Ubuntucat

Introduction
Step 1. Install Windows updates automatically
Step 2. Make your primary account a limited user account
Step 3. Use Firefox with the NoScript extension
Step 4. Read up on social engineering and how to avoid being the victim of it
Step 5. Do not pirate software, music, or movies
Step 6. Avoid all “antivirus” or “security suite” software

Introduction

Out of the top three consumer-oriented software platforms (Windows, Mac OS X, various Linux distributions), Windows is my least favorite operating system, but I’m no Windows hater. A lot of times I hear Mac and Linux users saying they switched because they were tired of viruses and malware in Windows.

While it’s true that Mac OS X and most Linux distros make it easy to keep your operating system secure with their default settings, you can make Windows just as secure, and that’s what this six-step guide is for.

If you follow these instructions carefully, you should pretty much never get malware (spyware, adware, viruses, trojans, rogue viruses, worms) in Windows.

The screenshots use Windows 7, but the same principles apply to Windows Vista and Windows XP as well. The steps may just be slightly different (especially for Windows XP). If you’re still using Windows 98, pay for an upgrade to Windows 7; or if you’re too cheap for that, just switch to Linux. There’s almost nothing Windows 98 can do that Linux can’t, and Windows 98 no longer receives security updates (it also has no limited user accounts).

You can click on the screenshot thumbnails if you want to see larger versions.

Step 1. Install Windows updates automatically

In early 2009, there was a lot of paranoia about the Conficker worm, which was supposedly going to do scary things and which had already infected 10 million computers. Which users had to worry about Conficker? The Windows users who did not install Windows updates. A full month before that iteration of Conficker became active, Microsoft had already released a patch for the flaw Conficker exploited.

Windows Updates can be just annoying prompts to install a new version of “Windows Genuine Advantage.” More often than not, though, they are actual security updates that patch flaws and security holes in the Windows operating system. It is a good idea to set these updates to install regularly.

Go to the Start Menu > Control Panel > System and Security

Then under Windows Update, select Turn automatic updating on or off

Make sure updates are set to install automatically. Then click OK.

Step 2. Make your primary account a limited user account

Have you ever had your Windows installation infected so thoroughly (registry, dlls, startup programs, other system files) that it was apparent it would take less time to reinstall Windows than it would to try to clean out all the malware that destroyed Windows? Are you kicking yourself because the infection came through one or two clicks of the mouse?

Well, that’s because Windows, by default, makes the primary user a full system administrator. In newer versions (Windows Vista and Windows 7), there is something called User Account Control. It’s that annoying “Are you sure? Are you sure?” prompt you get that you end up conditioning yourself to always click “Yes” to.

By using primarily a limited user account, you can feel free to click on what you want and not worry about infecting system files. When you want to finally install software, you can do so by temporarily authenticating as the administrator account.

First, we’re going to create a new administrator account.

Under System and Security in the Control Panel, select User Accounts and Family Safety and then Add or remove user accounts

This is that annoying User Account Control prompt I was talking about before. Click Yes.

Click Create a new account and then make sure the new account is going to be an Administrator account and click Create Account.

With the soon-to-be-regular account called Susan, I’m going to be naming the new administrator account SuperSusan so I know it’s a special account I shouldn’t be using on a regular basis.

And, by the way, even Microsoft recommends you use a standard (or limited) user account. You can click on Why is a standard account recommended? for more details about that.

Now click on the newly-created administrator account name and then select Create password

Make sure your password for this new account is significantly complicated. It should contain no dictionary words or personally identifiable information (birthdays, social security numbers). It should have numbers, lowercase letters, uppercase letters, and punctuation in it, though.

So you don’t forget your password, go ahead and write it down on a sticky note somewhere near your computer. The greatest threat to your security is an online threat, not another family member. Besides, anyone with physical access to your computer and a little know-how can easily reset your password, anyway.

When you’re done, click Create password

Log out of your normal user account and log in as the new administrator account. It is not enough to switch users in this case. Make sure you properly log off.

Go to Start Menu > Control Panel > User Accounts and Family Safety > User Accounts

Click on Manage another account

Click Yes and then select your normal user account

Click Change the account type, select Standard user (also known as a “limited user”), and then click Change Account Type.

Log out of the administrator account and log back into your normal (now standard or limited) user account. You should never have to log in as the administrator directly again.

Step 3. Use Firefox with the NoScript extension

I see a lot of confused Windows users wondering which web browser is “the safest.” Is it Opera? Is it Chrome? Is it Firefox? Internet Explorer? Safari?

The truth is that if you use any modern web browser with its default settings, they’re all about the same in terms of safety. They all have pop-up blockers that block 95% of pop-ups. They all have warnings about potential spoofing websites. They all get regular security updates when flaws are discovered, and every browser has flaws. There is no perpetually invincible web browser.

If you use Firefox in combination with the NoScript extension, that’s about as secure as you’re going to get, though, since NoScript by default blocks JavaScript, Flash, and just about everything else interactive on websites unless you explicitly whitelist specific sites.

Think of your computer as an exclusive nightclub. Do you think it’s easier to secure your party by having a bouncer outside the club who screens all incoming guests, or by allowing anyone inside the club and then having bouncers inside trying to drag people out? Well, NoScript is your bouncer outsider. It’ll block everything, and then it’s up to you to let trusted websites in on a case-by-case basis.

To install NoScript, in Firefox, go to Tools > Add-ons and then click on Get Add-ons and then Browse All Add-ons

You’ll be taken to the Mozilla add-ons website. Search for noscript.

Once you’ve found it, click on Add to Firefox and then Install Now (after a three-second delay, the button will appear as clickable).

You’ll be prompted to restart Firefox to activate the NoScript extension. Go ahead and restart Firefox.

Now you’re web browser is as secure as possible. Of course, this may seem annoying at first.

Convenience and security are always at odds. It may be convenient to have thousands of dollars of cash on you at all times, because it’s always easily accessible, but if you get mugged or pickpocketed then all of your money is gone. It’s slightly less convenient to keep most of your money in a bank, but it’s a lot safer in the bank (and also insured up to a certain amount, in case the bank gets robbed).

For the first two weeks you use NoScript, it may seem pointless. It may seem as if you’re just whitelisting every single site you visit. Don’t give up. After a while, you’ll realize you’ve whitelisted just about every site you do visit regularly, and then you can spend a lot less time whitelisting (or keeping blacklisted) potentially shady websites you stumble upon on a less regular basis.

Step 4. Read up on social engineering and how to avoid being the victim of it

Have you ever heard the term trojan virus, gotten scared, and thought “I hope I never get one of those”?

Well, the good news is that you don’t ever have to get a trojan. Trojans don’t just happen. You choose to install them yourself. Trojans are becoming increasingly the most popular kind of malware, and they can thrive on any operating sytem (Windows, Mac, Linux), because they exploit a security flaw the operating systems cannot patch—the user.

That’s you. You are potentially the biggest security hole for your computing experience.

Trojans and phishing scams rely on something called social engineering, which is just a fancy term for tricking someone into lowering security guards.

It can be someone calling up and pretending to be your IT support department in order to get your password. It can be someone pretending to be your bank to get your private personal information. It can be a pop-up window pretending to be an antivirus scanner that’s found malware on your computer (and if you pay the scammers $50, they’ll remove the non-existent malware for you… or actually install real malware now that you’ve been tricked into installing it).

You wouldn’t hand your car keys over to fake valet. Don’t hand over the keys to your computer to a fake… anything (fake pirated commercial program, fake warning about malware, fake credit card company request for information verification).

Do yourself a favor. The absolute most important step to take in securing your computer is making yourself an educated user. Google the term social engineering and read the first ten results of that search thoroughly.

Step 5. Do not pirate software, music, or movies

I’m not saying if you pirate software, music, and movies that you will definitely contract malware, but by not pirating all that stuff, you lower your chances significantly of installing a trojan or some other kind of malware.

If you’re hard up for cash, the best way to look for trustworthy free stuff is to look for open source stuff.

The website Open Source Windows has lots of great free (and malware-free) software. No pop-ups. No trial periods. No scams. No activation keys. No exhorbitant costs.

You can also find some more-obscure open source projects at Source Forge.

Here’s an example of installing an open source instant messaging client.

Note that for the script that automatically starts downloading the file (without manually clicking the download link), you’ll have to whitelist the site from the NoScript icon. You’ll also have to do this the first time you watch a video at YouTube or Hulu or the first time you try to book airline tickets on a site like Expedia or Priceline.

Once you’ve saved the file to your downloads folder, in order to install it—now that you’re a standard (or limited) user—you’ll have to right-click the file and select Run as administrator

You’ll then be prompted for the super-user or administrator’s password you set earlier. Enter that and you can continue.

In addition to open source software, there are also writings, pictures, and music released under freer-than-traditional-copyright licenses. You can find more information about this at Creative Commons.

There’s also free (and legal) music at Jamendo. Really, though, if you need commercial music, Amazon’s MP3 store has reasonable prices, and even several hundred free sample tracks.

Step 6. Avoid all “antivirus” or “security suite” software

Although this doesn’t directly make your Windows installation more secure, it is a good idea for several reasons:

• If you already have solid security in place, pretend security (Norton, McAfee, AVG, Avast, MalwareBytes, Kapersky, etc.) just takes up extra hard drive space and sometimes extra system resources. This means you have less storage space for your actual files (music, movies, documents, pictures). It can also mean your computer doesn’t run as fast as it would otherwise.
• So-called antivirus and antispyware programs encourage complacency. Rather than being proactive about security by locking down the system and educating the user on how to avoid social engineering–based attacks, these placebos make people think they’re “protected” while wasting space, resources, and possibly money.
• If you constantly rely on these security suites to protect you, you’re more likely to fall for rogue viruses pretending to be antivirus scans.
• There are two ways antimalware tries to protect you—by keeping a list of known offenders and comparing files to that known list, and by trying to guess what might be an offending file or application. The list of known offenders can never keep up with actual new offenders. And guesses lead to a lot of false positives, making users unnecessarily paranoid (about tracking cookies, for example).

Of course there are always folks who will say “But I want to just run it just in case….” In this case, there is no just in case. If you follow all five of the previous steps carefully, antivirus will do nothing to protect you. And if you refuse to follow all five of the previous steps carefully, antivirus will also do nothing to protect you.

It would be like a soldier suiting up with heavy armor and kevlar and then adding a razor-thin layer of tissue to the top as “just in case” protection against bullets. If you have armor and kevlar, that’s the best protection you have against bullets. The tissue won’t be offering additional protection. And if you don’t have the armor and kevlar, again the tissue won’t offer additional protection.

The armor and kevlar in this analogy are the first five steps in this tutorial. The tissue is “antivirus” software, security suites, and all that other garbage that offers you no protection.

Hopefully you’ve found this tutorial helpful. As you can see, security woes are no reason to switch away from Windows. If you have a genuine interest in exploring Mac OS X or Linux, though, I think you’ll find them both rewarding computing experiences in their own respective ways.

Even though some people have accused me of being a blind Obama follower, I’m actually not that big a fan. I like him. He’s okay… for a politician. I really voted for Kucinich in the primaries, and if Clinton had won the primaries, I’d have voted for her for president. The truth is, with all the blue states and red states, and with all the polarization on abortion, immigration, taxation, health care, and the military; anyone who gets elected to the presidency has to be a liar and a politician. You can’t hold too tightly to your principles if you want to piss off as few people as possible.

Obama’s latest speech on education got me annoyed, though. And if that’s really his plan going forward, I don’t really see the American K-12 education system getting any better.

Because improving education is central to rebuilding our economy, we set aside over $4 billion in the Recovery Act to promote improvements in schools. This is one of the largest investments in education reform in American history. And rather than divvying it up and handing it out, we are letting states and school districts compete for it. That’s how we can incentivize excellence and spur reform and launch a race to the top in America’s public schools.

I see. So if Wall Street gets itself in trouble through excessive greed and unethical business practices, then they get a bailout. K-12 schools will get a measly (by comparison) $4 billion only if they can improve without the extra money? That’s ridiculous. With a few rare exceptions, the best schools in America are well-funded and the worst are under-funded. So withholding the money until the schools get better isn’t going to make them better.

Now I agree with what Obama said back in the debates with McCain that throwing money at schools doesn’t automatically make the schools better. Obviously. You can never just throw money at a problem to make it better. You have to carefully place the money instead of throwing it.

This is not about more tests. It’s not about teaching to the test. And it’s not about judging a teacher solely on the results of a single test.

It is about finally getting testing right, about developing thoughtful assessments that lead to better results; assessments that don’t simply measure whether students can use a pencil to fill in a bubble, but whether they possess basic knowledge and essential skills like problem-solving and creative thinking, creativity and entrepreneurship.

If you create a test that you’re judging the success or failure of a school on, you are necessarily creating a teach-to-the-test atmosphere. It’s like saying “I’m going to give raises to the employees who do what I say. But I don’t want you to do what I say. Just do your job.” If you say that as an employer, suddenly “your job” becomes “what I say.”

And good luck trying to create a standardized test that measures all that.

From the moment a student enters a school, the single most important factor in their success is the person in front of the classroom.

Really? So if I take the best teacher in the country, put her in front of a class of 30 students who have varying abilities (most of which on the low end), who all have behavioral or psychological problems, some of whom have learning disabilities of varying types; give that teacher no textbooks (or ones falling apart), no pencils, no computers, a room that’s constantly a mess; create a culture of low achievement and high grade inflation where every challenge to authority must be disciplined immediately or else the students will run amok—somehow that teacher is going to do better than a mediocre teacher with a class size of 14 students who all get outside tutoring, parental support, computers, textbooks, pencils, a clean building, a school culture of students being treated like responsible adults and, for the most part, living up to that expectation?

Nice try.

I’ve worked and taught in both of those environments, and I can tell you right now the mediocre teacher will get more done in class and her students will end up learning more by the end of the year, even if they’re in class for fewer hours.

Throw out your Dangerous Minds and Stand and Deliver DVDs and stop believing the myths. Having great teachers is great, but that isn’t the solution to our educational problems.

Success should be judged by results, and data is a powerful tool to determine results. We can’t ignore facts. We can’t ignore data. That’s why any state that makes it unlawful to link student progress to teacher evaluations will have to change its ways if it wants to compete for a grant.

You should not link what you perceive to be student progress to evaluation of whether a teacher is a good teacher or not. One of the best teachers I ever had was my US history teacher. She taught me stuff that lasted through college and beyond. She taught me to think critically. She taught me about instititutional racism and about feminism. I got a B+ in her class sophomore year. I got a B in her class junior year. Then I took another history class senior year and got a B-. You can see where this is going. So how would Obama’s new test get that this teacher was amazing? It wouldn’t. In fact, it would look as if she was terrible, because my performance was going down.

Better standards. Better teaching. Better schools. Data-driven results. That’s what we will reward with our Race to the Top Fund.

I’m sorry, but your plan stinks, Mr. President. It’s well-intentioned but extremely misguided. You know nothing about how to fix education in this country. Have you taught in a public school before? Are your kids in one right now? Are your daughters in an underfunded public school? No? Why not? Because you know it isn’t just about having good teachers and results. You know that your daughters are getting a better education because their school provides smaller class sizes, adequate school supplies, a whole school culture where learning is valued, and proper support and rest for its teachers.

The worst part about your plan is that even if it works the way it’s supposed to, then a handful of schools and states will get more funding and better schools, and then the other states will get less funding and worse schools. Talk about the rich getting richer.

Do you want to know how you can fix education the easy way?

• Have states evenly distribute funds to all schools within the state. Schools in rich suburbs should get no more funding than schools in urban areas.
• Focus spending on reducing class sizes. Even without textbooks, even without computers, even without desks, even with learning differences, if I have only 10 or 12 students in my classroom as opposed to 30 or 40, I can operate more effectively just being a good, decent, or great teacher instead of having to be a superhuman teacher.
• Give financial incentives to colleges and universities to reward high schools that do not inflate grades.

There. You’ve just leveled your playing field and saved yourself $4 billion.

Add one more to the tech journalism hall of shame.

From PC World‘s “Google’s Chrome OS May Fail Even as It Changes Computing Forever”:

First, Google will compete with another operating system, Linux, that has tried fruitlessly to replace Windows on consumer PCs. The Linux camp will give it another go with a Linux variant called Moblin that has the backing of Intel and is headed for netbooks soon. (No specific partners or dates have been announced.) Dell says it prefers Moblin to Chrome OS.

Hey, Tom Spring—Google Chrome OS is Linux, just as much as Intel’s Moblin is, just as much as Ubuntu is. Linux is a short-hand many people use to designate any operating system that uses the GNU/Linux kernel… and Google Chrome OS uses the Linux kernel!

Maybe this mistake is a good thing.

If even tech “journalists” think Google Chrome OS isn’t Linux, then maybe people will give Chrome a chance because of the Google brand and not be afraid that Linux is only for geeks. After all, no one ever said you had to be a geek to use TiVo.

If Chrome OS is successful, Linux’s “year of the desktop” may not even be recognized as such, because most people (not even supposed journalists) won’t even realize Chrome is Linux. Of course, I don’t buy that Google is directly competing with Microsoft. Yes, Chrome OS is an operating system. Yes, if it’s successful, it will take some marketshare away from Windows. But cloud computing can be only so successful in the near future. Not everyone has broadband internet. Not everyone wants confidential documents on someone else’s servers. Not everyone wants to migrate away from her current platform. Not all applications have “cloud” counterparts.

If Google is successful in taking over the netbook market, it’ll be a huge blow to Microsoft, but people will still be using their Windows desktops and Windows laptops for heavy gaming, for niche business applications, for graphic design (if they aren’t using Macs).

Windows does not need to be totally overthrown, though. Any gain in marketshare for Linux will mean more hardware support for Linux users, which means ultimately more freedom and choice for even those Linux users who use non–Chrome OS distros.

In that excellent 1980s film Throw Momma from the Train, the two main characters (one, a creative writing instructor; the other, his student) keep chanting the mantra of the instructor’s class: “a writer writes… always.”

Stephen King in On Writing gives the same advice, as does Cerebus creator Dave Sim, who says something like (I’m paraphrasing here) every comic book artist has 1000 bad pages to get out. If you do a page a day, after a few years, your pages will start being good.

The nice thing about being a creative writer or a comic book artist is that you don’t have to (or get to, depending on how you look at it) publish everything you create. So if you do have 1000 bad pages, you can tuck those away in your closet or throw them in the trash can (Stephen King’s hit novel Carrie was going to go into the trash bin before his wife rescued it, seeing the potential).

Blog posts aren’t quite the same way. Sure, you can have hidden blog posts or passworded ones, but the idea behind a blog is that it’s your thoughts. Blog posts aren’t supposed to be masterpieces you rehearse for and then finally publish for the public. They’re supposed to at least have the appearance of spontaneity.

Well, for you few readers I have, I just wanted to reassure you I’m still alive. I’m actually quite relaxed (on vacation from work). I just don’t really have a lot to say right now. In fact, when I’ve thought I have had new things to say, I’ve gone back into my old blog posts (over 400 right now) and seen “Oh, I’ve already written about that.”

I’m not promising everything I write from this point forward will be insightful. I don’t think I’ll be blogging for blogging’s sake, though. If I have something to say, I’ll say it. Thanks for reading!

I don’t use Netflix any more, but when I did, I liked how it tried to guess what you might like based on how you rated things. They would look at people who rated things similarly to you and then say something like “85% of people with tastes similar to yours also liked this movie.” (I don’t remember exactly how it was phrased.)

When Yelp just started getting popular, it was the best restaurant-rating resource around. Now, though, I’m finding the reviews to be less and less useful. Even if a restaurant gets an average of 5 stars, I have no idea if it’ll be excellent, good, fair, or terrible. Really. No idea.

The problem is I don’t know what reviews to trust. If you get a few reviews saying “This is the best gnocchi I’ve ever had” and a bunch saying “The pasta is bland and tasteless,” which ones do you believe? What if you have ten reviews all saying the sushi is the best, but you’re really picky about sushi and so you don’t know what “best” means to these people?

The solution is obvious, and I don’t know if it’s too much effort for Yelp to implement, but they should allow you to rate restaurants (without necessarily writing reviews) and then try to recommend restaurants to you based on how people who have similar tastes rated those restaurants.

For example, let’s say I’m in San Diego and have no idea where to eat. I go to Yelp and search for restaurants in San Diego. Instead of a bunch of random restaurants coming back with average review ratings of 5 or 4, only targeted restaurants would appear in my results, based on how those reviewers’ ratings on other restaurants compared to my ratings or the ratings of those similar to those with my ratings. That’d be awesome.