The words ‘rootkit’ and Symantec have been used in the same sentence before, but usualy in the form of Symantec released a report stating that Sony’s rootkit is evil, not Symantec is using a rootkit in it’s SystemWorks software to protect users from themselves.

Symantec Corp. has fessed up to using a rootkit-type feature in Norton SystemWorks that could provide the perfect hiding place for attackers to place malicious files on computers.

The anti-virus vendor acknowledged that it was deliberately hiding a directory from Windows APIs as a feature to stop customers from accidentally deleting files but, prompted by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk.

Having worked on helpdesk before, I know the frustration of the ‘random file deleting’ user. It’s the user who opens up explorer and finds any files he doesn’t recognise and then deletes them. But hiding the files with a rootkit is not the answer and a computer security company should know better. I’ve been getting less and less impressed with Symantec’s software of late, it’s starting to tend towards bloatware, and this only helps push me towards Trend or someone similar

Graham Asher explains exactly why I love Subversion and why I’ll never go back to CVS:

Some of my clients used CVS, which is completely free and has a Windows client. Unfortunately CVS is very hard to use (in fact I find it unusable without severe, painful effort) because it doesn’t have uniquely-numbered states like Perforce change-list numbers. The great thing about Perforce - in fact the one thing that is essential in a usable source control system - is that every check-in gets a single unique number called a CL or change-list number. CLs start at 1 and go up one by one for the lifetime of the source code repository.

The solution is Subversion. I promise you that Subversion will change your life. It is free, open source, has a wonderful Windows client called TortoiseSVN, and uses unique numbers, incremented one by one, just like Perforce, for every change. In fact, it goes further than Perforce and stores every state of the file system - that is, not just changes to files, but file moves and renames. You can give arbitrary attributes to files and it stores and tracks them too.

At Liquorice, we use Subversion instead of FTP now. We have a subversion repository that all 3 of our offices have access to, which is where we store all the data for each of our sites. So this means that I can create a new website for a client on my local development server here, submit it to the repository, and the check it back out again on the live server. A cron job scheduling an svn update command every 20 minutes on the live server means that I don’t even have to log into the live box to update it (unless I want to see the update right now).

It even keeps the database in sync, as I just keep a mysqldump file as part of the repository and update that every time I make a database change. Subversion updates, run the mysql script on the live box and bang, version controlled database.

The TortoiseSVN client is nice, especially for non-tech users, but I find myself just using the command line interface. It’s a whole lot faster to just have a SSH window to my dev box open all the time and just type svn ci -m "" when I want to commit, rather than opening explorer to the samba drive, right clicking on the folder, waiting for windows to parse the million or so functions I have mapped to the context menu before displaying it, then select SVN Commit, then have to wait for it to run and dismiss a popup window when it’s finished. This is in no way a disparagement on the TortoiseSVN software, it’s great. It really lowers the barrier to entry for new SVN users.

*whistling* “anything you can do I can do [not so much] better…”

Yahoo! released it’s own version of Google’s sitemaps service last year, which is just a simplified way of submitting your site to the seach engines. NetRegistry has a quick rundown of how Yahoo!’s works and how to set it up. SearchEngineWatch has an interview with Shiva Shivakumar from Google about their service

However, while Yahoo!’s service is just about submitting your pages to the search engine, Google’s gives you access to basic analysis of your site once you’ve setup the sitemap.  It’s nothing fancy, it’s certainly not a replacement for Google Analytics by any stretch of the imagination, but it’s cool none the less.  Probably the most useful information is the Crawl Stats and Site Errors section, which shows you the imformation about the Googlebot’s attempts to index your site.  You can see URLs that the bot couldn’t reach.  Unfortunately it doesn’t tell you how it got those dead links, so you have to dig around in your site to find where they’re linked from, but at least it gives you a starting point.

For Wordpress users there’s a really nice plugin to automatically create the Google sitemaps files.

Technorati Tags: google, yahoo, webstats

They’re probably FMV shots rather than in-game, but still, niiice.