Security? What Security?

A friend of mine just got a virus on his home pc. He's a meticulous Windows Updater and runs antivirus software. But the unpatched HTA bug in IE got him.

The incident got me thinking about security. It seems like Microsoft (and others) are spending most of their security time on preventing rogue programs from running. Buffer overflows and ActiveX controls getting activated by mistake are examples of programs launching that never should have launched in the first place. But this tactic won't really work in the long run. Even if you prevent all the forms of automatically launching programs, the user will sometimes launch one that contains a trojan horse or virus. And the fact is, launching software is part of what makes the web seem so integrated. If you view a PDF file in Internet Explorer, Adobe's PDF viewer launches as an ActiveX container in IE. That's a desirable feature.

I think we're going about this all wrong. What if we used Windows NTFS permissions and other security measures to properly protect the resources in the first place? What if, by default, a regular user could not modify the Windows system files? This is the strategy that Unix has been using for years. I'm not saying that fixing buffer overruns is bad. In fact, it's necessary. But we could seriously limit the damage a virus could do if users ran in a lower security mode.

But wait. Many Windows programs, including programs like MSN Messenger, won't run properly if you are not an administrator. My HP scanner software requires access to the system directories. If the user tries to run in a safer mode, much of her software won't run.

As computing professionals, it's up to all of us, not just Microsoft, to make secure computing possible. Testing our software running as regular users, not administrators, is very important. Windows has built-in security measures that, if properly used, could limit the damage a virus could do. But Windows also has a history of free-for-all access to the system directories. Until users can run their software as a regular User, they will be signed in with Administrator rights, and Windows won't be secure against viruses.

No time to draw

Despite having no time to draw, I whipped out these two. I don't think they are as high quaility as some of my other work, taking an hour or less to complete, but they were fun. I'm trying to figure out how to make interesting use of negative space (disconnected lines and shapes) in a color drawing. Color seems to force you to complete shapes, where black-and-white allows you to create spaces that the mind fills in. I've always like negative space because I think it makes pictures interesting to look at, and sometimes allows you to put multiple things into one image. The outlines of the cat are disconnected, but of course the color fills it in...guess I'll keep working on that one.

Another drawing

Amazing that I found time for this, but I completed another drawing. I'm always pretty hypercritical of my stuff -- I think a lot more time could have been devoted to this but I'm trying to work for speed and for the sake of practice. I'll probably keep off the computer for a while and practice in a sketchbook, where I'm less likely to spend too much time on little details and more likely to move on to the next subject. I do think this drawing was a nice attempt to show how coding is kind of cool, and how the mental experience that goes into it can put you in touch with some really deep levels inside yourself. (Oh -- the text in the image is a little snippet of code from Hermit, LOL!!!)

Turbo Geek-Mobile

Oh my...I seem to have turned my car into a Turbo Geek-Mobile by claiming that it's from the complex but intriguing land of C++. Still, you have to have some humor in your life, and showing off your favorite programming language -- on your car -- is sure to get some chuckles from those "in the know."

Open What?

Software people like the word "open". It implies all goodness: ability to meet expectations and give choice. An interesting point about Open Source vs. Open Standards, however, is that Open Source does not necessarily follow Open Standards. Open Standards, like the ANSI/ISO standard for C++, enable multiple vendors (and open-source developers) to produce compatible products.

.Net for Free

Despite being a closed-source system, Microsoft's .Net can be used basically for free (as in beer). First, download the free .Net Framework SDK from Microsoft. This installs .Net on your system and includes the required tools and compilers.

Next, check out the ASP.Net Web Matrix for building web applications. It's quite full-featured and supports all the ASP.Net controls with database access.

If you want to write Windows applications, try SharpDevelop, a C# IDE for Windows Forms Applications. You can even get enhanced controls via the Magic Library.

Artwork

Over the past three months I've started drawing again, something I had not done much of since college. I've been trying the anime-style, and a few other things. Here's some of the stuff I've worked on:

Cool Toys

Check out this cool router - the Nexland Pro800 Turbo - it load balances 2 Internet connections! So as the price of broadband drops, you could get two connections and twice the speed. Pretty slick if you need it.

This is quite slick too - the SLIMP3 lets you rip all your music to your hard disk and play it over your network on the stereo system. I'm already working on my Christmas wish-list, it seems. ;-)

Reality

Wow, although Arab News is not without its share of bias, this article by Robert Fisk struck me: This Is the Reality of War. We Bomb. They Suffer.

Blogger

While I listen to news of the war, I'm trying out blogger.