Thursday, 27 July 2017

No way to report abuse of

We received what is probably a phishing email:

The email contained a link to a page in Unfortunately, Microsoft don't seem to publish any information on how to report such a page.

It's just not good enough.

Tuesday, 11 October 2016

2016 and Adobe still wants a reboot after an Acrobat upate

Adobe have released a security update for Acrobat (hardly a rare occurrence). So, being the security conscious user that I am, I went ahead and updated. Now Acrobat Reader wants me to restart my system.

Why? This is October 2016, not the 20th century. User space applications should not require a restart of the system. Firefox doesn't require a restart every time it updates. Chrome doesn't require a restart every time it updates. Even Wireshark doesn't require a restart.

It's just not good enough Adobe.

Wednesday, 4 November 2015

Bentley using a non standard port

Say you want to log in to Bentley's website, so you go to You enter your email address and password and then hit the Sign In button. You would expect to be logged in wouldn't you. But, not necessarily if you are connecting from a corporate environment (and let's face it, most of Bentley's customers will be). Instead you may well get the error Secure Connection Failed:

And why is that? Well, for some totally unfathomable reason someone at Bentley has decided that this page should use TCP port 8443, instead of the standard port of 443 for HTTPS traffic. And of course most enterprises restrict outbound connections to standard ports for security reasons.

So why has Bentley done this? Who knows. But whatever the reason, it's Not Good Enough.

Monday, 27 October 2014

Java installs Ask unless the user opts out

The toolbar is a controversial browser add-in often labelled as malware. Unfortunately Oracle Java installs and updates installs it by default:

The user can of course opt-out. But as Wikipedia points out:
The toolbar is often unintentionally installed during the installation of partner software, including Oracle Java; this may take advantage of a user's lack of critical evaluation.
It's just not good enough.

Saturday, 10 March 2012

Web pages using non standard ports

There seems to be a number of sites using non standard port numbers for some reason or other. For example: Why does anyone think this is a good idea? Don’t developers and designers realise that, for very valid security reasons, many companies restrict outbound traffic to common ports such as TCP/80 and TCP/443? Why make it hard for your customers?

It’s just not good enough!

WSUS and Multiple Reboots

I had to update a Windows 2003 server that hadn’t been updated in a fair while. The server gets its updates from WSUS. Each time I clicked on the Windows Update icon in the task bar Windows went off and downloaded and installed updates from the WSUS server (including Service Pack 2). After the updates had been installed I was invariably asked to reboot the server. After each reboot there would be more updates to install.

So far I have had to reboot the server five times. That means that its gone off to WSUS and downloaded five sets of updates (actually six, it also downloaded and installed the latest RDP client but that didn’t require a reboot).

Why do I need all these reboots? Why do I have to update it multiple times? Why can’t it download and install all the required updates together – like Linux does? If this server had been running Red Hat or Debian or Ubuntu I would have only needed to update once – and rebooted once. Instead it’s taking me hours.

It’s just not good enough!

BSOD when updating ATI drivers on Windows 7 64 bit

I have an ATI Radeon HD 2400 Pro video card. Back in October I attempted to install the latest ATI drivers in the hope that it would resolve a problem I was having (I was previously using the drivers that came with Windows 7). I downloaded the lasted driver at the time (9.9) from the ATI website and then ran the install. Imagine my surprise when I got the following (sorry about the image quality, I used the camera on my phone):

BSOD when installing ATI Drivers

It turns out that I wasn’t the only one getting these blue screens of death. I think it’s totally unacceptable that a major hardware vendor can release drivers or software that cause a BSOD of death during install. Don’t they test these things?

Since then ATI have released newer drivers. I have successfully managed to install version 9.11 – although it didn’t fix the problem. However. that doesn’t change the fact that ATI released drivers that not only wouldn’t install, but crashed Windows.

It’s just not good enough!