Friday, June 25, 2010

New Antivirus

The past two months have been pretty hectic for me, compounded by a large dose of bad luck. I think it started with the plumbing problems we had, and then my computer got hit twice, after which my cellular phone decided there's really no need for me to send or receive SMS messages, several kitchen appliances stopped working at the least convenient timing, our leased car started warning about an imminent brake fault, several light bulbs burned out, our water cooler/heater/purifier/dispenser combo stopped working, our kids caught a nasty stomach flu - one after the other, my wife was hit by a toothache and an even more painful filling treatment, and I suspect we haven't seen the end of it, yet.

So, when NOD32, the anti-virus software that's running on my wife's box, started complaining that its update subscription is about to expire, I wasn't pissed off, I was just too tired.

I've decided to ditch NOD32 in favor of a free alternative - Microsoft's Security Essentials. While it seems that NOD32 is ranked better by AV-Comparatives, I've developed my doubts about the ranking methodology in general and NOD32's rank in particular.

At least in one case, NOD32 missed an obvious worm (a file with an .exe extension that's auto-run from an autorun.inf file), that found its way to my wife's USB flash drive (and which was detected by ClamAV on my Debian box - one product that is not even considered by AV-Comparatives).

Furthermore, Microsoft's Security Essentials detected another worm, right there on the laptop's C drive root folder, during the first quick scan that's run as part of the installation process.

MSSE also flagged UltraVNC as a potential (medium-risk) malware, but it was easy to convince MSSE to permanently ignore it.

It seems that file scanning in MSSE is much slower than in NOD32. Other than that it seems to be doing a decent job - it updates regularly, doesn't seem to slow Windows more than NOD32, and it has already managed to protect the laptop from catching one of the Conficker strains that resided on an infected USB drive, that my wife got from a work colleague.

Well, that's all for now - I'm off to hang a Hamsa on our door.

Friday, June 11, 2010

Icedove 3 Trouble

I've avoided upgrading Icedove to version 3 for a while due to trouble with enigmail (see Debian bug #562714). But after this was sorted out I decided to upgrade.

The upgrade brought with it a host of problems, which made the switch pretty annoying.

For starters, during the first run after the upgrade, Icedove transfered all its files to a new ~/.icedove directory. Good thing that I was alert enough to notice this, so I modified the list of directories I cherry pick for backup. But that was my only lucky break.

The new Icedove insists on asking me for a master password whenever it starts. It never used to do this. At first I thought this problem was related to the issue described in this Mozilla KB article, where Thunderbird prompts the user for a master passowrd even if none was set. But I do have a master password set, and it seems that this is simply a new feature. I could of course reset the master password, but then I'd have to retype all my other passwords. Tough choice.

The new Icedove also decided that it should sync all the folders in all of my IMAP accounts. I think I was asked about this during the upgrade, but I don't remember what option I selected at the time. I had to go to File->Offline->Download/Sync Now->Select... and un-mark every folder except Inbox and Sent (which I do want to sync) in each of the 5 IMAP account that I have.

And then there's this new message indexing feature. It's on by default, and it brought my poor headless laptop to its knees. The machine was busy indexing for a very long while, generating huge files on disk, and then re-indexing on every new email message that arrived. The huge index files also slow down the nightly backups and take up a lot of space, since they get modified every time Icedove is launched.

I decided to disable the indexing feature. Go to Edit->Preferences->Advanced->General->Advanced Configuration, de-select "Enable Global Search and Indexer", click the close button and restart Icedove. I'll reconsider it when and if I replace my current box with a faster one.