolution

# general configuration:

timeout 30
default 0
color light-blue/black light-cyan/blue

# boot sections follow
# each is implicitly numbered from 0 in the order of appearance below

#
# TIP: If you want a 1024x768 framebuffer, add "vga=773" to your kernel line.
#
#-*

# (0) Arch Linux

title Arch Linux
root (hd0,2)
kernel /vmlinuz26 root=/dev/disk/by-uuid/a8a2e826-2f66-47df-b522-9f842964897f ro
initrd /kernel26.img

# (1) Arch Linux

title Arch Linux Fallback
root (hd0,2)
kernel /vmlinuz26 root=/dev/disk/by-uuid/a8a2e826-2f66-47df-b522-9f842964897f ro
initrd /kernel26-fallback.img

# (2) Windows

title Windows 7 x64
rootnoverify (hd0,0)
makeactive
chainloader +1



Now at the bottom you see the actual menu items. Arch Linux, Arch Linux Fallback, and Windows 7 x64. Each of the items has a few lines of information, and separate menu items are separated from each other by a blank line. Let's take a look at the first menu entry.




# (0) Arch Linux

title Arch Linux

root (hd0,2)

kernel /vmlinuz26 root=/dev/disk/by-uuid/a8a2e826-2f66-47df-b522-9f842964897f ro

initrd /kernel26.img



The first line, the one that starts with '#' is for your information. It is not read by GRUB, but serves as more of a comment for the user reading the configuration file to make it a little more organized.


The line under it, the 'title' line, holds the text that will be in the GRUB Menu's entry for that selection. I.e. My GRUB Menu will give me the choices Arch Linux, Arch Linux Fallback, and Windows 7 x64. If I changed the line that reads 'title Arch Linux' to 'title Foobar', my Grub Menu would present me with the choices Foobar, Arch Linux Fallback, and Windows 7 x64. This is useful if the default title GRUB chooses is not to your liking. For example, GRUB frequently identifies Windows Vista as 'Windows Vista/Longhorn'.


You can also change the boot sequence fairly easily. For example, changing:



# (0) Arch Linux
title Arch Linux

root (hd0,2)
kernel /vmlinuz26 root=/dev/disk/by-uuid/a8a2e826-2f66-47df-b522-9f842964897f ro
initrd /kernel26.img

# (1) Arch Linux
title Arch Linux Fallback

root (hd0,2)
kernel /vmlinuz26 root=/dev/disk/by-uuid/a8a2e826-2f66-47df-b522-9f842964897f ro
initrd /kernel26-fallback.img

# (2) Windows
title Windows 7 x64

rootnoverify (hd0,0)
makeactive
chainloader +1

to



# (0) Windows

title Windows 7 x64
rootnoverify (hd0,0)
makeactive
chainloader +1

# (1) Arch Linux

title Arch Linux
root (hd0,2)
kernel /vmlinuz26 root=/dev/disk/by-uuid/a8a2e826-2f66-47df-b522-9f842964897f ro
initrd /kernel26.img

# (2) Arch Linux

title Arch Linux Fallback
root (hd0,2)
kernel /vmlinuz26 root=/dev/disk/by-uuid/a8a2e826-2f66-47df-b522-9f842964897f ro
initrd /kernel26-fallback.img

will change the order of the menu entries in GRUB's Menu. Since Windows 7 is first on the list, after 30 seconds without user intervention, GRUB will default to booting into Windows. You can change the amount of time before this happens if you desire by altering the 'timeout 30' line to read the amount of seconds you wish (i.e. 'timeout 15').



GRUB 2


GRUB 2's configuration files are a bit more complex, and offer much more versatility. Start by taking a look at your /boot/grub/grub.cfg file. Note: Do not edit this file. You'll notice right away that this is not a pretty document. Look for the lines that start with 'menuentry', Ctrl-F is your friend here. You should find something that resembles this:



menuentry 'Ubuntu, with Linux 2.6.32-21-generic' --class ubuntu --class gnu-linux --class gnu --class os {
    recordfail

    insmod ext2
    set root='(hd0,1)'
    search --no-floppy --fs-uuid --set e6948097-4d7c-4bc5-a4fe-8e760a11f5c5
    linux /boot/vmlinuz-2.6.32-21-generic root=UUID=e6948097-4d7c-4bc5-a4fe-8e760a11f5c5 ro quiet splash
    initrd /boot/initrd.img-2.6.32-21-generic
}

menuentry 'Ubuntu, with Linux 2.6.32-21-generic (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os {
    recordfail
    insmod ext2
    set root='(hd0,1)'
    search --no-floppy --fs-uuid --set e6948097-4d7c-4bc5-a4fe-8e760a11f5c5
    echo 'Loading Linux 2.6.32-21-generic ...'

    linux /boot/vmlinuz-2.6.32-21-generic root=UUID=e6948097-4d7c-4bc5-a4fe-8e760a11f5c5 ro single
    echo 'Loading initial ramdisk ...'
    initrd /boot/initrd.img-2.6.32-21-generic
}

Each line that begins with 'menuentry' is precisely that. Above we see two of them, Ubuntu, and it's recovery mode. Now, the first one we'll refer to as menu entry 0, and the second one will be menu entry 1. This may seem counter-intuitive as most human beings start counting with 1, but with computers starting with 0 isn't as uncommon as one might think. Now say you wanted to configure the GRUB 2 Menu so that the recovery mode is the default option. For this we'll need to edit the /etc/default/grub file.



Like with GRUB legacy, you'll also need superuser privileges to save the configuration file after editing it, so you'll need to launch your text editor with elevated privileges. Run the following in the terminal depending on your DE of choice:



GNOME:
gksu gedit /etc/default/grub

KDE:
kdesu gedit /etc/default/grub

This configuration file is more human-readable. Look for "GRUB_DEFAULT=0", which should be relatively close to the top. By changing this to "GRUB_DEFAULT=1", The second, or menu entry #1 will be selected by default in the GRUB menu, becoming the default choice. Say Windows was installed as well, and occupied a third (or #2) menu entry. By setting "GRUB_DEFAULT=2" Windows will be automatically highlighted on GRUB's Menu, and will be launched after the timer runs out. After editing this file to your liking, save it, and run 'sudo update-grub'.


That's it, you're done! Restart your computer and see the changes for yourself.

Recommended Reading:
GRUB 2 Documentation
GRUB 2 Guide
GRUB 2 Title Tweaks


Wednesday, April 7, 2010

GNU/Linux on HP Devices

I've been a fan of HP for a while now, for a consortium of reasons. They've been active in the GNU/Linux community for quite some time (and are sponsoring LinuxCon 2010, which I will be attending), and recently I've been reminded of why I gravitated towards them in the first place. When I first switched to GNU/Linux, one of the biggest issues I ran into was my old Lexmark printer being completely non-functional. In the interest of fairness I should mention that it's recently come to my attention through multiple sources that Lexmark has begun to step up to the plate on this issue, and for that I praise them.

However at the time, there was no such good-fortune, so I wound up going out and purchasing an HP Deskjet F4200. In a wonderful piece of irony, the installation procedure took about 30min on Vista (believe me, I know) and required multiple reboots. When I plugged it into my then Linux Mint 7 box, it worked out of the box... immediately. Setting it up to be shared took up a whole 30 seconds, and I was truly astonished at how it 'just worked'.

As a student, I need to print a lot, and I can not put enough emphasis on the phrase 'a lot', so a working printer is a necessity. For various reasons, the hp eventually got disconnected due to various OS reinstalls, computer rebuilds, and similar issues, and sat in my closet for a while. Today I wired it up to my Arch x86_64 box, and was again pleasantly surprised at how painless it was.

Now, nothing on Arch ever 'just works', that's almost the point, but the setup was as painless as can be expected. After installing hplip and cups (along with all dependencies of course) via pacman I plugged in the printer via usb, and ran dmesg to make sure it was recognized. It was, so I set about the actual printer configuration. After adding cups to the daemons array in my rc.conf, I stumbled across CUPS' Web-UI, which basically grabbed my hand and walked me through the entire printer setup. The phrase 'ease-of-use' instantly came to mind. You can manage printers, jobs, and pretty much anything else you can think of. I'm going to forward some ports later so I can administer it remotely over the web from wherever I am.

It's becoming more and more apparent that GNU/Linux directly equates to increased functionality.