Planet X a bigger threat than malware
Black helicopters and unauthorised apps
Letters Right, let's get down to it cos there's some top-notch footie to be watched and much beer to be simultaneously drunk this fine Friday afternoon.
First up: the UK's Court of Appeal says that PlayStation 2 is not a PC. It's all to do with the electronics monolith wanting to have it declassified as a games console and thereby get a £34.2m rebate on import duties:
IANAL (as all the cool kids say), but I always thought PC=Personal Computer. Something that could run an operating system, perhaps? Like...erm...Linux. Which my Playstation happily runs...I use it to play video and music from my network through my TV...kind of like a 'Media Centre', if you will...
Nope, them courts are obviously cleverer than me...:-\
Aren't they just?
Having read your article about the recent Sony import ajudication one paragraph puzzles me:
"Sony was granted permission at one point to import the PS2 as a games console, but was subsequently told by Customs and Excise that that permission was revoked. It was Sony's continuing reliance on the earlier permission to import the machine as a games console on which Lord Justice Chadwick adjudicated."
Should this not read the following:
"Sony was granted permission at one point to import the PS2 as a digital processing unit, but was subsequently told by Customs and Excise that that permission was revoked. It was Sony's continuing reliance on the earlier permission to import the machine as a digital processing unit on which Lord Justice Chadwick adjudicated."
As Sony have been battling to now have the PS2 classified as a 'digital processing unit' instead of a 'games console' only the latter of which attracts an import duty. Then I don't see how it can make sense that they were granted permission to import it as a games console, then continue to do believe to be doing so after this permission was revoked and now argue that it isn't a games console to gain a rebate.
It is of course entirely possible that I have misread this paragraph.
Tell you what - time is short, so let's allow the rest of the readers to work through the finer points of the piece while we move swiftly on to...
...the small matter of unauthorised apps allegedly being a bigger threat than malware:
I had a laugh at the statement that said that IT depts of large corporations feel there are bigger problems with unauthorized apps than with malware.
Most corporate IT depts. lock down the installation of ALL programs that are not "authorized".
However, review of a number of corporate laptops I have seen DO NOT include any Antispyware protection, no host lists, and even prevent the daily updating of rather lousy installed antivirus programs. They have to wait until they are on the corporate VPN to get the "updates" which may be weeks before they are "back in the office" so to speak.
Comments about Sun Java made me roll over laughing as the same lappies were relying on the old Microsoft "Virtual Machine" implementation of Java. Is an unsupported totally flawed Java implemenation better than one that DOES get updated regularly?
Adobe Acrobat 7.07 is rather insidious due to the Yahoo toolbar and daily "phone home" updater, but it is an absolute necessity as all instruction manuals are in pdf format and it can be user configured to remove those "features".
What they (Bit9) fail to mention is the very operating system on the computer being the single greatest cause of "insecurity". Proper configuration of the OS & required programs BEFORE it is cloned onto laptops drives would solve MANY issues altogether, but sadly I have seen quite a few that did not even have it's Microsoft Updates and Service Packs applied, after a so called fresh install. Also that update feature was blocked by the corporation.
The "fresh" install had to be done because the lappy's "operator" had blown the dang thing up by downloading malware laden "music files". When I tried to help this co-worker, I could not load Spybot S&D, Ad-Aware, or SpywareBlaster (yes the real one), but I could still visit websites that would be considered dangerous.
Truth be told, even the companies own BOFH didn't understand that their corporate version of Symantec AV could not protect against this kind of malware.
I won't even get into the companies own web interface software that is java based, buggy as hell, and the most incredible memory hog I have ever seen. Wanna bet that software has never been checked for it's own "vulnerabilities"? Oh, and it has an auto update feature that works off the VPN!
Hold on a minute... Doesn't the above missive contain the proscribed word "lappy"? Consider yourself barred from reading El Reg for a week while you attend a slang detox programme.
You say it isn't clear whether Bit9 ranked according to popularity or vulnerability, but their press release (http://www.bit9.com/press061906.html) makes it quite clear that one of their considerations was "relies on the end user, rather than a central administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists". Thus, Internet Explorer simply wasn't a candidate for their top 15 because an administrator can keep it patched against the user's wishes.
I'm almost sympathetic, but given the contentious nature of any discussion involving Firefox and IE, I think it would be better for everyone's adrenaline levels if you'd made it clear that IE had been excluded from the comparison on this occasion.
A second point, which is clear from the full list at http://www.bit9.com/docs/15VulnerableApps.pdf, is that only some versions of the accused apps are actually a risk and patches exist in most cases.
Disable Adobe Acrobat Reader - what an excellent way of securing your (and everybody elses) pdfs. And if IE could download files with names longer than 128 chars we wouldn't be using firefox either.
Well, Firefox has only itself to blame - I ran 1.0.7 for several months, regularly clicking 'check for software updates' ... it always reported 'no updates found'.
Why are you giving this "security vendor" free advertising on your mag. Didn't you know that this company is selling a solution to the problem of "unwanted software".
Under Linux and by default someone logged in as standard user cannot install software. Does this Bit9 only apply to MS Windows. If so why didn't the article say so. Also will this "solution" itself be susceptible to compromise.
"Bit9 is the first company to solve the problem of unwanted software at the endpoint."
If I were reading the article without any bias my first reaction would be "Gee, IT should shut these apps down!" However, with bias and M$ not showing up until AFTER all its competitors I suspect Bit9 of possibly being in cahoots with another unamed company from Redmond.
Who is Bit9 and where do they get their funding from?
Curious biased Mac users would like to know?
If we told you, we'd have to come over and shut down your unauthorised apps - permanently, if you get our drift.
And while we've got that conspiracy vibe going, let's have a few thoughts on the legendary US Aurora project:
Nice article....my mate worked for the met office and not only did they have visual confirmation of pulse jet technology they saw the plane zooming over the skies on radar nr Fastlane :-)
I recon 5yrs until they pull the rags off the project?
We'll be waiting, make no mistake.
I think the most conclusive proof that the Americans don't have a Mach 4 stealth scramjet is that they haven't crashed one anywhere yet :)
Unless it crashed in Area 51, in which case the black helicopters would have been purging the area of witnesses within minutes.
And speaking of Area 51, that's where witnesses spotted the sensational X-22 anti-gravity disc craft:
If I remember correctly, countering gravity is indeed possible, albeit with massive amounts of energy and a large magnetic coil. The amount of energy required for any useful expression of antigrav craft would probably only be produced by nuclear reactor. I do not believe that we have any flying reactors available yet. Of course, I do understand that the premise of all those conspiracy sites is that pocket fusion is already there, along with active shielding and phaser banks. While dozens, if not hundreds, of scientists around the world struggle to obtain room-temperature supraconductors, some highly intelligent being from another planet is giving the procedure to create viable hyperspace motivators, or something like that, in a secluded shed a hundred feet below Area 51. Yeah, I have dreams too. Like seeing a sunrise on one of Alpha Centauri's planets. Just one problem : I seriously doubt that we have the technology to allow me that luxury - Area 51 nonwithstanding. But I'd be happy to be proven wrong.
Of course it's possible - try the truly sensational hyperdrive.
Sponsored: DevOps and continuous delivery