Slashdot Mirror

McGrew there is actually a REASON for patch Tuesday and that is because everyone was having a shitfit that the patches would come willy nilly! With Patch Tuesday it makes it MUCH easier to plan for updates in a corporate environment, and since Windows rules the business world by a HUGE margin you can't expect them to fuck over such a large client base just because Mcgrew wants updates quicker.

That said if you show even tiniest bit of common sense .then your risk of infection is practically zip which my customers that have been running 8 years on the same XP install and simply having me come over to do an occasional memory upgrade can attest, so whether patches come out on Tuesday or the week after tomorrow really shouldn't matter! Watch how easy it is to have a nice clean running Windows from first install..

1.-Install Wndows. 2.- Run WSUS Offline from a flash, which if you've checked the little checkbox will have all the SPs, .NET, and all the patches in one nice easy to run place. 3.- Install Comodo Dragon from the same flash, so they'll have a nice browser that uses low rights mode and sandboxing and so you won't have to worry about IE, after installing go ahead and add ABP for Chrome which kills ad based malware dead. While you are at it you can install any third party software that doesn't need constant updating, I install LibreOffice, Win 7 Codec pack (which is great as it lets you burn just about any format in WinDVD maker, which folks just love) and Media Player Classic Home Cinema 4.- Go to Ninite to install the third party software that needs to be fresh, depending on the user. I usually install Flash, Foxit PDF Reader, any messenger program they use, along with Irfanview, Picasa, Avast Free, Malwarebytes, along with CCleaner and Defraggler. For burning I carry Ashampoo on the flash as folks like its layout better than CDBurnerXP. As this finishes up I usually add WinUtilities, which automates registry cleaning and the dumping of temp files along with tossing broken shortcuts. For the finale add Filehippo Update checker which only takes up 300Kb and will let them know when there are third party updates like flash, so they aren't using an old vulnerable solution.

And that's it! Notice how nothing there is more complex than going "clicky clicky" and doesn't cost you a dime? And a machine you've followed these simple steps with will be fine for anything short of user stupidity, which NO OS can keep the stupid from doing dumb shit, like running "Iz_Not_Viruz_Porn_Codecs!" trying to see teh tittiez. But a machine done this way, while sensibly having Automatic Updates set to Automatic (duh!) will give you years of trouble free service, while having all the third party software updated without the user having to constantly check for patches and with both Comodo dragon AND Avast doing sandboxing, as well as dragon running low rights mode, means web bugs really aren't going anywhere. With just a tiny bit of preparation and common sense (don't run email attachments, if they want free porn tell them to go to myfreepaysite.com which has like 5000 DVDs of porn for free, if they insist on having P2P Gnucleus or Emule with P2P shield running in Avast, no making kids accounts admin) your Windows machine will run trouble free for years, just as my customers after I'm through only need to come to me for hardware upgrades.

Allow me to agree and disagree. yes to being a pro, and I have never EVER looked at someone's files (I go so far as to tell them if they want me to back up their files they should be aware I may see file names during the backup so please don't be asking me to back up funky files) but as far as MSE? Meh.

It is great if you already know what you are doing and aren't going to any dodgy sites, but home users? Avast free is a better choice, as it has web shield which scans pages before they load and will strip out nasty scripts like drive bys, has P2P and messenger protection, all in all I'd say it is a better AV and with both being 100% free (I'd never give a customer trialware crap) why not use the better solution?

As far as NTBackup? If you want built in Windows 7 imaging backup is fine, personally I prefer to give my customers the free Paragon backup and recovery. Its solid, its free, it is reliable, it gives you a live CD option if the machine ever gets borked beyond booting, and if the customer has a USB HDD I'm happy to set it up to backup to it so they don't have to worry about HDD failures.

I used to have this argument with my former boss all the time. he was one of those "give them just enough rope" types, that wouldn't patch it, no AV, just clean it, so they'd get boned later and have to pay him again, whereas I believe I've done my job if the ONLY reason they have to come to me is they want to upgrade the hardware. I give them either Dragon or Firefox for a browser, put in ABP so they don't get ads (which are a big source of infection) give them a full AV, I even ask if they'd like the "full package" at no extra charge and if they say yes they get the latest Flash, Klite codec so they can play any format, and Libre Office so they can edit word docs, and a PDF reader (Foxit) along with a PDF printer so they can easily save files offline without printing. Thanks to Ninite it takes no real time from me and gives them a nicer PC

Between that and Comodo time machine which lets them just push F11 if they ever screw up the boot to restore from there, otherwise they can restore straight from Windows, makes it pretty damned hard to screw up a machine that I fixed. Sure I don't see these people again hardly ever, but I get enough referrals from their friends and family they send by to make the extra effort worth it. I'm quite proud to say many of my builds from a decade ago are still going, they just get passed down through the family as they age. Like I tell my new build customers "My machines won't be as cheap as a Dell, but you know what? MY machine will keep going past the warranty period." Just take pride in your work, treat folks right, and you'll get a good rep and with that comes the work.

Well if they are on a modern version of Windows like Vista or 7 then they have most likely moved to one of the Chromium based, since they support low rights mode which helps to stop those zero day Adobe bugs, along with sandboxing. Some like Chrome but personally I prefer Comodo Dragon as it doesn't phone home like Chrome and has some nice extras like domain validation and the option to use the Comodo secure DNS. You can also get Adblock Plus for it and the other Chromium based now, along with forecastfox which my customers just love.

It also seems to handle the heavier sites like FB faster than FF 4, which while I don't care about that my customers sure do. What I DO care about is the fact that I have to support everything from nettops and older office boxes to the latest multicore PCs and FF 4 frankly slams the hell out of the CPU and leaks memory, which is especially noticeable on the older and/or low powered machines.

So while I'm glad that something other than IE is winning somewhere for me and my users until FF fixes the bugs and supports the latest security tech I'm afraid I'll have to go with the Chromium based browsers. The speed and responsiveness, especially with those customers that practically live in their browsers, have made the switch a pretty easy sell. If FF 4 works for you I'm happy for you, on the multicores I don't have any problems with it either, but there is a whole world full of well functioning single core machines that the Chromium based just work better on IMHO, and only having to support one browser is easier on me.

I'd agree and add if you wanted "Chrome only better" I'd go with Comodo Dragon which actually does offer better features IMHO, like better domain validation, the option to use the Comodo secure DNS if you wish, and no phoning home like Chrome.

I'm currently typing this on a 1.8Ghz Sempron I use as a nettop and it is fast, pages load quick, easy to use, its pretty nice actually. ABP and Forecastfox for Chrome work fine on it, current build is Chromium 10, so it isn't out of date nor is it bleeding edge beta.

Besides isn't Flock "Chrome only full of social crap" already? do we really need two Chrome full of social crap builds?

You still writing those looong AC piled links to nowhere? Notice NOBODY responds to you anymore but me, and I ONLY do so to laugh at you? Why is that APK? Could it be like on Ars everyone is on to your bullshit and nobody gives a fuck what you think? Keep dancing for me monkey boy, while I don't bother reading anything you write it gives me a warm fuzzy inside to see you jump through my hoops and follow me like a little bitch who wants another taste, dance monkeyboy, dance! LOL! Here enjoy some copypasta, hell you aren't even interesting enough to bother responding to with anything else. Enjoy fail boy!

And this coming from poor wittle APK, also know as "Petey, the idiot HOPES file guy"? As in you HOPES that one of the 300,000+ constantly changing array of websites that are infected doesn't happen to be the one you visit today? Or that you HOPES that nobody notices after repeatedly being asked you have FAILED to show even the tiniest shred of mathematical proof that your magical woobie can scale? That you HOPES nobody notices your only "proof" is anecdotes, often by your own sock puppets like Kingsjester?

And I don't have to be exact, because I'm not the one making outrageous claims If someone claims they can stretch their dick into a giant slingshot and shoot themselves to Scotland it is not the readers job to prove them wrong but the posters job to back that up with real prof, not an anecdote that says "well my cousin Joey saw me do it last Halloween!".

I have also shown repeatedly that at the absolute reported minimum number of new pieces of malweare and infections, which you are free to pick whichever reputable website you like Securina, MSFT's malware reports, AVG, which ever, that at an absolute minimum we are talking about 1.2 million sites PER DAY with that number changing by 15,000+ PER HOUR which means even if you typed at 1 IP address PER SECOND, and never slept, and had a perfect list (which doesn't exist) you would be 14 days behind by the very first day with that number growing linearly every single day, making Petey farther and farther behind.

But if you weren't completely batshit insane Petey I wouldn't have to explain this, because this is why everyone makes fun of you. It is so obvious it is like someone arguing gravity is actually invisible pants gnomes trying to steal your underwear. It is the classic "default allow" which has NEVER EVER worked. Because if a piece of malware isn't in magical HOPES file Petey you are royally fucked, and yet again I have shown that it is simply a roll of the dice whether you get creamed or not, simply because you will always be behind.

So it is all on you Petey and your magical HOPES woobie now. You made the extravagant claims, back them up with the math. If you can't? Well then you are full of shit, case closed. Notice how ALL YOU CAN DO PETEY is throw insults and trollbomb? Why is that? I'll tell you why, because math doesn't lie and you just can't show the math You just can't, it would be like trying to mathematically prove you are not an idiot. It just can't be done.

So please, keep dancing to my tune like a little bitch APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bi

Tell me Petey, does it hurt? Does it eat and your mind, knowing that on every single post I make I not only insult your idiocy but I give a link to a laundry list of your failures? Does it keep you up at night? Does it hurt? I find that....marvelous. Now enjoy some nice insults mixed with the broken glass that is reality, something you sadly can't seem to grasp. Now wallow in your failure monkey boy, and do the dance of humiliation!

And this coming from poor wittle APK, known script kiddie and troll, also know as "Petey, the idiot HOPES file guy"? As in you HOPES that one of the 300,000+ constantly changing array of websites that are infected doesn't happen to be the one you visit today? Or that you HOPES that nobody notices after repeatedly being asked you have FAILED to show even the tiniest shred of mathematical proof that your magical woobie can scale? That you HOPES nobody notices your only "proof" is anecdotes, often by your own sock puppets like Kingsjester and MEK_Lovebug?

If there is ANYONE that should be LOLing it is me, for pointing out there are still morons that believe 16Mb HOPES files can do anything but block ads since ad servers are...what do you call it...oh yeah STATIC, just like your HOPES file, but really you are just kinda pathetic. You're like the idiot that just keeps hanging onto that three years out of date copy of Norton, because he is just so damned sure it still works, only the Norton guy is actually better protected than you are, since it did used to work in the past 5 years.

So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your around is also quite fun!

And this coming from poor wittle APK, also know as "Petey, the idiot HOPES file guy"? As in you HOPES that one of the 300,000+ constantly changing array of websites that are infected doesn't happen to be the one you visit today? Or that you HOPES that nobody notices after repeatedly being asked you have FAILED to show even the tiniest shred of mathematical proof that your magical woobie can scale? That you HOPES nobody notices your only "proof" is anecdotes, often by your own sock puppets like Kingsjester?

If there is ANYONE that should be LOLing it is me, for pointing out there are still morons that believe 16Mb HOPES files can do anything but block ads since ad servers are...what do you call it...oh yeah STATIC, just like your HOPES file, but really you are just kinda pathetic. You're like the idiot that just keeps hanging onto that three years out of date copy of Norton, because he is just so damned sure it still works, only the Norton guy is actually better protected than you are, since it did used to work in the past 5 years.

So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your retarded ass around is also quite fun, even if it is too easy!

Uhhhh...WHAT attitude? The "I don't want to have to throw away working machines so I better find something else" attitude? That one? Just because you haven't tripped the condition doesn't mean the condition doesn't exist you know.

Both me and the OP has hit it, and dealing with probably a dozen or more customers a week I've been getting more and more complaints of "Firefox is acting slow" My machine keeps flashing the front light (HDD) when I have FF on for any length of time" and "FF is making my machine act sluggish". Now what do you want me to tell these people? Worksforme(TM)?

All I can tell you is I just had to shut FF 3.6.whatever the latest is on my Nettop(I'd be happy to tell you the V number but since I had to shut FF down on it I went ahead and started a backup) because after 4 hours it had used up all 1.5Gb of RAM and had begun to hit swap. Now maybe it is the fact I usually have about a dozen tabs and switch between them, maybe it is as I suspect that FF doesn't give back RAM on video tabs if you switch away THEN close it, maybe Flash doesn't play nice in the new Gecko sandbox, who knows.

So if FF works great for you hey, I'm happy for you friend. But I've gotten enough complaints since FF went to the 3.6.x branch (and I've found the same behavior on FF 4 BTW) that I've been trying different browsers to find a good substitute for my customers, and the winner is Comodo Dragon.

Not only does Dragon not have the memory problem (if I close a tab in Dragon I can watch the memory fall, which doesn't seem to happen but about half the time in FF) nor the phone home "feature" of Chrome, but on my modern Windows users (which since the release of Win 7 has been growing rapidly) Dragon is much safer than Firefox since after 4, count them 4 years FF STILL doesn't support low rights mode in Vista/7, it has some extra security features like domain name validation and the option to use Comodo secure DNS which blackholes known malware sites.

So I'm glad that it WorksForYou(TM) but there are plenty of us where it don't. There is also an easy way to keep an eye on FF and see how much memory it is REALLY using if you have Chrome or Dragon or any other Chromium based, just use this trick.

Having the SAME tabs open and using the SAME extensions (ABP and ForecastFox) I have FF 4 using more than double the RAM of Dragon at 293Mb VS 132Mb, on this Win 7 X64 machine I'm typing on while I wait for the nettop to finish backup. So you can say WorksForME all day long, sitting here watching FF's memory slowly creep up on this machine I can say I've had enough, thanks anyway.

Here is Comodo's advice for removing certs from Firefox. The only difference is you would pick the Authorities tab.

I've had the same problem with FF since the 3.6.xx branch, and it don't seem to be any better on FF 4. I have a little Sempron nettop I use for daily browsing as it uses almost no power and is whisper quiet and after 3 to 4 hours FF will suck up all 1.5Gb of RAM and start hitting the swap.

That is just unacceptable in this day and age, so I've decided to switch to Comodo Dragon which if you don't trust Chrome or want the phoning home junk maybe you ought to try. It is based on Chromium, has some really nice security features like domain validation and the option to use Comodo DNS if you like, and unlike FF when I close tabs I get the memory they were using back, and has the ability to run all the Chrome extensions like ABP and ForecastFox. So give it a try, it is 100% free, runs good, and seems to be pretty solid.

As for TFA while I'm glad MSFT is improving IE, simply because so many use it so improvements to IE power consumption will have a big impact, frankly if it only used a single watt I wouldn't touch IE with a 50 foot pole. After spending years cleaning up the mess that was IE 6 thanks to MSFT just walking away and leaving all those users boned I'm afraid I just can't bring myself to use it. Fool me once and all that. Funny though how much Opera blows through on startup, I thought Presto was supposed to be pretty light?

I don't know about that considering that IE and Webkit are currently safer than Firefox for all of those running a modern version of Windows (Vista and 7) thanks to the fact that both IE and Webkit support low rights mode and Firefox doesn't. In fact the only way to get Firefox to actually function with lower rights is to disable the security features that makes low rights mode secure in the first place!

Now will I ever go back to IE, or offer it to my customers as a recommendation? Not a chance in hell, after spending years cleaning up the mess that was the abandoned IE6 there is too much bad blood there, and thanks to Webkit I don't have to. But there are millions on modern Windows versions and for ALL of them currently IE is safer than FF by a long shot and if they promote that? I could see many simply sticking with IE rather than switching.

It is just common sense, why would you run the browser at a higher permission level than required? The browser is running unsigned third party code from the wild and wooly web, the lower the rights it has the better. Why Mozilla can't manage to add support after 4 years is just ridiculous. I'm currently typing this on FF 4 (which looks like a bad Chrome ripoff to me) but without low rights mode and now that the Chrome extensions have all my must haves like ABP and Forecastfox means this will probably be the last time I use FF or hand it to my customers.

It is a shame, as I've been a FF users since the early days, but what good is having a modern OS with enhanced security if the programs that benefit from it don't actually use it? So while I won't be going to IE I will be saying goodbye to FF for Comodo Dragon which gives me all the speed of Chrome and low rights mode without phoning home to Google.

I really had hopes for FF 4, but it seems like they are spending their time aping Chrome instead of simply making FF better. As XP dies out more and more people will be able to use the security features that FF simply doesn't support. What is the point of aping Chrome (such as tabs on top, no file/edit/view, bookmarks on the right corner) if you don't copy the important stuff like the increased security? Feels like cargo cult usability at play to me.

And I'm sure the fanbois will waste their mod points, but it doesn't make 2+2=5 nor will it change reality. You wouldn't run your OS as admin, would you? You agree that least permissions for the task is simply best secvurity practices, yes? Then why would you insist on running a browser that runs at higher permissions and in fact dies hard if you try to run it with less permissions than the user? Seems like a bad design problem to me, maybe that is why Moz still hasn't added it even after 4 years, Gecko is simply not capable of running with lower permissions.

Well if it isn't little poor wittle Petey, aka the HOPES guy, aka the legend in his own mind. Did you program the space shuttle in your badly written Delphi as well? Hell you make VB coders look like kernel developers Petey, that is why everyone made fun of your "apps" on Ars. Any apps in the app store? Oh thats right Apple takes fart apps but not "batshit crazy" apps, sorry Petey.

And I guess you're afraid to touch any of my comments that are attached to current stories huh? Must make you awful sad at how many laughed their asses off at your little HOPES rants last time, but that's what you get when you tie your crazy to a tech older than an 8-track and just about as useful. You really should talk to Twitter, he does it SOOOO much better than you do, pretty sad to be third rate even as a troll.

The simple fact is this: no matter how many times Petey says "1+1 = 3" the math simply proves you wrong and THAT is why all you can do is throw insults. You have 190,000 to 340,000 infected websites at this very moment and that list will change by the thousands per minute as sites are cleaned, new sites are infected, new vulnerabilities found, etc. Now for his HOPES file to actually be a REAL protection and not just a woobie? It will have to dynamically scale and keep up with that ever changing list of infections. Now even if he had twenty fingers and subscribed to every security list on the planet his HOPES file will ALWAYS BE OUT OF DATE and behind the curve. Always.

So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your around is also quite fun!

Have you tried one of the Chromium based browsers? I found Chrome sluggish on my nettop (1.8GHz Sempron, 1.5Gb of RAM) and didn't like the phone home crap so I tried just about all of them and found Comodo Dragon to be the best IMHO. It has nice security features (such as SSL segregation and the choice of using their secure DNS), works with all the Chrome extensions like Adblock and ForecastFox (yeah I know, but that's what they call it) and if it runs good on my nettop then you KNOW it'll run good on just about anything, as a powerhouse it ain't. And as for as stability goes its been rock solid.

Now while I'm glad you think the new Firefox is the bee's knees I have to support a WILDLY diverse group of machines, from nettops and netbooks to old P4s and new hotness. So to me a good solid experience no matter what the hardware counts, and as someone who remembers the bad old days of FF 2.x I REALLY don't want to go back to having to kill my browser every time it starts sucking up the RAM.

Using this nettop running bog standard WinXP SP3 as a testbed I've found after about a half a day of surfing, never more than 6 tabs open and never more than one video site at a time, FF will begin to seriously suck RAM, even if Trim_on_minimize is on and you close out all the other tabs. It is JUST like what we'd have in 2.x where once a tab took memory it just didn't give it back. I can't be sure but I think their plugin sandbox doesn't give back memory claimed by a plugin, like say a flash vid.

Now compare to the Dragon, where it doesn't matter how long the browser runs a page will take between 14-25Mb of RAM depending on content, period. Close a tab? memory comes back. Now if it is just the "whiz bang" new UI that is doing it then FF needs a way to go "classic mode" but I seriously think they've pushed Gecko farther than it was meant to go. You've basically shoehorned multithreading onto a single threaded app with the sandbox for plugins and I think it is leaking memory.

But whatever the case, if I wanted Chrome I'd run it, and why not just have those new features as recommended extensions or plugins? Wasn't that the point of splitting off the suite? To have a nice light browser that you could customize your way and I could customize it mine? So why the extra bloat? I just think Firefox should concentrate on being the best FF they can be and stop trying to match Google bullet point to bullet point. Because in the end they will simply lose, as Webkit was simply designed more modular than Gecko and you can't keep bolting on the whiz bang without ending up in a bloated memory leaking mess, ala 2.x

If you want something that is just "clicky clicky" in Windows then there is the excellent free third party Comodo Time Machine. It lets you restore single files or the whole system, can take snapshots automatically (which it does by default) or you can tell it to take one with a single click, and if you bone the system to where it can't even boot restoration is as simple as push F11 at the clock symbol (which tells you in big letters which button to push to use it in case you forgot)>>>choose which time you'd like to send the machine back to>>>and that's it. It'll reboot and you're back up and running.

As for TFA it sounds like typical BOFH behavior to me. He doesn't like X so instead of letting the user decide whether he is right or wrong he just eliminates X for everyone. I'm sure his users really love him. More likely the day he is fired for pissing with the wrong PHB will be a day of much rejoicing in that company.

Or you could just get Comodo AV or Internet Security which is free for BOTH business and personal use and which uses a default deny policy along with default sandboxing of ALL apps helps keep the crap from ever getting in and doing damage in the first place.

I have some customers that are SERIOUSLY click happy, we are talking some serious PEBKAC here, ones that would pick up more viruses than a Bangkok Whore. Since switching them to Comodo AV they've been clean as a whistle and everything "just works".

Now if you are setting up a new PC I'd suggest a quick trip to Ninite first just to get the basics installed, and if you are wanting to install any bloated drivers like Realtek or seriously funky ones like DaemonTools SPTD drivers I'd go ahead and do those first, as Comodo naturally doesn't like the way certain drivers like Realtek splatter files all over the place and you'll have to click through multiple warnings otherwise.

But once you have a machine set up you can just drop in Comodo AV or Comodo IS and it "just works" with no hassle. And if you want the PC to be pretty much break proof short of hardware failure just add Comodo Time Machine which makes daily snapshots and gives the user an easy way to restore even if they manage to somehow bork booting (for those users that can kill a Sherman tank with a toothbrush) and with CTM getting it back up is as easy as push F11> choose snapshot to restore > let it reboot and you're back up and running.

So I'd say its not real hard to keep most bugs off the machine, just use software that by default deny policies and sandboxes everything. Sadly NO AV is 100% perfect, especially if they use the right bait, as I have sat there in shock and watched as a user refused to listen to me OR the AV and shut it down so that he could "see free blockbuster movies with this super(tm)codec!" Sometimes even the best tools and advice just can't stop the stupid.

Or you could just get Comodo AV or Internet Security which is free for BOTH business and personal use and which uses a default deny policy along with default sandboxing of ALL apps helps keep the crap from ever getting in and doing damage in the first place.

I have some customers that are SERIOUSLY click happy, we are talking some serious PEBKAC here, ones that would pick up more viruses than a Bangkok Whore. Since switching them to Comodo AV they've been clean as a whistle and everything "just works".

Now if you are setting up a new PC I'd suggest a quick trip to Ninite first just to get the basics installed, and if you are wanting to install any bloated drivers like Realtek or seriously funky ones like DaemonTools SPTD drivers I'd go ahead and do those first, as Comodo naturally doesn't like the way certain drivers like Realtek splatter files all over the place and you'll have to click through multiple warnings otherwise.

But once you have a machine set up you can just drop in Comodo AV or Comodo IS and it "just works" with no hassle. And if you want the PC to be pretty much break proof short of hardware failure just add Comodo Time Machine which makes daily snapshots and gives the user an easy way to restore even if they manage to somehow bork booting (for those users that can kill a Sherman tank with a toothbrush) and with CTM getting it back up is as easy as push F11> choose snapshot to restore > let it reboot and you're back up and running.

So I'd say its not real hard to keep most bugs off the machine, just use software that by default deny policies and sandboxes everything. Sadly NO AV is 100% perfect, especially if they use the right bait, as I have sat there in shock and watched as a user refused to listen to me OR the AV and shut it down so that he could "see free blockbuster movies with this super(tm)codec!" Sometimes even the best tools and advice just can't stop the stupid.

Or you could just get Comodo AV or Internet Security which is free for BOTH business and personal use and which uses a default deny policy along with default sandboxing of ALL apps helps keep the crap from ever getting in and doing damage in the first place.

I have some customers that are SERIOUSLY click happy, we are talking some serious PEBKAC here, ones that would pick up more viruses than a Bangkok Whore. Since switching them to Comodo AV they've been clean as a whistle and everything "just works".

Now if you are setting up a new PC I'd suggest a quick trip to Ninite first just to get the basics installed, and if you are wanting to install any bloated drivers like Realtek or seriously funky ones like DaemonTools SPTD drivers I'd go ahead and do those first, as Comodo naturally doesn't like the way certain drivers like Realtek splatter files all over the place and you'll have to click through multiple warnings otherwise.

But once you have a machine set up you can just drop in Comodo AV or Comodo IS and it "just works" with no hassle. And if you want the PC to be pretty much break proof short of hardware failure just add Comodo Time Machine which makes daily snapshots and gives the user an easy way to restore even if they manage to somehow bork booting (for those users that can kill a Sherman tank with a toothbrush) and with CTM getting it back up is as easy as push F11> choose snapshot to restore > let it reboot and you're back up and running.

So I'd say its not real hard to keep most bugs off the machine, just use software that by default deny policies and sandboxes everything. Sadly NO AV is 100% perfect, especially if they use the right bait, as I have sat there in shock and watched as a user refused to listen to me OR the AV and shut it down so that he could "see free blockbuster movies with this super(tm)codec!" Sometimes even the best tools and advice just can't stop the stupid.

I can't read the article: blocked by company policy.
But I would like to know whether they tested with Comodo in the "auto sandbox" setting. Since the virus would run sandboxed, it should not matter what the language was.
I am thinking of switching from MSSE to Comodo, and if they tested it and it failed then Comodo would not be an option for me.

Here let me help, BTW I'm not working for them, I just got tired of dealing with infected PCs and basically ran through just about every AV until I found the right one that worked for me and my family and users.

The link is here but for those that don't RTFL basically they have combined an AV using a default deny policy with a virtualized environment where the file system and registry is virtualized to the app being run. The big problem with many AV is they are basically blacklist so if an app doesn't match the list or get caught by heuristics they are boned, and Comodo takes the opposite approach by treating everything as potential malware and sandboxing it unless you specifically (which it will pop up with a box that will let you choose between "Always sandbox" always allow" or you can sandbox or allow once) tell it not to.

Personally I love the way Comodo does things, and it has worked wonders for my users. I just tell them "leave it in the sandbox" and everything works without biting them in the ass, and if they have one or two resource intensive apps like Photoshop or QuickBooks I run them once and tell Comodo not to sandbox those apps. Although frankly I think I'm gonna stop doing that as I haven't even noticed it slowing down my games thanks to its built in "game mode" that lowers resource intensive tasks while you game, pretty cool.

Hell it is 100% free for home OR business use, no restrictions (They make their money on the pro version with live support and with their server apps) so why not give it a spin? you have nothing to lose, and unlike some OTHER AVs I could name (cough cough...AVG) I have NEVER had an update screw up Windows, and I have been running it along with my family and customers for nearly 2 years now. No nagging, no emails, no limited updates, no resource hogging (currently using just 56Mb and 0% CPU), just a damned nice free AV.

If you or the user is on Vista/7 I recommend Comodo AV, If on XP I recommend the also free Comodo Internet Security, due to the fact the WinXP Firewall doesn't block outgoing and the firewall in Comodo IS is better than the XP one. For the ultimate "fool proof PC" you should pair it with the also free Comodo Time Machine which gives them a simple way if they manage to somehow bork Windows to be back up and running in minutes with NO skill required (just push F11 at boot, choose restore time, that's it) and is much better IMHO than System Restore. Hell they even make their own free browser based on Chromium with better security baked in, which I'm using right now and is actually quite nice and fast.

So give them a try and if you like it pass it around to your friends/family/coworkers. They really do make some really good products that take a lot of the risk out of Windows.

Here let me help, BTW I'm not working for them, I just got tired of dealing with infected PCs and basically ran through just about every AV until I found the right one that worked for me and my family and users.

The link is here but for those that don't RTFL basically they have combined an AV using a default deny policy with a virtualized environment where the file system and registry is virtualized to the app being run. The big problem with many AV is they are basically blacklist so if an app doesn't match the list or get caught by heuristics they are boned, and Comodo takes the opposite approach by treating everything as potential malware and sandboxing it unless you specifically (which it will pop up with a box that will let you choose between "Always sandbox" always allow" or you can sandbox or allow once) tell it not to.

Personally I love the way Comodo does things, and it has worked wonders for my users. I just tell them "leave it in the sandbox" and everything works without biting them in the ass, and if they have one or two resource intensive apps like Photoshop or QuickBooks I run them once and tell Comodo not to sandbox those apps. Although frankly I think I'm gonna stop doing that as I haven't even noticed it slowing down my games thanks to its built in "game mode" that lowers resource intensive tasks while you game, pretty cool.

Hell it is 100% free for home OR business use, no restrictions (They make their money on the pro version with live support and with their server apps) so why not give it a spin? you have nothing to lose, and unlike some OTHER AVs I could name (cough cough...AVG) I have NEVER had an update screw up Windows, and I have been running it along with my family and customers for nearly 2 years now. No nagging, no emails, no limited updates, no resource hogging (currently using just 56Mb and 0% CPU), just a damned nice free AV.

If you or the user is on Vista/7 I recommend Comodo AV, If on XP I recommend the also free Comodo Internet Security, due to the fact the WinXP Firewall doesn't block outgoing and the firewall in Comodo IS is better than the XP one. For the ultimate "fool proof PC" you should pair it with the also free Comodo Time Machine which gives them a simple way if they manage to somehow bork Windows to be back up and running in minutes with NO skill required (just push F11 at boot, choose restore time, that's it) and is much better IMHO than System Restore. Hell they even make their own free browser based on Chromium with better security baked in, which I'm using right now and is actually quite nice and fast.

So give them a try and if you like it pass it around to your friends/family/coworkers. They really do make some really good products that take a lot of the risk out of Windows.

Here let me help, BTW I'm not working for them, I just got tired of dealing with infected PCs and basically ran through just about every AV until I found the right one that worked for me and my family and users.

The link is here but for those that don't RTFL basically they have combined an AV using a default deny policy with a virtualized environment where the file system and registry is virtualized to the app being run. The big problem with many AV is they are basically blacklist so if an app doesn't match the list or get caught by heuristics they are boned, and Comodo takes the opposite approach by treating everything as potential malware and sandboxing it unless you specifically (which it will pop up with a box that will let you choose between "Always sandbox" always allow" or you can sandbox or allow once) tell it not to.

Personally I love the way Comodo does things, and it has worked wonders for my users. I just tell them "leave it in the sandbox" and everything works without biting them in the ass, and if they have one or two resource intensive apps like Photoshop or QuickBooks I run them once and tell Comodo not to sandbox those apps. Although frankly I think I'm gonna stop doing that as I haven't even noticed it slowing down my games thanks to its built in "game mode" that lowers resource intensive tasks while you game, pretty cool.

Hell it is 100% free for home OR business use, no restrictions (They make their money on the pro version with live support and with their server apps) so why not give it a spin? you have nothing to lose, and unlike some OTHER AVs I could name (cough cough...AVG) I have NEVER had an update screw up Windows, and I have been running it along with my family and customers for nearly 2 years now. No nagging, no emails, no limited updates, no resource hogging (currently using just 56Mb and 0% CPU), just a damned nice free AV.

If you or the user is on Vista/7 I recommend Comodo AV, If on XP I recommend the also free Comodo Internet Security, due to the fact the WinXP Firewall doesn't block outgoing and the firewall in Comodo IS is better than the XP one. For the ultimate "fool proof PC" you should pair it with the also free Comodo Time Machine which gives them a simple way if they manage to somehow bork Windows to be back up and running in minutes with NO skill required (just push F11 at boot, choose restore time, that's it) and is much better IMHO than System Restore. Hell they even make their own free browser based on Chromium with better security baked in, which I'm using right now and is actually quite nice and fast.

So give them a try and if you like it pass it around to your friends/family/coworkers. They really do make some really good products that take a lot of the risk out of Windows.

Or you can have it pretty butt simple (and free to boot!) by just giving your family/customers Comodo AV which by default runs everything in a sandbox unless you tell it not to. Makes it real easy to deal with those that are "clicky clicky" happy and since it has a whitelist of "known clean after scanning" Windows system files it doesn't interfere with things like Windows Update.

So if anybody here has friends/family or customers that get infected waaay too often, give Comodo AV a try. It is free, easy to install, its default are sensible and err on the side of caution, and so far none of my users have gotten a single bug in over a year since I switched them to it, and these folks could get more viruses than a Bangkok Whore, so that is saying something!

Hi Peach Rings! You don't know what it does? Well allow me to elucidate!

When you choose to make a restore point Windows first makes a backup of the registry (which is what takes a few seconds when you first choose to make a point) it then monitors the file system during software installations (which have to conform to standard conventions which is why if you want a particular installation monitored you should change the name to "setup.exe" in case they use a funky installer) and uses Volume Shadow Copy to make backups of any file the installer alters or replaces. Then if you choose to use system restore it replaces any alterations in the registry or file system with the backups, and voila! System Restore.

But this is why when you do a system restore you may find an empty folder of the original program name in /user name/programs, because system restore is monitoring for changes in the Windows and Users settings but doesn't care about simply making a new folder in programs. As I said I wouldn't recommend these instead of backups, and if you want an even more robust system (especially on WinXP) I would use Comodo Time Machine which provides a boot up recovery option AND seems to catch any and all alterations done by installers better than System Restore (and it uses VERY little resources to boot) but for a built in recovery and undo button system restore works and works quite well.

If you need a good free AV for a place with over 10 (or hell anyplace for that matter) might I suggest Comodo AV or Internet Security? As you can see from this chart they will have all the major features and will only be lacking in having the live tech support, which frankly if they just stick to the defaults (or have you or someone knowledgeable do the tweaking if they want it customized) they will be just fine.

I have given both Comodo IS and MSFT SE to clients and the only real differences I've found are these: Comodo will take about a week to learn their apps, whereas MSE will "just launch" without question. Comodo by default uses a sandbox on all apps (unless told otherwise) which means if they use one or two heavy resources apps you'll want to tell Comodo not to sandbox those, whereas MSE doesn't sandbox anything.

So in conclusion Comodo IMHO has a little better security, while MSE never asks questions of the user. But considering most questions will be asked by Comodo in the first week, and consist of "did you just launch (name of app)?" it doesn't put undue strain upon the user and if you know what software they run frequently even that can be taken care of by you beforehand. And since it doesn't have a business user limit for poor companies it can be a lifesaver. They do have services that even a poor business might want to look into though, such as their server AV or the SSL certs for websites. Overall I've been using this for a couple of years now and have had no complaints and so far not a single PC I've installed Comodo on has come back infected, nor has there been any of those "oops we blocked schost" kinds of screwups like we've seen from certain other vendors. Try it, its free, and I bet you'll like it.

If you need a good free AV for a place with over 10 (or hell anyplace for that matter) might I suggest Comodo AV or Internet Security? As you can see from this chart they will have all the major features and will only be lacking in having the live tech support, which frankly if they just stick to the defaults (or have you or someone knowledgeable do the tweaking if they want it customized) they will be just fine.

I have given both Comodo IS and MSFT SE to clients and the only real differences I've found are these: Comodo will take about a week to learn their apps, whereas MSE will "just launch" without question. Comodo by default uses a sandbox on all apps (unless told otherwise) which means if they use one or two heavy resources apps you'll want to tell Comodo not to sandbox those, whereas MSE doesn't sandbox anything.

So in conclusion Comodo IMHO has a little better security, while MSE never asks questions of the user. But considering most questions will be asked by Comodo in the first week, and consist of "did you just launch (name of app)?" it doesn't put undue strain upon the user and if you know what software they run frequently even that can be taken care of by you beforehand. And since it doesn't have a business user limit for poor companies it can be a lifesaver. They do have services that even a poor business might want to look into though, such as their server AV or the SSL certs for websites. Overall I've been using this for a couple of years now and have had no complaints and so far not a single PC I've installed Comodo on has come back infected, nor has there been any of those "oops we blocked schost" kinds of screwups like we've seen from certain other vendors. Try it, its free, and I bet you'll like it.

Have you tried Comodo Dragon yet? Based on Chromium so any Chrome extensions you like work fine, has all the Google "phone home" crap cut out, and is designed around security, such as better Domain Validation and optional access to the Comodo secure DNS which helps protect against DNS cache poisoning.

Since FF has so far refused to support low rights mode which means FF is a LOT less secure than webkit based browsers or even the latest IE I have been running the Dragon pretty much 24/7 testing it to see if it is right for my customers and I have to say I'm impressed. No crashes, solid as a rock, seems to catch hinky certs quicker and better than FF, runs ABP and ForecastFox perfectly, REALLY fast, it is just a damn good browser.

So until FF starts supporting modern security features I've switched to the Dragon and have started handing it out to customers, even those still on XP (so I don't have to support dual browsers) and so far not a single complaint. If you want the speed of Chrome without all the "phone home" junk and would like a little extra security conscious browser, try it. Its free and will happily copy your FF bookmarks over so switching is easy peasy.

I didn't think it became bloated, as a matter of fact they seemed to fix the memory leak that had been plaguing the 2.x series which was a real improvement. What I do hope they fix is the ability to run FireFox in low rights mode on the OSes that support it. Right now ALL the webkit based browsers seem to support it OOTB as does IE. The only work around I've seen is basically crippling low rights mode to deal with the fact that FF demands higher rights and on previous forums the developers seem to have had a "not cross platform = don't care" which is just stupid and ignorant. I mean if Linux or OSX came out with a great new security feature would they ignore it because Windows didn't have it?

So while I'll be happy to try it and really do hope they add low rights mode until they do having the browser punch a needless hole in the OS security is kinda a deal breaker for me. I have too many customers and family that depend on me to make sure their PC is as safe as it can possibly be and with the browser being the one app that everyone uses that is so close to being "bare metal" against the wild and risky Internet it just seems irresponsible not to use the new security features built into Vista and 7. So I'm typing this on Comodo Dragon and have managed to find replacements for my most important extensions like ABP and ForecastFox. While I would have preferred to keep handing out and recommending FF until they fix their being unable to use modern security features it is just too risky. The Dragon handles low rights mode OOTB, and the extra security features like the optional secure DNS that protects the user from cache poisoning is a nice touch.

So come on FF Devs, I've been using your browser since the old days and would really hate to give up NoScript, even if it is too complex for my customers. But with low rights mode isolating the browser in a sandbox where it simply doesn't have access to anything important NoScript isn't really needed and ABP and ForecastFox work fine. But I miss the FF way of doing things, so c'mon devs make FF 4 more secure!

Well then, as someone who has been converting SMBs and SOHOs away from XP allow me to add a few. 1.-Windows Superfetch, which if your customers use specific apps day in and day out will have those apps loaded for them in RAM and ready to go instantly. It will even learn the times of day you use them, so if you use one particular app pre lunch and another after they will be loaded at the appropriate time. 2.- The file and registry virtualization tech that started with Vista is much more mature now, and when combined with WinXP Mode means just about any app will run no matter which versions of Windows it was written for. This is nice when you have an old app that is required and you want to move up to 64 bit.

3.-The security system is much better than the pretty much "everything is admin all the time!" XP way of doing things. To lock down XP you really needed to go in with GPOs and lock the OS down, and you would often find apps that needed serious "massaging" to work in a non admin environment. with 7 and the above file and registry tweaks built in that is no longer the case, now you can stick with a normal user, and the most risky part of your PC, the browser, can be run in low rights mode if you use IE or one of the webkit based browsers like Chrome or my favorite Comodo Dragon. 4.-Once shown how it works I've found my users to be MUCH faster using the new breadcrumb navigation system that the old panels and trees way of navigating the OS. The new breadcrumb makes it simple to jump anywhere in the tree, and will also remember the places they go to the most. This along with the new jumplists makes much faster access to common tasks and folders. 5.- Despite the tests posted, which are all of the Vista version, I've found adding a 4GB flash to Readyboost makes makes a machine MUCH snappier, especially if you are dealing with customers that run a lot of heavy apps and bog down their machines often. This is because the 4GB flash thanks to Readyboost turns any HDD into a hybrid and uses the 4GB for random reads, which are of course much faster than any spinning disc.

So as you can see just from naming the ones off the top of my head my customers are pleased with you have several reasons to upgrade. That doesn't even count the other niceties like the new printers and devices stage which makes managing everything from network printers to webcams and backup devices simple, the built in Windows disc imaging which is quite nice and very simple for users to operate, the ease with which new devices can be added thanks to MSFT incorporating more and more drivers into Windows Update and accessed via Action Center, Action Center which makes most administrative tasks quite simple for SMBs and SOHOs to keep up with, the new performance monitoring which will point out problem drivers and bottlenecks that would ordinarily be hard to catch such as the malfunctioning HDMI driver on a customer's machine which was causing it to not drop into low power mode as often as it should, heck I could go on all day.

So I'd have to say after the disaster of Vista MSFT really outdid themselves with this one. I have been running Windows 7 hard since Beta 2 and never have had a single crash no matter how hard I stress the system. It all "just works" and all the little features and rock solid design like I named above really do make it a worthwhile upgrade, and this is from someone who hung onto Win2K until 6 months after XP SP2 had been out.

And if I give them a magical LOLCat infections rates will go down by 10,000% and magic pixies will appear to rub their little footies and...wait a tick, that is a what you call it, oh yeah an anecdote and doesn't prove jack which is why I put a disclaimer at the front instead of trying to pass it off as proof like you do Petey, but you KNOW this, don't you?

poor wittle APK, also know as "Petey, the idiot HOPES file guy" As in you HOPES that one of the 300,000+ constantly changing array of websites that are infected doesn't happen to be the one you visit today? Or that you HOPES that nobody notices after repeatedly being asked you have FAILED to show even the tiniest shred of mathematical proof that your magical woobie can scale? That you HOPES nobody notices your only "proof" is anecdotes, often by your own sock puppets like Kingsjester?

Remember Petey I'm not the ponce making outrageous claims so it is up to you to show the math instead of wasting everyone's time waving your little shriveled winkie around by making claims with no mathematical proof and nothing but anecdotes as "evidence". After all those that the earth is only 6000 years old have a full boat of anecdotes to back up THEIR claims as well, but we still think they are just as batshit as you, now don't we?

The simple fact is this: no matter how many times trollie says "1+1 = 3" the math simply proves you wrong and THAT is why all you can do is throw insults. You have 190,000 to 340,000 infected websites at this very moment and that list will change by the thousands per minute as sites are cleaned, new sites are infected, new vulnerabilities found, etc. Now for your HOPES file to actually be a REAL protection and not just a woobie? It will have to dynamically scale and keep up with that ever changing list of infections. Now even if you had twenty fingers and subscribed to every security list on the planet your HOPES file will ALWAYS BE OUT OF DATE and behind the curve. Always. Don't like those numbers? Use the ones from Securina, Grisoft, Symantec, any reputable security site. YOU CHOOSE. I have shown mathematically you are full of shit, now lets see you math that proves me wrong PETEY.

Now if you have a mathematical proof that shows how a static .txt file dropped into system 32 can magically scale dynamically? Lets see it. Otherwise it is NOTHING more a magical LOLCat pic backed up by anecdotes. That is the nice thing about math, it doesn't lie or believe in anecdotes. So it is all on Petey and your magical HOPES woobie now. YOU made the extravagant claims, back them up with the math. If you can't? Well then you are full of shit, case closed. Notice how ALL YOU CAN DO is throw insults and trollbomb? Why is that? I'll tell you why, because math doesn't lie and you just can't show the math you just can't do it or you would have by now, but it would be like trying to mathematically prove you are not an idiot PETEY. It just can't be done.

So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your around is also quite fun!

Actually there IS an easy way to sandbox everything, it just isn't made by MSFT. For the clueless or unsuspecting just give them a combination of Comodo Antivirus or Internet Security (both free) and Comodo Time Machine which is also free. Comodo AV will by default sandbox everything unless specifically told not to, with full file and registry virtualization, and I have gotten several reports from customers and family members that it has stopped some serious nasties when they clicked the wrong link.

I consider Comodo Time Machine the flip side of that coin, protecting the user from themselves and their families stupidity the way Comodo AV protects them from the web. My GF is currently having to live two hours away to help with the family farm after her father had a heart attack. One day she forgot to log off before going out to make rounds on the farm and her niece got into her admin account and somehow managed to completely trash the system32 folder. Thanks to Time Machine I was able to walk her through by phone a complete restore of a machine that wouldn't even boot, and it took less than 15 minutes. Just press F11 when you see the Comodo Clock, tell the program where you want to go back to, and let it go. It was just that easy and in less than 15 minutes she was back to a perfectly running desktop.

So believe me, between dealing with clueless customers and family members that can pick up more viruses than a Bangkok whore any solution I recommend has been put through some serious stress testing, and those two Comodo apps put together makes for a pretty much idiot proof Windows. With that combo pretty much the only thing you can't fix by phone is a HDD failure, and since I recommend USB HDDs for backups set to auto backup their important folders and image the OS drive even that can be restored to health by me in less than an hour. It is a lot less stressful for them, and a lot less work for me. I'd call that a win/win all around.

Actually there IS an easy way to sandbox everything, it just isn't made by MSFT. For the clueless or unsuspecting just give them a combination of Comodo Antivirus or Internet Security (both free) and Comodo Time Machine which is also free. Comodo AV will by default sandbox everything unless specifically told not to, with full file and registry virtualization, and I have gotten several reports from customers and family members that it has stopped some serious nasties when they clicked the wrong link.

I consider Comodo Time Machine the flip side of that coin, protecting the user from themselves and their families stupidity the way Comodo AV protects them from the web. My GF is currently having to live two hours away to help with the family farm after her father had a heart attack. One day she forgot to log off before going out to make rounds on the farm and her niece got into her admin account and somehow managed to completely trash the system32 folder. Thanks to Time Machine I was able to walk her through by phone a complete restore of a machine that wouldn't even boot, and it took less than 15 minutes. Just press F11 when you see the Comodo Clock, tell the program where you want to go back to, and let it go. It was just that easy and in less than 15 minutes she was back to a perfectly running desktop.

So believe me, between dealing with clueless customers and family members that can pick up more viruses than a Bangkok whore any solution I recommend has been put through some serious stress testing, and those two Comodo apps put together makes for a pretty much idiot proof Windows. With that combo pretty much the only thing you can't fix by phone is a HDD failure, and since I recommend USB HDDs for backups set to auto backup their important folders and image the OS drive even that can be restored to health by me in less than an hour. It is a lot less stressful for them, and a lot less work for me. I'd call that a win/win all around.

Hi trollie! Sorry to rip off some classic Dan Akroyd but you know it is usually considered good form to at least make a sock puppet, posting AC to plug your own AC posts? Kinda sad. And for the 400th time Correlation != Causation. I can build an XP Sp2 machine with NO patches, NO AV, and change the desktop to a LOLCat. Now if I only use this machine to check my email and go to my bank I will NEVER get a bug, but I don't think it was my magical LOLCat protecting it, do you?

The simple fact is this: no matter how many times trollie says "1+1 = 3" the math simply proves you wrong and THAT is why all you can do is throw insults. You have 190,000 to 340,000 infected websites at this very moment and that list will change by the thousands per minute as sites are cleaned, new sites are infected, new vulnerabilities found, etc. Now for his HOPES file to actually be a REAL protection and not just a woobie? It will have to dynamically scale and keep up with that ever changing list of infections. Now even if he had twenty fingers and subscribed to every security list on the planet his HOPES file will ALWAYS BE OUT OF DATE and behind the curve. Always.

Now if you have a mathematical proof that shows how a static .txt file dropped into system 32 can magically scale dynamically? Lets see it. Otherwise it is NOTHING more a magical LOLCat pic backed up by anecdotes. That is the nice thing about math, it doesn't lie or believe in anecdotes. And if there is ANYONE that should be LOLing it is me, for pointing out there are still morons that believe 16Mb HOPES files can do anything but block ads since ad servers are...what do you call it...oh yeah STATIC, just like your HOPES file, but really you are just kinda pathetic. You're like the idiot that just keeps hanging onto that three years out of date copy of Norton, because he is just so damned sure it still works, only the Norton guy is actually better protected than you are, since it did used to work in the past 5 years.

So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your around is also quite fun!

And this coming from poor wittle APK, also know as "Petey, the idiot HOPES file guy"? As in you HOPES that one of the 300,000+ constantly changing array of websites that are infected doesn't happen to be the one you visit today? Or that you HOPES that nobody notices after repeatedly being asked you have FAILED to show even the tiniest shred of mathematical proof that your magical woobie can scale? That you HOPES nobody notices your only "proof" is anecdotes, often by your own sock puppets like Kingsjester?

If there is ANYONE that should be LOLing it is me, for pointing out there are still morons that believe 16Mb HOPES files can do anything but block ads since ad servers are...what do you call it...oh yeah STATIC, just like your HOPES file, but really you are just kinda pathetic. You're like the idiot that just keeps hanging onto that three years out of date copy of Norton, because he is just so damned sure it still works, only the Norton guy is actually better protected than you are, since it did used to work in the past 5 years.

So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your around is also quite fun!

And this coming from poor wittle APK, also know as "the idiot HOPES file guy"? As in you HOPES that one of the 300,000+ constantly changing array of websites that are infected doesn't happen to be the one you visit today? Or that you HOPES that nobody notices after repeatedly being asked you have FAILED to show even the tiniest shred of mathematical proof that your magical woobie can scale? That you HOPES nobody notices your only "prrof" is anecdotes, often by your own sock puppets like Kingsjester?

If there is ANYONE that should be LOLing it is me, for pointing out there are still morons that believe 16Mb HOPES files can do anything but block ads since ad servers are...what do you call it...oh yeah STATIC, just like your HOPES file, but really you are just kinda pathetic. You're like the idiot that just keeps hanging onto that three years out of date copy of Norton, because he is just so damned sure it still works, only the Norton guy is actually better protected than you are, since it did used to work in the past 5 years.

So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your around is also quite fun!

And this coming from poor wittle APK, also know as "the idiot HOPES file guy"? As in you HOPES that one of the 300,000+ constantly changing array of websites that are infected doesn't happen to be the one you visit today? Or that you HOPES that nobody notices after repeatedly being asked you have repeatedly FAILED to show even the tiniest shred of mathematical proof that your magical woobie can scale? That you HOPES nobody notices your only "proof" is anecdotes, often by your own sock puppets like Kingsjester?

If there is ANYONE that should be LOLing it is me, for pointing out there are still morons that believe 16Mb HOPES files can do anything but block ads since ad servers are...what do you call it...oh yeah STATIC, just like your HOPES file, but really you are just kinda pathetic. You're like the idiot that just keeps hanging onto that three years out of date copy of Norton, because he is just so damned sure it still works, only the Norton guy is actually better protected than you are, since it did used to work in the past 5 years.

So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your around is also quite fun! Oh and taking a page from your book from now on ALL responses will be THIS post, with only additions being more links to your various trolls and the people making fun of them, so everyone knows who they are dealing with. Have a nice day and be sure you hug your magical woobie...err I mean HOPES file!

But are they FINALLY gonna support protected mode in Windows Vista and 7? The tech has been out there since 07 for the love of Pete, and it kinda kills the entire point of having all the extra security of Windows Vista and Win 7 if FF is gonna punch a giant hole right through the security and do a little monkey dance.

So while I hope that Mozilla supports protected mode so I can keep recommending it, until then for myself and my customers I've been testing the Comodo Dragon browser which like all Chromium browsers DOES support protected mode, and adds some extra security features and turns off the Google phoning home like in Chrome. It is taking a little to get used to but so far I have found most of my extensions, and the secure DNS and other security features are nice and it is still fast as hell.

I would really hate to give up on FF, but with the browser being the #1 source of malware getting into a system not supporting protected mode is just too risky. I mean what is the point of all the extra security features if Mozilla doesn't use them? It isn't like FF runs as root in Linux, so why should it run at a higher user level in Windows when it doesn't have to?

Oh Good Lord, its the HOSTS file troll. I thought you only irritated people on Opera and other browser threads? For the rest of us you can either just use the free Comodo Dragon browser and pick the "yes I'd like to use the secure Comodo DNS" box on install, or if you are attached to your browser one can just go here for simple instructions on switching over to Comodo Secure DNS.

Either way you'll have real time blacklists that you don't have to maintain, phishing and DNS cache poisoning protection, and most importantly don't have to play "whack a mole" by futzing with HOSTS files. I mean jeez, what do you think this is, 1997?

Oh Good Lord, its the HOSTS file troll. I thought you only irritated people on Opera and other browser threads? For the rest of us you can either just use the free Comodo Dragon browser and pick the "yes I'd like to use the secure Comodo DNS" box on install, or if you are attached to your browser one can just go here for simple instructions on switching over to Comodo Secure DNS.

Either way you'll have real time blacklists that you don't have to maintain, phishing and DNS cache poisoning protection, and most importantly don't have to play "whack a mole" by futzing with HOSTS files. I mean jeez, what do you think this is, 1997?

That's weird, maybe it is your version of Chromium? I've recently switched to Comodo Dragon thanks to Mozilla with their "don't care, won't fix" attitude with regards to low rights mode in Vista and Win 7. It is also based on Chromium, has all the "phone home" crap cut out, and as a nice bonus offers you the choice of using the Comodo secure DNS which black holes the IP addresses of malicious spammers, scammers, and other nasties. If you are on Windows I would heartedly recommend it, it is quite nice and Adblock for Chrome works beautifully.

As for TFA, while I wish Opera nothing but luck something about their UI has always struck me as being...off. I don't know how to describe it, my oldest loves it so every time a new one comes out I give it a try on his machine but just never have been able to "get" Opera. It always feels like I'm fighting the thing. Maybe it is just one of those "love it or hate it" kind of things with no middle ground. Frankly with Chrome and Chromium I have a feeling both Opera and FireFox are gonna be in for a serious fight, Firefox because of their "cross platform or GTFO" attitude with regards to codecs and low rights mode. I mean why should I risk my customer's security just so Firefox can sit on their high horse about an OS that doesn't bloody need low rights mode anyway? And as for Opera their big selling point was speed, which frankly IMHO is mattering less and less daily. Mozilla is gonna have crazy JavaScript speed in Firefox 4, Chromium based browsers are already crazy fast, really how much fricking faster can we get? You still have to depend on a person to push the button, which means my Dragon is already faster than this old greybeard.

And allow me to finish since I'm already in my old and crotchety mode, that FF and Opera speeding up JavaScript without increasing security by using things like low rights mode seems horribly irresponsible to me. I mean we see time and time again that "JavaScript malware o' the day" is quickly getting right up there with Adobe products on the list of "things to bite you in the ass" and just means by cranking the JavaScript to 11 you are gonna make the machine get pwned really really REALLY fast, which just doesn't seem like a useful feature IMHO. At least IE and Chromium based browsers like Chrome, SWIron, Dragon, all use low rights mode to isolate the browser from the rest of the system. It just seems to me as Windows 7 replaces XP with tech like UAC, DEP, ASLR, and file and registry virtualization, the browser by virtue of it being so close to "bare metal" with the net will become the #1 attack vector if it isn't already. Anything the browser maker can do that limits the ability to be attacked is great in my book. And I apologize if Opera managed to sneak low rights mode in, but after doing a Yahoo Search all I found was folks complaining about FF and Opera not having it.

ZoneAlarm lost my support as a free Firewall solution in September over the whole "Global Virus Alert" scareware tactic. I recommend Comodo Internet Security now. Very configurable, easy to train, allows manual rule creation down to port level.

I tried Comodo twice over the years. Both times it made my system crawl, and I had issues which were showstoppers (but for the life of me I can't remember the detail).

ZoneAlarm lost my support as a free Firewall solution in September over the whole "Global Virus Alert" scareware tactic. I recommend Comodo Internet Security now. Very configurable, easy to train, allows manual rule creation down to port level.

I ahhhh hate to break the news to ya McGrew, but actually repairing Windows PCs for a living I can tell you the vast majority of Windows infections post XP SP2 is PEBKAC related. I have sat there dumbfounded after telling a user that a password protected zip file was an infection and watched them happily do EXACTLY what the email told them to and infect their machine, I have dealt with grown men that would run ANY .exe if it had the word "porn" in the title, and watched grown women click on ANY link sent to them via FB.

I can tell you without a shadow of a doubt that if you replaced all the Windows machines with Linux tomorrow by next week those users inboxes would be full of "free_porn_codec.sh" or "Happy_puppy_screensaver.sh" with instructions that they WOULD follow to run them. So unless you are willing to talk ALL rights away from home users and give them a Steve Jobs style walled garden OS design wouldn't do squat.

As for TFA, how does this compare to the Foxit "protected mode" where it shuts down all the executable code and just gives you the PDF? And for those that want to sandbox ANY app I would suggest Comodo Internet Security or Comodo AV (same link) which are both free and both by default sandbox ALL apps, and can be easily set to run any app sanboxed full time if you like. It does help with the PEBKAC users if for no other reason than they can't figure out how to turn the sandbox off.

So far the only "trick" I've found to help keep the "panicky" users from pwning themselves is to use the free Comodo AV or Internet Security because by default it'll not only shut down those kinds of "apps" but sandbox them as well, so even if Granny tries to force it unless you knows how to get into the Comodo system settings and disable the sandbox (doubtful) then anything she does simply won't stick.

Add in Comodo Time Machine (also free) for when Granny somehow manages to corrupt Win32.dll in XP (I still haven't figured out how some folks keep doing that) and it makes the machine pretty much a toaster with a screen. When my GF forgot to log off before work and her niece came over and totally hosed her desktop it took me less than 15 minutes by phone to walk her through a complete restore via Comodo Time Machine.

While Windows Vista and 7 are better about security, as you pointed out it is often the USER not the OS that does the machine in, and using Comodo is pretty much as close as I've come to a "No no, bad monkey!" button for PCs.

So far the only "trick" I've found to help keep the "panicky" users from pwning themselves is to use the free Comodo AV or Internet Security because by default it'll not only shut down those kinds of "apps" but sandbox them as well, so even if Granny tries to force it unless you knows how to get into the Comodo system settings and disable the sandbox (doubtful) then anything she does simply won't stick.

Add in Comodo Time Machine (also free) for when Granny somehow manages to corrupt Win32.dll in XP (I still haven't figured out how some folks keep doing that) and it makes the machine pretty much a toaster with a screen. When my GF forgot to log off before work and her niece came over and totally hosed her desktop it took me less than 15 minutes by phone to walk her through a complete restore via Comodo Time Machine.

While Windows Vista and 7 are better about security, as you pointed out it is often the USER not the OS that does the machine in, and using Comodo is pretty much as close as I've come to a "No no, bad monkey!" button for PCs.

For those on XP there is an easy way that will probably work to stop this cold. I say probably because I haven't had the time to look for an attack site and play with the code. But on XP you can use the Free Comodo Internet Security or Comodo Av (both free) and under "Defense +" settings choose to run IE always in the sandbox. This will keep IE from doing any real registry or file writing, instead dumping any writes to a virtual registry and file system that is locked off from the OS.

While I agree it is MUCH better to have DEP and ASLR, there are still tons of quite good machines out there that simply don't support those features and are still running XP. For those machines I use Comodo Internet Security and so far I have yet to have a customer or family member running it to come back pwned. Of course I try my damnedest to get them off of IE and onto FF, as we can see with TFA IE is still to big a target.

Or you could just...this is a thought, just throwing it out there...use Foxit with SandboxIE and call it a day. Or if you would prefer even more protection run Comodo AV or Internet Security and have EVERYTHING sandboxed. And that is of course if you are running on an older Windows, as Vista and 7 already do file and registry virtualization.

It really isn't hard to isolate programs anymore, or set up a machine so all but the most determined idiots can't hose it. I have my customers as well as my family on a combo of Comodo+Firefox with ABP+Foxit and frankly I can't remember the last time I had to clean a bug from one of those machines. Short of them ignoring the AV and saying "Yes, I'd like a bug, please install it!" they really have nothing to worry about. Just have everything set to autoupdate, along with an easy to setup program like Winutilities Free to automate registry and broken shortcut cleaning and defragging and the machine is as close to an appliance as one can get. It takes me less than a half hour and then I don't have to mess with it ever again.

So banning flash really is a case of chopping off your head to get rid of a headache. The users will scream bloody murder when their Farmville and videos don't work, and frankly it is unnecessary. You can even set up Filehippo update checker so all their third party programs are updated regularly as well. It really ain't hard AC.

Well all you had to do was ask, I just figured nobody would care. here you go, and I consider most of these, if not all, MUST HAVE apps, as they make my web SOO much nicer..FEBE (automated backups of everything from prefs to bookmarks) Downloadhelper and downloadstatusbar (places downloads into folder by extension, makes downloading videos easy to automate), Cookie Culler (automates which cookies I keep/toss) Firefox Sync (multiple PCs in multiple places ALL with the same bookmarks and prefs, nice) forecastFox (weather here can get dangerous quick, the early warning is a must have) iMacros (automates web data entry, easy peasy with NO programming knowledge required) ABP and NoScript (protects from drive by malware and keeps ads from sucking up my cap, so ads must NOT be downloaded and then blocked!) and ImgZoom (helps when my elderly relatives come over with their bad eyesight)

I'm not a fanboy, and I didn't look at chrome extensions so I frankly don't know WHAT they have, as I quit playing with it when I saw how much data it was sending off. But if you can find extensions that will do all of the above (I'd be happy to post a screenshot of both my XP and Win7 machine if you want to see my extensions list) and works with a non phone home version of Chrome like SWIron? I'd be happy to give it another go. I just started playing with Comodo Dragon which has the better privacy and less phoning home, but frankly I haven't had time to really see what is available. But if you know of replacements for those extensions, especially ABP and NoScript, I'd certainly think about giving it to some of my clients.

If you have kids with PCs I would suggest Comodo Time Machine. Sure you can do as another poster suggest and use the HOSTS file to block just these sites, but then you are in an arms race with the malware guys you are bound to lose. With time Machine you can send the OS "back in time" to before they did something stupid, and in my experience it only uses around 20Mb of RAM, trivial with today's machines.

As for the other posters complaining about high AV CPU usage? I've found Comodo Internet Security uses on average less than 45Mb of RAM and less than 1% CPU when running real time monitoring, and around 8% when it updates itself. It also has built in sandboxing on ALL executables by default, and you can set any executable to only run in or out of the sandbox if you'd like. The AV, Time Machine, and Internet Security (which combines their excellent firewall with Comodo AV) is 100% free, no nagware, no email required. You can even choose to use their secure DNS if you'd like which black holes known infected sites until they clean up their act.

I don't work for the company or have any affiliation, just a humble PC repair guy that got tired of seeing his customers get burnt by bugs or bad AV. with Comodo I haven't seen a single bug on installed machines, and this is with customers that can pick up more bugs than a Bangkok Whore, so you KNOW it has got to be good! But with kids besides making them low rights users by default a combo of Comodo AV and Time Machine will not only keep the bugs out, but if they manage to bork something beyond booting you can just hit F11 and restore it from the preboot environment. My GF lives nearly 2 hours away and having Time Machine was a life saver when she forgot to log off and her niece completely borked XP! try them, I bet you'll like them, and for free, what's to lose? One warning though: DO NOT use Time Machine in a dual boot with windows 7! It won't harm anything, it just won't run because the latest windows changes drive letters so wherever you install it becomes the C: drive when it is running, which Time Machine couldn't track. But I'm not only running all of the above on multiple machines, I have customers, friends, and family all on it and they work like a charm.

If you have kids with PCs I would suggest Comodo Time Machine. Sure you can do as another poster suggest and use the HOSTS file to block just these sites, but then you are in an arms race with the malware guys you are bound to lose. With time Machine you can send the OS "back in time" to before they did something stupid, and in my experience it only uses around 20Mb of RAM, trivial with today's machines.

As for the other posters complaining about high AV CPU usage? I've found Comodo Internet Security uses on average less than 45Mb of RAM and less than 1% CPU when running real time monitoring, and around 8% when it updates itself. It also has built in sandboxing on ALL executables by default, and you can set any executable to only run in or out of the sandbox if you'd like. The AV, Time Machine, and Internet Security (which combines their excellent firewall with Comodo AV) is 100% free, no nagware, no email required. You can even choose to use their secure DNS if you'd like which black holes known infected sites until they clean up their act.

I don't work for the company or have any affiliation, just a humble PC repair guy that got tired of seeing his customers get burnt by bugs or bad AV. with Comodo I haven't seen a single bug on installed machines, and this is with customers that can pick up more bugs than a Bangkok Whore, so you KNOW it has got to be good! But with kids besides making them low rights users by default a combo of Comodo AV and Time Machine will not only keep the bugs out, but if they manage to bork something beyond booting you can just hit F11 and restore it from the preboot environment. My GF lives nearly 2 hours away and having Time Machine was a life saver when she forgot to log off and her niece completely borked XP! try them, I bet you'll like them, and for free, what's to lose? One warning though: DO NOT use Time Machine in a dual boot with windows 7! It won't harm anything, it just won't run because the latest windows changes drive letters so wherever you install it becomes the C: drive when it is running, which Time Machine couldn't track. But I'm not only running all of the above on multiple machines, I have customers, friends, and family all on it and they work like a charm.

Uuuhhhh...it might be true if you were talking Linux VS WinXP, but security in Windows 7 is actually pretty damned good. File and registry virtualization (and if you want to add a little extra security for free both Comodo AV and Comodo Internet Security have sandboxing of all apps and can be set to sandbox or not on a per user basis), UAC works well, and most importantly the literally thousands of apps that most business and governments run on will work just fine. And with XP Mode they can have their older apps sandboxed while still having links that are just "clicky clicky" easy, which means no retraining. Hell I gave my 67 year old dad which is as clueless as they come windows 7 and he was doing better on it in a week than he did on 7 years of XP.

I'll probably be modded down for daring to go against the pro FOSS bias here, but it really is about using the right tool for the job. Some jobs Linux works quite well, better than most Windows in fact, such as the old 500Mhz PCs I turned into simple GUI based databases for the local church, or taking older hardware donated to a school and making a good teaching tool out of it. Web servers, Kiosks, cell phones, those jobs Linux is quite good at. Businesses? Not so much, as you'd be amazed how many funky specialized apps they are using which have NO FOSS alternatives. Hell I have yet to find a real alternative in FOSS for the ones I come across often...Quicken/Quickbooks, Photoshop, Sony Vegas, the funky easy peasy software that comes with cameras nowadays, even audacity which I like ain't a replacement for Cubase I'm sad to say, although it is good for basic tracking.

Instead of trying to say FOSS is the jack of all trades, which makes it a master of none, why not simply admit sometimes Windows or OSX makes the better choice? I wouldn't waste money on windows licenses on the jobs I mentioned Linux is good at, why would I? in those tasks it works quite well. But IMHO trying to say "Use Linux!" at every single opportunity is simply bad for Linux, as when you choose it for the wrong tasks you may end up causing the user to sour on ever trying FOSS for ANY task if their first experience is bad. Better to stick with what you are good at and build up steam that way IMHO, than to try to force everyone to use a screwdriver when they sometimes need a hammer or pocketknife.