As indicated in my post from last week and in a press release just this morning, we have made a beta version of Microsoft AntiSpyware available for download (more details here). It's based on the technology we acquired with our recent purchase of GIANT Company Software, Inc., and in my few days of testing, it appears to do a better job than the combined efforts of both Ad-Aware and Spybot Search & Destroy. Like Windows Update, the AutoUpdater feature can check for and automatically download new spyware definitions on a scheduled (and user-configurable) basis. And by default, the software runs a periodic system scan. For the past few days, a summary window has been waiting for me when I sit down at my computer in the morning. It's nice to start the day knowing that my system is "clean."
Microsoft AntiSpyware also provides real-time protection by monitoring activity on your system with over 100 Security Agents. Security Agents are proactive in that they help to stop threats before they are installed. From the integrated help: "When software is installed or a change is made to your protected computer, internet, or application settings, System Agents react to analyze the change, and either allow the change if it is known to be safe, block the change if it is known spyware, or prompt you for additional action." Nice.
There's also a SpyNet feature that allows your computer to share new threats with an AntiSpyware community. So, if your system and its Security Agents identify new spyware, the rest of the community can benefit as a result. The help file calls it a "neighborhood watch" for spyware, and that seems like a perfect mental image to me. This is similar to the way a lot of anti-spam software works, and it's been shown to be very effective.
Remember that this is a beta release, and normal beta rules apply (don't install it on a production system, don't use it on production data, don't run with scissors in your hands, don't eat red meat, etc.). I really like what GIANT has put into this product. It's very easy to use, yet configurable enough for geeks. Plus, it's proactive, so I don't have to worry about running system scans every few days. What I've seen so far makes me excited about the future possibilities of Microsoft AntiSpyware.
Update: Flexbeta compares Microsoft AntiSpyware with Ad-Aware and Spybot and concludes that "Microsoft AntiSpyware was able to detect more infected files than the current leading anti-spyware applications in the market today, Ad-Aware and SpyBot S&D."
Although it was never my intention, I seem to have started a wallpaper trend. As each season draws near, I receive e-mails asking when I'll have the next seasonally appropriate images to share. Well, here are five new ones for winter. The originals are cropped at a 16:10 aspect ratio (1920 x 1200) to match my monitor, and as always, I've also supplied them at 1280 x 1024.
It's tough to find color in the winter; all that snow and ice tends to wash everything out. The first four photos were taken at a park in Holland, Michigan on November 24, 2002, right after a beautiful snowfall. If you look carefully, you can see an individual snowflake in the fourth picture. The last shot was taken as my wife and I left for a Caribbean cruise on the morning of April 6, 2003. It had rained, and everything was coated with an icy shell. This image is from a tree in our front yard. Needless to say, none of the palm trees in Florida later that day showed any signs of ice. :)
If you missed the first four sets, check out Macro Wallpaper, Macro Wallpaper 2, Macro Wallpaper 3: Fallpaper, and Macro Wallpaper 4.
Although I wouldn't consider myself a SQL Server expert, like any good developer, I know my way around stored procedures, database normalization, and proper indexing techniques. Occasionally, I get questions from customers about SQL injection attacks. The questions are usually along the lines of: "What is SQL injection?" or "Is it really a big concern?" I can tell you that it is a very big concern, and if you're writing web applications (on any platform), it would be irresponsible not to familiarize yourself with the exploit.
Mike Gunderloy's The Daily Grind 533 references a good introductory articled titled SQL Injection Attacks by Example by Stephen J. Friedl. Although the article is posted on a Unix tech tips site, its content is nonetheless germane to almost any web application on any platform. His example illustrates a SQL injection exploit on IIS 6, ASP.NET, and SQL Server.
Here are some other resources that I typically forward to curious developers:
But, if you really want to freak out (or if you want to demonstrate to management how critical it is to worry about such issues), download the free proof-of-concept tool called Data Thief from Application Security, Inc. and a related whitepaper titled Manipulating Microsoft SQL Server Using SQL Injection. I saw this tool demonstrated at an internal security event, and the first thing that popped into my mind was: "This is Enterprise Manager for hackers." Scary stuff.
You may recall the problems I had with my Microsoft Fingerprint Reader when it was plugged into my Belkin F5U237 Hi-Speed USB 2.0 7-Port Hub; after a few successful reads, the device would simply stop working. However, if I plugged it directly into the USB 2.0 port on my motherboard, everything worked just fine. Although I didn't mention it, I later found that anything plugged into the hub would eventually fail. In my post, I said that I would try another hub, so I purchased a second Belkin F5U237, and the devices exhibited the same problems. Frustrating, but enlightening.
After doing a little internet research, it appears that the VIA USB 2.0 products (VT6202, VT6212) have some known issues. I tried many of the suggestions (including VIA's own Filter Driver) to no avail, so I purchased an Adaptec USB2connect 5100 6-port USB 2.0 card and installed it in my new computer. I'm happy to say that everything now works perfectly through the Belkin hub, and I have a lot of available USB 2.0 ports. :)
I hope this post can save someone else a few hours if they run into the same problem.
This post by Brad Abrams announces the availability of the first in a series of framework design presentations. Realize that these presentations were originally targeted at an internal Microsoft audience, so keep that perspective in mind as you view the material. Not only will you learn what it takes to design a consistent and usable framework, but you'll gain some insight into how we do things internally.
The first presentation is titled Setting the Stage and is described as: "Set up for the course, generally introducing the practice of API design. Topics covered include terminology, first principles, and why API design is a crucial thing to get right (the first time!)." It's available at 56k, 110k, and 300k. If you'd like to discuss the material of ask questions of Brad, he'll be available for a chat on 1/19 at 3:00pm PST.
Although I haven't taken the training myself (yet!), there are a lot of good topics identified in this first slide deck. Based on Brad's post, it sounds like the upcoming presentations will focus on Naming Conventions, Rich Type System, and Member Types. And before I forget, if you don't currently subscribe to Brad's blog, I'd encourage you to consider doing so. His posts are always interesting and informative.
Update: Frankred's post provides a link to the Designing .NET Class Libraries page that coordinates the 14-part presentation series.