added antivirus post, updated dell dock draft

5 files changed, 239 insertions, 6 deletions

diff --git a/Makefile b/Makefile
index d8458d6..d59fa49 100644
--- a/Makefile
+++ b/Makefile
@@ -20,7 +20,7 @@ post:
 	cp $(TEMPLATE) $$FILENAME; \
 	sed -i '' "s/{{ title }}/$$TITLE/g" $$FILENAME; \
 	$$EDITOR $$FILENAME; \
-	sed -i '' "s#</channel> </rss>#<item> <title>$$TITLE</title> <pubDate>$$LONG_DATE</pubDate> <link>https://www.53hor.net/$$FILENAME</link> <guid>https://www.53hor.net/$$FILENAME</guid> </item>\n</channel> </rss>#" rss.xml; \
+	sed -i '' "s#</channel>#<item> <title>$$TITLE</title> <pubDate>$$LONG_DATE</pubDate> <link>https://www.53hor.net/$$FILENAME</link> <guid>https://www.53hor.net/$$FILENAME</guid> </item>\n</channel>#" rss.xml; \
 	sed -i '' "s#<ul id=\"index\">#<ul id=\"index\">\n<li> <a href=\"/$$FILENAME\">$$TITLE <code>$$LONG_DATE</code> </a> </li>#" index.html
 
 live:
diff --git a/drafts/dell-dock.html b/drafts/dell-dock.html
index 5b2526f..4be6691 100644
--- a/drafts/dell-dock.html
+++ b/drafts/dell-dock.html
@@ -1,3 +1,5 @@
+<h1>Make Your Docking Station Work for You on FreeBSD</h1>
+
 <p class="description">
   Here's the problem. I have a Dell Latitude E-series laptop running FreeBSD
   12.1-RELEASE. I also have a Dell E-Port II docking station on my desk. I
diff --git a/index.html b/index.html
index 84729c5..12d7558 100644
--- a/index.html
+++ b/index.html
@@ -8,7 +8,10 @@
       property="og:description"
       content="The World Wide Web pages of Adam Carpenter"
     />
-    <meta property="og:image" content="https://nextcloud.53hor.net/s/iBGxB7P3BKRbj9P/preview" />
+    <meta
+      property="og:image"
+      content="https://nextcloud.53hor.net/s/iBGxB7P3BKRbj9P/preview"
+    />
     <meta property="og:site_name" content="53hor.net" />
     <meta property="og:title" content="Home" />
     <meta property="og:type" content="website" />
@@ -64,10 +67,37 @@
       </h1>
 
       <ul id="index">
-<li> <a href="/posts/computing/2020-12-22-why-does-everyone-use-adobe-acrobat-reader.html">Why Does Everyone Use Adobe Acrobat [Reader]? <code>Tue, 22 Dec 2020</code> </a> </li>
-<li> <a href="/posts/programming/2020-12-08-useful-sprint-planning-from-a-certified-scrum-master.html">Useful Sprint Planning from a Certified Scrum Master <code>Tue, 08 Dec 2020</code> </a> </li>
-<li> <a href="/posts/programming/2020-12-04-aoc-2020-day-1-in-cbm-basic.html">AOC 2020 Day 1 in CBM Basic <code>Fri, 04 Dec 2020</code> </a> </li>
-<li> <a href="/posts/programming/2020-12-01-the-guides.html">The Guides <code>Tue, 01 Dec 2020</code> </a> </li>
+        <li>
+          <a
+            href="/posts/computing/2020-12-29-antivirus-software-is-a-hack.html"
+            >Antivirus Software is a Hack <code>Tue, 29 Dec 2020</code>
+          </a>
+        </li>
+        <li>
+          <a
+            href="/posts/computing/2020-12-22-why-does-everyone-use-adobe-acrobat-reader.html"
+            >Why Does Everyone Use Adobe Acrobat [Reader]?
+            <code>Tue, 22 Dec 2020</code>
+          </a>
+        </li>
+        <li>
+          <a
+            href="/posts/programming/2020-12-08-useful-sprint-planning-from-a-certified-scrum-master.html"
+            >Useful Sprint Planning from a Certified Scrum Master
+            <code>Tue, 08 Dec 2020</code>
+          </a>
+        </li>
+        <li>
+          <a
+            href="/posts/programming/2020-12-04-aoc-2020-day-1-in-cbm-basic.html"
+            >AOC 2020 Day 1 in CBM Basic <code>Fri, 04 Dec 2020</code>
+          </a>
+        </li>
+        <li>
+          <a href="/posts/programming/2020-12-01-the-guides.html"
+            >The Guides <code>Tue, 01 Dec 2020</code>
+          </a>
+        </li>
         <li>
           <a href="/posts/interesting/2020-11-30-titanic's-last-signals.html"
             >Titanic's Last Signals <code>Mon, 30 Nov 2020</code>
diff --git a/posts/computing/2020-12-29-antivirus-software-is-a-hack.html b/posts/computing/2020-12-29-antivirus-software-is-a-hack.html
new file mode 100644
index 0000000..b3f99ce
--- /dev/null
+++ b/posts/computing/2020-12-29-antivirus-software-is-a-hack.html
@@ -0,0 +1,195 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <link rel="stylesheet" href="/includes/stylesheet.css" />
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <meta
+      property="og:description"
+      content="The World Wide Web pages of Adam Carpenter"
+    />
+    <meta
+      property="og:image"
+      content="https://nextcloud.53hor.net/s/iBGxB7P3BKRbj9P/preview"
+    />
+    <meta property="og:site_name" content="53hor.net" />
+    <meta property="og:title" content="Antivirus Software is a Hack" />
+    <meta property="og:type" content="website" />
+    <meta property="og:url" content="https://www.53hor.net" />
+    <title>53hornet ➙ Antivirus Software is a Hack</title>
+  </head>
+
+  <body>
+    <nav>
+      <ul>
+        <li>
+          <a href="/">
+            <img src="/includes/icons/home-roof.svg" />
+            Home
+          </a>
+        </li>
+        <li>
+          <a href="/info.html">
+            <img src="/includes/icons/information-variant.svg" />
+            Info
+          </a>
+        </li>
+        <li>
+          <a href="https://git.53hor.net">
+            <img src="/includes/icons/git.svg" />
+            Repos
+          </a>
+        </li>
+        <li>
+          <a href="/hosted.html">
+            <img src="/includes/icons/desktop-tower.svg" />
+            Hosted
+          </a>
+        </li>
+        <li>
+          <a type="application/rss+xml" href="/rss.xml">
+            <img src="/includes/icons/rss.svg" />
+            RSS
+          </a>
+        </li>
+      </ul>
+    </nav>
+
+    <article>
+      <h1>Antivirus Software is a Hack</h1>
+
+      <p>
+        <img src="https://nextcloud.53hor.net/s/NDL7WZYZKbm8jJK/preview" />
+      </p>
+
+      <p class="description">
+        I read a really terrific article today about computer security and
+        really dumb ideas or trends that have developed in this field. It's
+        <a
+          href="https://www.ranum.com/security/computer_security/editorials/dumb/"
+          >M. Ranum's <em>The Six Dumbest Ideas in Computer Security</em></a
+        >, and I highly recommend reading through the whole thing. It's got
+        great anecdotes and really simple language for what I consider to be
+        some of the obvious issues with the way programmers and sysadmins think
+        about security (myself included). One portion of it (idea #2), however,
+        finally put something into words that I've felt for a really long time.
+        It enables me to explain why I think all antivirus software is a total
+        hack and is virtually useless.
+      </p>
+
+      <blockquote
+        cite="From The Jargon File (version 4.4.7, 29 Dec 2003) [jargon]"
+      >
+        hack<br />
+        1. n. Originally, a quick job that produces what is needed, but not
+        well.
+      </blockquote>
+
+      <p>
+        This is the Jargon File's definition of a hack. And to me, this is what
+        antivirus software is. Antivirus software, as I understand it, emerged
+        in the mid to late 1980s and became prolific in the 1990s. In the 2000s
+        it was considered an essential piece of software and people were paying
+        for yearly subscriptions for antivirus suites from Norton, Avast, and
+        McAfee.
+      </p>
+
+      <p>
+        The most basic functionality of an antivirus program is to determine
+        whether malware exists on a host operating system. The typical method of
+        doing this is to use a collection of virus definitions and compare each
+        and every potentially-infected file with each and every definition to
+        determine whether the file is malware or has been infected by some. An
+        over-simplified way of implementing this is to store a collection of
+        hashes, each taken from a known potentially unwanted program or
+        infectious executable. You can then hash entire files or portions of
+        files and compare the checksums to see whether a file contains or is
+        equivalent to the definition, and is therefore infected and shouldn't be
+        executed. Some security suites go beyond this with heuristic matching,
+        but if you run an antivirus that has to "update definitions" on a
+        routine basis, it probably works something like this*. With any luck, it
+        does it without being a total detriment to system performance. Ideally
+        it also doesn't act like a piece of malware itself by making itself near
+        impossible to remove (looking at you, McAfee).
+      </p>
+
+      <p>
+        To me, a virus definition database is "enumerating badness" (Ranum's
+        Dumb Idea #2). The premise is that it is not only logical but even
+        possible to compile a list of <em>all</em> potentially unwanted
+        programs, viruses, ransomware, and worms. An environment of trust should
+        be built around the programs that you want to run (read:
+        <em>allow to run</em>), not the other way around. Picture an operating
+        system where no binary file can be executed unless it is specifically
+        flagged as being allowed to. Oh and picture also being able to restrict
+        this execution to just the file's owner, or other groups of users.
+        Wouldn't it be easier to store the list of 30 odd programs that you and
+        other system users trust to be run than the thousands (millions?) of
+        programs that are infectious, forbidden, or unwanted? What about when
+        those trusted applications become compromised? Would it not also be
+        easier to maintain a list of checksums for those binaries and compare
+        those checksums before they're executed to make sure they haven't been
+        infected or replaced?
+      </p>
+
+      <p>
+        The answer is yes, it would be easier. And yes, it is easier. Of course,
+        your system has to work that way. Antivirus software is a hack because
+        it's a hack-y solution to a problem that has a better, simpler solution.
+        It also has the potential for making a ton of money but I won't go into
+        that. It's easier to enumerate goodness, to specifically open up to a
+        select few trustworthy applications. Good lists are usually shorter than
+        bad lists. This builds on top of Ranum's Dumb Idea #1: Default Permit.
+        You wouldn't configure a firewall to just block some known bad ports and
+        traffic. You configure it to block all of it, and then whitelist the
+        ones you know you can trust. You wouldn't configure a browser ad-blocker
+        to permit all ads, and select the ones you don't want to see. You block
+        all of them! Then, if there are sites or ads you're okay with seeing,
+        you whitelist them. You shouldn't default permit all programs to be
+        given control over your computer, and then meticulously list the ones
+        that don't have that permission.
+      </p>
+
+      <p>
+        Oh and of course, as always, there's free software that lets you do
+        this. You don't have to pay for an antivirus suite, or even use an
+        unpaid one that slows down your computer or barrages you with ads. On
+        the BSDs and virtually all Linux distributions, there are built-in tools
+        to control access and execution of binaries. There are additional tools
+        that you can install that check whether binaries (in locations like
+        <code>/bin</code> or <code>/usr/local/bin</code> have been modified
+        since you last used them. On Windows, the story is a little different.
+        Most home Windows 10 users are automatically allowed to install and run
+        any software they want to by default. Windows Server does have Software
+        Restriction Policies that allow you to create a "default deny" policy
+        and whitelist only the software that's allowed to run. If you're using a
+        home edition you probably have to look for software that lets you do
+        this. I haven't tried any of them so I'm not going to endorse or even
+        name them here.
+      </p>
+
+      <p>
+        Preventing malware from running on your system is a problem. Solving
+        this problem is the right thing to do. But please, try to solve it the
+        right way. I stopped using an antivirus after I moved out and got to
+        control my own computer. I don't think it ever did me any good besides
+        flag false positives (a lot of the time with programs or applications
+        that I wrote, which weren't malicious in any way!) and grind my spinning
+        disk to a halt. Evaluate what software you use. Is most of it online?
+        Are there one or two applications that you know you need to use? How
+        often do you install and use unknown or untrusted software? Odds are you
+        can come up with a list of very few programs that you want or need to
+        use. If it's less than 100,000, you're probably better off with a
+        default deny policy than an antivirus suite.
+      </p>
+
+      <p>
+        * What I didn't mention here is that as soon as a new piece of malware
+        is constructed, if it's different enough from its predecessors, it's
+        impervious to all antivirus suites on the planet that don't have it in
+        their definitions. So until that malware is used, detected, and added to
+        the list, it has free reign.
+      </p>
+    </article>
+  </body>
+</html>
diff --git a/rss.xml b/rss.xml
index d58eb30..475b9e4 100644
--- a/rss.xml
+++ b/rss.xml
@@ -125,5 +125,11 @@
 			<link>https://www.53hor.net/posts/computing/2020-12-22-why-does-everyone-use-adobe-acrobat-reader.html</link>
 			<guid>https://www.53hor.net/posts/computing/2020-12-22-why-does-everyone-use-adobe-acrobat-[reader]?.html</guid>
 		</item>
+		<item>
+			<title>Antivirus Software is a Hack</title>
+			<pubDate>Tue, 29 Dec 2020</pubDate>
+			<link>https://www.53hor.net/posts/computing/2020-12-29-antivirus-software-is-a-hack.html</link>
+			<guid>https://www.53hor.net/posts/computing/2020-12-29-antivirus-software-is-a-hack.html</guid>
+		</item>
 	</channel>
 </rss>