Viruses and Facebook

I would like to say I am part of the cause for the new Facebook awareness of Viral banners, links and apps on their site.  But I am not that full of myself to think that my one voice actually got through in spite of my complaining for a year.  Last month I basically left Facebook. I got the third infection in less than 12 months.  It is time for me to move on and leave that site to the lowlifes on the internet.

The first was a stupid registry reviver one, easily spotted and cleaned.   The second was a basic speed up your computer one - eight months later.  Same idea, They want you to run out to their site, and BUY the product that is going off except of course it is not finding the 30 viruses and spyware it lists as finding on your machine, though it may be installing them.

 I noticed it because my drive started cranking , then Flash tried to start.  I was reading an article. No reason for flash unless it is a banner which I had blocked, yep it was payload drop time. 

The screens look like they could be official.  Perhaps it is a mutation. all I know is suddenly my files seemed to disappear. I started to panic then relaxed, it was only MY user directory affected. Fine, Easy solution - SYSTEM RESTORE.  Several hours later I had it found, removed it and then cleaned, recleaned and reupdated the machine.

This one was the last straw. It had attacked the FAT. The File Allocation Table could not FIND the files to tell me they were there.  I muttered steamed until I realized Trend was scanning them.They were there. Just not able to be found.

Trend Micro's Housecall took it out.  I then followed with Malwarebytes which traced the rest of the components and removed them.  Where exactly these came from, I am not certain to this day but most evidence points to Facebook and one of those crappy banners.  But hell for all I know Bleeping Computer, GamerDNA or even Major Geeks could have been the source.  All are sites I frequent.  So I cleaned it up  kept a component or two that were non functioning without the rest to test virus checkers with and moved on.

Last month I got hit again.  This time a bit more seriously.  Yes it was another crapware banner delivering a javascript to my machine.  As far as I can tell I had this..Vista Total Security 2011 the link is to a site describing it.  This one is a Royal pain.  Thank goodness no one codes for Opera.  It starts by setting off the Official looking Your computer is infected.  It looks like a Windows defender screen. Except.. Vista is no longer really supported, and they would not charge for the fix.

If you try to open defender it is blocked, if you try to go to a website it is blocked. Here is how it works,  it downloads a little .js that sits in your roaming directory. Every time you try to open a browser page, it calls the .js to put up the page that says that the site you are trying to go to is infected.  Solution - turn off  javascript right?  Well not exactly.  I do not know if it was Firefox 4.0 or the virus but  I would turn off the .js and it would still run.  When I reopend the tools in Firefox it was checked to allow .js again and again and again.  Firefox has a 4.01, perhaps it a was a glitch in their browser or perhaps it was the virus finding a way past that.

So I did what any geek would do. I opened Opera, opened a new tab, got the error and then opened Dragonfly.  I saw what it was being called and from where. So I typed in https://trendmicro.com in Firefox  and guess what it worked.  I got housecall to run  (I do NOT keep the component in a default directory)  and got it to start cleaning off the virus, except - it did not get the java script.  So I tried Panda.  Got a message that Activescan does not work with my version of Firefox or of course with Opera. Mutter. I downloaded the 30 day trial.  I will give my evaluation of that soon.

However to be fair it found the java script and zapped it, Can anyone tell me why Microsoft keeps people from accessing and clearing the java cache?   Last week my daughter came to me, guess what - it was going off on HER machine, Facebook is about the only place in common we go anymore.  She cleaned it, we think she got it all she tried the trend 30 day free download except it seems it does not like Malwarebytes.  Too bad it works!   I updated Firefox to 4.01 and Opera to 10.11.  Activescan still does not work with those according to their site.


So I log into Facebook last week  to leave a client a message. I see they have the HTTPS in full swing - except it does not work on any applications which are the biggest offenders.  I see they have their protection on for links, except it blocked a legitimate site I was trying to go to on information about a virus spread through Facebook. And last I see the same ads on the right hand side.  And the machine goes nuts, Yep it is trying it again! NOT THIS TIME BUDDY!

Sure they check the ads - the first time, but what about each subsequent ad.  Are you sure they have not been compromised by a third party?  Why are they placed on the right on the games and groups where a mis-click can potentially end in an infected user's machine.  Why are there ads for products and techniques already known to be scams or at the very least suspicious in their claims? You know how many Acai berry diet plan ads i saw there when that was the big fad?  Hey HERE IS AN IDEA FACEBOOK - Only accept ads from REPUTABLE companies and Websites instead of lining your pockets and including in your TOS that if any user's machine is damaged by the site it is their problem nay even their fault for trusting you to perform due diligence.  So in the mean time - you all can find me on MySpace or Twitter or the gaming sites. That is unless they all decide to follow the Facebook Model and put profits over their users.

Then you will find me curled up with a good book and on the MUD.

Learning CSS

I was asked to assist in redoing a website and ensuring it was completely accessible. This meant learning CSS, something I have avoided for a while.  Friends who started doing CSS complained constantly. Then there is the fact that every time I went to look at the simplest technique, there was always an exception for I.E. (WHY does Microsoft do that?)

Well first let me say CSS is not difficult nor is it the bear that many lead me to believe. HOWEVER, many sites that purport to be pure CSS are not. They have .js or worse flash. They run  server side applications and even loud music and sound that cannot be turned off. Some have only 1 page and no variations on it for mobile or other media. Yes they are using a CSS but why bother?

However as usual there are some roses in the weeds for learning CSS and finding templates and examples in the wild as it were.  First is the obvious one W3 Schools the tutorial covers all of the basic concepts and commands and explains very well why CSS is a good idea.  Standards for accessibility are covered as well as techniques to make the site look better. But honestly, what you build in the tutorial, looks like a middle school or grade school site. Once you understand the techniques and commands, it is time to move on to see what you can do DO with it.

I learn by doing and observing so off I went to find blogs, templates and sites I could view to see how they did something. There are a LOT out there, so let me list the ones I found the most useful.

Veerle's Blog  This is the designer's old site, by all means check out the new one, too. But this has invaluable techniques for using Photoshop (or any graphic editor really) and basic information on CSS.

Free Website Templates - this site has a lot of templates of varying types, complexity and price.  Most techniques can be gleaned from studying the CSS of many of the templates. Not all are accessible, pure CSS or even free - but it well worth a look to see what people can do.

CSS Zen Garden  - This site is a perfect example of why to use CSS. All it is is the same page in several designs. The only difference is the CSS.

So, that should be enough to get anyone started. And my own design I hope you will see soon, I am down to tweaking and will post the links here when they are done.  From what I learned I managed to come up with 5 very different looking designs for the site. So if the vote is tied among the owners I can just change them in a few months and swap out the design without changing the content pages. And THAT is the beauty of it.

Boxer Editor

Ok for those of you who are not coders, do not do CSS or HTML or care for the software reviews - talk among yourselves.  For the rest of us.

As most of you know I am a great supporter of small useful utilities.  This one is not so small is extremely useful and while it is not free it is well worth the price.  Boxer Text Editor. I love this tool.  I was introduced to it by an online coding acquaintance (Ken Perry) who suggested I try it. Ken is blind. (He says he hates to be called visually impaired and prefers blind). He was looking for an affordable accessible editor. He suggested I try it knowing I hate the wordpad like editors. I missed Multi-Edit but at the time the cheapest version was around 500.00 too rich for my out of work self (they now have a lite version I may look at.) I started with the 30 day trial and have used it through a few versions now for over 4 years.

Installation
I opted for the disks to be sent to me.  It arrived quickly and well protected - good job! Yes you read that correctly 1 disk.  Download is also an option but my connection is slow and who know what my daughter is downloading or uploading as we speak?    Boxer installs like a dream. No glitches on Vista, Windows 7 or my old 98 machine. First time I did it it went so fast I was not sure it worked. But it started up with no issues. The Boxer Shorts tips are cute, they get annoying fast though. You can turn them off easily.  User configuration and preferences are a breeze to set up. Projects are more work and sometimes a lot more annoying but you can start right out coding.

Features
I am very happy with Boxer.  It is small, easily configurable for any language and comes with quite a few templates like HTML, C, and Pascal, users have made others that can be downloaded from the site and you can of course add your own. I made one for myself for DIL using the C as a base.  The entire program is small enough to run on a thumb drive (5 MB fully installed) which is great for carrying to a client site so you have an editor you know well.

It has all the features that make my life easier and I expect in a code editor; like find mate so you can ensure all your braces, brackets and parenthesis are closed.  You can set it format your code (or plain text) and most other main features that larger and more expensive code editors have are built in.  Side by side window configuration to find differing or same lines when comparing source. In other words it is a professional level tool.

For HTML, it is an excellent tool that includes a spell checker you can set to ignore HTML tags so that only the text is spell checked. When I hover the mouse over a color code, a small pop up appears showing me the color. The find mate works to find the end tag or starting tag in a pair.

Boxer also has some handy tools that save time, the HTML color, ANSI and OEM charts as well as a calculator, and a calendar. It comes with quite a few user macros and you can download more from the site to use as is or study to make your own. You can set up projects or just work on individual code. There is a an evaluation of 30 days available.  I bought a copy after playing with it for a month, 30 days was not enough time to complete what I was working on, and I liked it well enough I wanted to continue using it.


Drawbacks and Issues
For the most part it is a nice little package. However every once in a while if I am working on a project it starts to hog the ram and fight over memory addresses. It has caused the Vista machine to lock up if I am running a telnet client or winscp or other ftp software on the WiFi router.  Sometimes the text for linked documents or projects will show up in a hover type alt text and not go away. This last can be annoying.  And like any tool that has autotext it can come up with some very odd fill ins. I usually keep that turned off. Lastly it is not 100% accessible on all features. Ken could not use the find mate for parenthesis and such. But he did use it almost exclusively on his windows machine.


The only issue I have with it for HTML editing is if I am editing a document and adding tags to an existing site (like a div for a new CSS class)  it adds the end tag automatically. so if I want to change a section it looks like this div /div stuff I want in the div. I then have to go back and delete the end tag and put it where I really want it.


Making a simple "find this text in this situation and change to title case" is kludgy when making a macro. Something a word processor or pure text editor does easily.  A lot of the pure text  manipulation is not intuitive and you wind up writing a macro in the C-like language. While it is powerful I do not recommend this for say a blogger or an article writer.


Overall
The drawbacks are minor though and truth be told I tend to push my ram a lot. If I could just find the conflict with winscp I would be elated. But I suspect it is something unique to my Vista machine and over all I highly recommend this product for any developer. At $59.99 it well worth it.  It is available for both 32 and 64 bit. It is great for a consultant or even for a consulting company due to the small size and the fact it leaves no traces on the client machine when used from a USB drive. I actually cannot say enough good about this product. Just go down load the 30 day trial and see for yourself.  But be ready to be impressed.

Wordpress

Today I made a blog over at WordPress. I had to to walk someone through adding tags and categories to a blog for crawlers to find. Let me just say this about that I am not impressed.

First if you are low vision or have problems seeing the screen, the default layout I was assigned was awful. Light gray on white does not do it. So Of course I go looking for a high contrast theme to make my life a little easier. Some are really nice but the default picture has nothing to do with what I blog about or even is anything I would want to have on my blog. I see one I like, I preview it and an then I see it is 75.00 to implement. I think not.

So I try to go back of course the back button does not work, I see a second tab opened in Opera click on that and am brought back to my dashboard - sigh so I have to load the themes again. I notice an Edit CSS option and get excited. Cool I can just add my own!  I click on it and start reading expecting the usual no .js no scripts agreement stuff to ensure I am not trapping readers. Here is what it basically says :

If you are familiar with CSS or you have a stylesheet ready to paste, you may delete these comments and get started. Great! I think, and settle back to read what I can and cannot do. There are 2 check boxes one says to add to this style sheet, the other says to start blank - Better! Ok maybe this is not so bad oh wait..

You can not edit the stylesheets of your theme. Your stylesheet will be loaded after the theme stylesheets, which means that your rules can take precedence and override the theme CSS rules. The Sandbox theme is recommended for those who would prefer to start from scratch.  There is a bunch of what they encourage and a bunch of what they will strip out, only one that I question is unsafe code - I think I know what they mean, but what if they decide a scroller is unsafe code. But oh well this is just a test right? But if I like it maybe I will move the gaming blog over there, or set up Sunflower's stuff. So I click the box to create my own CSS from scratch, I figure I have to use the divs and the classes they define anyway so having a default to work from is not such a bad thing. I hit the start from scratch and just use this and preview to see what is what in the page. At the top of the preview is this little notification. you must purchase the Custom CSS Upgrade to save your changes. So, let me get this straight, I do the work and you want me to share it with the community and I have to pay to do it ? I think not.

Now I have decided not to move the blog, but maybe I will use it as another blog site in case I ever want to separate the game stuff from the gamer stuff. So I browse some of the other options. Akismet - all the description says is Askismet. Now if you are a blogger already you probably know this is anti-spam API  But if you are not it might be nice if they explained that and HOW it works. (It does the best it can, so I am not bashing it, it just is not perfect and people need to know that.)

They have some interesting choices like box.net and Akismet.  Neither of these are free tools under normal circumstances and the fact the provide them as widgets and seemingly at no cost is nice. But the box.net security seems to be undermined somewhat by allowing any blog reader to download files.  Most of the  widget choices are nothing that great or fancy or indeed even unique, most reputable blog sites  - even this one provide similar services.

There are whole lot of other tools for making the blog look spiffy, display well on mobile media,  hell even making it look like a webpage, but  I am not impressed with actual content editing.  I see why so many Wordpress blogs have serious typos in them. They do not make it easy to edit your words, your text or even your tags and categories. Which is why I went there in the first place. Because my inexperienced client could not intuitively figure out how to do it. So I ask anyone reading this who uses Wordpress, Why do you?

CSS, W3, and accessabilty

I have been working on redesigning a web site. It needs to be brought up to more modern standards.  It needs to be accessible and most of all it needs to impart the information that it is meant to in a way the users can find it. This should not be difficult. EXCEPT it is.

This is my first real venture into the world of CSS and accessibility, you see a large percentage of our users are visually impaired. Some are low vision, this means that the test must be in a font that is readable and contrast must be good. Some use speech clients that means alt text must be there, no server side java script and of course no music. Also table can be a pain as can frames.

But the definition of accessibility does not stop there. It includes people with slower or older browsers.  Odd browsers, text only browsers and hearing impaired. So basically to make a truly accessible page, it should not run flash or any of the fancy stuff. Which is no big deal, right? Yeah about that.

So I go off to gather some templates to look at and learn from. EXCEPT a year ago when something was marked as an accessible CSS it was.  Now a lot of it is marked so but uses .js server side to make the hover work properly. Use flash as a graphic display device or use jquery which is really just another form of .js to some speech clients.

I found a few with none of the above and started studying them. I loaded first in Opera 11.01 but Opera upgraded so loaded in 11.10 they load differently spans and alt text sometimes overlap other text, I get a lot of extra space on the left side. In Firefox, they display differently, in Chrome they look ok on the one version I have. In Internet Explorer the hover does not work quite right it is out of alignment.  So the solution of a year or so ago is no longer a solution. We must again test and build with conditions for every conceivable browser and instance.  When will they stop making the internet unaccessible through developing products that do not respond to the  most basic html?

Sony, hackers and identity security

I have avoided writing about the whole Sony debaucle, perhaps I will one day, but if nothing else it should have taught companies and consumers that data needs to be secure. As a consumer I do not want my info out there. If I am using the internet there is no reason for anyone to need my phone number unless i buying something with a credit card. Yet Google is still asking for phone numbers on accounts as can be seen on Geekwoman's blogs here and a solution for it here.

Now please look at this one by me. That is what can happen if your cellphone number gets in 'the wild'. Yep, a cellphone number can be used like a credit card in a way. So let's just get it straight. We are responsible for our identity security. One way to keep things secure is to not share them on the internet where anyone can read them. Assurances that my information is secure is not enough, it will not be Google that has to pay my cellphone bill when some hacker breaks in, gets it and sets up a skim account in another stolen identity name. It will not be Google that has to cancel all checking, credit cards and other things because their name and information is being used to apply for credit limits that are skipped out on and it will not them whose reputation is trashed.  Do not try the "oh, we will never be hacked." routine either it has happened before and I have every reason to believe it will happen again sometime in the future.

So please, anyone and everyone who reads my blatherings. Start telling these companies they do not need that information.  Email their tech support and customer service telling them you do not feel secure giving it.  Even if they are secure and you are ask them how they protect against man in the middle attacks? Against hacking? is their database encrypted? What type of encryption? and most of all WHY do they need that information?  I am sorry guys I do not want to be tracked, marketed to or even categorized.

First it seems people who think they know what is going on are telling me now what i must do and be interested in.  I do not play WoW stop trying to market MMOs that are WoW-like to me. I do not have an Xbox - stop trying to sell me games for one.  It seems that you all think if I type a word I must be needing to buy something for it. Well here is a word for you PRIVACY. I want that and I want to keep it and for me the easiest way to ensure that it is preserved is to just not tell anyone anything I do not want them to know.