AV testing: Is your antivirus app doing its job?

AV testing: Is your antivirus app doing its job?

Using savvy security software is an important part of staying safe online. But just how effective is it? You can’t depend on your experience — or mine.

The best source for information on the competency of anti-malware apps comes from a handful of independent, virus-testing organizations. Here’s one example.

If asked, I can tell you the qualities of a word processor, photo editor, backup program, or other app; all I need to judge them is time, experience, and some hands-on testing. I can tell you whether a program is easy to use and discuss features both cool and pointless. But evaluating anti-malware apps is an entirely different game.

Sure, I could truthfully tell you that I’ve used Avira for five years without a single infection. But when it comes to security software, one person’s experience is meaningless. It’s like saying that smoking is safe because George Burns lived to be 99 — it’s an anecdote, not a statistic. It’s akin to trying to prove a negative; i.e., I haven’t been infected so it must be working (up until the day some hacker takes over your system).

Malware testing is not only difficult, it’s potentially dangerous. After all, it requires keeping and safely applying a massive collection of nasty viruses, Trojans, and so forth. That type of testing is beyond all but highly experienced security researchers.

Fortunately, there are organizations that are up to the task — and who are willing to publish their testing results to the public. (There are numerous other organizations who publish only to paid clients.) For example, the nonprofit organization AV-Comparatives (site) regularly and comprehensively tests anti-malware programs. Its monthly and biannual reports offer insightful views on what does and does not work in this difficult-to-track software category.

Working closely with the University of Innsbrück’s Department of Computer Science, this Austrian organization has banks of PCs running anti-malware apps. Using an extremely controlled and secure system, AV-Comparatives throws a wide variety of malicious code at the computers, noting what gets through and what gets blocked.

AV-Comparatives gets its funds from the software companies whose products it tests. But the companies all pay the same amount, so AV-Comparatives has no financial reason to make one product look better than another. Other donors include the Austrian Federal Ministry for Transport, Innovation, and Technology and the Regional Government of Tirol (financial webpage).

Two other highly regarded companies, AV-Test and Virus Bulletin, provide excellent resources for virus information — not just for PCs but also for Apple and mobile products. That said, AV-Comparatives is a bit unusual; all its standard AV test results are available for free. (The company also offers other security services on a paid basis.)

One other point to keep in mind: The best anti-malware product isn’t going to protect you from all Internet threats. These apps are just one part of an overall security plan. More on that below.

Testing today’s world of sophisticated malware

As we all know (or certainly should know), the Internet is a malware minefield aided by human culpability. Today, most malware uses some form of enticement or subterfuge (aka social engineering) to infect our computers. For example, you open an email message you don’t recognize as spam; you then click an embedded link, and down comes the malicious package. Or you get an infection by visiting a trusted website that is unknowingly hosting a hijacked ad. Sometimes, simply opening a site’s homepage is enough.

For PC users, AV-Comparatives’ best information on anti-malware products is found on the Real-World Protection Tests page. There you’ll find biannual test reports as downloadable PDFs. Clicking the Monthly Results button takes you to an interactive graph of past and present test results.

Figure 1. AV-Comparatives' PC-based anti-malware test results are summarized on the Real-World Protection Tests page.

AV-Comparatives states that it uses “more test cases (samples) per product and month than any similar test performed by other testing labs.” Over the course of four months this year, they tested 1,895 different pieces of malware on 21 different security programs.

Again, it’s important to note that most products AV-Comparatives tests are from companies willing to pay to play. But the company is also selective, stating that it typically tests “16 – 20 vendors [and] include[s] only good and reliable products.” It has a sterling reputation and has been known to drop vendors that might be gaming the tests.

If a company offers more than one antivirus package, AV-Comparatives generally uses the complete security suite — which should provide more security than the standalone or free products. But some companies choose to have their less-powerful offerings tested instead. For instance, although Avast (site) has Pro, Internet Security, and Premier versions at different prices, it opted to have the free, bare-bones antivirus app tested. Maybe that wasn’t the best decision: it placed ninth in the most recent tests. (On the other hand, Avast is the only antivirus program I know of where “Pirate Talk” is a language option. That has to count for something!)

Not all free programs get unspectacular scores. Panda Free Antivirus, for example, got the top scores in the most recent tests.

AV-Comparatives tests each anti-malware program on a separate computer, and the programs are run with their default settings, simulating how most people will use them.

Intentionally visiting malware-delivering sites is a dangerous business. According to the organization, “Each test PC has its own external IP address. We make special arrangements with ISPs to ensure a stable Internet connection for each PC, and take the necessary precautions … not to harm other computers (i.e., not to cause outbreaks).”

The computers go through a regimen of daily security updates and image backups. As they’re hit by potential malware, AV-Comparatives’ software notes whether the antivirus program succeeds in blocking the attack. AV-Comparatives’ tests don’t emphasize any one blocking technique — i.e., it’s not important when blocking occurs as long as the malware gets stopped.

That said, the most dangerous malware is the one not yet known to an AV product — the so called “zero-days.” So AV-Comparatives also includes heuristic protection, which looks at an app’s behavior. (Unfortunately, you can’t judge behavior before something tries to misbehave.)

Sometimes an AV program asks whether an app or process should be blocked. AV-Comparatives considers these user-interaction events a gray area; some users will make the wrong decision. But that’s still better than missing the malware entirely.

AV-Comparatives runs these tests for two four-month periods a year. During those sessions, the organization releases monthly reports. But the most useful results come at the end of the sessions, with the twice-yearly summary reports.

Reading and understanding the Real-World Protection Test

AV-Comparatives released its latest Real-World Protection Test report (downloaded pdf) on July 15, summarizing tests from March through June. The report runs only to 15 pages; you can skip to page 9 for the good stuff.

A bland-looking, black-and-white table at the top of that page lists the programs tested in order of performance. The current winner, Panda, blocked 1,894 out of 1,895 attacks — none of them requiring user input — for a near-perfect score of 99.9 percent.

That score (or “protection rate”) is calculated by adding the percentage blocked without user interaction to half the percentage blocked with user interaction. In other words, if 60 percent of the malware was blocked automatically and 20 percent blocked through user interaction — while the remaining 20 percent was not blocked at all — the score would be 60 + (20/2) = 70 percent.

None of the tested AV apps got anywhere near that low a score. The signatures for the vast majority of in-the-wild malware will already be in each program’s virus-definition database. It’s the newest malware (again, zero-days) that cause most of the AV failures. (It’s worth noting that signatures for a new zero-day will typically be available within a few days. Which is why it’s important to ensure your anti-malware apps are fully up to date.)

The lowest score in the most recent tests is 89.6 percent, earned by Microsoft’s Security Essentials. Because it’s free and comes from Microsoft, AV-Comparatives considers MSE a baseline product — in practical terms, it’s better than nothing. (Microsoft has long been taken to task for its relatively poor showing in AV software.)

The bottom of page nine provides a more colorful and, in some ways, a more useful graphic. (It can also be seen by clicking the aforementioned Monthly Results button online.) Listing products in alphabetical order, this bar graph displays the number of successful infections in red and infections blocked only with user interaction in yellow. Green, obviously, shows infections blocked completely automatically.

Figure 2. This AV-Comparatives test-results graph shows successful infections, malware blocked with user intervention, and malware automatically blocked.

MSE is the horizontal white-dotted line treated, again, as a baseline.

The yellow line near the bottom of the chart shows the number of false positives — important information not listed in the previous table. Here you’ll see that Panda wrongly blocked 15 sites. That’s not the worst by a long shot — F-Secure had the worst score of 56.5 — but even MSE had no needless scares. (You’ll find a separate Wrongly Blocked table on page 12.)

If you move back to page 8, you’ll find separate bar charts for March through June. (Or check out the interactive chart on the AV-Comparatives webpage.)

Other AV-Comparatives tests

For PC users, the Real-World Protection Test is AV-Comparatives’ most useful tool for finding out how well your AV software might protect you. (Your particular Web habits will put you at greater or lesser risk, and malware is a constantly changing threat.) But the organization offers other useful tests as well.

The File Detection and Heuristic/Behavior tests also look for malware but concentrate on specific ways to find it. And since an antivirus program should help you even after malware got through, AV-Comparatives also has a Malware Removal test.

Unfortunately, this test doesn’t include one of the most popular programs, Malwarebytes Anti-Malware (site). As I write this, AV-Comparatives hasn’t answered my query about why Malwarebytes isn’t included.

The organization also runs tests on mobile and Mac security.

One problem with antivirus programs: to be fully effective, they have to run in the background at all times, which can have a noticeable impact on PC performance. AV-Comparatives’ Performance tests look into this aspect of system security. However, these results are probably the least useful, given the vast range of PC configurations. You can use them as a guideline, but the proof will be in testing these products on your own system.

Bottom line: Organizations such as AV-Comparatives and others provide a good window into the state of malware protection. But it’s a view limited by time and products tested. Ultimately, there is no one “best” AV application. The changing nature of the threats, zero-day responses, your computing expertise and habits, and the impact on system speed will all play a part in what’s best for you.

But most important, an anti-malware product is not going to completely protect you if you use bad Internet behavior. Keep your AV product updated and always be aware of where and what you click.

Huge WinSxS folder stymies PC cleanup

Every Windows version from Vista onward has a WinSxS system folder that grows larger over time. It can’t be eliminated, but it can be trimmed; here’s how.

Plus: Strange PC behavior leads a reader to believe that someone is siphoning his data, and another reader wonders whether a free support-by-phone service is legit.

A 12GB WinSxS folder ruins Win7 cleanup

Reader Nico Cuppen wants to reduce the size of Windows’ bloated WinSxS folder, to help clean up his Win7 PC.

• “One of Fred’s recommendations [in “Prepping a Win7 PC for the Win10 upgrade,” July 2 LangaList Plus] is to make your Windows 7 system as lean, clean, and stable as possible before upgrading.

  “But that’s a problem because my Windows 7 system has had hundreds of Microsoft updates since the last clean install. Consequently, its WinSxS folder is now 12.1GB and has 15,547 folders with 62,311 files. That’s not what I’d call a lean and clean system!

  “One option for a relatively clean upgrade to Win10 would be to reinstall Win7 and then do the upgrade to Windows 10. But the reinstalled Win7 would have to be made current first — and that would make the WinSxS folder huge again.

  “Another option is to do a clean install of Windows 10 (if Microsoft makes that option available) and then try to make it work like my current Windows 7 system.

  “Could Fred shed some light on this issue?”

The WinSxS folder (aka the component store; typically found at C:\Windows\WinSxS) contains copies of every essential component of the operating system. It’s usual for the folder to expand to gigabytes in size over time — 12GB is not uncommon.

Nico’s concern is a clean upgrade to Windows 10, but a little WinSxS maintenance can be good on any Windows system — Win8, Win7, or Vista &#8212 and just might let you recover gigabytes of space.

The function of the WinSxS folder has evolved over time, but a TechNet article explains the current use:

“Beginning in Windows Vista, the component store was enhanced to track and service all of the components that make up the operating system. Those different operating system components track objects such as files, directories, registry keys, and services. Specific versions of components are then collected together into packages. Packages are used by Windows Update … to update Windows.”

But here’s the catch: As updated versions of system components are added, the old ones aren’t automatically discarded. Instead the old and new versions exist side by side — or in the shorthand form, SxS.

Thus, the WinSxS folder grows larger with virtually every Windows update. Win7 was released in 2009; by now, myriad components have been updated — some, multiple times. Over enough time, the WinSxS folder can become truly huge.

You can’t delete the folder, but with specialized software, you do have the option of removing some older, obsolete copies of OS components. You might reclaim gigs of otherwise wasted disk space.

Microsoft provides tools to clean up the WinSxS component store. These tools have changed and improved over the years; here’s a quick overview:

Vista uses a somewhat clumsy program called the Windows Component Cleaning Tool (compcln.exe).

Originally, Windows 7 used the Deployment Image Servicing and Management (DISM) tool. But it, too, wasn’t particularly easy to use.

Windows 8 introduced an improved version of the classic Disk Cleanup tool, built into Vista and Win7. The new cleanup tool added an easy-to-use, point-and-click, Clean up system files option that can specifically target and remove obsolete Windows updates, service packs, and system upgrade files.

Then, in 2013, Microsoft back-ported the “Clean up system files” option to Windows 7 SP1 via KB 2852386. (The Win8 and Win7 versions of Disk Cleanup now look and act almost identically; see Figure 1.)

Figure 1. In Win8, and in updated Win7 systems, the Clean up system files option offers an easy way to remove unneeded Update, service pack, and upgrade files.

For more information on using the Clean up system files option, see “Clean out obsolete, space-consuming update files,” in the Jan. 9, 2014, LangaList Plus).

That text also includes links to 32- and 64-bit versions of Win7’s KB 2852386, if your current Win7 setup lacks the updated cleanup tool.

The same article also shows how to use Vista’s compcln.exe — and how to use the old DISM tool for cleaning Win7, should you wish to try it. (Note: If you run the Win7 DISM and have previously cleaned your system files with DISM or with the updated cleanup tool, you’ll likely get an “Error 87” — meaning that DISM can’t find any more files to remove.)

Which brings us back to oversized WinSxS folders. All these cleanup tools are useful, but they’re not magic. An in-use WinSxS folder will never be as small as it was when you first booted the OS. In other words, “as lean and clean as possible” will never mean “as clean as new.”

As to Nico’s Win10 upgrade dilemma: When the current setup is thoroughly cleaned and fully backed up, I recommend upgrading it to Win10. That will give you a valid Win10 license. Later, when it’s available, you can then download the Win10 .iso and do a clean, from-scratch, install of the new operating system (totally replacing the current Win7 setup). Microsoft is still fuzzy on when the Win10 ISO will be released, but it has stated that these image files will be offered.)

You’ll end up with a completely fresh copy of Win10, along with a full backup of your current, well-maintained Win7 system — just in case you need it!

Is it data theft or excessive system activity?

Dick Summerhays’s PC is behaving weirdly; he suspects it’s an external attack.

• “Someone on the Internet is getting data from my PC. It interferes with the operation of the computer. In fact, I am having trouble typing this message because letters don’t always appear unless I press the key several times. In addition, it causes the frame around applications to blink on and off.

  “I know the cause is some outfit on the Web because my download/upload meter displays activity when the problem occurs. Is there any way to identify the source and block it?”

Unexpected upload/download activity can be disconcerting, but I don’t think there’s anything nefarious going on in this case.

Rather, I think the real problem is within your system. Windows might flash a program’s title bar or window frame when a program is experiencing a serious malfunction or fault.

This hardly ever happens with Windows’ own components anymore, but a misbehaving third-party program and driver can still trigger what you’re seeing.

When a software fault happens, Windows Error Reporting will usually log the problem; it then might try to contact the Microsoft support servers to see if there’s a known solution. Likewise, OEM error-logging and -reporting software (e.g., tools such as the “HP Software Assistant”) might also get into the act, “phoning home” to try to find a remedy. This error-reporting is probably the source of the upload/download traffic you noted — it’s also probably causing a temporary spike in system activity, which is making your PC unresponsive.

So the solution is to find out what’s causing the original faults and then to repair or replace that software.

But just to be safe, I recommend you start by running a thorough anti-malware scan of your PC. For suggested tools, see the April 11, 2013, Top Story, “A dozen tools for removing almost any malware.”

When you know your PC is malware-free, visit the manufacturers’ sites for your PC and peripherals (such as your printers) to verify that all drivers are correct and current. See more info, see the Feb. 21, 2013, LangaList Plus, “How and when to update your system’s drivers.”

If that’s not the source of the problem, you might have to disable or uninstall your third-party software, one item at a time, until you can determine which program was causing the trouble.

Those steps can take some time. You might find temporary relief by disabling any OEM diagnostic/support tools that might be sending reports to the cloud. In an admin-level account, type msconfig in Windows’ start/search/run box. When the system configuration tool opens, click the Services tab, and then uncheck (disable) any relevant OEM software. Next, open the Startup tab and do the same there.

With less activity going on in the background, your PC should be easier to use while you’re tracking down the root cause of the problem.

Is Microsoft’s free PCSAFETY help line for real?

Given the prevalence of by-phone computer scams, Gil Brand was suspicious about a free by-phone service, supposedly from Microsoft.

• “A friend just gave me this toll-free number (866-PCSAFETY) to get free Microsoft help with Windows Update issues and security issues. Is this for real?

  “I called the number. Seems real! But my local ‘tech gurus’ think it’s a scam. Comments?”

It’s a real Microsoft number; in the US and Canada, you can call 1-866-PCSAFETY (1-866-727-2338) for free help — but specifically for security-related issues.

Outside the U.S. and Canada, and for nonsecurity issues, you can use the phone numbers listed on an MS Support page. The types of services offered will vary depending on where and when you got your copy of Windows. For example, Microsoft might refer you to your PC vendor, if your copy of Windows came with your PC hardware.

But here’s a key distinction between these services and PC repair-by-phone scams: You’re the one initiating the call, and you’re calling a published Microsoft number.

That’s not at all the same as getting an unexpected call, out of the blue, that starts with something like “Hi, I’m from Microsoft. Our servers have noticed a problem with your PC …” Microsoft doesn’t initiate tech support calls to Windows users. (If you call Microsoft for support, the tech may ask permission to call you back later, typically if the problem can’t be resolved during the initial call. But again: Microsoft will never initiate a tech-support call on its own.)

In fact, Microsoft is trying to wean users away from phone-based support altogether. It would prefer you use one or more of the many online self-help fix-its discussed in the June 11 Top Story, “Free first aid for a wide range of Windows ills” — or use the various other online sites where you can find downloads, ask other users for help, or contact Microsoft support techs via chats or email. See, for example:

• Microsoft’s main “Contact us” Answer Desk page
• The MS product-based support site
• The Disability Answer Desk page

You can use those resources and the phone numbers listed above with confidence. But if you get an unexpected, out-of-the blue call from someone claiming to be from Microsoft, just hang up — it’s a scam. (Another scam: A third-party “Microsoft partner” calls from out of the blue. The “tech” claims that your copy of Windows reported a problem to Microsoft, who then referred you to the “partner.”)

Again, if you want support from Microsoft, you have to make the first call.

Ubuntu 101: Using this popular Linux distro

In this third article on Linux for Windows users, I’ll talk about configuration and maintenance of your new system.

I’ll also highlight some features that are unique to Linux — and that might surprise or puzzle newcomers.

For this final installment of our Linux series, we’ll cover basic system administration, including updating and adding software. We’ll then finish with a brief tour of the Linux command line. Though Ubuntu takes great pains to present users with a fully graphical environment, Linux differs from Windows in having a mature, fully functional, and very powerful command-line interface running underneath its graphical shell. You’ll want to make friends with it.

If you missed the first two articles in the series, see “An introduction to Linux for Windows users,” Feb. 19 Top Story, and “Linux for Windows users: Installing Ubuntu,” April 9 Top Story.

For reference, here’s the basic Ubuntu desktop.

Figure 1. The basic Ubuntu desktop should look familiar to Windows users.

Navigating through the Linux file system

Before the rise of mobile-inspired graphical interfaces, which rely on sparse icons and search functionality to run applications, there were “files” and “folders” (or “directories”) arranged in a “tree” that you had to navigate as a multi-layered menu. That structure still exists, of course, and it looks pretty much the same in either Windows or Linux (or in OS X, which is UNIX under the hood). Windows users are familiar with File Explorer as the tool for browsing and managing the file tree directly. Figure 2 shows the familiar file-/folder-management tool in Win8.1.

Figure 2. The standard Windows file and folder navigation and management tool

The file system in Ubuntu and other Linux distributions (distros) is quite similar in structure and serves the same purpose. To display it, open the Nautilus file manager by clicking the filing-cabinet icon in the launcher and then clicking Computer (see Figure 3).

Figure 3. Most Linux versions have a file and folder structure similar to that of Windows.

Ubuntu’s Nautilus is a faithful clone of Microsoft’s File Explorer and has all the tools you’d expect. You can perform searches, change views, right-click on an object to see a context menu, double-click an object to open or run it, delete objects, create objects, and drag and drop them as you like (if you have the appropriate permissions). Ubuntu even replicates the default personal file folders: Documents, Downloads, Music, and the others. But there’s no equivalent to the Windows Library. You’ll note that there’s also no C: drive listed; instead, the highest node of the file tree is represented by the forward slash (/) visible in the Nautilus title bar. In fact, there’s no reference to drive letters because the UNIX file architecture predates MS-DOS and its drive-mapping structure by many years.

The Linux high-level directories map to Windows as follows. (I’ll ignore some of the Linux directories that contain virtual files, device files, and other system arcana.)

Figure 4. Linux equivalents to Windows directories

In everyday use, you’ll never touch anything outside your “home” directory, a folder under /home that bears your user name and allows you full access to its contents. Most of the remainder of the system is accessible only by the root user, the equivalent to the Windows Administrator.

As in Windows, there are ways to elevate your user privileges in order to perform system maintenance, such as installing software. The Unity graphical shell handles this sort of task by asking for your user password.

Note: The UNIX forward slash (/) is not functionally the same as the Microsoft back-slash (). Don’t confuse them when moving between computer systems.

Managing Ubuntu configuration and settings

For system setup and customization, Windows has its Control Panel. In Ubuntu, various configuration utilities are grouped in the System Settings panel (Figure 5). Open it by clicking the gear icon in the launcher.

Figure 5. Ubuntu's System Settings window is analogous to the Windows Control Panel.

Most of the tools in the Settings windows should be obvious to Windows users. The items under Personal let you customize the appearance of your desktop, select languages and keyboards, and tweak privacy settings.

The Hardware section contains the tools you’ll use to configure printers, modify mouse behavior, set screen resolution, control power use, and more.

The System section gives access to low-level system settings such as time and date, lets you configure a backup schedule, and includes a link to the software manager (discussed in the next section). It also includes the Universal Access tool, containing settings helpful to users with impaired vision, hearing, or mobility.

Here are a few important notes about security.

• The Ubuntu Dash, accessed via the Super key (the top icon or, typically, the Windows key on most keyboards) pops up your search-box window. Searches will include both local and Internet-based results, often including commercial offers. This is, of course, a revenue stream for Ubuntu’s parent company. According to the Ubuntu Privacy policy, “Unless you have opted out …, we will also send your keystrokes as a search term to productsearch.ubuntu.com and selected third parties. …”

  To opt out, click Security & Privacy/Search and turn off the option Include online search results.

• The Online Accounts tool is a Ubuntu-managed remote service that stores your sign-in credentials and passes them as needed to sites such as Facebook and Twitter. If you are comfortable with this, you can opt in.
• Where, you may ask, are the anti-malware settings? One stark difference between Windows and Linux is that no lucrative anti-malware industry has grown up around Linux. This is partly because of shortsighted (though now corrected) engineering decisions by Microsoft, and partly because Linux has been a bit player in the consumer market.

  There probably ought to be robust anti-malware products for Linux, since there are certainly exploits in the wild (more info) aimed at Linux servers. However, for desktop users, if you don’t run as “root,” you do use strong passwords, and you have a properly configured firewall protecting your home network, Linux’s built-in security architecture will keep you at least as safe as Windows users.

• The omission of a firewall icon in System Settings was a bad decision by Ubuntu. If you don’t have a firewall at your Internet router, or you plan to connect a laptop to public Wi-Fi networks, or you wisely want to apply the principles of defense in depth (more info) to your computing, you should install a local firewall to prevent unwanted network probes. Fortunately, Ubuntu installs its Uncomplicated Firewall (UFW) by default. It must be activated and configured from the command line.

One other configuration option is too interesting and too typical of Linux to pass over: virtual desktops — or workspaces, as Ubuntu calls them. Virtual desktops (more info) have been a mainstay of UNIX/Linux interfaces since they were invented at Xerox PARC in the mid-1980s.

A conventional computer display has one “desktop” that exactly fits the monitor. With virtual desktops, you have multiple desktops that you can scroll across or jump to. A widget called a pager is usually included to give you an overview of the available workspaces and to simplify navigation. (Virtual desktops have been available on the Mac since OS X 10.5, and Microsoft will be providing them natively in Windows 10 — more info.)

To activate workspaces in the Ubuntu interface, open System Settings and click Appearance/Behavior/Enable workspaces. Click the new launcher icon that appears and you will see something like this:

Figure 6. Ubuntu has native support for virtual desktops.

Note the Workspace Switcher icon on the left side of the screen. Clicking it, Ubuntu displays up to four preview panes with open applications visible in each. Click one to select it and the view zooms into that workspace. You can also use the preview to drag and drop applications between workspaces.

I find the default four workspaces rather restrictive, since I’m using 14 workspaces as I write this. If that kind of madness appeals to you, download Ubuntu Tweak and give your video memory a workout.

Software updates

Ubuntu inherits the Debian GNU/Linux software package management system — Apt (more info). Ubuntu merely ensures that updates can be carried out with a minimum of user intervention. All software handled by Apt is packaged in .deb files that contain information about the platform, the dependencies, and potential conflicts.

The packages are made available for free download from repositories, some of them hosted on servers provided by the distro and others donated by businesses, educational institutions, governments, and other organizations. All of the packages in the approved repositories are security-signed to insure their integrity and authenticity.

This all differs from the proprietary OS ecosystems in several ways:

• Virtually all of the software is free, both OS components and applications. Free means not just free of charge, but also (with variations across many different licensing schemes) free to copy, modify, pass along to others, and use as you like. It also means that if you are a developer, you can have the source code.
• The distribution of the software is a community effort; there’s no single corporate source for it. The community is critical to making a distro work. For example, though Canonical (site), the company behind Ubuntu, is a for-profit company, it’s subject both to market forces and community sentiment.
• Most Linux distros, Ubuntu included, accept a small amount of non-free-licensed code or data in their repositories. These exceptions are usually proprietary device drivers or patent-encumbered audio/video codecs. In some cases they involve software that is illegal in some jurisdictions. Users, however, have a right to refuse software that comes with terms they find objectionable.
• Anybody can package software in a .deb file, but that doesn’t mean the package will earn official recognition from the distros. Nonetheless, users do install this unofficial but compatible software.

These last two points explain what update configuration options you’ll see. To get updates, you simply enter “update” into the Dash search bar. The search will return the two applications shown in Figure 7 (plus other “update” references typically pulled from the Web).

Figure 7. Ubuntu's software updating application and files

To get acquainted with the configuration options, click Software & Updates. We’ll look at the first and third tabs.

Ubuntu Software tab: This is where you see the ethical commitments of free software in play, as well as the Linux approach to dealing with legal gray areas. Each Ubuntu repository (repo) server actually contains separate sections for each category of hosted software (see Figure 8). If you have ethical or security reasons not to use certain types of software, this is where you can stop them from showing up in lists of available apps.

Figure 8. The Ubuntu Software section shows the types of applications you can download.

The default Ubuntu Software section includes:

• Canonical-supported free and open-source software (main): Main contains free and open-source software that’s key to building a working computer system. Canonical takes responsibility for maintaining and updating these packages as needed. Examples include the Linux kernel, the Unity desktop interface, the Nautilus file manager, and the Firefox Web browser.
• Community-maintained free and open-source software (universe): Universe contains other free and open-source software that Ubuntu does not maintain. Updates, if any, come from the volunteer developer community. Examples include the Chromium Web browser and XChat IRC client.
• Proprietary drivers for devices (restricted): This category contains the drivers needed for network cards, scanners, printers, and other hardware. This software is typically fully or partly closed, meaning the contained source code or data is a trade secret.
• Software restricted by copyright or legal issues (multiverse): Multiverse contains closed-source, proprietary device drivers and patented codecs that Canonical deems indispensable to the operating system. Canonical has negotiated licensing agreements with rights-holders, and takes responsibility for maintaining and updating these packages as needed (until they reach their end of life). Examples include NVIDIA graphical drivers, some Wi-Fi drivers, and the Adobe Flash browser plugin.
• Source code: As its name implies, this repository contains source code (in a human-readable programming language) for the free and open-source programs supplied in the other repositories.

Updates tab: Here, you’re back in familiar territory. You can configure the notification rules for updates and the kind of updates they apply to (see Figure 9). When updates matching your rules become available, you will be notified by a popup window asking whether you’d like to install them. You can also manually trigger a check for updates by clicking the Software Updater in the Dash.

Figure 9. The Updates tab is similar to the Windows Update settings.

When an update is triggered, the Software Updater checks the repositories for updated code. It compares those files against the current state of your Linux system and then displays a list of suggested software packages. Simply browse the list (see Figure 10) and deselect any applications you’d prefer not to install or don’t need.

Figure 10. Ubuntu makes it easy to select software updates for download and installation.

Filling out your Ubuntu system with new apps

When installing new software of your choice, you’re using the Apt infrastructure again but with a different front end — the Ubuntu Software Center tool. (See Figure 11.) The launcher icon is a valise with an A on it. Click it to open the greeting screen.

Figure 11. The Ubuntu Software Center is the best place to start for new Linux applications.

Like smartphone apps, many of the apps are free and others have a modest fee. Explore the library at your leisure; start with installing Chromium, the elegant, community-supported browser that’s loaded with Google hooks. There are two ways to track down Chromium for installation: navigate the categorized menu system on the left or use the search option on the upper right. (Search is obviously faster if you know the name of the app.)

When you select Chromium and click Install, Ubuntu prompts you for your user password; a requirement because you are modifying the system and you need superuser (root) privileges for that change. When the installation is complete, the system inserts a blue Chromium icon in the launcher. (See Figure 12.)

You can also use the Ubuntu Software Center to remove software. Just click the Installed button in the toolbar, use the menu or Search to find the offending program, select it, and click Remove.

Figure 12. The Chromium browser might be one of the first new apps you'll want to install on your Ubuntu system.

Using the Linux command-line system

The Linux command-line interface (CLI) isn’t just a computer management tool, it’s a world view. No one has expressed this better than author Neal Stephenson in his long essay In the Beginning Was the Command Line (1999), a survey of the state of personal computing that is still worth a read, despite being made somewhat dated by the subsequent introduction of Mac OS X.

Stephenson frames computing as a question of knowledge and control: Do you have ultimate access to what’s happening in your computer, or are you limited by what a filtered and simplified user interface allows you to see? Since UNIX predated graphical interfaces, the original and ultimate interface was always in a terminal window.

Every Linux task can be completed from a command line: setting configurations, starting and stopping programs, monitoring the system, writing documents, surfing the Web, sending email, and much more. The graphical interface of Linux systems sits lightly atop the command-line core. In contrast, the Windows graphical interface is deeply embedded into the operating system — you can’t run the full operating system from a command-line prompt.

In Linux, the default “terminal emulator” or command-line shell is the Bourne Again Shell — aka Bash. It’s a descendant of the original 1970s UNIX shells and a far cry from the old MS-DOS terminal it resembles. Beyond serving as an administrative interface, Bash is also an automation platform, a communication conduit among system processes and data flows, and a development environment with its own programming language.

For Linux system admins, Bash is the most efficient — and sometimes only — way to configure and manage their Linux systems. (Windows Secrets readers know that an administrator lurks in every experienced computer user.) Even Linux novices, living primarily in the GUI, will want to steal a few tricks and shortcuts from the rich command-line options.

I’ll show examples of a couple of essential Bash commands; for more information, I suggest looking through the Basic commands section of the Advanced Bash Scripting Guide and one or more of the many useful guides and how-tos hosted by The Linux Documentation Project (site).

To open the command line, click the black terminal icon in the launcher. If it’s not there, enter “terminal” into the Ubuntu search field. The Bash prompt will show some interesting information right from the prompt (see Figure 13).

Figure 13. The typical prompt on my Ubuntu system

In this example, robinson@Amalthea:~$ translates into username: robinson; host-computer name: @Amalthea; present working directory: ~ (“home” for this user); $: denotes a standard user (no superuser privileges).

DOS veterans will notice that some Bash commands are familiar. PowerShell experts will also see where Microsoft got the idea for the “man” command — it’s a primordial UNIX convention well worth emulating.

There are a few basic commands:

• ls – List is the command that displays files. Run ls without arguments, and it returns the file or directory names of objects in the present working directory. If you add the -a switch, hidden files and directories will also be displayed. The -l switch displays long-form file details. You can combine these switches; for example, enter ls -al at the prompt.
• cd – Change directory does just what you’d expect; it lets you change directories. For example, entering cd / switches to the root directory. Used without arguments, cd changes directory to user home (e.g., /home/robinson). Entering cd .. moves you up one level in the directory tree; cd ../../ goes up two levels.
• cp – The copy command copies files, directories, or both. You might, for example, use the command cp testfile.txt testfile2.txt at the prompt.
• mv – The move command is used to rename a file or directory or to move it to a new location in the file tree. For example, you might enter mv testfile.txt original.txt at the prompt.
• rm – The remove command deletes files and directories. To remove testfile2.txt, for example, you’d simply enter rm testfile2.txt at the prompt.

Other key commands include mkdir (make directory), ln (create a shortcut to a file), and possibly the favorite of many Linux users: man. Adding a program name to the man command — for example, man ls — opens help describing the program’s options and command syntax.

Obviously, this is the barest of introductions to the Bash command line. Start by using it to navigate around your file system; copy, rename, and move files; create directories; and see other commands.

If you’ve read through all three articles in this series, you’re probably ready to explore the countless online resources for Linux users, starting with those at the Linux Documentation Project (site). However, I don’t recommend printing out the Bash guide — the PDF file is 916 pages long.

Detecting DISM-tool corruption takes patience

As anyone who uses tools for work knows, sometimes the tools themselves demand attention.

Forum member bbearren reported such an interlude recently in the Maintenance forum.

You might be impressed first by the intuitive leap that led bbearren to suspect his Deployment Image Servicing and Management tool was broken. After that, you might want to take note of how he confirmed and fixed the problem.

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	Getting lots of “Recovery webpage” notices when surfing the Internet
Word Processing	From one Excel file to many Word files
Spreadsheets	Code not working on most of data set
Databases	Creating search parameters
Visual Basic for Apps	Losing values in publicly declared array in middle of sub
Microsoft Outlook	Outlook 2010/2013: Weird spell-check problem
Non-Outlook E-mail	Emails lost in Thunderbird
Windows
General Windows	After sign-in, Win7 screen remains blue
Windows 10	Win10 upgrade answers
Windows 8	“Remember this computer” not working
Windows 7	No grab or minimize points in Win7 Pro screen
Windows Vista	Windows Vista Update KB 3057839
Windows XP	Windows XP security
Windows Servers	On startup, domain controller shows Public as the net profile
Internet/Connectivity
Internet Explorer	“Open in new tab” option lost
Third-Party Browsers	Totally fed up with Chrome
Networking	Importance of Ethernet?
Social Media	Win8.1 adding Connect to Facebook feature?
Other Technologies
Non-Microsoft OSes	Email-forwarding problem on Samsung Galaxy S5 Android 5
Security & Scams	New zero-day; critical patch to be released
Maintenance	What to do when DISM is broken
Hardware	New computer for Windows 10: Hybrid?
Graphics/Multimedia	How to fix scratched DVD?
Other Applications	7-Zip files look like Notepad files

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

Arts and sciences: How to see Pluto

Like millions of others on our blue planet, we’ve been thrilled by close-up images of Pluto. You, too, might be inspired by New Horizons’ streak past our distant solar-system neighbor (nine and a half years into the journey). Perhaps it has renewed your interest in astronomy. But for others, the fly-by has been an artistic inspiration. Consider, for example, this video of Pluto the dog revealed on Pluto the dwarf planet. Click below or go to the original YouTube video.

Will updating Windows get easier — or not?

With questions about updating still swirling around Windows 10, Microsoft posts a Win10 Preview tool for troublesome updates.

All other supported versions of Windows should see an out-of-cycle security update for a font-driver vulnerability.

No full Windows Secrets newsletter on July 30

Typically, the Windows Secrets editors take a publishing break on any fifth Thursday of the month. So there’ll not be an official July 30 issue. The next full newsletter will be on August 6. (Another year is flying by.)

That said, we want to stay up to date on July’s Windows and Office patches. Look for the second bi-monthly Patch Watch column on the Windows Secrets site (not in your email inbox). We hope everyone on the northern half of our blue planet is having an excellent summer. With all the news about Pluto, how many of us remembered that the first moon landing was 46 years ago this past Monday. Cheers to Neil — who passed away in 2012 — and Buzz!

MS quietly releases an app to hide Win10 updates

Perhaps the most controversial aspect of the soon-to-be released Windows 10 is future updates. As has been widely reported, consumer versions will have all updates installed automatically. That’s a significant change from previous versions of Windows — including Win8.1 — in which users can choose to delay or ignore any patch offered in Windows Update.

Unfortunately, as experienced Windows users know, not all updates are problem-free. Microsoft has recalled and reissued some of these troublesome patches, but others have resulted in BSoDs, USB failures, software incompatibilities, and various other issues.

Which is why many Windows users prefer to delay those updates that are not critical, not security-related, or that tend to be problematic — e.g., Windows kernel-mode driver fixes. Waiting a week or two gives some time for reports of patch failures to appear and lets third-party software vendors update their applications to support the changes to Windows. (Security patches for zero-day threats and browsers should almost always be installed as soon as possible.)

Microsoft introduced forced updating in Windows 10 Insider (formerly Technical) Preview — there’s no option for delaying or hiding new patches. Although most Win10 Preview users probably found that new policy acceptable in a beta product, it must also have generated a significant number of complaints, mostly from users who ran into patching issues. That would explain why Microsoft recently posted Support article 3073930, which describes how to uninstall patches in Win10 Preview.

In essence, this is putting out fires after they’ve started. You can’t prevent the installation of a troublesome patch, but you can go back and uninstall it (at least you can on the latest build). This strategy might be acceptable — except for cases in which your machine won’t run properly or when the patch keeps reappearing.

To solve that zombie-patch problem, MS Support article 3073930 also includes a downloadable app called the Show or hide updates troubleshooter, which lets you block (or later unblock) uninstalled updates (see Figure 1).

Figure 1. Microsoft's downloadable Show or hide updates app is designed for problematic Win10 Preview patches.

But here’s the catch: You have to either snag the update before it’s installed by Windows or use the uninstall option in Windows Update first (click Settings/Windows Update/Advanced Options/View your update history; then click the Uninstall updates link). Also, as Woody Leonhard reported, the uninstall-and-hide trick doesn’t always work. Still, it’s better than nothing.

Why, with the formal release of Windows 10 a week away, is this important? One has to wonder whether the Show or hide updates utility will also work on the shipped version of Win10. Or maybe the tool will be incorporated into Win10. We’ll have to wait and see how best to handle problem patches in the new OS.

Microsoft posts an out-of-cycle update

When Microsoft releases a critical update outside of its usual Patch Tuesday schedule, it’s almost always a sign of trouble. On July 20, KB 3079904 (MS15-078 ) was issued to patch a vulnerability in the Windows font driver. Without the fix, clicking a website or opening a document with embedded OpenType fonts could expose your system to remote attacks.

Typically, out-of-cycle patches block exploits that are already in use. But according to an InfoSec post, though this vulnerability is in the wild, it’s not being actively exploited. KB 3079904 apparently replaces KB 3077657 (MS15-077), which fixed the Window ATM font driver — and this vulnerability is being used in attacks. As Susan Bradley would say in her bimonthly Patch Watch column: Install KB 3079904 as soon as offered.

Hacking your car is no longer science fiction

Apparently, many — if not most — new cars now have some sort of wireless connection. Those connections can be cellular, Bluetooth, and even Wi-Fi. Drivers use them for in-car entertainment, communications, and calling for help. Dealers might use them for updating onboard computers.

But according to a must-read Wired story, security researchers recently proved that not only can some cars be hacked, the hackers can truly take control of the vehicle from the driver — a prospect that’s significantly more dangerous than stealing personal information.

There’s a comparable issue between hacking cars and hacking airplanes, which has also been demonstrated. In both cases, there’s no effective separation or firewall between the onboard entertainment and control networks. Obviously, there’s still a significant disconnection between security research and implementation.

I think I’ll hold on to my aging, digitally deprived pickup truck for as long as I can.