Barefoot Security Anti Malware

I do get asked for security advice, but not that often these days. Often, much more often, I want to tell people, to SAVE them. Yes.
So this a worked-up version of an email I send out. It's how to keep control of your computer, your data and your passwords by preventing malware on your PC. I'm aiming at the ordinary PC/Windows user with occasional notes about Apple and Linux. It's in rough priority order, and it's mostly advice I follow myself (though it's not all of the paranoid steps I take.)
If you think I should have put AV software top of the list, you should remember that I am a security Expert. Yes, and I have business cards which say just that.

Keep your Thinking Cap Securely ON	Why on earth would you click on THAT? If the answer is "because THOSE sites are the ones I chiefly love looking at" then you need to pay close attention to the rest of this list. And if you say "because I'm human and I'm not 100% focussed 100% of the time" then you should read on too.
Backup your Files	Anything you care about should be on media which you don't leave plugged in. There are some nasty malware infections which are simplest to eradicate with a format and restore, so backups are essential. (And there's always fire, flood, technical failure and stupidity, if malware doesn't worry you!) It's a big topic. You need to think about having a regular system that will show you if copies get lost or aren't taken, about, testing your backups, satisfying any data protection obligations, encryption if you worry about people reading it, and keeping media out of the range of that fire/flood/whatever. It's a shame that it's a top priority as it's none too easy. If you're in doubt about how to do this, I suggest you set up with a UK online backup services, test their software, check their prices and get value out of their support line!
Don't do PC Work as an Administrator	This is really just for Windows users as Mac and Linux set it up correctly anyway. Windows 7 and Vista are better, but you should still arrange to work as a non-admin. In XP, go into the control panel and set up a new admin account. Then make your regular account into a limited user. Use the limited account for all browsing, email, word processing etc. Only use the admin account to install software, add new hardware, and set up users. This simple trick stops a proportion of Windows malware, when malware programmers are lazy and assume you haven't taken this precaution -- as most people haven't. Even though attackers are wising up now, and plenty of password stealers and others will now install without admin, it's still an important precaution because it stops rootkits, and ensures that installed malware is easier to clean off. The problem is that other programmers, especially games programmers, are just as lazy as malware authors so their stuff won't work. Software which insists on admin privileges to run (rather than to install) should be rejected as unfit. If you're stuck with it, investigate "run as".
Apply Security Fixes	Ensure that all security updates apply automatically. Malware uses unpatched vulnerabilities to install. Vulnerabilities are sometimes being exploited even before they are fixed, so ignore people who say you should wait a few days -- it's too complicated, and the risk of you forgetting or being exploited in those few days is much greater than that of a bad patch. In Windows take a moment to turn the software firewall on, as that setting is nearby.
Keep your Auxilliary Programs Up To Date	Make sure that all of the extra stuff you need for the full experience (Adobe Reader, Flash, Shockwave, Quicktime, Java) are up to date. Secunia Inspector is a good way to check. Most modern attacks arrive through these products. If you use Office, Photoshop or whatever make sure you get updates for that too.
Use a Less Common Browser	On Windows, don't use Internet Explorer (except for updates where it makes you do it.) On Mac, don't use Safari. Malware authors naturally target the common browsers. On Windows, install and use Google Chrome browser because it can update itself as a non-admin (unlike Firefox). If you must browse as an admin, install Firefox and learn to use it with NoScript. Also in Windows, take the time to keep IE up to date. Even if you think you're not using it, you don't want old versions on your PC.
Use AV Software	On Windows, Microsoft Security Essentials is good enough -- free, unobtrusive and good quality -- if you avoid admin browsing and email. Check that it is updating automatically. I confess I don't run AV myself, but it seems like a necessity for people who like to test animated cursors or other oddments.
Disable the Big Adobe Reader Mistakes	Adobe stuff needs special attention. There's just so much malware targeting it, and it's not easy to keep up with the updates. PDF used to be a handy document format, now it's a malware magnet. Reader X (10) is an improvement, but it's still a bore. You have to switch off the idiot features that Adobe added. Start the Adobe Reader and pull down Edit/Preferences… Select Trust Manager in the list and clear the checkbox marked "Allow opening of non-PDF file attachments with external applications" Select JavaScript and clear the checkbox marked "Enable Acrobat JavaScript" You need to repeat for every user account that uses Reader. There are equivalent settings in Acrobat if you use that -- you'll need to find them yourself.

So will these make you secure? Well, no; nothing will. But they will stop you from being a soft target. If you have secrets to keep, there's a whole other journey about understanding the settings on your accounts, encrypting data and the rest. But that is another post.

Convenience

I'll be hedgelaying along the road again this year, so appearance matters a little more. And at the same time I've pretty much run out of all the odd offcuts I've been using to hold it all together. Privet was good -- it grows into hard straight rods -- but it's all gone now.

I've asked all over but asking for "posts for hedgelaying" draws a blank -- you get offered fencing pales at eighteen shillings each. It's overkill and at two per yard it runs into expense.

It doesn't look like I'll ever find the canonical Hazel rods, so I'm falling back on plan B. I rang up one of the woodsmen in the Wealden Advertiser -- Brede Valley Fencing -- and asked him to make me the same pales used for cleft chestnut wire fencing, but five foot long and without the wire. He quoted me five shillings each and I bought four hundred which will keep me going for a while. They filled up the back of the Galaxy and I drove cautiously home, delighted by the smell of the fresh green wood.

Here they are in the shed. It's a weight off my mind. I feel I can set to work without worrying about running out.

Benders? No need -- I've got Willow wands coming out of my ears, and that certainly gets attention on the commuter train.

Fairies

I'm doing up a flat in the evenings, and there's enough work that I can't see an end to it. This morning I found myself peeping through the kitchen door on the off-chance that brownies had re-decorated or at least washed the greasy walls during the night. They hadn't.

Whiteout

The drought has parched the fields for months, and now the full moon light bleaches them bone white.

Media Studies

The more mad son has an email account so he can be subscribed to things. To keep on top of any problems, I have it set to forward copies of anything he receives.

Today his Youtube acount got its first subscriber (thanks for that, 344). I was so surprised that I took a look at his home page and one of them is getting decent viewing numbers -- in the hundreds. There's no huge skill in what he does, but he does make lovely explicit titles, and I guess they come up well in the searches.

But here we have a boy, autistic as they come, having more success -- much more success -- publishing free content than a lot of other people. Me for example.

Time for Tubby Bye-Bye, Meestair Bond

Well, the NMAAJS Daughter has been on Club Penguin for a month or so, and she's been enrolled as a secret agent. You get a tool to move around the site more easily, a range of mission games, a secret tunnel from the sports shop to the surveillance HQ and some fine clothing options like a bow tie and a tuxedo. (Why on earth would a penguin -- the world's most sophisticated bird -- need a dinner jacket?)

But the real meat is in the handbook. You have to report mean penguins and the ones who use bad words, so some harried moderator in Tucson or wherever can review the log and decide on an appropriate action.

Little do they know that the NMAAJSD has essentially no chance of spotting bad language -- we were watching two potty-mouthed puffins F Uing and F U 2ing and she had no idea what it meant. And this is the child who, on her fifth birthday, addressed the author of her being in these terms: "Just fuck off, Daddy."

Still, you have to give them credit. They're at least trying to make it fun to be a snitch, and that puts them a little ahead of the Staasi.

The Visitor

If you care to watch out, the light evenings expose one of our regular visitors -- a barn owl cruises the paddocks a little after nine. It looks like a ghost, a big white bird flapping hard so as to fly slowly but totally silent. In the three years it's been coming, I've never seen it stoop but I suppose these summer visits must pay off.

In the winter, when I'm walking across the fields well before dawn, I hear owls calling in the dark, but I can't tell what sort, or whether they're hunting or socialising. Sometimes they sound like they have a warning for me.

Spring

The woods are full of bluebells, and sunrise showers make elegantly decorated skies. Beech buds on the front hedge have just broken.

Alternatives

I still mull over the wasted capacity of the paddocks to grow woodchip and the shanty town to store it. But a woodchip boiler is a big investment and while I suspect the prices won't come down, the features ought to improve as they become more common.

I need a reason to start planting willow coppice now, so I'm running an experiment. Every year I cut down the mass of decorative dogwood that the previous owner liked to contrast with the birches. She may have been right -- she certainly demonstrated that cornus does well here. This year, instead of burning the switches, I've shredded them to get a cubic metre or so of brightly coloured woodchip. It's sitting in a basket made of old wire fireguards, drying off, I hope, in the woodshed. Provided they don't ferment, and they don't seem to be doing that, I'm going to try them in the woodburner to see how they do.

[3 May -- Yes they are fermenting. Arses.]

The most likely outcome, I suppose, is that they'll have failed to dry, or they'll suffocate the fire. But the next most likely is that I've got two hundred pounds of low-grade firewood essentially for free, and that's going to have me sticking in willow slips in the wet part of next winter....

Lust for Life in the Hedgerow

The willow benders I wove along the top of the lay are flowering in one last effort. They'll die as the wands dry out.

And Mrs U found a fine toad -- moist and warm -- waiting for insects to attack the lambs lettuce in the greenhouse.

Cider Outcomes

Well, the cider took. The mostly-Bramley fermented nicely to produce a splendid but very strong and tart drink by Christmas. The brew from the mostly-Spartan was slow to start and hasn't conditioned as well, and is indeed rather bland but just as strong and it softens the Bramley rather well. They're both still improving and drink very nicely in a fifty fifty blend in the glass.

Key point one seems to be that a pressure barrel is well worth the expense. Neither brew is as good after going flat in the fridge. And the second is that fining doesn't seem to make much difference -- it threw a lot of sediment but it was still cloudy. The unfined Bramley brew is probably the clearer of the two now.

The truly shocking thing is how much the supermarket bill has gone down after I started drinking homebrew. That decline in revenue is probably why Alastair had to put the booze tax up in the budget.

Spring

It's trying so hard. Hedging is over -- the first buds broke on the hawthorn three weeks ago, but they haven't done much since. The bees in the new hazel coppice are out looking for catkins in warm sun, but I daren't open them up for a look. I've tidied up the woodshed, but there's still a stream of logs going indoors.

All I can do is wait. I don't mind -- it's just so exciting.

Be Careful What You Wish For

Five years ago, I was effectively unemployed, failing to keep on top of the household jobs, and wishing I was riding on the commuter trains going past.

This evening, long after I should have been back, I was sitting on a commuter train wishing I was at home.

Sex Differences

As I write, the three household males are all in front of general purpose computers of one sort or another. The MMS is building layouts with his Trainz program; not a Christmas present, but running much better on the new computer. He's passed a little milestone that no-one else seems to have noticed -- he's saving files with worthwhile names, so it's probably time to get a modern version for his birthday. The LMS is playing Half-Life downloaded as a Christmas present (very Christmassy...) and I am writing this.

The females are on the sofa, with a nice fire, watching High School Musical...

Which is better?

Choice. I hate it.

I bought a new computer last night. Even though I'm not exactly Mr. Desktop I thought I would be able to make a sensible choice. In fact I was so overwhelmed, I nearly bought nothing.

First: supplier. I've bought from Morgan before and had a slightly patchy experience (but nothing unfair, and nothing that couldn't be resolved with my own skills.) This time I was going to avoid trouble by sticking to brand new stock -- retired from shops after going out of date. I liked the look of the HP media PCs with TV tuners and big plug-in HDs -- they were old enough to be packaged with XP Media centre (I really don't want that "which Vista edition" issue until SP1 --maybe not then), they were fully loaded with ports and the more expensive models had Intel dual cores, 2GB memory and GEForce 7600 with 256 MB. I didn't want a screen package because the more mad son has a history of headbutting flatscreens to death: CRTs are tougher and I have them already.

So I thought that was pretty cut and dried. But I can't resist a quick visit to Dell.

First impressions are low price -- Dell include VAT, and Morgan exclude it (which I think is a tad dodgy on consumer kit sold retail). Now I know that Dell charge a shameless £50 for delivery but it turns out it's free until the end of the month. Second thing is that XP is back on offer -- it was Vostro-only in September but now the consumer pages have it too. And it's XP Pro which is a big plus.

So into the configurator to be faced with all those tough choices. Many of the base builds lack 2GB and the prices start notching up as I make those tempting choices. Not all models let me configure "no screen" and if I'm having a screen maybe I should get the posh graphics as well.

I finally settle on a bearable heuristic. I'll only get factory fitted upgrades where I haven't upgraded myself successfully in the past.

I end up with PC Duo 6550, 2GB (I've had problems with dodgy 1GB parts), the base graphics (because no-name GEF8600 will be cheap and good in a years time), the base HD (definitely getting NAS ....) And a screen, which was too good to give up for £80 and I will put on the PC upstairs to keep the less mad son happy until he gets his laptop.

All that choosing left me emotionally committed to the Dell. I matched it to an HP package from Morgan and found it close (screen to placate LMS with graphics upgrade option in the future vs. no screen, and better but obsolete graphics now; no media centre tuner remote & wireless vs. XP pro and the confidence I wouldn't use that stuff; in stock vs two week delivery ouch) but a few pounds less.

So I bought the Dell. But it wasn't easy.

Physical Insecurity

A frisson walking across the fields on my way home this evening -- that lively sound of bullets wheeling past my head. It wasn't a demented assassin emerging from my ugly past -- the faint red light gave it away as an incompetent lamper with a silenced rifle killing rabbits behind Forstal farm. He carried on firing as I walked out of danger even though I was shining my torch at his likely location. Once I'd got to the safety of the lane I walked along to find out what was going on, and encountered a man claiming to be Shay Harbour(?) He knew about the footpath, he said, and thought his line of fire would be OK.

Any more of that sort of thing, and I'm getting a 50mW green laser and a night vision scope -- after this shone down his bins he'd be hard put to tell up from down, let alone fire his weapon.

Absolutely the Last Apple Entry this Year

It's been an astonishing year for fruit, but there's a price to pay. In ordinarily heavy years, plum tree branches can easily break with the weight of fruit. This year has had so much water that the damsons were the size of plums and edible straight off the tree while the table plums have needed props, to hold up the masses of disappointing bland fruit. And while the flavours been fine, we've had apple branches broken to create more challenges for the winter pruner. I drove past this old orchard today and saw trees pulled over or split in two -- it'll take more than pruning to fix that.

Cider

Last weekend I picked a lot of apples: 50% Bramley, 30% James Grieve, 20% Spartan with oddments of John Downie crabs and Conference pear, and screwed it down to a bit over four gallons of juice. I'd say there was a ratio about three gallons of loose apples to one of juice, but that may be optimistic, They were all fresh off the tree and hard, so I don't think I mashed them as well as I should have. Anyway, after a rather slow start, it's fermenting nicely with whatever Wilkinson sell as wine yeast at this time of year.

It was extremely hard work. The book had been rather lyrical about the benefits of community endeavour with everybody helping to get the work done. Mrs U left me to it, driving off to visit her parents, and I pounded out the whole lot using the boss on a 17lb fence post digger and a six liter screw press myself.

Since I set that lot going, I've learnt that 80% cookers is a bad thing (too acid), that using fresh apples reduces the juice yield (too hard, and too tart), and basically I've done it all wrong. So today I filled the mower trailer with 60% eaters and the balance mostly Bramleys and I've hidden it in the shed. In a fortnight's time I'll see whether they've softened up, and perhaps make myself some less acid cider to blend. For certain the Spartans had the dullest juice so I'm afraid the cider will be bland, but we'll have to see how that goes.

I know a secret

And it's a surprise: the best juice comes from crab apples.

Admittedly they were ripe red John Downie, but straight off the tree they were still a lot more like hard red berries than proper apples, and they were the devil to crush. I got three pints from a gallon of mush, and it was sweet and appley with a lot of the puckering richness which I think is malic acid. Drinkable - delicious - running off the press.

Freedom

Anyway, yes Holiday time in the very wonderful Isle of Wight. If you've got odd ASD children, you probably should be booking about now for one of next years Freedom Family week at East Dene. Why? a) Ventnor is a smashing little seaside resort. If you like walks, there are lovely walks there and back, or to Shanklin. b) The IoW railway will engage any train fiend, especially if you go all the way to the end of the pier, and it connects with steam trains if that's your bag. c) If you prefer to do nothing, the outdoor pool is heated, attended and open for hours a day. Most ASD kiddywinks and their siblings will play happily and tiringly in the pool for hours, and if they don't want that, there are activities most days. d) The air and views are conducive to a feeling of irrepressible well-being. e) It's catered. If you've been driven to self catering just to avoid the odd looks, it's amazingly wonderful not to have to hit the supermarket, look for pepper or whatever.

But none of that matters, because the real colossal advantage is is that however weird, badly behaved or just plain crazy your kiddies are, other children are crazier. Howls like a gibbon in the swimming pool? No problem. Unreliable judgement on wearing trousers? Don't we all. Turds on the staircarpet? Got to do it somewhere. True for all the other guests, true for staff. Amazingly relaxing, even if you're sleeping in a bunk and eating canteen food.

As a bonus you get to meet all the other odd children. Other people's kiddies are always more fun (because you get to hand them back) but this year I had the odd sensation that I was meeting children who were amazing. That's not a conventional wishy-washy feelgood disabled rights amazing, but absolutely fuck-off precocity and ability. Some were diagnosed, and some were slightly dodgy "we think he's all right" siblings. Amazing. I wish I could publish a list of names to watch out for because some of those kiddies are going far.......