It’s the big buzz right now: Intel is acquiring McAfee!

A lot of people are asking why.  Goodness knows that was my first thought too.  It answered itself pretty quickly though.  I mean how many motherboards these days come with heat, fan speed, and voltage monitoring built into the hardware and BIOS?  How many come with hard drive checking and detailed memory checking as well?  Heck, I’ve even seen some with crappy antivirus that I wouldn’t trust in the past.  So as a selling point, an antivirus that you could trust makes a kind of sense.

More than that though, one of my favorite features of old nVidia motherboards was the built-in hardware firewall with a web interface.  A personal firewall that doesn’t eat up all of my PC’s resources?  It was a great idea as far as I was concerned.

And what eats more resources today than anti-virus, anti-spyware, firewall, email, etc. protection suites all rolled into one?  Some of those are real beasts!  As McAfee well knows, since their antivirus is one of the most resource consuming monstrosities out there.  So if anyone can hardware-accelerate your malware defenses, who better than Intel?

Heck, with virtualization and abstraction layers abounding as new means of defending your computer from hackers, again, who better a partner than Intel to add some hefty unique specialized hardware into your northbridge?

Okay, so I guess AMD might have been a good second choice.  Maybe even nVidia a third.  But we all know that if you want to reach the world at large, you aim at Intel.  So who better than to sell yourself out to than Intel directly?

And these days Intel is looking to bundle everything they possibly can into their CPUs and chipsets.  From 3D graphics now even going into CPUs, to memory controllers (finally catching up with AMD there), to disk security, to serious RAID disk controllers, it’s all being packed up and bundled in.  So it comes as no surprise then that Intel is looking to bundle in one more specialized bit of hardware – the Malware Defense Unit.  (Or something equally trite.)

Whatever makes them happy.

And maybe it’ll even work out well for them.  It certainly makes a kind of sense.

My only concern is that I’ve personally never been a McAfee fan in the first place.  Every time I’ve used their software, it’s sucked up valuable resources.  Sure, it protects you, but at what cost?  And then look at Intel’s idea of 3D graphics acceleration.  It’s hardly top-notch.  And while their RAID disk controllers are okay, they’re not exactly the ones I go to when I need something professional either.  So is that the kind of aim that Intel is going to take with their new security division as well?  Is their Onboard McAfee going to just be another, “It’s better than nothing, but for anything serious I’m still replacing it,” product?  That might work great for casual users and small offices, but I can’t see Intel’s usual approach to anything not directly CPU related winning over any serious business buys.

But hey, I guess that’s a worry for another day.  First we have to see what Intel even does with McAfee in the first place.

One does have to wonder though …

I mean with CPUs having so many cores these days, not to mention Intel’s famous HyperThreading…  Then you add in to that the virtualization being built into CPUs as well…  Does anyone really need hardware acceleration to run their PC’s security suite anymore?  Seems to me processors these days can do it all with plenty to spare, so much so that you’d probably never even notice a resource hog anymore.

With so many unused cores in most desktops you could probably even do software RAID without noticing.

But maybe that’s just me.

The dual boot: it’s the answer to all of life’s mysteries.  Well, okay, so maybe not all of them.  But the biggest one, of how to enjoy the security of Linux whilst still being able to use all of your Windows apps and play all of the latest games.  Because as good as Linux is, it just isn’t gaining any popularity, so most software is still in the demesne of Windows.

Well, okay, so in theory there’s also Macintosh in there somewhere.  But honestly, who cares about that?

And, again, another theoretical solution is to use virtualization, like VMware, to run one OS natively and the other on virtualized hardware from inside the native OS.  Except that’s not really the solution that it should be.  If you run Linux native and Windows virtual, it’ll work, sure, but the point of a lot of people of running Windows is to play games that Linux can’t, and even though VMware has made some great strides in graphics virtualization, now that they actually virtualize the 3D acceleration as well, there’s still a significant performance loss running on virtualized hardware.  Which rather defeats the purpose.  Who wants to play their games slowly? But the alternative, running Windows natively so that you get full performance, and virtualizing Linux, is frankly even more useless since you’ve just thrown the whole Linux security advantage out the window.  And really, what can Linux do that Windows can’t?  So then what would be the point of using Linux at all if you were going to make your base OS Windows?  You could just use Windows.

So the answer is to dual boot.  Install Linux and Windows side-by-side and choose which one you want to load at startup.  It’s supposed to be easy.  And solve all of your problems.

Except for when it isn’t, and doesn’t.

Frankly, Linux (and all things related) is really starting to piss me off.

To start with, I decided to try a distro I’ve never touched before, because I’m old school I guess: Ubuntu.  It’s cute.  It’s snazzy.  Shame it couldn’t properly recognize my RAID0 array and trashed it each and every time I tried to install it.  Having installed Windows first in the process, that meant a lot of re-installing Windows, drivers, etc.  It was a royal pain in the asterisk.

But I’m nothing if not persistent.  I switched from using my Intel Matrix RAID controller to the dinky JMicron one that I don’t trust worth a darn, and voila, Ubuntu stops trying to access the component drives separately and treats the RAID0 array as a single disk.  Windows, mind you, had no problem properly using either.

That settled, move on in time.  To a procedure I’d put off perhaps a little too long: making my first backup.

Here’s a freaking rant in and of itself.  Windows Backup in Windows 7 can’t be used because the Linux bootloader partition used by GRUB I stupidly partitioned and formatted for Linux.  You might think “duh” there, as what else would you do?  Well Windows 7 has a stupid shadow copy technique used when backing up drives.  This is poorly programmed, and requires so much free space on each partition.  And yes, you guessed it, Windows both is smart enough to recognize that it needs to backup that bootloader partition, but too dumb to know how to read any Linux-formatted partitions.  So unless you were smart enough to make that bootloader a FAT32 or NTFS format, Windows Backup fails each and every time because it can’t shadow the bootloader partition.  Never mind that you could have literal terabytes of space free on your drive.  The shadow has to be on the partition being copied, and if the partition format can’t be read by Windows, you’re SOL.  And, in fact, I can’t even be sure that making that partition Windows-readable will fix this Windows Backup woe, because I have yet to try it.  It’s only a theory that it might make Windows Backup usable on a dual-boot box.

But honestly, it’s no big deal.  That’s okay, because Windows Backup is a PoS anyway.  There’s so much better software out there, right?  Comodo, for example, is free and does a much better job.  I would have just used my old copy of Norton Ghost, like I have on so many Windows XP boxes past, but it’s not compatible with Windows 7.  Oh, sure, some newer version is, but I’m not going to stump-up cash for that if there’s a free alternative that meets my needs.  And besides, I don’t want to just back up my Windows partitions anyway.  We’re talking dual boot.  We’re talking Windows and Linux living side-by-side.  So a Windows-only backup would be darn stupid anyway.  Just as a Linux-only backup would be.

So let’s try bringing in something truly multiplatform, that can read NTFS and Linux formats equally well, and will respect the whole of the hard drive, the master boot record, the partitions, everything exactly as they are.  Why not try something like Partimage Is Not Ghost (PING) then.

And then watch during a routine backup as PING totally destroys the Windows partition so badly that no Windows or Linux tool can restore it without reformatting the whole NTFS partition Windows used to be using before it was slaughtered by bad programming and heavy Linux hands.

Honestly.  Can anyone tell me why anyone would think a typical Windows user would, at this point, having had his Windows install raped and slaughtered repeatedly by Linux, be even remotely interested in trying to use Linux at this point?  At all?  Ever?

I can’t think of a single reason.

In fact, I feel pretty damn stupid for even giving Linux this many opportunities to nuke my Windows install.

I honestly have no idea why I’m so determined to use Linux at all.  Dualboot is just not working here.  I don’t know why not.  It’s a freaking simple concept.  I know Linux works just great on its own.  And Windows, well, is Windows.  Can’t live with it, can’t live without it.  So…

…I keep on trying.

But if anyone has ever wondered why Windows users don’t switch to Linux for the better security, lower overhead, and easier access to a plethora of wonderful free software?  There you go.  It’s because of all of the bad things that Linux does, that Windows doesn’t.  Like happily deconstruct a RAID array and then write to the drives individually, destroying the array.  Or blithely nuke Windows during a routine hard drive backup, when it should only be reading from the Windows partition in the first place.  Not many Windows users would be happy to reinstall everything from scratch because “oops” we had a little bug.

I’ve decided that I really don’t like Ubuntu though.  So maybe I’ll go back to openSUSE.  Or Fedora.

But later.  Much later.  When the seething anger has gone back down to a dull ache and I can burn a distro to DVD without wanting to throw it across the room, grind it into pulp, etc.

I really never thought I would cherish anything Microsoftian this much.  But I’m about damn ready to mount my Windows 7 disk on a wall.  With those holograms, it’s even kind of shiny…

TippingPoint has long been a proponent of information technology security, especially known for its Zero Day Initiative bug-hunt rewards program in which security researchers can earn thousands of dollars by revealing new vulnerabilities to TippingPoint, who in turns contacts the faulted software developers to get them to patch the holes in their code.

But a recent perusal in the ZDI database for high-risk vulns still sitting unpatched after more than a year after disclosure has grated on some nerves.  Some of those privately disclosed security holes have even gone as many as three years without being fixed by their respective software vendors.  And that’s just no good.

TippingPoint had been trying to be responsible, keeping the disclosure of the bugs private, giving their creators time to fix them to keep everyone safe without going full disclosure and letting the hackers also know of these vulnerabilities.  But after seeing too many software companies sit upon their laurels and do nothing about their holes, TippingPoint has had enough.

The new ZDI police will still be to privately contact software companies, but to only give them six months of privacy to correct their flaws.  After that six months, if no extension is agreed upon, TippingPoint will turn around and give full disclosure of the bug to the world at large, giving third parties an opportunity to fix the holes that a software vendor refused to act upon.

While many proponents (including myself) laud this tough-on-bugs approach, opposition to the “full disclosure” method (such as Microsoft, of course, inventors of security through obfuscation) argue that set timescales don’t work because some bugs take longer to fix and test than others, and that hackers can also use the disclosed information to make their job of getting into your computer easier.

And these are valid points.  But then, that’s probably why TippingPoint in fact has a method in place to file for an extension to that six month timeline.  TippingPoint seems to make it clear that if Microsoft can make a convincing argument on why they can’t fix their security hole in a mere six months, TippingPoint will be more than happy to extend that timeline to give them all of the privacy they need.

Meanwhile, there’s the other end of the spectrum.  Recently Google has expressed a policy similar to this new one from TippingPoint, but with a mere 60 days, just two months, of privacy, a much tougher deadline to meet.

Dell, they’re the company that got a lot of attention in the business world for a model of manufacturing and delivery that would make any industry proud.  But perhaps the time for Dell’s pride has passed.

We start off Dell’s new world of woes with their shipping motherboards infected with malware.  Yes, that’s right.  The Dell PowerEdge R310, PowerEdge R410, PowerEdge R510, and PowerEdge T410 server motherboards recently shipped to customers after service calls for faulty hardware turned out to be infected with the W32.Spybot worm.  The computer virus was hidden in the onboard flash storage and would infect unprotected Windows machines if Dell Update Packages for Unified Server Configurator (USC) or 32-bit Diagnostics were executed.  Though Windows Server 2008 (and presumably Windows Vista and Windows 7, should anyone ever install those on these server motherboards) theoretically are safe thanks to Microsoft’s recent additions to security in Windows, there are no guarantees.  Especially with older versions of Windows.  And doubly especially should you for some reason not be running your typical security suite including anti-virus software.

The worm is hiding in the flash memory itself, suggesting that a simple firmware update would not actually clean the infected mobos.  Also suggesting that disabling autorun or otherwise preventing this “drive” from mounting would protect anyone with an infected part.

No other Dell motherboards are infected, including Dell’s production stock.  Only their replacement service parts were infected.  No non-Windows operating systems are vulnerable, so you *nix users are completely safe, as usual.  And, of course, the infected mobos are now pulled from their supply chain.

Dell blames “human error” of course.  (As if it could be anything else?)  They are giving no explanations, and they’re mostly on the hush-hush about it all, only phoning affected customers.  No letters.  No official webpage detailing the risk and its mitigation.  Loverly.

Fortunately it’s an old worm, and protection against it is pretty much a given these days.  You’d really have to be trying or completely oblivious to get infected with that one.

As bad as that is however, that’s not all.  As research into it revealed some documents unsealed after a lawsuit with Dell over allegedly known problems with its OptiPlex boxes, 11.8 million of them, shipped between May of 2003 and July of 2005.  An internal review by none other than Dell itself had discovered that 97 percent of these boxes would fail in less than three years because of faulty capacitors from Nichicon.  (Bad caps again?  Really?!)

Dell further compounded the OptiPlex problem by replacing the motherboards with the bad caps with, yes, you guessed it, the very same line of motherboards with the very same leaking capacitors, almost guaranteed to fail.

That’s actually kind of expected, all considered.  There was a really bad stretch of faulty capacitors, rumor has it due to industrial espionage stealing an incomplete formula and selling it to a large number of manufacturers.  And of course one tends to replace parts with the same parts.

No, what made this one especially litigious was that, according to the New York Times, Dell not only knew of the problem and refused to toss their stock of faulty mobos, but they even told their own employees, “Don’t bring this to customer’s attention proactively,” and, “Emphasize uncertainty.“  The official Dell word on the bad mobos even went so far as to state to lawyers, “We need to avoid all language indicating the boards were bad or had ‘issues’.”

Ouch!

All this from the darling Dell.

Is it any wonder why I choose to build my own PCs with my own selection of parts then?

Today marks the end of Microsoft’s support for Windows XP SP2.  It’s a sad day, though we are reminded that support for Win XP SP3 does continue.

But for those of you who are still working on your migration to Microsoft’s latest darling, Windows 7, you just got a little more breathing room.

As was previously declared, your right to downgrade your shiny new Windows 7 box down to Windows XP Professional would end in 18 months from the Windows 7 launch, or until the release of the first service pack for Windows 7, whichever came sooner.  This put it at the date of October 22, 2010.  In other words, in a couple of months.  And right on track, the first beta of Windows 7 SP1 is heading out as we speak, regardless of how generally useless as it is to most people because it contains no new features, just the same security updates Windows 7 users already have.  But the death knell for Windows XP was ringing.

In typical Microsoft leniency towards Win XP however, they’ve decided to listen to customers, and delay that order.  OEMs were afraid that a date-based limit on when boxes could be shipped with downgrades to Windows XP Professional would be confusing to users, since so many people were still demanding them.  (For migration purposes, of course.)  And yet again, Microsoft listened, breathing yet more life in the the operating system that wouldn’t die.

Yes, that’s right.  In fact, according to the blog, there seems to be no new deadline for Windows XP.  Though we are reminded in a round-about way that again the official support for Win XP SP2 ends today on July 13th, 2010, and Win XP SP3 support ends in of April 2014.