Basement Refinishing Comment on Article

See Here[^]

Sorry about the miserable copy/paste from email. ================================================ from Alfred Huger alfred@xxxxxxx.com to noloader@xxxxx.com date Wed, Sep 9, 2009 at 4:54 PM subject Re: [CodeProject] Re: Immunet - Free Cloud Antivirus mailed-by immunet.com Thanks for sending that. It made me giggle. For what it's worth there is only one 'white' guy in the company. He is very much the minority. It's a stock photo. You're free to repost this. al On 09/09/09 1:40 PM, "Jeffrey Walton" noloader@xxxxx.com wrote: > Hi Al, > > See the comment at > http://www.codeproject.com/Messages/3191400/Re-Immunet-Free-Cloud-Antivirus.as > px. > Sorry about that. >

Hi Ian, > everyone trusting that the all-powerful "cloud" knows everything I know... I worry about the cloud myself. I find Google and the PATRIOT act are especially worrisome. > So the real question is how EvilProgram.exe gets marked as > "bad" by one computer, but not by another... But if they're > all running the same Immunet program, why don't the others > detect it too? I imagine this would be the convergence problem (or a variant thereof) that Dykstra studied in the 60's and still plagues routers to this day. Perhaps you should hit the folks at Immunet directly with the questions. If you have the questions, others probably have them also. I suggest it because I have no affiliation with the company, so you would probably get better answers. Jeff

Hi Ian, > The gist seems to be that you form a facebook-style social > network of friends you're helping to "protect" ... I'm interested to see this in action. When Immunet made there inital announcement over a Security Focus, there were only about 80 of us testing. There was no twitter/craiglst/ circle of friends. > What's the advantage of this, over each client seeing > the threat for itself It could be the case that the local antivirus misses the detection. I would expect to see this as a new threat drops. As soon as one AV picks up a signature, others, including the local machine, can benefit. > If this is working alongside a regular AV program (As the site > suggests is a good idea), you're doubling the overhead > whenever a file is accessed I did not find this to be the case in earlier rounds. For example, one test case included *NO* local AV to examine cloud communications: "Hey, I have this file. Are any hosts aware of problems with the file?". In the case that AV is installed, the local AV will perform a hueristic match, and Immunet will reach out to the cloud (as is the case with no AV). The use case is the local AV misses, but the cloud hits. The driver is fairly robust - OSR lent their expertise. I was not able to crash it or BSOD it. Perhaps you might have better luck than me. > Is the extra protection worth twice the performance hit? To be determined by the user :) All in all, I did not experience a significant performance loss. Nothing noticeable in my case. > Before you can even talk about communication, your AV program > still has to DETECT the threat. The cloud helps out in the case of a miss. Jeff

> Looks like it from the pictures on the site. Hmmm.... I can't comment. But I thing the brunnette in the middle is my future ex-wife.

Hi All, Immunet is a free, collective antivirus harnessing signatures and definitions from the cloud. They are in late BETAs and welcome both testers and users. http://www.immunet.com/[^]. Jeff

Inventor: SSL not to blame for security woes[^]

I see you put on the referee hat at times :)

> I'll add these to the todo list. I think you'll see a benefit. If not, then scrap it later (why keep it around and maintain it if it does not work?) > In terms of having a "this is a test" button, unfortunately it will not be used You can lead them to water, but...

Hi All/Chris, Observing common mistakes from a first time submitter, it really seems like article formatting is a recurring problem. Others, such as Dave Kreskowiak, appear to feel the same (judging from his comments). Would CodeProject consider FORCING a preview for those whose articles might go to 'Pending Approval'. If you don't trust an author to submit an article correctly, you probably should not trust him/her to properly format it. I'd also recommend sizing the Preview window at 800x600 (is this still considered a standard for UI design?), or perhaps 1024x768. Finally, some article are so bad I can't tell if it is a legitimate article or someone testing the Submission system. Perhaps a step (or check box) to indicate that "This is a Test" would be in order. For example, at Step 1 (or something similar): * This is a Test * This is a Submission Jeff

Hi Joe, That was it. I did modify a bit to get a compile under boring old 'C': pSkipTable[(unsigned)pSearchStr[i]] Thanks. Jeff

Hi Chris, A little more information on the issue. I believe the problems I encountered were due to a stale cookie after I performed a logout. I was able to get a password change to take after clearing the cache. I also changed the password on an ancient account that I created a few years ago when I could not log in using my standard account. Perhaps deleting cookies on logout would mitigate the problem? Deleting a cookie on logout also helps ensure that private data, when no longer needed, is not lying around. If there is data available, it risks being stolen. If there is no data, there is no risk. Jeff

Hi All/Chis, When attempting to change the site password with 'Name or Alias' = 'Article email' = 'Logon email' (i.e., all are the same), the password is rejected with the message:

The email you supplied has already been registered. Please choose another, or try retrieving your password if that is your member email

With a small change (modifying Article email), the change is puported to be successful. However, attempting to logon after the change requires the use of the old password rather than the new password. So it appears the password change does not work as advertised. Perhaps I am pressing [ENTER] with the wrong finger? Jeff

Hi David,

DavidCrow wrote:

http://www-igm.univ-mlv.fr/~lecroq/string/node14.html\[^\]

I ran across these. Unfortunately, some assembly is required and there are no instruction on calling 'void* p = Find(needle, haystack)'. Perhaps I am asking for too much.

DavidCrow wrote:

Specfically what?

Run it: Wiki's Boyer-Moore Horspool[^] implementation. Here's one of the best examples. A fellow claimed Dr. Adler's ADLER-32 reference implementation was wrong because it did not agree with wiki: Need peer review: May have found mistake in Adler-32![^]. Jeff

Hi All, Anyone have c code for Boyer-Moore or BMH? I don't want to take the time to translate (and debug) pseudo code from my Algorithm Analysis textbook. I'd like to paste and compile. No wiki please. I already know their stuff is broken. How much crap can one site publish and claim it is fit for consumption? Jeff

It turned when I blinked... I wish the US debt were that low.

Hi All/Chris, I've noticed that on upload, a tag such as is converted to style="float:removed". I believe this is correct HTML since it is coming out of Amaya. Would it be possible to convert it to align="right" if the style is deemed offensive? Jeff

On NatGeo at 8:00 PM. See http://channel.nationalgeographic.com/episode/code-breakers-3932/Overview[^]

Crypto hash boffins trip on buffer overflow[^]: Two of the programs submitted in the first round of a competition to find the next cryptographic hash standard contain buffer overflow errors that could make them prone to crashes and security problems.

Hi Garth,

Jeffrey Walton wrote:

There are no free lunches, and key exhange [even by another name] is thorny at best

Take a look at Guttman's Home Page[^]:

Despite two decades of work, X.509 PKI isn't doing very well. Deployment is minimal, and even when it's used it's frequently just security theatre... It doesn't have to be that bad though. By sidestepping some of the most dysfunctional aspects of the original OSI design (X.500 directories, Distinguished Names, CRLs), it's possible to build a highly functional, easy-to-use PKI based on the original X.509 blueprint.

Follow the link to the paper titled, How To Build a PKI that Works[^]. Also of interest should be Guttman's Underappreciated Security Mechanisms[^]. In the paper, he discusses User Identification and Email Based Identification. Jeff