Month: August 2014

The fail-arrogance of big corporations

Recently I learned from a taxi driver that Daimler Benz follows a ‘philosophy’ of manipulating social processes because they think they’re doing something good, when in fact that’s not even the case.

Older Mercedes cars’ navigation systems would have a fixed estimate of 130 km/h for autobahn traffic. It’s appalling enough that you can’t set that parameter yourself, but the taxi driver told me that when he got a new Mercedes, suddenly his route planning wasn’t spot-on anymore, but it showed him a much longer travel time than what he actually achieved. He eventually found out that Daimler Benz had decided to change that fixed estimate down to 100 km/h. Why? Because they think they’re doing society a service by preventing people from putting themselves under pressure and hurry, which can increase accident risk and is generally not healthy. This is such a case of ‘Your corporate Big Brother knows best’. But apart from it being disrespectful towards the customer, it doesn’t even make sense. If the navi tells you that your travel will take four hours, and you want to hurry and/or be time-efficient, you will do that anyway, based on that travel time estimate. After the joruney you then might discover that the navi was grossly inaccurate and now you are even more pissed because you tried not to waste time but arrived way too early at your destination, and you’re also pissed because you paid big money for a Mercedes and the navi sucks.

Paid virus scanners can suck, too

After having been disappointed with various freely usable virus scanners, I tried a couple paid ones. At least their scan engines are definitely better, producing less false positives.

But the three I took into close consideration managed to piss me off, too.

Kaspersky: At least I found a full download version in the support section of their website, and they didn’t demand my e-mail adress.
I started the installation and it wanted to check whether it’s the newest version. My personal firewall asked me whether I want to allow it, and I said yes and then wanted to click on the “Skip” button because it still took a moment, but right then the install button appeared right under that and I accidentally clicked it. So I canceled install and tried again. This time blocking the attempt right away. But now the install refused to let me decide. The “Skip” button turned out to be functionless, a dummy, and trying to close the installer window remained without result, too. It wanted to stay. So I terminated the process. When I tried again, I noticed that there was a checkmark for some nosy extra-feature I didn’t want that I accepted when I accidentally clicked on Install the first time. That’s why I canceled it. I know this kind of stuff.
I was so appalled by a product with that name that didn’t even adhere to some basic usability guidelines. I don’t remember whether that made me try one of the other products or whether there was something else pissing me off, but next was…

ESET: Nice download page, with options for full offline or live installer, even older versions available.
Installed, decent amount of options it seemed. I didn’t check it in detail. I wanted to test its scanning and detection performance first. And when I copied my folder with the assembler demos (some of them in packed archives) and the copying happened with 1 MB/s and the virus scanner process consuming full CPU load, that was enough for me. No other virus scanner did a scan like that in snail speed.
So now…

Bitdefender: They wanted my e-mail adress for downloading the trial version to send me pointless stuff. Oh well, I can tolerate so much. I didn’t even get an offline installer. The installer also didn’t allow me to specify the exact install path for the program, but insisted on its own brand folder plus app subfolder. It also installed in German and didn’t ask me for language. (My Windows is an English version.) So the installer was downloading a lot of data from the web, and when it had finished, it apparently did a scan without asking me, and told me it already had cleaned one infection. I was very curious, so I checked out the log. And the log reported that the action was in fact not successful, but failed, and the field for virus name was empty, and the file that caused the alarm … get this … was one of Bitdefender’s own DLLs!
Then I spend like 10 minutes finding ANY relevant settings, but all I found was extremely basic stuff, like, almost nothing at all to configure. Changing the language? Nope. There was a page with general settings which has 4 or 5 of them. I don’t know whether they settings were playing hide&seek with me, but this is totally sucky UI/software design.

I’ve had enough. I’ll again resort to using my IT expert gumption for identifying suspicious data and combine that with the occasional online scan service and my personal firewall.

Maybe all this is a result of corporate controlfreakery due to the nature of the computer system protection business.
I miss the time when proper software design was the norm. … Or maybe it never was an I simply have grown more fed up with this stuff over the years.

Free virus scanners suck

I’Ve had it with “Avast!”. It annoyed me in so many ways. It kept detecting false positives als generic malware. So I put it on the exclusion list. Then it got detected in a different location when making a backup. So I set the heuristics down a notch. Still happening. So another notch down. Neuristics now on minimum. Still happening. Then, amazingly, there was a Steam update for Garry’s Mod and it detected malware in one of its DLLs, messing up my update. Then I turned heuristics completely off. It still detected one of my assembler demos as having malware. I submitted the file to Avast! for analysis but I guess they don’t move a finger unless a file is reported by many users.

And when I update the program, there’s a chance that it will just delete exclusions or reset various settings to standard, preferrably the auto-update I turned off.

Virus scanners are all about business fear. They don’t want to give you certain freedoms because it could mean that their product might look less effective, and that would harm their reputation.

So recently I finally had enough and uninstalled Avast! and looked for alternatives.

First I tried Avira. After installing and rebooting, I couldn’t even figure out how to open the main window. The task symbol, no matter what I did, wouldn’t give me access to something resembling a main window with program settings and such. That’s stuff I don’t like at all.
So I uninstalled that and tried one of the other ones I put my eyes on.

Next I tried Ad-Aware. That’s when the shit really hit the fan. After reboot, my system froze on the login screen with no user shown and a “Please Wait” with non-moving animation. Sometimes it would show a mouse cursor instead that was frozen. Sometimes I’d not even get that far, just a black screen.

And as various tests showed, it really was the virus scanner. Because after I had managed to research on my secondary PC about how many menu items there are in Win7’s F8 menu, I could blindly (since for some reason there was no picture) navigate to “Restors Last Known Good” and Windows started with no Ad-Aware antivirus driver installed.

So, amazingly, I gave it the benefit of the doubt, in disbelief that a virus scanner driver could mess a system up like this, suspecting that maybe I didn’t reboot often enough between those other virus scanner tries. This time I did. Very clean install. And, because Ad-Aware (as Avira, too) is so annoying that they only give you an online installer, not the complete package, I had to re-download those 150 MB I uninstalled minutes earlier – from their SLOW download server.

But, next system start froze again, just like first time.

So that was Ad-Aware. I was close to giving up, but I decided to try one more option that I had sorted out in my selection process because the interface looked too Win8ey for my taste: AVG.

So I installed AVG, found a nice amount of options to give me control over things. I couldn’t figure out how to remove their context menu item for securely deleting files though, which bothered me, and that feature could also not be excluded from the installation. So that pissed me off a little again, but that’s nothing compared to the massive flood of false positives I got. I scanned my assembler demos folder, where Avast! used to complain about one file there, and I got 28 alerts, many of them apparently based on heuristics. So I turned heuristics off and now I got 28 alarms for non-heuristic, specifically named malware. It’s even crazier: The one Avast! used to complain about was not among AVG’s alerts.

So that was that. Away with AVG.

Then I wanted to investigate and find out whether my intuition was right (I kinda knew it was), so I used a website that scans a file using many scan engines (https://www.metascan-online.com). And the picture I got there was pretty much what I expected: There was one half of the usual freely available scanners that detected malware in pretty much all the files I had gotten alerts on, and crazily all kinds of malware. Three different scan engines could detect three different, namely specified types of malware. Insanity!
And then there was the other half, the one with scan engines associated with virus scanners you have to pay money for, (names you would find in the business sector, such as ESET, Kaspersky, BitDefender, McAfee, TrendMicro etc.), and none of them detected anything in my allegedly highly infected assembler demos.

Avast!, which annoyed the hell out of me, seems to be one of the best free virus scanners, which is really sad. I have to draw my conclusions from the experience though. Virus scanners massively lose their usefulness when you cannot trust them to do their job properly. After all, it’s all about computer security, a sensitive area where one screwup can cause that which it is supposed to prevent, but just using oversensitivity to avoid that case can be very bad, too, and it shows that in a way those products don’t actually know what they’re doing.

One of the best virus and malware protections is an IT guy’s mind (optionally combined with a free online file analysis as mentioned above), but if you don’t want to invest in that expertise, you might have to pay a little to compensate for that.

P.S.: On top of all this, I recently learned about an incident where someone I know was using the paid(!) ‘total solution’ for PC protection from one of those who also offer a free version of the software, and it still happened that malware totally ruined the system.

The problematic logical fallacy about the Stockholm syndrome

From the information I could gather, the whole “Stockholm syndrome” (http://en.wikipedia.org/wiki/Stockholm_syndrome) is a highly problematic and doubtful idea. There MIGHT BE an actual psychological confusion state that the Stockholm syndrome describes, although I’d be very careful about psychoanalytical mainstream like that.
But let’s just assume for now that it is a real thing.
Due to the way it is described (giving various possible reasons that lead to such a behavior) the problem with it is an ensuing popular logical fallacy where it is assumed that ALL cases of such behavior must be psychological confusion.
This is of course very convenient for authorities with a violence monopoly, because it conceils the symptoms of real social problems and suppresses the development of empathy. If for example a hostage-taker acts based on motivations that are generally regarded as honorable/noble, or even just tragic and without malicious core intent, then it would be most healthy, compassionate, virtuous, saint-like to harbor no resentment towards that person, and depending on the quality of character of the victim, even more or less severe harm inflicted to them could be tolerated.
Thus, the Stockholm syndrome theory’s (pop culture induced?) overshadowing of discussion about cases that do not constitute a case of the syndrome harms the advancement of society’s health and humankind’s spiritual evolution.