Friday, November 20, 2009

Antivirus (Free and non-free) recommendations


Home users:
For most home users, you're best off just using a free antivirus.  Yes, the pay versions include fancy firewalls.  But generally, you don't need them.  If you have a hardware firewall and enable the software firewall in your OS, you'll be fine.  (Windows XP and newer all have software firewalls.)  

And most retail antivirus applications are bloated, slow, and just plain awful.  Users would have me look at their home systems, complaining how slow the systems were.  I'd remove Norton Antivirus, and poof! -- performance increased dramatically.
(Yes, real system administrators don't let friends use Norton Antivirus.  I have a friend whose husband works for Symantec, but I gave her the same advice.)
My favorite antivirus for home use is Avast! Home Edition Antivirus.  It's fast and low-resource.  It also checks incoming mail, websites, IM clients, and more.  You can't schedule scans and that's about it versus a full pay client.  I use it on most of my home systems.
The only caveats with Avast!:
  • The sounds it plays (especially the virus database update) can be really annoying.  Especially if they blast out of your speakers at 4am in the morning.  But they can (and should!) be disabled.  Info here: http://answers.yahoo.com/question/index?qid=20080107133619AAQYb5I
  • Avast requires registration with them to work beyond 60 days.  Avast then emails a key good for 14 months of free updates.  LOTS of users ignore the warnings that their subscription has expired and never renew.  Remember this if setting this up for Aunt Petunia.  (Stick a reminder in your Outlook or Google Calendar on this, as Aunt Petunia will fail to renew...)
Microsoft's Security Essentials seems to run quite well, too.  No registration is required, no renewals are required, and it also is very fast and low resource.  But it doesn't check incoming mail, websites, etc.  It's therefore not quite as comprehensive a product as Avast!.  


http://www.microsoft.com/Security_Essentials/ 



Home Businesses and Businesses:
The list of antiviruses that are totally free for business is pretty slim. Most free antivirus programs are only free for personal usage.
Security Essentials isn't free for business, just home businesses.  But most free AV isn't supposed to be used by home businesses either, so Microsoft is actually a bit more open than most AV companies. Security Essentials' license information here:
"You may install and use any number of copies of the software [MS Security Essentials] on your devices in your household for use by people who reside there or for use in your home-based small business."
http://www.microsoft.com/security_Essentials/eula.aspx#mainNav

ClamWin (which can't do realtime scans), Comodo, and PC Tools are all OK for any use (commercial or personal).

  • Comodo is probably the best of the bunch, but it's very, very complex. It comes with Comodo's software firewall -- which is very powerful but arcane. 
  • PC Tools' antivirus doesn't automatically update, making it only quasi-useful.  
  • ClamWin uses the open-source ClamAV engine.  It's pretty good, but not great, especially when it comes to virus removal vs. simply detecting.  I've had very good results, however, using ClamWin to check incoming emails for mail servers.  It works great for that -- the ClamAV site admits that's it's primary function:

    "Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways"  http://www.clamav.net/about

Spyware Terminator is completely free for any use and can use the ClamAV engine as a realtime antivirus. But I haven't tried it yet. This may be the best current option.
Moon Secure AV is a realtime version of ClamAV, but it was very flaky the last time I tried it. Maybe it's better now? (Wikipedia notes that Moon is violating the GPL by not publishing its code. So take that into consideration, too.) If Moon worked well, it would probably be a great choice.  Here's hoping...


So for real businesses, you'll probably need to fork out the cash for a real pay antivirus.  My favorites:
Eset Nod32 Anvirus Business Edition:
http://www.eset.com/products/nod32_business.php
There are other advantages here as well.  Real business/enterprise AV programs have a central administration system.  These can:
  • centrally download updates, instead of having all your systems separately download updates, thus keeping Internet bandwidth lower
  • central reports of infections/detections
  • centralized/push installs
  • centralized reporting (Did Fred turn his AV off again?  When was the last time his laptop updated?)
What NOT to use:
I've used a LOT of different AV products at this point.  Generally, McAfee and Symantec products (except for maybe Symantec Antivirus Corporate Edition) are terrible.  They're bloated, slow, resource hogs.  Yes, they protect you, but they destroy system performance.


I previously used TrendMicro's enterprise products and was happy to recommend them.  Then quality took a nose dive in 2007 or so.  Updates and scanning went from fairly low resource affairs to making performance take a 50-100% hit.  They fixed some of these issues eventually, but they meanwhile raised their prices as well.  I ended up switching my 300+ node corporate network to Nod32, saving money and a lot of exasperation.


But this is a very dynamic market, and new products arrive constantly, and some products do improve.  Symantec's home products are supposedly much better than previously -- but since Avast! and MSSE are so good, I don't see the point in paying for home antivirus protection.

Don't buy cables at BestBuy, Target, Walmart, OfficeXXX, etc.

Save your wallet. Save your sanity. Network/video/audio cables at most retail stores are a complete scam.


Examples from Best Buy (OK, these are worst cases, but some rubes must be buying these):


25ft Ethernet Cat6 - $30
http://www.bestbuy.com/site/Geek+Squad%26%23174;+-+25'+Cat+6+Network+Cable/6801268.p?id=1091099783878&skuId=6801268&st=network%20cable&cp=1&lp=3


Monster Cable THX 35ft HDMI cable - $250 (this is just insane!!!)
http://www.bestbuy.com/site/Monster+Cable+-+THX+100+35'+In-Wall+HDMI+Cable/9346433.p?id=1218088665497&skuId=9346433&st=hdmi%20monster&cp=1&lp=1


The truth is that generic cables work every bit as well as the name brands (Monster, Belkin, etc.). And they are FAR, FAR cheaper. (And unless you are running 10 gigabit or greater Ethernet, which no home user does, Cat5e performs just as well as Cat6 cables.)


There are LOTS of places online to buy cables cheap. Sometimes at 1/10th the price of big box retail stores.


Here are some of my favorites:


http://www.cablewholesale.com ($34.02 for a 35ft HDMI cable, $3.96 for a 25ft ethernet cat5e cable)
http://www.monoprice.com ($23.48 for a 35ft HDMI cable)
http://www.deepsurplus.com ($3.60 for a cat5e cable, and in quantity, price drops to $2.70)
http://www.meritline.com
http://www.newegg.com


Newegg is generally the best source for computer/networking components. Their prices on cables are usually a bit more than some of these others. But if you're buying from Newegg anyway, it may be cheaper after shipping is added.


Prices will rise as well, as stores may have minimum orders, taxes, and shipping costs. But in general, prices will still be a small fraction of big box retail.


Fry's and Microcenter are a bit better, but still overcharge. They sometimes have generic cables on sale that are decent deals, however.


Locally, here in San Jose, CA, I've found that Action Surplus is a decent source as well.
http://www.yelp.com/biz/action-computer-and-surplus-sunnyvale  (Their website is dead, but their brick-and-mortar store is still very alive.)


Don't forget dollar stores, too (99cents only, Dollar Tree). They often sell USB, shorter Ethernet, and basic audio/video cables for a $1. And yes, these cables do in fact work. Just fine in fact. (OK, if they fail, you're out a $1. Big deal...) And Belkin cables appear at these stores time to time as well. (Just don't buy USB 1.1 cables!)


Shop around!


More info here:
http://consumerist.com/353938/monster-cables-monster-ripoff-80-markups
http://www.theguruguys.com/news/the-truth-about-overpriced-cables-again
http://arstechnica.com/gaming/news/2007/02/7116.ars
http://gizmodo.com/gadgets/top/the-truth-about-monster-cable-+-grand-finale-part-iii-282725.php

Wednesday, November 18, 2009

Detect/identify Windows version in batch commands (e.g. login scripts)

I updated the code below further on 11-04-09 to fix a couple bugs and add the %bits% variable.


I have since uploaded the code to Scribd.com and embedded it below.  Editing/posting code on Blogger stinks.  I think this should work out better.

It's often very useful (e.g. login scripts and such) to detect the version of the current operating system.  I originally started with some code from elsewhere (http://www.amset.info/loginscripts/os-id.asp), but I've enhanced it a lot over time.

Below is my latest version of this code.

This code also detects 32-bit vs. 64-bit, and if a system is running Server Core on Server 2008 or Server 2008 R2.

The %opsys% environmental variable is set to the current operating system (win9x, win2k, winxp, win2003, win2008, win2008R2, vista, win7).

The %pf% variable is set to the proper Program Files directory (generally c:\program files on 32-bit, c:\program files(x86) on 64-bit) for most software installs and/or checks.

The %servercore% variable is set to either "false" (it isn't a Server Core system) or "true" (it is a Server Core system).


The %bits% variable is set to either 32 (if a 32-bit system) or 64 (if a 64-bit system).


Os Detection Routines height="500" width="450" > value="http://d1.scribdassets.com/ScribdViewer.swf?document_id=22729575&access_key=key-vznqpa9tbk9ekd8hj9c&page=1&version=1&viewMode=book">            


Monday, October 19, 2009

Updated code on .NET 3.5 Network Assistant extension for Firefox **AND** the Windows Presentation Foundation plugin

It turns out that .NET 3.5 also installs a Windows Presentation Foundation (WPF) plugin for Firefox along with it's extension.

So there's more cruft to remove.

More on this annoyance here:
http://www.ghacks.net/2009/10/17/microsoft-silently-installing-windows-presentation-foundation-plugin-for-firefox/

And my original blog post on the .NET Firefox extension is here:
http://borchtech.blogspot.com/2009/06/batch-file-to-remove-microsofts-net-35.html


The Mozilla folks just started blocking both of these in Firefox, then started unblocking them:
http://shaver.off.net/diary/2009/10/19/update-on-the-net-framework-assistant-and-windows-presentation-foundation-plugin-blocking-from-this-weekend/
I've got a better solution -- remove/delete/uninstall all of this junk.


.NET 3.5 is useful for all sorts of programs, but not for this. It's Firefox extension and plugin here have almost no real world use -- and only opens Firefox open to possible future security issues.

The best/safest plan is to remove them both. You *DON'T* need them.

I've updated my batch file, fixed a couple of bugs, and posted a new version with plugin removal routines. So now you can remove both the Microsoft Firefox extension and the WPF plugin. It should work on Windows XP or greater, and on both 32-bit and 64-bit Windows. (I've tested on both.)

(I haven't yet tested on Windows 7, but it should work.)

Updated code is in the same location as before:
http://members.dslextreme.com/users/mattb47/blog/remove-firefox-dot-net-extension.bat

Friday, June 5, 2009

Batch file to remove Microsoft's .NET 3.5 assistant extension from Firefox

Microsoft's .NET 3.5 Framework is a mostly useful thing. A lot of software needs .NET now to run properly. So I generally install this on all my systems. Microsoft pushes it big time as well, and includes it as a critical update in Windows Update.

But it also adds an unneeded and unnecessary addon to Firefox when installing as well. Without telling you. Without working through the standard methods (e.g. Mozilla's addon site at https://addons.mozilla.org). The .NET assistant extension adds .Net click-once support to Firefox. Why would you want that? It's a giant security hole. Keeping away from these close browser-OS tie-ins is normally the big reason to use Firefox over Internet Explorer.

So Microsoft made a really bad decision here. If people want this, they should add it on separately, and not just have it secretly installed for them.

The removal system as published by Microsoft for this is convoluted and very manual. I wanted a way to push this out to multiple systems quickly and easily. So I I figured out how to do this all via batch and added it to my home network login script (and to a couple clients' network login scripts.)

Here's a link to my batch code:
http://members.dslextreme.com/users/mattb47/blog/remove-firefox-dot-net-extension.bat

More info on this whole issue/problem here:
http://technologyexpert.blogspot.com/2009/05/how-to-rid-yourself-of-microsofts.html
http://support.microsoft.com/kb/963707
http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx


I hope this is useful to others...

Wednesday, March 4, 2009

Just starting out here...

Just starting here on Blogger...

I'm underemployed right now, but have been fairly successful in the past as a Windows (and sometimes Linux and Mac) IT consultant, system administrator, and IT Director.

I figured it would be useful to start blogging and posting some of my more useful tools, tricks, programs, and such.

I hope that some of this is useful to others.


(This initial post is a test as well..)