There’s a Patch for That

March 10, 2010

Regular readers and Windows users will be all too familiar with the monthly process of installing the latest security updates for Windows and Office from Microsoft.  But what about all the other programs that you may have on your computer?  A Danish security firm, Secunia, has for some time offered a free (for personal use)  tool called the Personal Software Inspector (PSI)  that runs on your Windows PC,and checks to see that all of the programs that it finds, and recognizes, are up to date as far as security patches are concerned.  Its data base of PC applications is very broad, though for understandable reasons not perfect; nonetheless, it is a very useful tool to add to your bag of tricks for keeping your PC safe.

Secunia has also collected statistical data from the PSI, which is used by more than 2 million users, and has just issued a report [PDF] detailing their findings.   The report makes for some sobering reading.  The number of security bulletins for PC software has ranged from approximately 6,000 – 10,000 per year, from 2005 through 2009.  The median PC user in Secunia’s sample has 66 distinct software packages installed on his Windows machine, from 22 different vendors.  That is a lot of different sets of patches to keep track of and update mechanisms to understand.  Not surprisingly, packages that have an automatic update mechanism, such as Windows itself, or the Mozilla Firefox browser, tend to be more up to date on the typical machine than those packages that rely entirely on the user’s diligence.

Brian Krebs, who writes the “Krebs on Security” blog, has an article at Technology Review that summarizes the results of the study.

Recent research shows that the typical PC user needs to install a security update roughly every five days in order to safely use Microsoft Windows and all of the third-party programs that typically run on top of it.

Mr. Krebs goes on to say that Secunia is planning on introducing a new security update tool, that will manage security patches across all applications (or, at least, the many that Secunia knows about) for the Windows user, in an effort to make the patching process somewhat less painful.

Even though the current version of the PSI software includes links to the latest updates for each outdated application, many users still find the update process too cumbersome, says Thomas Kristensen, Secunia’s chief security officer.

The goal, of making it easier for the average computer user to stay secure, is laudable, but it remains to be seen how effective this approach will be.  For starters, Secunia will need at least minimal cooperation from a lot of different software vendors if the service is to be truly useful.  Secunia expects to have a preliminary version available for limited testing within a couple of months, and a release version later this year.

As a longtime Linux user, this seems to me to be a perfectly sensible idea; after all, it is essentially what is provided as part of the Ubuntu Linux distribution, for example.  I subscribe to a security bulletin E-mail list; but there is also an automatic background process that runs daily and notifies me of any updates to the 25,295 packages that Ubuntu knows about.  It makes keeping things up to date pretty painless.  In the next few days, I’ll post an article here explaining how it works, which I think might clarify what Secunia is proposing to do.

Google Maps Adds Bike Routes

March 10, 2010

In an announcement today on the official Google Blog, the company announced that it was now offering information on bicycling routes, and directions for cyclists, on its popular Google Maps service.  The map data includes information on about 12,000 miles of cycling or multi-use trails, mainly supplied by the Rails-to-Trails Conservancy, along with data on the availability of bike lanes, and on other routes that are well-suited to cycling, covering 150 cities in the USA.

The directions function works much as the existing functions for auto or pedestrian directions do (“bicycling” is now a choice on the drop-down menu).  The directions are computed using an algorithm that, according to Google, takes into account bike-friendly routes, traffic congestion, and topography.

Biking directions can help you find a convenient and efficient route that makes use of dedicated bike trails or lanes and avoids hills whenever possible. To find biking directions, select “Bicycling” from the drop-down menu when you do a directions search:

It’s probably to be expected that some of the route data may be incomplete, or just wrong, at such an early stage in the product’s life, but Google encourages users to submit feedback.

I’ve tried generating directions for a few trips that I know fairly well, here in the Washington DC area, or in the metro NYC area, and the results are reasonable, if not always ideal.  The algorithm favors routes on trails or roads with bike lanes, and does seem to try to avoid big hills.  On a trip from Piermont NY (on the west bank of the Hudson) to Manhattan, it chose an inland route, rather that the route along Route 9W that is heavily used by cyclists, but that is probably explained by its wishing to avoid the big climb up the Palisades (on Kloster Dock Road, for example).   Similarly, for some trips in northern Virginia it suggested a route along the W&OD Trail — perfectly reasonable, although I probably would have chosen a somewhat shorter route just using roads.  But being comfortable with that choice comes with experience, and I have a fair amount of that.

All in all, though, I am really pleased to see this service introduced.  I have a feeling that there are a fair number of people who might try using a bicycle for some short trips, if they had a bit more confidence that they wouldn’t get into trouble.  Giving them a set of directions may help convince them that cycling is not just for Lycra-clad nut cases like me.

You can try out the service for yourself here.

Update, Wednesday, 10 March, 17:30 EST

The “Autopia” blog at Wired has an article about the introduction.  Rob Pegoraro at the Washington Post also has a post on his “Faster Forward” blog.

%d bloggers like this: