Sunday, July 23, 2006

PC Setup (part 2)

As I return to "Installing my PC" fresh from a relaxing night of sleep, I realize I have to connect to the internet and really-fast download any security updates from Microsoft, install them, and reboot my PC. And hope that I'm not attacked in the interrim.

Why am I so worried about being attacked by viruses? Because. Because I've seen how swarms of people can become unproductive for (at best) an afternoon... or sometimes days... while a company's IT department scrambles to block the virus propagation, and ultimately irradicate it.

The problem is: I don't have an IT department. It's me. If my machine goes haywire, I'm the guy who has to fix it. (Or, I suppose: call somebody to come over and fix it... which has to be even more costly in time and money).

So: I start by customizing the user accounts on my computer. I change the name of the administrator (all-powerful) account, and give it a password. I create a user-account (without administrative privileges!) and give this account a password too. Then, I visit the security settings on the machine. I turn on Windows firewall, and enable Windows updates.

My machine shipped with Norton Antivirus software installed. I contemplate running it... wait: it's already running! And: it's asking me if it can circumvent (or trump!) the Windows firewall... I think about this for a moment, and decide that long-term, I won't be running Norton antivirus... so I'm not going to enable it now.

The whole antivirus industry bothers me a bit. The industry makes money by first scaring people into believing that their computer will become a boat-anchor within minutes of being connected to the internet... unless you purchase (and install) their software. Norton is currently owned by Symantec. Here's an article reporting that Symantec says that (Microsoft Windows XP successor) "Vista" will be less stable than Windows XP. That would seem to be ok if it weren't for the notion that Symantec profits by convincing people that Windows is insecure. And maybe it is. I just don't like hearing about it from the company with $4.1 billion/yr (2005) in sales.

Ok: I'm ready. I connect to the Internet. To be fair, I should let you know that I have a hardware firewall/router between my PC and my DSL modem. That should block an enormous amount of stuff from spontaneously annoying any services running on my PC.

I've already downloaded and installed Mozilla Firefox as my preferred browser. I'm not going to (in general) use MS Internet Explorer 6 to browse the web... for a couple of reasons. One reason is, simply, that MSIE doesn't do such a good job at conforming to HTML standards. That is, it doesn't faithfully follow the "instructions" of HTML... and so I'd rather use a browser that works harder at this. A second reason is that I wholeheartedly oppose a "feature" that MSIE supports: the ability to download arbitrary "ActiveX" code and execute it in the browser. I particularly don't want this done without my consent (which I would never give... except to run MS Windows Update).

Microsoft requires the use of ActiveX plugins when you run Windows Update... which means that you must use MSIE to run Windows Update. Other browsers don't support ActiveX plugins (partially because they are 100% MS Windows-centric). So: while you're downloading and installing patches, Microsoft can take full control over your machine. There's really no reason to require this: one could implement Windows Update without requiring the use of MSIE.

And: for a similar reason, I never intend to run MS Outlook. I'll likely run Mozilla Thunderbird instead. Numerous viruses have been written to exploit Outlook's ability to run certain attachments without first asking the user for confirmation. And then, these attachments can programmatically access the user's addressbook, and send copies of themselves to other users. One might pause for a second and ask why Outlook needs to provide scripting commands powerful enough to do this damage... or why anybody would choose to use (and pay for) Outlook when there are other, better, safer, alternatives (such as Thunderbird).

Ok: so I connect to the Internet. And run Windows Update right away. There are already 37 patches available for my machine, which I download and install.

Now I'm getting close to being able to start some real work...

My next project... is to repartition my disk and install Linux...


Post a Comment

<< Home