Category Archives: software

Notes on the Future of Web Apps

This is the beginning of the second day at Carson’s Future of Web Apps conference in London. I was drawn by the excellent speaker line-up, including Kevin Rose from Digg, Werner Vogels who is the CTO at Amazon.com responsible for services including S3 and EC2 (web storage and on-demand virtual servers), Mike Arrington from TechCrunch, and PHP inventor Rasmus Lerdorf. There are also speakers from Adobe, Microsoft, Yahoo, Google, NetVibes and various other organizations flying under the Web 2.0 banner.

The first day was worthwhile but mixed. I am a little jaded I guess, having been to a number of these sorts of conferences. There is too much Web 2.0 tub-thumping, too many sales pitches, and not enough investigation of hard questions. In particular, I would like to hear more about business models. Cool free apps are great, but sustainability is important too.

I was disappointed by Werner Vogels’ talk yesterday. A shame, since I remain impressed by what Amazon is doing. He gave pretty much a repeat of what we already know about S3, EC2 and Mechanical Turk. Having heard Jeff Barr present the same stuff on two other occasions (including this same conference last year), I was hoping for more. How is S3 coping when stressed, is performance holding up, what have been the pressure points? Is the pricing sustainable (I think it is too cheap)? Why is there still no SLA? What are the main feature requests from users, and how will they be addressed?

I don’t mean to pick on Vogels; some of the same criticisms apply to other speakers.

Fortunately there is good stuff here as well. The second part of Rose’s talk on Digg was interesting and I plan to cover this separately. Bradley Horowitz from Yahoo gave a though-provoking talk on automatic content filtering, detecting “interesting” Flickr images, and distinguishing between synonyms like Jaguar (car) and Jaguar (animal) in user-generated content. I enjoyed the brief talk from ThinkFree on its online Office suite, though TJ Kang mystified me by being seemingly unconcerned about the business aspect. ThinkFree has an online Microsoft Office viewer which looks useful – upload your .doc or .xls, have users view it in HTML.

There is a small exhibition here with stands from Google, Yahoo, Microsoft, Adobe and others. Adobe has a neat Apollo app on show, a desktop application which uses the EBay web service API to give you full access to EBay without having to visit the site. I’ve asked for a screenshot as this type of application will be increasingly common in future. Of course it could just as easily be written in Microsoft’s WPF, but without the cross-platform compatibility.

A couple of notes on Microsoft, a newcomer to this conference and showing off the Expression range of design tools. First, I noticed that several ex-Macromedia folk are now working for Microsoft, including Andrew Shorten who presented Flex here last year. Shake-out from the Adobe merge, but good for Microsoft in my view. Second, the first release of WPF/E will be soon, but without C# and CLR support; this will follow in the second release. Interesting, especially since Flash 9 already has a JIT compiler for its JavaScript implementation. However the plan is that there won’t be a long wait for the updated WPF/E – less than a year, I was told.

Microsoft is giving away free copies of Expression Web Designer. It is actually a decent product, but what do you do when everyone (at a conference like this) is using Dreamweaver?

Oh yes, and Java? Hardly mentioned here (though ThinkFree uses it, so does Flex server-side of course).

Microsoft Soapbox uses Flash

Took a quick look at Microsoft Soapbox which seems to be a me-too version of YouTube.

The first thing I noticed was the absence of any content I wanted to view, whereas YouTube is really dangerous if you want to avoid distraction. That will change if the service is popular; but I’m not clear why someone would use Microsoft’s service instead of YouTube which gets the traffic.

The second thing I noticed is that Microsoft is using Flash for these videos, as does YouTube. I gave it a cross-platform test, and was able to use the site on the Mac with Safari and on Linux with FireFox, so kudos to Microsoft for that. I’m puzzled though, because the system requirements state Windows Media Player 9 as well as Flash 8, and Windows Media Player 9 isn’t available for Linux. Nevertheless, it works.

That said, I’m surprised that Microsoft isn’t using SoapBox to show off WPF/E. I appreciate that this is still in beta, but then so is Soapbox. Does Microsoft not intend to use its cross-platform, video-capable solution for its own site? Or will it transition in future?

 

Technorati tags: , , ,

How secure is Windows Vista?

Tech journalists have a tough job. They are meant to take the vast complexity of things like computers and operating systems and translate them into terms that ordinary people can understand.

Of course there is never a one-to-one mapping between the complex and the simple. The simplified explanation is a compromise.

So let’s look at the question: how secure is Windows Vista? Unfortunately the question is not amenable to a simple answer. Perhaps the best you can do is to try and explain the issues, the ways in which it is more secure than earlier versions of Windows, the ways in which it remains insecure.

Now read this piece on weaknesses in Vista’s UAC (User Account Control). Looks bad, right? About some insightful researcher who “found out — from Microsoft officials — that the default no-admin setting isn’t even a security mechanism anymore.”

This is a misunderstanding of a typically balanced and well-reasoned piece by Microsoft’s Mark Russinovich on UAC in Vista. At least the link is there in the ZDNet article, so you can read it for yourself.

Apparently, “In an e-mail interview, the Polish malware researcher said she was “pissed off” by what she perceived as Russinovich’s flippant attitude to the potential risk.”

Frankly, I defy anyone to read and understand Russinovich’s article and call it “flippant”. He explains how the mechanism works, he explains why it works as it does, acknowledges areas of compromise, and shows how to achieve higher security if you want it:

Without the convenience of elevations most of us would continue to run the way we have on previous versions of Windows: with administrative rights all the time. Protected Mode IE and PsExec’s -l option simply take advantage of ILs to create a sandbox around malware that gets past other security defenses. The elevation and Protected Mode IE sandboxes might have potential avenues of attack , but they’re better than no sandbox at all. If you value security over any convenience you can, of course, leverage the security boundary of separate user accounts by running as standard user all the time and switching to dedicated accounts for unsafe browsing and administrative activities.

He’s right. And personally I think ZDNet is giving too much weight to the strident researcher who calls Vista security “a big joke“, while doing too little to examine the real issues which Russinovich explains.

Of course that doesn’t prevent Slashdot and others picking up the story and presuming, because that’s what they want to believe, that Vista security is shot to bits.

It’s not. It is a real advance on XP, not least because of the point Russinovich highlights:

Why did Windows Vista go to the trouble of introducing elevations and ILs? To get us to a world where everyone runs as standard user by default and all software is written with that assumption.

Update

This story gets more curious the more you investigate. The gist of this researcher’s original complaint was that Vista forced her to run setup and installer applications with local admin rights:

That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing e.g. to load kernel drivers!

It’s a fair point, though problematic on examination. Installing applications is an administrative task. Still, it’s correct that many installers do not need full admin rights, so the system could be more granular. Fortunately Vista covers this. You can disable the automatic elevation of setup applications in local security policy. In fact, enterprise rollouts have this disabled by default. The researcher is actually aware of this, but says:

Even though it’s possible to disable heuristics-based installer detection via local policy settings, that doesn’t seem to work for those installer executables which have embedded manifest saying that they should be run as administrator. I see the above limitation as a very severe hole in the design of UAC.

Now she’s lost me. The complaint has shifted – there is no problem running setup applications with less than full admin rights, but if the developer specifies with a manifest that full admin rights are required, then Vista automatically prompts for elevation. This of course is working as designed. If you downloaded a “freeware Tetris game” and discovered a manifest insisting on full admin rights, you would likely be wary in any case.

So where is the “very severe hole in the design of UAC”? There is a “severe hole” here, but it is not in the design of UAC. The core problem is that users may try to install malware. They are browsing the web, and perhaps come across a flashing advertisement that says their PC has spyware, but this utility will fix it. They download it. They pass a dialog warning that the file is from the internet and might not be safe. They pass a dialog requesting elevation. At this point, only anti-virus software or something like Windows Defender might save them. How do you fix this, without taking away the user’s right to do what they want with the computer they own?

That said, there is a weakness in UAC in the potential of non-elevated processes to interfere with elevated processed. Mark Russinovich covers this well in his post referenced above. Bottom line is that it’s still best not to run with full admin rights, even with UAC enabled. The long-term purpose of UAC is to get Windows across the hump of legacy applications to a point where local admin rights for day-to-day use are unnecessary.

Technorati tags: , ,

CodeGear (Borland) to support PHP tools

New is drifting out concerning CodeGear’s plans to evolve its development tools. Here’s a snippet from Michael Swindell, CodeGear’s VP of products, writing in the Delphi non-technical newsgroup:

Dynamic languages such as PHP and Ruby new areas where we will be going. Some products will be more in the RAD camp, aligned with Delphi and VCL, and others will be more in the Open Source/Eclipse/Enterprise world. As a developer focused company we cannot be just the Object Pascal, C++, Java development company… there is way too much happening in the world of programming and languages and frameworks for us to stand still.

All a bit vague, but I do get the impression of renewed energy at CodeGear now that it is somewhat independent of its parent company, Borland. There are also mutters about Ruby and about another take on Kylix, Delphi for Linux.

Is PHP a good bet? Possibly, insofar as PHP is hugely popular but not particularly well supported by development tools. Personally I’d rather work in ASP.NET or Java; yet I have huge admiration for WordPress, to mention just one PHP-based application. As ever, CodeGear will be up against strong free tools, not least the existing Eclipse PHP Development Tool.

Cast your mind back 12 years, if you have been around that long. Borland’s Delphi 1.0, released in 1995, was worth paying for, in fact a fantastic bargain, because it cracked the problem of combining visual RAD productivity and fast native compiled code. What could have a similar impact today, when Microsoft has Windows development wrapped up, and Java has a surfeit of high quality free tools? I don’t find it easy to see.

Technorati tags: , , , , ,

Why Outlook 2007 is slow: Microsoft’s official answer

A knowledgebase article published last week acknowledges performance problems with Outlook 2007, though it says these only occur with mailboxes larger than 2GB:

You may experience one or more of the following performance problems when you are working with items in a large Personal Folder file (.pst) or in a large Offline Folder file (.ost) in Microsoft Office Outlook 2007 … Note When you perform the same operations on the large .pst or .ost file in earlier versions of Outlook, the same performance problems do not occur. These problems may occur if the .pst or .ost file is larger than 2 GB. Additionally, the performance problems are more pronounced when the .pst or .ost file is larger than 4 GB.

I think this is optimistic and that smaller mailboxes are slower too; nevertheless, it does confirm that that the size of the local store is the key issue.

If you use Exchange, the local store is the .PST or .OST file on your workstation or laptop. If you do not use Exchange, a local .PST store is all you have.

Here’s what Microsoft says is the reason:

To accommodate new features, Outlook 2007 introduced a new data structure for .pst and .ost files. In this new data structure, the frequency of writing data to the hard disk increases as the number of items in the .pst or .ost files increases.

Intriguing, especially as I had thought the .pst format was the same in Outlook 2003 and 2007. The big change was from Outlook 2000 to Outlook 2003, when Unicode was introduced and the maximum size increased to 20GB.

I’d also like to know whether Microsoft is just stating the obvious here (bigger file, more disk access); or whether there is some exponential increase in disk writes, suggesting a design fault in the software. I have already noticed that if you show the I/O columns in Task Manager’s performance tab, Outlook 2007 shows some extraordinarily large numbers.

So what’s the fix? The news is not too good. In essence, you have to reduce the size of the local store. You can archive or move items to separate .pst files, or switch off cached mode so you always work online to Exchange.

The article doesn’t say it, but there are significant problems with switching off cached mode. These include hugely increased network traffic, problems with junk mail filtering, and loss of all your mail when using a laptop disconnected from the network.

The most imaginative suggestion is to filter the sychronization. For example, you could filter out messagse with large attachments, or all messages from last year or earlier. These messages will still exist in Exchange, but not in the local store.

Worth a try, but none of the workarounds is really satisfactory. Outlook 2003 worked fine with large mailboxes, Outlook 2007 does not. That’s a blunder.

 

Vista – worth having?

Now that Vista is on the shelves, people are asking: is it worth having?

I’ve been testing it for a while now, using it for most of my work and as a media center.

If there is a “Wow” in Vista, it is in the Windows Presentation Foundation, not the core operating system. And WPF is available for XP as well; and there aren’t yet many applications which use it. So forget the wow for now.

That said, it is mostly an improvement. Why mostly? Mainly because of driver quality. For example, I’ve been chasing an Intel display driver bug for a couple of weeks. It made certain games unplayable and also caused problems when more than one display was active. Last week Intel posted an update that fixes the problem. That’s on a laptop; on my desktop the sound card doesn’t work as it should – because Creative’s Vista drivers are still in beta and far from production quality. I get stuttering sound from a supposedly high-end X-Fi card.

These issues will gradually disappear as the hardware vendors properly support Vista. That said, I have a scanner that will probably never work. It’s old enough that the vendor has no incentive to come up with a driver.

The other major issue is software compatibility. Everything has to work with XP, but Vista is new and there may be problems. Most of these are caused by the new security feature called User Account Control. In reality I have not had many problems. If you have a few key applications you depend on, it makes sense to verify whether or not they run on Vista before making the switch.

Upgrade? Buy new?

Now a few specifics. Would I upgrade a laptop? No, not unless you enjoy techie problems or can get a supported upgrade pack from the vendor. Laptops are stuffed with devices, updating the hardware is near-impossible, and things like sleep and resume are prone to go wrong.

Would I upgrade a desktop? Possibly, if it is no more than a couple of years old. It’s still somewhat risky. I’d plan to upgrade the RAM to 1GB or more, update the motherboard BIOS, and buy a new graphics card. You might get away without; but my impression is that Vista is more demanding (ie. slower) on the same hardware than XP.

Would I buy a new compter – desktop or laptop – with Vista rather than XP? Yes, provided you’ve established that you can run or replace the applications you depend on and the hardware you intend to plug in. 

Vista is a better version of Windows, more logically organized, more pleasant to use, more secure. The best feature for usability is the search box on the start menu. No more hunting through the fly-out menus; just click Start, type the first few letters of what you want and hit Enter.

Security

How much more secure? Unfortunately the blizzard of hype and counter-hype has obscured the security changes in Vista. A substantial industry has been built on security weaknesses in Windows, and this industry is desperate to persuade us that we still need its services, while journalists everywhere are keen to find and publicise any security problems; and undoubtedly there are and will be problems to find.

The key change is that users by default run without local administrator permissions. This brings Windows into line with standard practice on other operating systems including Linux and Mac OS X. In consequence system files are protected unless the user passes a dialog approving a change. Some claim that these dialogs pop up frequently and are annoying. I can’t substantiate that – I don’t often see them, and when they do appear I don’t find them particularly objectionable though there are cases when I’m not sure why admin rights are needed.

Of course if a virus comes along in an email attachment and says, “I’m an important update from Microsoft, please run me”, and you click Allow, then Vista isn’t going to help you.

Another less publicized change is Internet Explorer’s Protected mode, again on by default. This means IE runs with even more limited rights, and should help to prevent silent installs of malicious software. Arguably, this makes IE more secure than FireFox on Vista. 

In reality, this is a process. The changes in Vista mean that software vendors might actually stop producing applications that breach basic Windows guidelines. A side-effect will be better separation of application code and data, which will help with backup as well as security. It will make sense to set Vista to a higher level of security, where you have to enter an admin password to make system changes, and the intrusive dialogs will appear less often.

 

Technorati tags: , , , ,

Help! I’ve been sent an ODT file

The document format wars are upon us. I know this, because I got a tech query from someone at another desk. She couldn’t open the attachment she’d been sent. The file had an .odt extension. Someone had saved a document from Open Office using its defaults, and emailed it, probably without realising that this could cause problems for the recipient.

ODT is Open Document Text, the XML document format supported by Open Office and heavily promoted by IBM, Sun and everyone not in the Microsoft camp. The solution? There are converters around, some of which don’t work properly, but the easy answer is to go along to openoffice.org and download the free Open Office suite. In Windows, this sets up the requisite file association so you can double-click an .odt document and it opens. Once open, you can edit it in Open Office or use the clipboard to copy the contents into Word or other applications.

Installing Open Office is painless. The main caveat is that you might want to stop the thing loading itself at startup. Otherwise you’ll find a process called soffice.bin occupying large amounts of memory even when you are not using it. Right-click the OpenOffice icon in the system tray, uncheck “Load OpenOffice.org during system startup”, then choose Exit Quickstarter. Next time you restart, you should not be troubled by soffice.exe or soffice.bin until you actually want to use Open Office. Of course you might prefer Open Office to Microsoft Office. In that case, by all means leave the quickstarter in place.

What’s interesting here is how effective document format frustrations are in persuading, almost forcing users to install new software. Those who follow the above advice now have two office suites on their system. If they find themselves receiving lots of .odt files, or get many requests for documents in that format, they might switch, just to make it easier to get their work done.

What about the other scenario, where users receive .docx attachments? This is Microsoft’s Open Office XML, and is the default save format in Word 2007. It’s not too bad for existing Office users; they just download an add-in from Microsoft which, unlike the ODT converter, works smoothly in my experience. Only those with Office 97 or earlier will run into problems. It’s not so good for those who do not currently use Office, or for Mac users, though free utilities like this Mac example are turning up. Note that whereas Open Office is a complete solution for .odt, most converters have shortcomings and tend to lose some of the formatting or content of the original.

The key difference here is easily stated. Users who need to deal with .odt files will install Open Office. Users who need to deal with .docx files will be more inclined to get a converter – because buying Office 2007 is expensive, or not available at all for those who do not run Windows. In other words, the document format wars will increase the installed base of Open Office, but this will be less true of Microsoft Office.

Personally I prefer Microsoft Office, though in fairness it’s a year or so since I took a careful look at Open Office. On the other hand, Open Office is free and pretty good. Many users of word processors and spreadsheets don’t stress the products at all; where this is the case, it is hard to see how Microsoft Office is worth the extra cost. That said, most people use Microsoft Office anyway, simply because it is the de facto standard. That position is now being eroded.

Steve Jobs on DRM: sense and nonsense

Kudos – mostly – to Steve Jobs for his remarks on Apple and DRM. I like his closing comments:

Convincing [big music companies] to license their music to Apple and others DRM-free will create a truly interoperable music marketplace.  Apple will embrace this wholeheartedly.

Yes please. But while I applaud these remarks, I have to note some curious logic in the rest of his defence of Apple’s DRM policy. Remember, the essence of the complaint against Apple is that it will neither license its FairPlay DRM to others, nor support other DRM schemes in its iTunes store. The consequence is that iTunes customers are locked to Apple’s software, and for portable devices, largely to its hardware as well.

Jobs says Apple doesn’t license FairPlay because it could compromise its “secrets”:

The most serious problem is that licensing a DRM involves disclosing some of its secrets to many people in many companies, and history tells us that inevitably these secrets will leak.

However, Jobs has already stated that such secrets often get cracked anyway. The intransigent problem is that the keys reside on the user’s own machine:

In other words, even if one uses the most sophisticated cryptographic locks to protect the actual music, one must still “hide” the keys which unlock the music on the user’s computer or portable music player.

This is a greater impediment to FairPlay’s security than licensing it would be. Further, any iTunes purchase can be burned to CD and ripped to unprotected files, albeit with loss of quality if you choose a compressed format. I also note that DVD Jon (as far as I’m aware) achieved his success at cracking DRM by reverse engineering, not industrial espionage.

So this statement makes no sense:

Apple has concluded that if it licenses FairPlay to others, it can no longer guarantee to protect the music it licenses from the big four music companies.

Apple has actually concluded that it can’t “guarantee to protect the music” anyway, irrespective of whether it licenses FairPlay.

Further quibbles: Jobs sees a “a very competitive market”, where others see Apple’s unhealthy dominance, particularly in portable music players.

Another. Jobs says:

Since 97% of the music on the average iPod was not purchased from the iTunes store, iPod users are clearly not locked into the iTunes store to acquire their music.

No Mr Jobs, they are not locked into the iTunes store (yet). They are locked into the iPod to play this music back. Well, subject to the caveats already discussed. And what about iTunes exclusives?

Finally, Jobs notes that “The music companies sell the vast majority of their music DRM-free”, referring to the continuining importance of CD sales, which greatly exceed online sales.

Yet CD sales are declining and will continue to do so. We are having this discussion because we know that those figures will swing, probably quite fast, and that online or subscription sales will dominate the music business.

Users would love to see more legal, DRM-free downloads. In the meantime, Apple’s refusal to interoperate its DRM with others remains anti-competitive.

Technorati tags: , , ,

Open Document to Office Open XML converter: not good

The first full release of the Open XML to Open Document Format translator is available for download. Great news for interoperability – or is it?

I like to try things out before writing about them, so here’s what I did. I downloaded the Word 2007 add-in and ran the setup. Then I opened Word, and opened the document I was working on, which happens to be called Using DigiKam.docx. This is just under 800 words long and contains no graphics. I went to Home – Save As, and looked for Open Document in the list of document types. No deal. Puzzled, I looked again at the Home menu in Word 2007. Ah, there it is. A separate top-level entry for ODF with Open and Save As menu items. Not ideal in terms of integration, but never mind.

Note: there is an important issue here. Imagine you are an organization that has decided to mandate ODF for your documents, but to continue using Microsoft Office. What you want to do is to fiddle with Group Policy and have Word default to opening and saving ODT (Open Document Text). As far as I can tell, this is not possible with this version 1.0 release. In fact it is worse than that. If you have a new document, and choose ODF – Save As, you get the following error:

Please save your document before exporting to ODF. So instead of just clicking Save, users have to save twice, first as .docx, next as ODT. Ugly. It gets worse, read on.

OK, so I decided to save my current document as ODF. A wait message appeared: it took the converter about 30 seconds to save the document. I don’t like to think what would happen to a 10,000 word report full of charts and tables.

Next, I closed the document, went to ODF – Open, and chose the document I just saved. Another 30 seconds later I get this message about lost elements:

If I go into details, it tells me that the header dimensions and document creation and modification dates might have been lost. Fair enough, nothing drastic – unless perhaps I am laying out a booklet for publication. Of course you would be mad to use a document converter like this in such circumstances – but let’s not forget the implications of potential inflexible government legislation that might mandate such a thing.

I notice a curious thing. My opened document has been renamed to Using DigiKam_tmp.docx. Let me get my head round this. Let’s say I want always to save in ODF. I have to save as .docx, then export to ODF. Then I open the ODF document, which now has _tmp appended. I make some changes, and want to export it as ODF. I get, you guessed it, the “Please save before exporting” message. So I click save, and get a view of all my temporary documents, because the converter puts the imported document in my temp folder. If I try to save it directly, I get a “this file is read-only” error. So I save it to My Documents, then I go to ODF – Save As. Next session, I go to ODF – Open and guess what. My file is now called Using DigiKam_tmp_tmp.docx.

So the message is: don’t even think about using this converter as a means of standardising on Open Document while still using Word. It will cause immense and unnecessary hassle. However, it could still be useful for importing and exporting documents interchanged with others using, say, Open Office.

Not the same

That said, I noticed something else about my round-tripped document. It was different. In Word, I have my Normal style set with no space before or after. After round-tripping, these paragraphs had 10pt space after applied.

It gets worse. The converter lost all my paragraph styles – not the formatting, but the style tagging. This is a deal-breaker for me, as I depend on paragraph styles; but I am probably in a minority. Still, it prompted me to look at the list of unsupported features. Casting my eye down the page I came across this item:

In Open XML in real spacing between two consecutive paragraphs is the biger [stet]. For example first paragraph style has spacing after 10pt and second has spacing before 20pt the real spacing is 20pt. In Open Document Format real spacing is sum. In our example the real spacing is 30pt.

Is that my spacing problem? It could be related; but this is not what I would call a model of clarity. Let’s just say that the ODF converter will mess up your paragraph spacing.

Question: why was I warned that I might lose “header dimensions”, but these more significant issues – no paragraph styles, messed up spacing – went unmentioned?

Not professional quality

I realise that despite the flaws this converter could be a life-saver if you get a document that would otherwise be unreadable, or if you are forced by regulation to send a document in ODF format. However it does not merit Microsoft’s effusive press release, nor Brian Jones enthusiatic blog entry. It falls far short of the standards set by Microsoft Office. Perhaps I am judging too swiftly; but you will understand my scepticism considering the design flaws noted above, the extreme performance problems, and the fact that it somewhat messed up my short document without any graphics.

Practical considerations

In closing, some practical notes. If you really want to work with Open Document, don’t use Microsoft Office. If you want to use Microsoft Office, don’t use the converter except in an emergency, not in this release at least. For Word documents, RTF is the least bad option and macro-free; or failing that, the Office binary formats are actually well understood by third-party applications.

What if you use an application that supports Open Document and want to distribute richly formatted documents to others? Well, in the real world Microsoft Office is everywhere, so the same applies: RTF or Microsoft Office binary formats will help the recipients to get their work done.

Update: I spoke to Microsoft’s Jean Paoli about a number of Office Open XML issues – see here for the interview. He acknowledged there are some issues but said that performance is usually better than I found it to be. I’m sceptical but will try to do some more testing.

Technorati tags: , , , , , , ,

Bloor on the failure of antivirus products

Robin Bloor has another pop at the antivirus industry in this Businessweek comment.

I agree with him. The failure of PC security is easy to prove. Most users have it, yet infections remain common. I am not saying that AV software is completely useless. No doubt it prevents some infections. However I am not convinced that it is worth its cost, which is threefold. First, there is the cost of the subscription. Second, there is the performance impact. Third, it’s not unusual for AV software to interfere with the normal running of your system, through false positives, conflicts, or disabling useful features. At worst, bugs in AV software have been known to make a computer less secure than it would be without it.

A further concern is that users may think they are fully protected by some supposed “security suite”, and therefore make bad decisions about what they download and execute from the web or from emails.

I am not suggesting that everyone removes their AV software. I do suggest that it is considered a last resort. If the malware gets so far that only the AV software catches it, something else is probably wrong.

 

Technorati tags: ,