PC Club of Charlotte
Bytes and Bits
November 2008 issueNOVEMBER 13th MEETING PROGRAM
Digital Photography for the Holidays
Presented by Richard Kinkel
Tips and Tricks in taking the best Holiday photos ever!
Richard will also talk about choosing a camera for a gift and using photo organization software.
Please e-mail Richard at:
photo@pc3.org with your questions or topics to cover at the Meeting.
The November PC3 Meeting will be held
on Thursday, November 13th at
Little Diversified Architectural & Consulting 5815 Westpark Dr. Charlotte, NC 28217
The meeting begins promptly at 7:00pm.
(Doors do not open before 6:45).
Join us for supper before the meeting at McAlister's, 4805 Park Road at Seneca.
--------------------------------------------------------------------------------
WINTERFEAST Party
Get your tickets NOW!
Come to the Meeting on Thursday
or
email the treasurer by December 1
Only $15.00 for a great meal, entertainment and fantastic prizes!
--------------------------------------------------------------------------------
Letter From The President
The news this month is our annual Winterfeast Holiday Party. Buy your tickets at the general meeting Thursday, the Microsoft Office SIG, or by contacting
Treasurer@pc3.org by December 1. Tickets are $15 each for members and one guest. Don’t forget that the party is at Levine Senior Center this year. Check the Calendar for directions. Thanks to Terry Bozarth, Barbara DeMase, and Dewey Williams for helping to organize the party. Terry and Barbara are coordinating arrangements while Dewey is shilling for gifts again. If you have ideas (or better, labor!) to help them out, please contact them.
The Holidays are coming and we’ll try not to make excessive demands on your time. Most SIGs will not meet in December and you know the topic of the General Meeting. But the New Year starts almost before the cookies are all gone - and so do our demands on you. Please check out my blog on the Forum and express your interest in future Meeting Topics. Nothing is scheduled yet for 2009. By the January Board Meeting, we will start twisting arms for Officers. Save us the trouble and step up for positions in which you want to contribute.
Big Numbers
I happened to be staring at the screen as my Antivirus Program was finishing up its weekly full-system scan. It reported that it had scanned 1,083,622 objects on my computer. To an Antivirus Program: an “object” is not just a name in Windows Explorer, but also Internet cookies and the component files within compressed files such as the Windows distribution .cabs. Last time I was watching a virus scan go by, a busy computer might have 20,000 objects.
- - - - -
I just bought 2 terabytes of disc storage. That’s over 7 orders of magnitude (10,000,000 x) more bytes than I could get on the first data discs I was using less than 25 years ago. And back then, one disc could hold over a week’s worth of paying work. You noticed I didn’t say it’s “10 million times more data than I used to do.” I also remember when I was offended that a Word document was pushing 100K or a web page with pictures was more than 20-30K. Compare those “big” numbers with a single image from your 8 megapixel camera. To be honest, I am not storing 2 TB. I bought four 500GB external hard drives for a client to use for rotating offsite backup. In fact, he only has about 10%-20% that much data.
- - - - -
IBM recently delivered the Roadrunner supercomputer (“the”, not “a”) to the Department of Energy (they’re the folks who build nuclear bombs). This computer is capable of over one Petaflop. A “flop” is a unit of computing power and a “peta” is a million-billion. That’s said to be the power of 100,000 contemporary PCs and 3 times the speed of the previous record holder. It’s got 98 terabytes of RAM. That makes my 2 TB of disc storage look pretty puny.
The computer runs on the same chip as a Sony Playstation 3 and uses Red Hat Linux. Over 12,000 of those chips, that is (plus another 6,000 AMD server-class CPUs, just for administration). The whole unit takes up a little more space than an NBA court.
For all this, the computer could be Energy-Star rated. It performs 437 million calculations per watt of electricity. That’s a total of 2.35 megawatts, similar to the demand of Charlotte’s Dilworth residential neighborhood. Presumably, that doesn’t include the additional power for the air conditioning.
Roadrunner (the computer) references:
http://www-03.ibm.com/press/us/en/pressrelease/24405.wsshttp://www.doe.gov/news/6321.htmhttp://computer.howstuffworks.com/question54.htmhttp://www-03.ibm.com/press/us/en/attachment/24404.wss?fileId=ATTACH_FILE2&fileName=Roadrunner%20supercomputer.jpghttp://www.allprojectstats.com/ Bill Barnes, President, PCCC
11/6/08
--------------------------------------------------------------------------------
SPECIAL INTEREST GROUPS
Web Design SIG
Levine Senior Center
TBA
(Check PCCC Website for possible date change)
Online Collaboration SIG
Levine Senior Center
TBA
(Check PCCC Website for possible date change)
MS Office SIG
Levine Senior Center
Tuesday, December 9 @ 6PM
"Advanced Microsoft Word " (Segment 3)
For the times and locations of all meetings: go to
http://pc3.org/EventCalendar.
The Event Calendar is the most reliable source for late program changes
(including cancellations).
--------------------------------------------------------------------------------
BOARD MEETING MINUTES
Personal Computer Club of Charlotte
Monday, October 27, 2008
Attending: Bill Barnes (President), Jack LaPointe (VP & Membership), Barbara DeMase (Treasurer),
Paul Reiss (Secretary), Dewey Williams (Webmaster) and Loren Dobosy (Publicity).
Meeting at Showmar's on 7th Street was called to order at 5:40PM, by President Bill Barnes.
· Approval of Minutes: Barbara moved and Dewey seconded that the previous minutes be accepted as published. Passed.
· Committee Reports:
Treasurer's Report - Barbara:
Oct..1st through Oct. 31st , 2008
Assets: as of September 31st, 2008
Checking account:
Beginning balance: $1606.13
Deposits/Credits 105.00
( 1 membership, 6
holiday tickets)
Withdrawals/Debits ___.00
Ending Balance $1711.13
PayPal 429.05
Easel - 27.87
$ 401.18
Cash on hand 30.00
Total: $ 2142.31
Disbursements: Easel from PayPal
Publicity: Loren continues to submit announcements of meetings. Look in the Neighbors section of the paper each month.
Membership Development-Jack: Barbara and Jack are coordinating the database to keep it current and accurate. Barbara is sending dues reminders to lapsed members.
Newsletter: Warren was unable to attend but asks that members contribute by writing new experiences with web sites, a program or pieces of hardware. Send it to
editor@pc3.org . Deadline is this weekend, 11/9/2008. We are sending the newsletter to almost 100 addresses each month.
Levine Center: Our 'Intro to Digital Imaging' class for Seniors continues weekly on Monday afternoons.
SIGs (Special Interest Groups) also continue to meet. See the calendar at PCCC.org for details.
§ Web Design - Dewey & Bill: The next meeting will be at the Levine Center on the 1st Wednesday, 11-3-08.
§ MS Office - Warren: The 3rd part of advanced MS Word is scheduled for Tuesday, December 9th.
· Business:
Web Master-Dewey: Is sending requests to all the companies on his list requesting items for our Holiday Party Raffle. He urges any member who has a possible source for hardware or software to pursue it and keep him informed of your progress.
· Programs: November - Richard Kinkel will present a program on taking better pictures as well as cropping, saving and transmitting them for the Holidays.
December: the annual HoliFeast will be held at the Levine Senior Center on the 2nd Thursday of December, 12/11/2008.
Please get your reservations ($ 15 per person) to Barbara at the General Meeting (or by December 1st).
· Other Business:
Alternative locations for Board Meetings - Next month’s location will be the Matthews Grille on Independence Blvd at NC-51.
See map at
http://maps.google.com/maps/ms?ie=UTF&msa=0&msid=107588564568323308230.00044c449e8b0635dd12d,
· Motion to Adjourn: by Jack , 2nd by Loren at 7:00 P.M.
Respectfully submitted: Dr. Paul I. Reiss, Secretary
--------------------------------------------------------------------------------
Secunia: popular security suites failing to block exploits
Posted by Dancho Danchev @ 5:24 pm
In a recently conducted comparative review, Danish security company Secunia, tested the detection rate of 12 different Internet Security Suites against 300 exploits (144 malicious files and 156 malicious web pages) affecting popular end user applications, to find that even the top performer in the test is, in fact, performing ooorly in general. Their conclusion:
“These results clearly show that the major security vendors do not focus on vulnerabilities. Instead, they have a much more traditional approach, which leaves their customers exposed to new malware exploiting vulnerabilities.
While we did expect a fairly poor performance in this field, we were quite surprised to learn that this area is more or less completely ignored by most security vendors. Some of the vendors have taken other measures to try to combat this problem. One is Kaspersky who has implemented a feature very similar to the Secunia PSI, which can scan a computer for installed programs and notify the user about missing security updates. BitDefender also offers a similar system, albeit this is more limited in scope than the one offered by Kaspersky and Secunia. We do, however, still consider it to be the responsibility of the security vendors to be able to identify threats exploiting vulnerabilities, since this is the only way the end user can learn about where, when, and how they are attacked when surfing the Internet.”
And while it’s boring to scroll through the empty tables of the study, is Secunia’s report a frontal attack against the security software vendors’ inability to block exploits, or are they trying to emphasize the fact that the end user should make better informed purchasing decisions when relying on All-in-One Security products?
In 2007, Secunia released data indicating that 28% of all installed apps aer insecure, and despite that the vulnerabilities has been already addressed, the end users were still living in the reactive response world. Cybercriminals on the other hand, took notice, and following either common sense or publicly obtainable data indicating that end users remain susceptible to already patched vulnerabilities, started integrating outdated exploits into what’s to become one of the main growth factors for web malware in the face of today’s ubiqutous Web malware exploitation kits.
A year later, another study confirmed this fact and pointed out that one of most effective vehicle for the success of Web malware — the insecure Web Browser — remains largely ignored by millions of Google users. So, theoretically, the more traffic the malicious attackers acquire and redirect to their exploit serving domains, the higher the probability for a successful infection with an undetected by standard signatures-based scanning piece of malware - which is exactly what they’ve been doing the entire 2007 and 2008.
What is more important, to detect the latest malware binary behind the exploit serving file, or prevent the latest malware binary from reaching the end user/company by blocking the relatively static exploit serving file? It’s all a matter of perspective.
Naturally, the reactions to the comparative review and the methodology used are already receiving criticism from the vendors. Sunbelt Software's Alex Eckelberry comments on the report, and also includesAV-Test.org's Andreas Marx opinion emphasizing on why it’s important to prioritize:
“In most cases, it is simply not practical to scan all data files for possible exploits, as it would slow-down the scan speed dramatically. Instead of this, most companies focus on some widely used file-based exploits (like the ANI exploits) and some companies also remove the detection of such exploits after some time has passed by (as most users should have patched their systems in the meantime and in order to avoid more slow-downs).
There are a lot more practical solutions built-in to security suites, like the URL filter (which checks and blocks known URLs which are hosting malware or phishing websites) and the exploit filter in the browser (which would also block access to many “bad” websites). Some tools also have virtualization and buffer/stack/heap overflow protection mechanisms included, too.
Then we have the traditional “scanner” — and even if some exploit code gets executed, a HIPS, IDS or personal firewall system might be able to block the attack. For example, some security suites are knowing that Word, Excel or WinAmp won’t write EXE files to disk — so potentially dropped malware cannot get executed and the system is left in a “good” state.”
Emphasizing defense-in-depth, and prioritizing in the case of blocking the most popular exploits used is a very good point since it has the potential to protect as many customers as possible from the default set of exploits used in the majority of malware attacks. For instance, the massive SQL injection attacks that took place during the last couple of months were all relying on a relatively static javascript file whose generic detection is a good example of prioritizing. Moreover, due to the evident template-ization of malware serving sites, and the commoditization of Web malware exploitation kits, the impact of ensuring that your customers are protected from the default sets of exploits included within these kits, means that your customers will be protected from a huge percentage of Web-based malware attacks.
No Internet Security Suite can protect you from yourself, so do yourself and the Internet a favor: patch all your insecure applications - it’s free.
Submitted by Dr. Paul I. Reiss, Secretary
--------------------------------------------------------------------------------
See you at the Meeting on Thursday!
--------------------------------------------------------------------------------
SUPPORT OUR CLUB
AND ITS MEMBERS!
Please click on a Link:
Internet Backup Service
Member's Network
Lower Prices on Internet Phone!
Industrial Controls & Computer Engineering
