Desktop Computer Software Archive

Desktop security moves from virus-hunting to more tasks according to Symantec

Article

“Antivirus is dead” says maker of Norton AntiVirus | PC World

Antivirus Is Dead — Long Live Antivirus | Krebs On Security

My Comments

What did anti-virus software do?

McAfee LiveSafe desktop security program

A typical desktop-security program in action

Previously, an anti-virus program was regularly vetting software against a known signature-based list of virus software or, in some cases, Trojan-Horse software. Better programs of this class also implemented “heuristics-based” detection that observed software behaviour for known virus-like characteristics.

The software authors beihind the anti-virus programs were playing cat-and-mouse with the malware authors who are trying to get their rotten software on to our computers. For example, malware authors use “crypting” services to hide their software from the gateway software, typically through the use of obfuscation.

What have the anti-virus software programs evolved to?

These have evolved to robust “desktop security” software suites that perform many different security functions for the computers they are protecting.

Firstly they work with your email client software to vet your incoming email for spam and phishing emails. This will typically work with client-based email setups like Outlook, Apple Mail, Windows Live Mail and others rather than Webmail setups like GMail or Hotmail.

As well, they implement a desktop firewall that  verifies traffic coming to and from the Internet and home network so that malware can’t easily “report to sender” to fulfill its task.

They also implement a wider malware-checking mandate such as catching out rootkits, adware and spyware. Sometimes this is done on a “software reputation” mechanism or observing for particular behaviour traits.

Another function is to implement a “reputation check” for the websites that you visit. This checks whether a Website is a host for questionable software or implementing other questionable practices. This may also be included with a desktop content-filtering function which filters against pornography, hatred and other undesireable content.

They also work as a privacy watchdog by monitoring Websites or social-media services for improper activity that threatens your privacy or that of your child or other vulnerable person.

But, wait, there’s more!

Some of these programs offer extra functionality in the form of a password vault which looks after the passwords for the Websites and other resources you visit.

They may offer a client-server VPN so you can use the Web from other networks like your friends’ and relatives homes or public networks in a secure manner. Similarly, they offer a secure file-storage option, whether on the cloud or on your local machine.

Different levels of functionality available

Most desktop security suites pitched at the home or small-business user tend to be sold with client-focused manageability where you set their parameters to manage that particular client computer. If you have multiple computers, you have to manually replicate that same setup across those computers. As well, they are priced either “per machine” or in a licence-pack that covers up to five or, in some cases, ten machines. You may be lucky to have the software provided as a site-licence that covers equipment owned by a particular household.

Conversely, desktop-security software that is targeted at the big business or at some small businesses is set up for management of multiple machines from one logical point. This includes the ability to deploy the same software across multiple machines yet have the same standards preserved across the multiple machines. They are typically priced in licence-packs that encompass many machines or may also offer a site-licence deal which covers all equipment kept at a particular location or by a particular organisation.

Send to Kindle

Password-vault software can work well but needs to go further

As I was reviewing the Fujitsu Lifebook SH771 business ultraportable computer lately, I had a chance to use the Fujitsu-supplied Softex Omnipass password vault that came with this computer. It worked with the Fujitsu laptop’s fingerprint reader to permit a “login-with-fingerprint” experience for the sites I regularly visit. For example, I was simply logging in to Facebook, this site’s admin panel, LinkedIn, ProBlogger forum and the like simply by swiping my finger acrss that laptop’s fingerprint sensor.

What is a password-vault program

A password-vault program stores the passwords you need for various applications and online services in an encrypted local file which I would describe as a “keyring file” and inserts the correct usernames and passwords in to the login forms for the applications and Web sites. You can only get to this password list if you log in using a master password or similar credentials.

This works well with a security-preferred arrangement where you create separate passwords for each online service that you use and avoid using single-sign-on options of the kind that Facebook and Google offer with other sites. Some of these programs work with varying authentication setups such as a fingerprint reader or a smart card. They can even support two-factor authentication arrangements like using your fingerprint or a Trusted Platform Module token as well as you keying in your master password  for a high-security operating environment.

Some of these programs also have a password-generation module so that you can insert a random high-security password string in to the “New Password” and “Confirm New Password” fields of a password-change form.

The login experience with these programs

When a password-vault program is running, it works with the browser or some applications to detect login screens. Then, you can set them to capture your user credentials from the login screen, typically by invoking a “Remember Password” function.

Then, when you subsequently log in to the Website, you authenticate yourself to the password vault with your Master Password, fingerprint or whatever you set up and the program logs you in to that site with the correct username and password for that site. Some programs may require you to authenticate when you log in to the computer or start the Web browser and persist the authentication while you are browsing the Web.

You can have a situation where the behaviour of these programs can be very inconsistent with capturing or supplying passwords. For example, it can happen with single-sign-on user experiences, admin-level / user-level setups or some newspaper paywalls that show the extra information after you log in. The same situation can occur with applications that the password-vault program doesn’t understand like some content-creation tools that allow uploading of content to a Website.

When can they be handy

The password-vault program can be handy if you maintain many different passwords for many different applications and Web sites; and you want to log in to them without trying to recall different passwords for different sites.

They also come in to their own if you are using a computer setup that uses advanced authentication setups like like most business laptops and you want to exploit these features.

What needs to be done

An improved user experience for these programs could be provided in a few ways. For example, there could be a standard “hook” interface that allows a password vault to link with the login experience without it looking for “username-password” forms when catching or supplying user credentials. This can deal with the way paywall setups expose the full article on the same screen after you log in; or other difficult login environments. Similarly, the standard API could also work with desktop applications that require the user credentials.

Similarly, there could be support for a standard file format and public-key / public-key encryption setup to allow a “keyring” file to be used with different password-vault programs. This could also cater for transporting authentication parameters between the two different programs; and could allow the “keyring” to be used on different computers. It is more so if you offload the “keyring” file to a USB memory key that is on the same physical keyring as your house keys for example.

Conclusion

I would like to see further innovation occurring with “password-vault” programs, whether as third-party software or as part of an operating system, browser or desktop-security program. This is to encourage us to keep our computing and online experience very secure as it should be.

Send to Kindle

What do media-playout programs need

I have noticed a gap concerning computer-based audio-visual setups especially as far as small business and non-profit organisations are concerned. It is to supply computer software affordable to these organisations that can manage audio and video playout duties that is a key part of their public-facing activities.

The current situation

Some of these organisations may push PowerPoint or similar programs to this task but they don’t really do the job well when it just comes to playing out video content. Typically, with most common presentation software, you have to embed the video file into the presentation on its own slide, in the case of Microsoft Powerpoint; or create a “virtual slide” for the video content in the case of EasiiSlides, a song-lyrics / text-display program that the churches love. This works well for short video clips that are held as files but may not do so for full-length content. These programs don’t even provide proper access to content held on DVDs or Blu-Ray Discs, which is still considered a cost-effective idiot-proof way of distributing video content.

On the other hand, programs like Windows Media Player and VLC exhibit their control surface on to the projection screen or require a very awkward kludge to permit proper dual-screen playback.

What is needed

Proper dual-screen operation

One issue I have noticed is that affordable laptops don’t readily provide separate and individual access to screen and sound outputs, including the integrated screen. Typically this kind of setup, if it works, tends to yield more problems than it is worth. This can be of concern if one of the screens is a different resolution or aspect ratio to the other, such as an economy data projector hooked up to a recent-issue laptop computer.

Audience screen vs operator screen

The goal behind these separately-addressable audio and video outputs is to create at least two separate views for the content – a “front-of-house” view which the audience sees and an “operator” or “control” view which the operator or presenter sees.

The audience feed would only show the video and audio that is related to the currently-playing content while the operator feed provides the video / audio content, content-runtime information, and any prompts and messages that the operator needs to know.

Some setups such as larger churches may necessitate a third feed for the presenter, with access to content timing as well as the content itself. Here, an operator can still control the flow of the presentation without the presenter “crooking his neck” to see the screen.

Universality with common video formats

This setup should be applicable for the consumer-optical-disc formats (DVD, Blu-Ray) as well as file or stream-delivered content. The latter situation should cater for content held on network resources as well as on local resources.

The solution offered by the presentation software typically doesn’t allow for playback off a DVD or Blu-Ray disc and a lot of users either connect a regular DVD player to the projector or mess around with DVD-playback programs to play out DVD content.

Cue mode

The dual-screen setup could allow for “cue” operation. This is where  the operator views content on the operator screen in order to preview or “cue-up” that material. Then, when it is time to show the content,  the operator then redirects it to the “front-of-house” screen and speakers.

Playlist and controlled-playback support

These should support stored playlists or active queue lists especially if they are to be used to play shorter content like music videos, video lyrics or “shorts”. Here, this could be augmented with support for “stop” entries which cause the equipment to stop playback when these files are reached.

The “stop” entries could work in a similar way to what I have noticed with some consumer MiniDisc decks where these units could be placed in to “auto-pause” where they wait at the start of the next item after they play the current item. This made these units, especially the Sony MDS-JE520, earn their keep as cost-effective audio-playout machines for community radio, churches (as I have seen), theatre groups and the like.

The playlist functionality could also support slideshows of still pictures with or without sound. This could include support for sound peculiar to each slide with or without a background-music track that runs through the playlist in a similar vein to those “theatre slides” shown before a movie session at the cinema.

Conclusion

The media-playout function is another example of software and hardware product designers missing out on a user group, namely small-business and non-profit organisations, due to a perceived low value in that group. But it is a group that should be observed and catered for with the right-priced hardware and software.

Send to Kindle

Product Review–Brother VM-100 visitor management software

Introduction

I have seen the Brother VM-100 visitor-management software in action for myself when I visited Brother’s headquarters in Sydney for the interview that I did with Stephen Bennett and Heidi Webster last year. Now I have the chance to put this same software through its paces as an entry-level visitor management setup for that small office.

Price:

Software package: AUD$399

System kit with QL-570 printer: AUD$499

In some areas, the system kit with the label printer would be known as the VM-100VP whereas in other areas it would be known as the QL-570VP. This will be of importance when you want to track down the visitor management system as a full kit.

These also include a roll of thermal paper for the label printer as well as a starter-pack of 12 badge holders and clips.

The software works on the Windows desktop computing platform with an operating system from Windows XP onwards. This would cover most computers deployed in the small-business world over the last ten years.

Functions

Brother VM-100 visitor management system login screen

Login screen

The software is able to work as a receptionist-aided mode for the typical reception desk or as a self-check-in mode for conferences and trade events.The data in this software is password-protected and when administrators log in, they either can log in as a user with no administrator privileges available or as an administrator that only can work the higher-level functions.

It is also feasible to set inactive visitor data to be automatically purged after a certain time period ranging from a week to a year; which keeps with different individual-privacy and data-protection requirements.

The standard receptionist-aided mode allows the creation of a visitor badge and a parking permit, with the latter supporting a loosely-described vehicle for the parking permit. It also supports the creation of a “reserve list” which is populated with visitors who have been pre-registered and are intending to be checked in. This works well if you have the staff inform the receptionist of expected visitors, are handling large visitor groups or you want to use this software for managing an “invitation-only” event with the list full of RSVP’d invitees. Parents, take note here when it comes to managing that 16th birthday and you want to make sure that the party isn’t overrun by gatecrashers.

Brother VM-100 visitor management software receptionist screen

Receptionist's data-entry screen

The Brother VM-100 software has the ability to turn out an “emergency list” of visitors who are currently checked using the regular printer for whenever you need to reconcile whoever is in the building during emergency situations. As well, the data can be exported as CSV (comma-separated) text files for use with other programs. This same data form is also used to import potential hosts in to the “hosts” table. This supports hosts coming from different departments or organisations, thus able to work with larger multi-department organisations or buildings that have many tenants but one common reception desk.

Experience with the software

When you install the software, you have to restart the computer after the installation process is completed. Otherwise the program won’t work properly. As well, there are error messages that are simply “generic error” stub messages appearing if things go wrong through the installation.

Brother VM-100 visitor-management software self-checkin screen

Self-checkin screen for conference registration

The username and password setup allows suitably-privileged users to operate either as regular users or administratiors. The only limitation is that the password string only handles basic alphanumeric characters – it doesn’t allow the use of punctuation in the passwords, which could allow for stronger passwords.

The administrator user can choose various badge layouts for use as the standard layout for both the badge and the parking permit, but there isn’t the ability to custom-design a layout for one’s own needs.

The process of checking in and checking out visitors works incredibly smoothly and the user interface does a good job in making this easier for untrained operators. There is the support to take images of visitors as they are checked in using your computer’s webcam.

Default visitor label generated by Brother VM-100 visitor management software

Default visitor label

If you use the self-checkin setup, the check-in process is totally wizard-driven where your visitors work through two screens to sign in and obtain their conference pass or badge.

There is the ability to load visitor details for reserving or signing in and out from the “Reserved”, “Signed In” and “Signed Out” lists. As well, visitor data can be imported in to the system from such services as contact management systems.

Limitations and points of improvement

The parking permit function could support the ability to keep vehicle data in a separate table indexed by the vehicle’s number-plate (license plate) and containing make, model and colour data. This could improve the workflow process for creating parking permits for regular visitors’ vehicles.

There is the ability to sign in accompanying visitors, but the label printer will turn out a badge as you sign in the visitor. This can be OK for two or three people checking in at once but would be a problem if you had to do something like check in a busload of school students who are visiting as part of a field trip. In this case, the receptionist would have to “reserve” all of the group members, then select the group members from this list using either Shift+click (for contiguous entries) or Ctrl+click (for non-contiguous entries), then click “Sign in and print badge” to check the group in and turn out the badges.

This function could be improved by supporting a “group mode” which allows the receptionist to enter details for the group members, then click a “Sign group in” button when the last member is entered. Here, all the group is entered and the badge printer spits out the badges. As well, this could support the turning out of any parking permits in that same run so these are handed out to the drivers.

As well, I would like to see the program support the ability to work with ODBC-compliant databases or other database-hooks that are standards compliant. It could make such data collections as the host list work with data sources like human-resources databases.

Other points of improvement could also include the ability to allow the receptionist to choose the printer that they send the emergency report to rather than the default printer that is assigned for the system; and the ability to determine other visit reasons in the “Purpose of Visit” field.

These limitations and the lack of “polish” in the user interface may be typical for a version-1 (first release) program but I would like to see the program being improved continuously through its lifecycle rather than appear as a half-baked effort to work with Brother’s label printers.

Conclusion

As it stands, the Brother VM-100 visitor management system works as a capable entry-level visitor management setup for the typical small office, factory or warehouse. It may be stumped as far as integration with other back-end systems for growing organisations is concerned but, being a program in its early stages, it is something that would be expected.

Send to Kindle

Do we need to create “all-round” social-network clients for regular computers and tablets?

There have been debates about whether Facebook, Twitter or LinkedIn should develop official client-side applications for their applications when used on regular computers (desktops and laptops) or tablets like the iPad.

When I talk of a client-side application, I am thinking of an application that is written for and runs on the client device’s operating system and interacts with the Web-based social network service through known application-programming interfaces. This is in contrast to the Web-based interface that requires interaction through the client Web browser.

Of course, other people have developed client-side applications for these social networks either as an improvement for existing software projects or as their own projects themselves. These are usually considered third-party applications by the social-network provider and may not support all functions that are being baked in to the social network as it evolves.

The issue here

It may be easy to think that you don’t have to provide these client-side applications for desktop operating systems (Windows, MacOS and Linux) and tablet computers. This is because these devices can typically allow the user to competently navigate the Web-based user interface for the typical social-network service. It is compared to the smartphone having different user-interface needs that are drawn about by the use of a physically smaller screen on these devices.

Drawcards and Benefits

A major drawcard behind the social-network client application for larger-screen devices would be high integration with the device’s operating system and other applications. The benefits of this would be obvious, such as linking the “friends / followers / connections” databases held by the social-network services to local contacts databases maintained by your personal-information-management software or exhibiting of photos and videos from these services full-screen without the chrome associated with Web browser interaction.

Other benefits would include use of the operating system’s notification abilities to “pop up” messages related to these services such as direct messages or friend requests. Even the chat functionality that is part of services like Facebook would benefit from an “instant-messaging” user experience of the likes of Windows Live Messenger and Skype. This is an always-available presence list and application-created chat windows for each conversation. There is also the benefit of direct access to connected devices like printers or cameras.

Of course, there would be the computer-performance benefit of not needing to maintain a Web-browser session for each social-networking session. This is because the applications can be pared down to what is needed for the operating system; and can also be of benefit to those of us who use battery-operated devices like tablets or notebook computers.

For tablets, the user interface could be highly optimised for touch-based navigation and could make best use of the screen area of these devices. This is more so with this class of device being available in two major sizes – a 7” size for something that can stuff in your coat pocket or the larger 10” size. As well, it could include “right-sizing” the interface for the on-screen keyboard when the user needs to enter information to the service, such as through the log-on experience.

Drawbacks

The drawbacks to this will typically include another client application to develop and maintain for the service, which may cost further money for the service provider. It also includes evolving the application to newer versions of the operating system and incorporating the new features that are available through the operating system’s lifecycle.

As well, there will be the factor that the ad-supported Web interface may become more irrelevant and these applications may them limit access to the cash-cow that these services have to make money – users viewing those ads that are on that interface. This is because most users would be reluctant to load ad-supported software on their desktop computers due to system-performance and privacy issues that have been brought about by highly-intrusive adware.

Conclusion

It may therefore be worth the social networks considering the idea of developing client-side applications for desktop and tablet operating environments. This is in order to provide the user-experience improvements that such applications can provide for this class of usage.

Send to Kindle

Microsoft Security Essentials–now free to small shops and offices and the like

News article

Microsoft Security Essentials available to Small Businesses on October 7

My comments

Microsoft have an entry-level antimalware program called Security Essentials which was previously available free to home users and students. This required all business users to consider using their premium Forefront Security Suite or other competing desktop security software solutions for their computer security.

This put small businesses and organisations lie shops, medical practices, religious organisations, non-profits and the like who had a few computers on their network in a very difficult position especially when it came to easy-to-manage desktop security software, Now Microsoft have answered this need by varying the End User License Agreement for this program to allow small business users with up to 10 computers to run this program.

One of the reasons that I am pleased with this change is that it is easy for the owner of a small organisation (who is responsible for that organisation’s IT) to set up and manage desktop security on Windows-based computers with this easy-to-manage program. It works in conjunction with Windows Firewall and has very little that is needed to adjust, which will please most of this kind of user who may not have good computer skills.

This therefore may be a way for a small shop or similar operation with a few Windows computers to save money on their desktop security software. One improvement I would like to see is for Apple MacOS users to benefit from a free desktop-security program because as this platform becomes popular, malware writers will target it.

Send to Kindle

A feature that PowerPoint and other presentation software need – improvements for creating video and related works

Introduction

Most of us who use Microsoft PowerPoint or most other business presentation software often want to use the software to make TV-quality title and graphics slides for video productions that we create with other video software, usually the software that is considered to be affordable for most users. This also includes preparing menu trees for DVD and Blu-Ray projects that are being built with affordable software. These needs will become more common as people use affordable video equipment to prepare video material as a way of augmenting their blogs, presenting on YouTube or even exhibiting through community television broadcasters.

As well, an increasing amount of affordable consumer video playback devices such as DVD players, TVs, electronic picture frames and network media players are capable of showing JPEG images, Now many users want to be able to push these commonly-available devices in to service as cost-effective “digital signage”. This is something I have talked about in my article on using DLNA-enabled equipment in the small business.

User-determined bitmap-export resolution

Most of this software doesn’t provide a way of allowing the user to have control over the resolution of the JPEG or other bitmap images that they create when the export the slides to these formats. This is a feature that I would consider being very important as I know that the presentation programs keep the graphics for each of the slides as a vector format which is drawn on the screen rather than a “raster” format which is an array of pixels. This then allows a user of these programs to make the aforementioned “TV-quality” graphics using them no matter the size of their screen.

One common situation where the user may need to adjust the resolution when exporting to JPEG is to prepare quick-loading images that are in small files for use on a device with a small display. One obvious example would be a low-end electronic picture frame which would have  a small display size and another would typically be a mobile phone or portable media player with less than VGA resolution.

Another situation would eventuate in the form of a person who uses a laptop or small desktop screen with a low resolution display to create a presentation. Then they want to export the JPEG files to a playback situation capable of handling high-resolution images like a BD-Live Blu-Ray player connected via HDMI to a large direct-view screen or a projector. Similarly, the images could be used as part of a high-definition video production and there is the desire for that high-definition “crispness” in the images.

The user could be presented with a series of resolutions for the JPEG exports with these resolutions conforming to the aspect ratio for the presentations as part of exporting the images. As well, there could be the support for users to set the default image resolutions for particular aspect ratios and presentation types. The function could be simplified by use of an “SD” option for standard-definition output, an “HD1” option for 720-line high-definition output and an “HD2” option for 1080-line high-definition output.

Improved “export-to-video” and video integration

Another function worth considering would be to provide “export-to-video” functionality for animated presentations so one can make the presentations out as regular SD or HD video files with a choice of common codecs and packaging methods.

As well, in the case of Microsoft PowerPoint, this program could have integrated functionality with Windows Live Movie Maker. This free program, which is the only video-editing program that Microsoft sells, could support such functionality as “create slide or animation in PowerPoint” so that users can prepare slides in PowerPoint then turn them in to video content using this program.

Conclusion

These kind of improvements can allow users to put business presentation software to use in improving the quality of the video or “digital signage” they create with other affordable tools.

Send to Kindle