Continuous Excursions

As an IT professional, I've always been aware of the need for decent anti-virus software.  Not only making sure that it's installed, but keeping it up-to-date too.  I have a long-term set of skills and experiences related to McAfee, but when I bought my first home PC in early 2002 I decided to go with what I then considered the joint market leader: Norton.

I've used Norton on this PC ever since, until I uninstalled it yesterday and switched to Kaspersky.  Over the years I've also happily recommended it to friends and family.  McAfee was a great business product (especially where the need for central administration was important), but Norton always seemed slicker and less clunky on individual PCs.

However, over the course of this month I've experienced three instances on three entirely separate PCs where Norton has comprehensively failed to identify and remove a serious and well-documented virus.  The first was on my own home PC, which got infected with the CiD adware virus (also known as Lop) - its first infection in six years.

Even more surprising was that when I finally worked out what was going on, identified what I was dealing with, discovered the executable files in question and pointed Norton Anti-Virus 2007 in their direction, it told me they were entirely clean.  This, despite the fact that its own website claims that it detects and removes Lop.

I wasn't very impressed with this.  I decided that when my subscription runs out in May, I was going to change software.  I did some research and discovered that Kaspersky seems to regularly get top marks for detection, generally falling down on user-friendliness issues.  That doesn't bother me too much, as long as it finds things.

My second experience came a couple of weeks ago.  My parents have bought a new laptop.  It came pre-installed with a trial version of Norton Anti-Virus.  The first thing I did when I got my hands on it was to ensure that it had done a complete scan of the system.  It hadn't, so I set one off and it completed by reporting that the machine was clean.

However, I was suspicious.  I spotted that Kaspersky offers a free online scan (it detects but doesn't repair), so I tried it out.  Several hours later, I discovered that their laptop had a Trojan lurking on its hard drive.  Norton hadn't spotted it.  I forgot to write its name down and I don't remember what it was, but it confirmed my suspicions about Norton.

Norton is simply not good enough at finding problems.  So, with my parents' 30-day trial subscription to Norton rapidly coming to an end, we uninstalled Norton and put Kaspersky onto the laptop instead.  I was quite impressed.  It certainly wasn't as primitive in the usability stakes as I had been expecting and the functionality was comprehensive.

Then last weekend we were at my sister-in-law's and she asked if I'd look at their computer, which was running very slowly.  My niece mentioned that it kept popping up loads of websites that they hadn't clicked on.  It all sounded very familiar and a few minutes later I discovered that it had the same strain of CiD/Lop that my own PC had experienced.

Its anti-virus package?  Yes, you guessed it... Norton Anti-Virus.  I'd recommended it to them five years previously.  So, to cut a long story short, we removed the virus manually (removing registry entries, executables and - crucially - a hidden scheduled job in C:\WINDOWS\Tasks), uninstalled Norton and loaded on Kaspersky.

After that experience (four hours) and the amount of time it had taken me to remove Lop from my own PC (six hours), I decided that I wasn't going to wait until May and yesterday I went ahead with removing Norton from my own PC and replacing it with Kaspersky.  At £20 per year, it's a small price compared to losing a day's worth of computer time.

Generally the process went smoothly.  The Norton software takes longer to uninstall than I had been expecting.  On my parents' and sister-in-law's PCs the uninstall was smooth.  On mine, the Norton LiveUpdate Notice component wouldn't uninstall properly, but eventually Symantec's Norton Removal Tool did the job.

Installing Kaspersky was straightforward.  In all three cases I installed Kaspersky Anti-Virus (KAV), rather than the more comprehensive Kaspersky Internet Security (KIS) suite.  On my sister-in-law's PC, the moment it was up-and-running, it told us that Lop was trying to disable it - the virus had somehow survived our manual removal.

Having used the KAV on my own PC for a day, I'm happy with it.  There have been a few teething troubles, mainly related to the fact that I'm a paranoid power-user with several other security measures in place on my PC with which KAV has conflicted.  These aren't issues that are likely to be experienced by the average user.

The three biggest problems I've experienced have all been related to KAV's ability to scan encrypted SSL traffic.  It manages this using certificate substitution, a process that I've not come across previously.  In a nutshell, this is entirely incompatible with my Carbonite online backup service and has also caused problems in Outlook.

The Outlook issues are basically because I have configured Outlook to connect to multiple mail accounts using the most secure protocols possible.  I download all of my own e-mail using POP3 SSL (port 995) rather than basic POP3 (port 110).  I also connect to a client's Exchange server using Outlook's RPC over HTTP functionality.

Though in theory Kaspersky can handle this, in practice the results are flaky.  Also, I've found that sites using Google Analytics also fail to load properly because of GA's use of HTTP SSL (port 443).  I initially tried the "prompt for scan" setting to allow me to decide whether to scan on a per-connection basis, but this fails when I'm away from the PC.

Eventually, I've turned off checking of encrypted connections.  Initially I was wary of doing this, but then I realised that Norton Anti-Virus didn't do it anyway, so I wasn't losing out on something that I'd had previously.  Hopefully one day I'll be able to turn it back on again, e.g. if Kaspersky implements a whitelist feature for identifying SSL sites that I trust.

I particularly like KAV's Proactive Defense feature.  This is able to spot things like one process attempting to control another.  It was a bit of a pain in the first 24 hours having to "train" it in all the instances where this is legitimate (e.g. Firefox launching Java), but now it's settled down I feel more confident that future virus attacks will be highlighted.

As for the dreaded full system scan... with Norton Anti-Virus 2007 this used to take around 8 hours on my six-year-old (but well specified) desktop PC.  System performance was noticeably degraded while it was running.  Kaspersky Anti-Virus takes fourteen hours (less efficient, or just working much harder?) but you can barely tell it's running.

It's still early days, so I'll update this post with any significant additional experiences over the coming weeks, but the main lessons that I've learned from this experience have been:

• on three entirely separate PCs, Norton Anti-Virus 2007 and 2008 simply did not detect significant threats;
• having researched the market, Kaspersky's anti-virus solutions get consistently high scores for reliability;
• my own experience so far has demonstrated that this reputation is well-deserved;
• Norton products can't always be removed cleanly purely by using Add/Remove Programs;
  
• if you're a power-user of your PC (particularly where SSL solutions are in use), Kaspersky needs tweaking;
• even for a knowledgeable IT professional, removal of CiD/Lop is a very time-consuming process.

It's been an interesting month.

Do you tend to like music in particular genres, or are your tastes all over the place?  What are your most and least favorite musical genres?

I am answering this QOTD in tribute to No Music Day (which, by supreme irony, occurs annually on my birthday), whose spirit - don't take music for granted, appreciate it more - I support, but whose practice I have been breaking vigorously and LOUDLY all day.

My tastes have been gloriously all over the place since I was a teenager whose record collection nestled Madonna next to Virgin Prunes.  Genre really isn't that important to me - what I look for is individuality and/or authenticity.  I can happily listen to formulaic pop music if it's authentically formulaic.  ABBA were the masters of that particular template.

Equally, I can listen to the most ramshackle sonic mess if it sounds like nothing else, especially if there's an idea behind it.  As Yoko Ono once put it:  "All sounds are potentially dangerous.  All sounds are potentially medicinal.  All sounds are beautiful."  I think of that quote when I'm listening to the emetic throb of vintage Panasonic.

At the moment I've got the new Leona Lewis album on.  It's nice comfort music, a bit like a warming bowl of soup, but I don't find it very nourishing.  She has a superb voice, but apart from the debut single it's all a bit characterless.  In X Factor terms I'm more drawn to singers like the current season's Niki (more), whose soul shines through every note.

Sinéad O'Connor has that power.  Gavin Friday has it.  Kristen Hersh too.  Patti Smith.  Mary Margaret O'Hara.  Ian Curtis.  Aaliyah.  Tim Buckley, Jeff Buckley.  Karen Dalton.  Erykah Badu.  John Darnielle.  Jhon Balance.  More recently, Win Butler has it.  Joan Wasser, Alex Turner, Lesley Feist, Lupen Crook and Laura Marling also.

My most favourite musical genre would superficially appear to be some kind of folk, whether modern or trad.  But it's not that simple.  Really what I'm into is people who express themselves in the most honest way possible.  I'm not interested in someone who wants to sound like someone else.  Be your own (wo)man, however, and I'm all ears.

You're the DJ: what are the next five songs coming up after the break?

1. Kate Nash, Mouthwash - confidence, vulnerability and the allure of the weekend.
2. Bonde Do Role, Divine Gosa - I'll have what she's having...
   
3. Cherry Ghost, 4am - bitter-sweet romantic lyricism.
   
4. Black Strobe, Brenn Di Ega Kjerke - minimal trance building to stately fuzzbox euphoria.
   
5. M.I.A., XR2 - insistent repetition, my current earworm.
   
6. Architecture In Helsinki, Hold Music - funky & infectious, like the B-52s with bird flu.
   

Yeah, sorry.  I've never really known when to stop.

I had a swivel chair in my former job.  There was limited room behind my desk within which it could manoeuvre, so its swiveliness was generally limited to rotating through ninety degrees when I wanted to stand up.  Nevertheless, it was black and leathery and - in that parallel universe office culture kind of way - it signified that I was a Manager.

A swivel chair, leathery or otherwise, is synonymous with a working environment for me.  When I sat on a (dining) chair at the "desk" (i.e. former kitchen table) in our study last summer, it never felt like I was at work (despite the fact that, being on a career break, technically I wasn't anyway, but you know what I mean).

As autumn came and the self-indulgent summer pursuits started to make way for marginally more career-related activities, I decided almost on a whim whilst in Staples to buy a swivel chair for the study.  The moment I assembled it and sat down, my relationship with my home desk and PC was transformed.  I was Working again.

Genuine paying work kicked in at the start of this year and now I tend to do a day or two per week at a client's premises, a day or two at home and I give myself a day or two off.  If that sounds enviable, bear in mind that I have the part-time salary to go with that kind of lifestyle too.  Nevertheless, I enjoy the flexibility for now.

However, as the weather has been warmer recently and I've been working at home in shorts and t-shirt, I've discovered a minor problem that didn't trouble me either as a more fully clothed employee in my former office or during my time at home last summer.  Swivel chairs, wooden floors and bare feet are not a good combination.  Ouch.

This might be of little interest to anyone but me, but for the record... today was the day that I did the following things for the first time: used Office 2007; used 3G mobile broadband (aka HSDPA); setup mailboxes on a managed Exchange server.

Significant stuff, because this is the start of the main project for the main client.  First laptop all but done after just over half a day's work, which bodes well.  Five more to go.  Less hands-on setup than I expected, but probably more crossover coaching is going to be required.

Office 2007's interface is a real eye-opener at first.  Thankfully Outlook isn't so different to its predecessor, but Word and Excel are going to take some getting used to.  All the reviews I've read say that the new "Ribbon" interface is an improvement on traditional menus, so I'm hoping the shock factor will be short-lasting.

HSDPA is blisteringly fast.  You type a URL into the browser, press Enter and BANG, it's there on the screen.  It's "only" a 1.4Mbps service, which might seem slow compared to the 8Mbps domestic broadband services that are increasingly the norm, but it feels faster.  Not slowed down by contention, maybe.

As for the managed Exchange server (i.e. hosted by a service provider), it's going to be interesting to see how much functionality is available compared to the native implementations that I've worked with previously.  Certainly from the client perspective (i.e. within Outlook) there's no difference at all.

Apart from the appalling journey home (fifty minutes to get from client to one mile north of the Blackwall Tunnel, then an hour to do the mile down into the tunnel itself), today was a really positive day that moves this freelancing thing into a different gear.  I'm looking forward to tomorrow and also to getting my hands on SharePoint again later this week.

I noticed my broadband connection going up and down last night around 10pm.  Nothing unusual about that, my ISP often does maintenance on a Wednesday or Thursday evening.  I gave up trying to use the net in the end and went to bed.  Should have gone earlier anyway, to be honest, but I was trying to fix the Mrs' iPod.

This morning, everything seemed roughly back to normal, with my router reporting a 5+ Mbps connection.  However, all file downloads crawled like a slug on valium.  My weekly download of my webspace backup (about 500MB), which normally takes about an hour or so to complete, was predicting more than ten hours.

I phoned my ISP and was directed to the very useful BT Speedtester, which I've never seen before.  It's only of use to UK-based DSL subscribers whose underlying service is provided by BT Wholesale, but if that applies to you then it's worth knowing about because it gives you some crucial info that other speed tests don't.

Here's my result:

    IP profile for your line is - 135 kbps
    DSL connection rate: 448 kbps(UP-STREAM)  5696 kbps(DOWN-STREAM)
    Actual IP throughput achieved during the test was - 97 kbps

That "IP profile" is clearly responsible for my problem, so I did some research.  To cut a long story short (there's plenty of googleable reading material if you want the full technical horror), that's a value set by the BT network management systems and mine has almost certainly changed within the past 24 hours.

It seems that if your line performance drops for whatever reason (noise on the line, faulty equipment, regular rebooting of your DSL router), the BT systems drop the IP profile to match your lowest last connection speed.  At some point last night I saw my router connected at around 144 kbps, which is obviously when this happened.

Now whatever was going on has ceased, I'm connected back at 5696 kbps again, but the IP profile is still 135 kbps.  The good news is that apparently the BT management systems will automatically push this up again once they see that my line has remained stable.  The bad news is that it takes three days.

Opinion on the various comms & DSL forums is divided on whether turning my router on and off repeatedly will help or hinder the readjustment.  There also seems to be a difference of opinion on whether I should physically unplug everything for a few minutes or not.  I'm leaving well alone, because at least basic surfing is OK for now.

I think this might be quite a useful skill set to build, both personally and professionally.  My comms skills are generally based on frame relay and MPLS, because DSL didn't used to offer the service levels that we needed in my former job. If for no other reason, it would be good to understand in more detail how my home broadband connection works.

If you haven't seen it already, keep an eye out for this - either repeated on BBC4 or on your favourite torrent site:

FOLK HIBERNIA ON BBC FOUR [10/01/07]
Tune in to BBC Four at 9pm on 19th January for Folk Hibernia - the story of Ireland's rocky rise from an impoverished post-colonial upstart to a modern European power. A story of passion, politics, religion and identity, this film explores how Irish music has given the world a sense of Ireland and Ireland a sense of itself. With an archival treasure trove of 60 years of music and cultural change in Ireland, and contributors including Christy Moore, The Chieftains' Paddy Moloney, Ronnie Drew of The Dubliners, Liam Clancy of The Clancy Brothers, Pogue Shane MacGowan and Johnny Moynihan of Sweeney's Men, Mike Connolly's film is an interpretative guide to Irish folk music and its evolving place in Irish culture and the world. Mike Connolly produced, directed and voiced the BBC Four series Folk Britannia, and this 90-minute film offers a similar overview of the Irish tradition.

I watched my videoed copy this afternoon and learnt a fair bit about pre-80s Irish music.  Not as comprehensive as its Folk Britannia predecessor, but then that was 3 x 1 hour shows.

Enjoying this album.  It's a bit Enya, a bit Sinead, a bit Stina Nordenstam, a bit Daniel Figgis, a bit like the Andrea Corr track on the Rogue's Gallery album, a bit Alasdair Roberts, a bit Jim Moray.

Sounds a bit lightweight on the first listen, but starts to intrigue on the second and hooks you on the third.

13 Songs

Julie Feeney

Some short reviews give you a flavour of what to expect:

• Guardian
• RTE

Of course, if I'd had access to the internet over the Christmas week, I'd have posted these then.  But I didn't and then I forgot about them and I've just found them now.  Unfortunately my phone only seems to do video in 24 second batches, so I couldn't film the whole thing.  This is the start and the chorus.

Merry Christmas Dog - start

Merry Christmas Dog - chorus