The BT-bound IPStream/Datastream providers can't possibly afford
the capacity they'd need to offer real unlimited connections to
users, at current market prices. Whilst the LLU providers potentially
could (after recouping higher initial costs), they're not available
everywhere, and they still have to compete with the low prices of
other ISPs all falsely claiming to have unlimited capacity.
Why someone (Advertising Standards? Office of Fair Trading? Ofcom in
general? Anyone?) isn't doing anything about this false advertising I can't
fathom. Customers are being lied to, short-changed, and then locked
into lengthy contracts it can be difficult to get out of when they
discover the deception. And as VoD adoption continues the situation
is going to get increasingly untenable.
One technical nugget was dropped in on this front, though: cable
op Virgin Media is planning to add capacity by upgrading to
DOCSIS 3.0 this year. This is encouraging, as the cash-starved
collection of various old-school networks they inherited when
buying up the UK's various cable providers is already starting
to feel the strain, to which Virgin have responded in many areas with
brutal traffic limiting. But from my memories of Virgin's predecessor
companies, I woudn't hold my breath for it actually going out in any
widespread fashion this year.
Maybe I'm just spoiled by the excellent connections at low prices
available to me in countries like Germany and Japan, but it's curious
how the UK and US, who pride themselves on free markets, actually
end up with such mediocre choice.
The long tail is broke
Everyone was talking about the forthcoming BBC/ITV/C4 VoD service
codenamed ‘Kangaroo’, which is a bit silly as still no-one knows anything
about it, and is basing their discussion on the technical prognostication
technique of ‘guessing’. Except presumably the representatives from BBC and
C4, and they're pretty tight-lipped about it.
What we do know (thanks to C4's Sarah Rose) is the service is expected to carry
third-party submissions. Whether that's to be simply extended material from
existing production houses, or more of a free-for-all isn't clear. The only other
news — less of a revelation than a confirmation of what we glumly expected — is
that there are no plans for Kangaroo or any other service to touch markets
outside the UK.
This is desperately short-sighted. UK TV has enormous global potential, not
just with ex-pats like me, but amongst all of the English-speaking world. UK
programming is already surprisingly popular at TV and general torrent sites
worldwide, and should be attracting viewers in the same general market as
US media giants.
At the moment, though, the country's content is woefully under-exploited. If you're in
the US, you might possibly be able to get BBC America, but if so your cable operator
will be charging you a premium for what amounts to 24-hour daytime television.
Goodness knows how BBC Worldwide came to the conclusion that what the US
market needs is endless provincial inconsequentia like Cash in the Attic,
but that's inexplicably how the schedule ended up. The rest of the world has to
make do with a bitty little patchwork of difficult-to-receive channels in different
countries with similarly lacklustre schedules if you can even manage to get hold
Sure, clearing rights worldwide is a problem, but a wide-ranging VoD service
with some content available worldwide would be a perfect way to
encourage rights-holders to stick some of the programmes on that are never
going to get shown on foreign channels otherwise. I hesistate to mention iTunes
since I personally dislike it for other reasons, but make it that easy and they
There was a lot of talk about the long
tail: how, once you make everything available, there's a surprising total demand
for obscure and niche item. Virgin's Malcolm Wall proudly explained that
over half of their views were already coming from shows outside the top 50 — and
that's with only a very short ‘long tail’. (Virgin and the others may be boasting about
a few thousand hours of material available on demand as if this is a huge
quantity, but between DVD box sets and downloaded UK telly I've got
more than that in my own personal shiny-disc collection.)
Yet if broadcasters stick to the attitude that — to paraphrase Rose from memory — ‘any
show there's demand for will obviously be picked up by foreign broadcasters’ (and
similarly obscure archive content is not worth providing at all to anyone), there's no
chance of the long tail ever coming into fruition, and potential viewers outside the
UK will have to stick with what commercial broadcasters have seen fit to import,
which is bugger all. And unauthorised services like UKNova will need to carry on
making up the difference for a good long time yet.
29th January 2008
What ho there chaps. Over at DOXdesk it's been plenty busy, but there'll
be actual new stuff here this year... promise. There's a fair amount of code we've been using in production for
ages that just needs a little polish so it can be released publically. That last little polish that always
mysteriously takes weeks and keeps getting put off whilst doing other projects, you know the kind of
thing. But still.
In particular you can expect some web-related releases soon: there's a new, vastly improved replacement for
form.py (the first Python module we ever gave away!), a new
major release of PXTL and a whole new bulletin board
package. For some reason there's a real dearth of Python BB software available at the moment so
hopefully this should fill one of them there holes. I don't know about you but I'm fed up of PHP
board software, with its spaghetti code, endless security holes and dismal Unicode support.
But the first software of 2008 from DOXdesk is better than any of
that. In fact it's the best* anti-virus
Anti-malware: state of play
The end of last year saw a slew of articles proclaiming the anti-spyware market dead, and not
without reason. With many of the commercial anti-spyware players moving their products into the traditional
anti-virus space, and the original anti-virus vendors including a wider threat base into their
software, the noticeable difference between the two is diminishing, and in this environment the AV
behemoths must have the upper hand.
And it has to be said, the nature of the malware threat has changed too. The traditional
Unsolicited Commercial Software pushers, whose parasites were always the central focus of
anti-spyware apps, are a shadow of their former selves. Just a few weedy lawsuits and
slaps on the wrist from the FTC seem to have made Direct Revenue (Transponder),
180 Solutions (nCase/Zango and now Hotbar and CDT) and IST rein in their worst
excesses... and saw Direct Revenue give up, unable to make money without abuse.
The FTC did manage to shut down the ghastly Roings/Media-Motor, and Holland's
equally-foul DollarRevenue were similarly stopped. It's a pity they will all get away
with the ill-gotten gains of non-consensual installations, but at least we're rid of
their despicable fat faces for now.
Not that things have necessarily got any better. The Russian-language malware market — that
chaotically-organised tangle of relationships and affiliations between adult webmasters,
hackers and fraudsters — originally known as ‘CWS’, continues to grow beyond all hope
of getting it under control. It generates literally hundreds of thousands of payloads, beyond
any signature-based AV tool's capacity to keep up. It compromises internet servers on a
massive scale, making it impossible to be sure you're browsing to a ‘safe’ site. It has
put away the simple homepage hijackers and traditional partnerships with the trad
spyware vendors mentioned above, in favour of stealthy keylogging/bank-targeting trojans
and brutal promotion of rogue anti-spyware applications operated by other CWS partners.
Meanwhile the Chinese are starting to move in on the same exploit 'n' botnet model in
ever greater volumes.
Ryan Naraine on the ZDNet blog
spots the trend, but somewhat misattributes the blame IMO:
For the most part, this was a definitions game played to perfection by both sides — the
noxious adware vendors who wanted to be viewed as legitimate; and the slick anti-malware
vendors who were only too happy to play along to sell a brand new product.
That really wasn't the way it originally happened. When spyware started to hit the headlines
around 2001-2002, the anti-virus companies wouldn't touch it with a barge pole.
No matter how hard customers complained that the software was unwanted, harmful, and installed
without permission, the AV companies ignored the problem.
Maybe they didn't understand it... more likely they were afraid of the spyware vendors,
the great big farty cowards.
The anti-spyware response was anything but slick. Lavasoft was once a grass-roots
company run by a few enthusiasts; it, Spybot, myself and the others that followed were in it
to hurt the spyware scumbags, not to sell a product. Our response was ragged software and
personal anger, not professionalism.
Now it's become clear there's a market for it, and most of us have escaped or won the constant
lawyer attacks intact, the AV companies want in.
But their products are just as hopeless as ever.
AV is rubbish
I'll probably lose my special Security Club hat for saying so, of course. We all know the reeived wisdom
that must be handed down to users for their own protection, and it must not be questioned or
the poor souls might get confused.
Thou shalt run anti-virus. Thou shalt install a personal firewall. Thou shalt not visit dodgy sites.
Thou shalt be a good boy and eat all thy definitions updates or thou shall not grow up to become
strong and healthy. That'll be another $30 please.
There's only one minor problem: it's a crock. Personal firewalls are pointless for many users
(another rant for another time there, I think); avoiding ‘dodgy sites’ won't protect you from
the mountain of compromised ‘legit’ servers or advertising networks, and as for AV... it's well
past time for a backlash.
Sure, it looks good on the surface. All AV packages claim to detect 99.9% of ‘in the wild’ viruses.
But when I happen across a new web exploit infection source and submit it to the multi-AV-checker
services, typically less than half the AV engines notice anything wrong. And those that do pick it
up often identify it wildly wrongly.
This is not atypical, judging by other malware handlers' reports. And it's not atypical judging by
the machines I end up having to drag in and fix. I've got the neighbour's PC here, loaded up with
anti-spyware and anti-virus scanners. They're even up-to-date — good boy! — but he's still infected,
with a keylogger rootkit, a banking-focused password stealer BHO and a rogue-AV promo.
Anti-virus, you have lost. You sit there filling up our system trays with your little icons and
flashing bubbles, constantly seeking attention with your false positives and pleas for updates
and money. Your ugly self-advertising user interfaces make us feel physically sick.
You cripple our machines' performance and stability with your hundred processes
and services loading at bootup and klunging up the system hooks. It takes a lot to bring a
modern, powerful PC to its knees with swapping and bluescreens, but you manage it.
Yet despite all this, you still don't protect us. Oh, sure, AV is still effective against old-school
viruses and the more widespread mail worms. But come on, what idiot still gets infected by
those? No, the bulk of today's infections — including my neighbour's — are driven by
web browser-based exploits and related fake-software downloads, against which today's AV tools
are woefully ineffective.
The payloads involved are enormous in quantity and range, and are mutated constantly. Against
this, signature-based AV has no chance to keep up. Woollier signatures and heuristic-based
detection increases the chances of detection a little, but at the cost of so many false positives
the user can't trust it any more. Or worse, they do trust it and end up deleting a
bunch of random files that happened to be compressed using an application compressor
(packer=virus, according to stupid AV). Oh, and
Oh sure, you might get an alert from your AV when visiting an exploit, because it peeks into your
internet cache folder and manages to recognise part of the payload, or an intermediate
downloader file, or the original exploit itself. “I've removed a virus for you!” it says, “aren't I super!
It's ‘Delf’, or ‘Agent’, or ‘Small’, or one of the other names we give to specimens we don't really know
what they are but they're probably not good”.
By that point it's far too late; either your browser wasn't vulnerable, and the AV has valiantly
protected you from nothing at all, or the suspect code has already been run, downloading a whole bunch
of other bad stuff. Even if it did miraculously catch all of those (and the odds aren't looking good),
how could you possibly know for sure you were still clean? There are some very hard-to-spot rootkits out there that your
average PC-using clod hasn't the faintest hope of detecting.
(That's the point at which flattening the OS and restoring from a clean image comes in handy. You did
image the system disc, didn't you? You did partition the system disc separately from data, so you don't
lose all your documents, right? Oh, your machine came from the idiot manufacturer with a default
single partition, and a recovery CD that writes the whole partition? Oh bad luck there mister.)
One day, per-program permissions will be the norm at an OS level, and we'll have the benefits of
proper sandboxing without the usability and stability problems of today's primitive behaviour-blocking
AVs. Until then...
The interim solution
Today's AV is a dead loss. But you can't simply not install any, or everyone will complain. That's
where PlaceboAV comes in! It's the fantasic anti-virus solution that's super-fast
and absolutely reliable... because it does nothing at all.