Security refers to how well protected your computer is from things like viruses, malware, and hackers. Remember that security isn’t “on” or “off.” Tools such as network firewalls, antivirus, and spam protection help keep your computer safe.

Posts

A picture of AVG PC Tuneup in action.

PC TuneUp Software: Great in Theory, Awful in Practice

This is a story about automated PC TuneUp software and how it can go horribly wrong.

Background

A client brought me 4 new PC’s to setup at his business.  This involves completing the Windows setup wizard, installing his software, porting over his data, updating, and setting up security.  In this instance the client bought his own antivirus: AVG Zen Protection, which comes with AVG’s PC TuneUp.

AVG PC TuneUp and products like it function similarly: analyze your computer, find ways to free up resource and make it faster, and implement them more or less automatically.

That all sounds great. PC’s do need regular maintenance. The promise of software like PC Tune-Up is that it will act as a mechanic who shows up and changes your oil and checks your filters  without ever being asked.  That’s fantastic. Until it’s not.

The PC TuneUp Problem

After installing AVG with PC TuneUp, the software went to work trying to determine how badly this brand new computer needed optimized. It found things.  So many things. Out of sheer curiosity I actually allowed it to implement the solutions it recommended on one of the 4 PC’s.

It felt no faster.  But it did render the application the client depends on to do  business totally unusable.  PC TuneUp tries to be helpful by creating a restore point.  I rolled back to the restore point and the application still wouldn’t run.

The problem was caused by the fact that PC TuneUp had disabled one of it’s services. When I went to re-enable the service, I found that it wasn’t being disabled the standard way, so using the Windows Services console to start the service failed. In the end I ended up removing PC TuneUp completely.  If that’s how it’s going to behave, I certainly can’t send it into production.

The Bottom Line on PC TuneUp

I’m not writing to talk smack on the entire AVG product line. I still use AVG for antivirus. But PC maintenance is best left to folks that understand the implications of their actions.  PC TuneUp and products like it take a shotgun approach to optimization: they try to intelligently determine what programs and services can safely be disabled, but it’s safe to say PC TuneUp isn’t running Ex Machina level artificial intelligence because it seems to have no problem erring on the side of disabling things you need.

So if your computer is slow, don’t choose some automated optimization tool like PC TuneUp that errs on the side of speed, not safety. Call a professional.

On the Recent WordPress Security Updates

In the last two months we’ve seen a number of WordPress security updates.  April 21 brought us WordPress 4.1.2 which fixed 4 security issues. A wide-spread vulnerability in numerous WordPress plugins was simultaneously announced and was followed by a rash of plug-in updates by vendors including Yoast. A week later WordPress 4.2.1  was released with a patch to a cross-site scripting vulnerability found in the comments feature. Then just a few days ago WordPress 4.2.2 patched a vulnerability in the bundled Genericons font package.  The WordPress naysayers have been saying nay for weeks now. Is their negativity justified?
The WordProcalypse ended not with a bang, but with a “meh.” WordPress updates itself automatically now. And if you’re in the practice of only installing reputable plug-ins and themes, updating your plug-ins is pretty painless.
Consider this: all of the vulnerabilities fixed by these updates were detected either by the core WordPress team or community members who develop extensions.  None of them were the results of a zero-day exploit.
I think the recent rash of WordPress Core and plug-in security updates is a Good Thing.  It’s proof-in-the-pudding that the WordPress community has matured. It’s a sign that everyone involved in WordPress’s success from parent company Automaticc to lone plug-in authors are taking it seriously.

Offline Updates for Microsoft Security Essentials

When someone bring me a computer and asks me to remove viruses and malware, the last thing I want to do is connect that computer to my network. This is a bit of a catch 22, since you need to be connected to the Internet to download antivirus software and updates. Luckily Microsoft provides an offline update file for Security Essentials that you can download from one computer and install on another.

Microsoft Security Essentials Definition Updates (x86)
Microsoft Security Essentials Definition Updates (x64)