So many things in this world are broken, stupid, and just plain WRONG, and I can't take it any longer!

Monday, August 30, 2004

SP2 "Security" Center

There have been a number of reports that SP2 is fuller of holes than a seive, and while I think this is in some way a slight exaggeration, one flaw has caught my eye. The new "Security Center" can be fooled in to thinking that your firewall/virus checker is running and up to date, even when this isn't true. Some people have been defending this by saying that it can only happen if you're running as a member of the admin group, and of course no-one would be that stupid, right?


Consider this: most XP users are the average-Joe got-it-at-PC-World types. They buy their shiny new PC, take it home and plug it in, and run through the faintly patronising Welcome thing to create their user account. Guess what? It's an admin account! Yes, by default, it's the thing you apparently should never do. To compound this, no mention is made that this is an administrator account and shouldn't be used for day-to-day tasks, and in fact unless the user creates some new accounts themselves they may never know that there is any kind of choice about what type of account you create.

It gets worse. XP Home has only two types of account -- admin, and limited. Limited is, well, limited, and without a lot of fiddling in the command line, monitoring registry keys and files, and generally doing things no mortal should be expected to have to deal with, limited accounts are pretty useless.

So, what does this mean? Given that MSFT have been touting SP2 as super-secure, and telling us all that the security center takes the hard work out of making sure we're safe, complacency is bound to set in. However, as probably 90% of the XP-owning public are being ever so naughty and running as admin users, there's a disaster waiting to happen. I can hear the screams now... "I lost all my files due to a virus? But security center said I was safe!"

Wednesday, August 25, 2004

Why IE Sucks

Or, more accurately, why Firefox is much better. In no particular order, here are some reasons that convinced me to make the switch:

  • Tabbed browsing -- much less desktop clutter. In conjunction with some of the nifty bookmark features, those of us who like to visit a lot of sites and aggregate content from them, it's a blessing.
  • Extensions -- there are a wide range of extensions available to enhance your experience, and if you can't find what you want you can join the growing ranks of developers and add your own.
  • Download manager -- rather than IE's irritating "one dialog box per download" system, Firefox has a decent download manager.
  • More secure -- as ActiveX controls aren't supported, Firefox is immune to a whole host of nasty exploits. Sadly some sites you may visit (Windows Update, File Planet, etc.) require IE as they rely on ActiveX controls, but thanks to the "Open this page in IE" context menu extension, it's not a major bother. Hopefully one day the offending sites will see sense. In addition, as it's not so closely tied to the OS core any vulnerabilities in Firefox are much less likely to cause compromise of your system.
  • Standards compliant -- Firefox is more compliant with the standard standards than IE. Some of the MSFT "standards" cause problems, but most sites render as Bob intended.
  • Popup/adblocker -- say no more.
  • Super-smart address bar -- like IE, Firefox pops down a list of matching URLs as you type in to the address bar, but does it one (or in fact three) better. The page title is displayed in the list along with the URLs, you can assign mnemonics to your bookmarks and access them from the address bar, and the mnemonics can take parameters. Got a site you search a lot? Create a suitable mnemonic and you can search from the address bar with ease...
  • Find-as-you-type -- looking for something on a web page? Rather than opening a dialog box first, just start typing what you're looking for, and Firefox'll find it for you.
There are many more reasons -- I could go on for hours -- but it's better you see for yourself. Go on, get Firefox!

Compulsory Registration? Don't Even THINK About It!

If you wander down to your local grocery store you don't need to give out personal details to browse around. If you go to the library to read a newspaper no-one asks you for your name and address. So why do so many websites these days feature compulsory registration if you want to look at them? I used to avoid them until I was shown the wonders of BugMeNot.

For those of you unfamiliar with BugMeNot, it's a repository of fake logins for various websites that feature compulsory registration, and it's been up and down like a yoyo over the past week or two. The suspicion is that the first outage was due to pressure applied to their original host by the sites whose tedious registration policies were being nullified. BugMeNot is a brilliant idea, and even better if you use the extension for Firefox. (What do you mean, you don't have Firefox? That'll have to be the topic of a future post, I suppose.)