You have the operating system.  You have your web browser – maybe it’s Firefox or some other extensible browser running half a dozen or more add-ons.  Maybe (like me) you have the Thunderbird email client, also with several add-ons installed.  Then there’s iTunes, Acrobat, Flash, Office – not to mention all the apps you’ve installed on your iPhone.  All in, you could easily have a dozen or more pieces of software, all regularly ‘phoning home’ for updates and alerting you to install them  – it all gets to be a little much at times, doesn’t it?
Read the rest of this entry »

Picking up spyware or a virus/worm/trojan used to require some conscious action on the part of the user:  opening an email attachment, installing supposedly ‘necessary’ system software (video codecs were a common ploy), or downloading media and/or applications of questionable origin.

These days, Bad Things can occur much more transparently: the most rapidly growing method of spreading malware today is via compromised websites – so now, rather than having to (one way or another) make the explicit decision to ‘invite the bytes’ onto your machine, merely visiting a malicious (or unknowingly compromised) site can launch an exploit.  And since this new type of ‘drive-by’ attack is often implemented through 3rd-party browser plug-ins (such as Flash and Acrobat Reader) or via good old fashioned Javascript, it’s not just a Windows or Internet Explorer issue anymore (for the first time, Apple recently issued a KnowledgeBase article advising users to start installing antivirus protection (although after the resulting flurry of unwanted publicity, the warning was removed from the Apple site 24 hours later).

Although the increase in web malware activity is dramatic, it’s been going on for some time now: a recent study found that during 2007 alone, the number of such attacks increased more than 500 percent.  And while this is bad enough news for the home user, it’s even more troublesome for the enterprise, as HTTP (port 80) is the often the only traffic left largely unrestricted on corporate firewalls.

One simple precaution?  Update, update, update.  To address Javascript engine vulnerabilities, update your browser religiously, regardless of which particular browser or operating system you’re using.   As for Acrobat Reader, resist the temptation to ignore those frequent messages about available updates: you might wonder just how much better a PDF can possibly be displayed, but these days, chances are good that the update has something to do with security – and the same goes for Flash.

You can check for any available updates for Acrobat Reader from the Help menu of the application itself, and to check your version of Flash, go here – the Adobe site will inspect your installation and let you know.

I’m no web designer.  But I’m pretty picky about design, so I just couldn’t accept our little blog here looking like dozens of others using the same out-of-the-box WordPress template (especially since we’re hosting it ourselves rather than using wordpress.com).

Well, that ended up to be a slippery slope -  I chose a template as a starting point, and before I knew it, I had spent way (way) too much time effectively rewriting most of it.

The WordPress platform is pretty powerful – so much so, it’s sometimes used for content management even on non-blog sites.  It’s also relatively easy to deal with: WordPress saves you from having to deal directly with the back-end database, and there are a wealth of useful 3rd party plug-ins available for a wide array of additional functionality.   That’s great, but to get the visual look and feel of the site the way we wanted it, I was in for a bit of a learning curve – not so much with PHP scripting (which is relatively easy to reverse-engineer), but also with the CSS files (the ancillary documents that define the layout and style of the web pages themselves).

There was just  no way around it.

Making changes to the CSS was a particularly painful hit-or-miss process I was running out of patience for when I came across Firebug, a Firefox add-on for web developers.  The Firebug icon sits down in your Firefox tray and when needed, will (among other things) allow you to locate the relevant CSS code for any element on the web page, to make changes to the CSS, and to see the resulting change in real time.  Using Firebug is simple and intuitive, and I would recommend it to anyone with a need or interest in modifying website design and/or JavaScript – it’s an excellent tool (at least for identifying CSS elements and auditioning changes, which is all I used it for), and fun (ok, almost fun) to use.