A Plea to Web Developers

There’s a growing trend on web sites that require a login, and it is getting annoying.  And I can’t see any real upside to the decisions that web site designers and developers are making.
What I’m referring to is sites that attempt to disable password managers.  They’ll use all kinds of tricks, ranging from a simple ‘autocomplete=”off”’ to JavaScript that clears the form, to building form elements dynamically so they aren’t picked up by browsers or password managers, among others. 

I believe that they are thinking that this increases a site’s security by preventing unauthorized logins.  You know, someone other than the authorized user logging into the site, being able to do so because the password is automatically filled in.  While that makes sense, the bigger issue is that they are actually reducing the site’s security with this behavior.

Why do I say that?  Because it forces people to use really, really bad passwords.

In today’s world, there is basically no such thing as a “good” password generated by a human.  People notoriously pick passwords that are way, way too easy to crack.  Even when we think we are being clever, some hacker somewhere has already been just as clever and coded the method that we think is unique into a password cracking library.  Basically every method you’ve come up with for creating a password, a hacker has already done it.

So the only good passwords are those that are generated completely randomly.  Using what we call a cryptographically secure pseudo random number generator.  Only passwords created by a PRNG can be considered secure enough to thwart hacking.  They should also be long too – 12 characters at an absolute minimum.  These passwords are virtually impossible to remember, especially considering that every web site we visit should have its own unique password.  Honestly, could you remember your passwords if every site’s was unique and they looked like x^HsNpeGo}V%Xd~, [lfGY%KW$4McJ(3l, or Jo@Rl-p4Vc7Esy?  I seriously doubt it.  So people using good, secure passwords use password manager software to generate and remember these kinds of passwords for them.

(I can honestly say I have no idea what my passwords are on 99% of the web sites I visit. In most cases I’ve never actually even seen them.)

Unfortunately it seems that many web site developers think you can remember these kinds of passwords.  Otherwise they wouldn’t be trying to disable password managers.  They are intentionally trying to force you to remember your passwords.  So they’re forcing people into using passwords like “monkey123” or “k3lly@96” which they can remember, but would be cracked by a hacker in a matter of seconds (or even milliseconds), and since people are bad at remembering passwords they’ll reuse the same passwords on multiple (if not every) site(s).

So while their intended effect is to prevent unauthorized logins, what they’ve effectively done is make their user’s accounts much easier to hack.  Not only are their user’s passwords bad, they’re probably the same as another site that has already been hacked. 

Intended effect: improved security, actual effect: horrendous security.  The law of unintended consequences strikes again.

So, please, if you are in charge of designing or developing a web site, resist the urge to prevent users’ browsers or password managers from filling passwords in for them.  The site will be far more secure if you actually allow users to use secure passwords.

(While I’m on the subject, having a site suggest a secure password when a user creates an account isn’t a bad idea either.  It should be displayed on the page so they can see what it is, as well as pre-filled into the password fields.  Most browsers and password managers will automatically pick up on data pre-filled into those fields and save it for the user.  Oh, and always use HTTPS for any page that requests or displays account data.)

P.S. You can always get a truly random password from my web site.  The passwords aren’t saved anywhere, and only you ever see it.

P.P.S. If you aren’t using a password manager, you should be.  The one I like is LastPass.  If you’re concerned about your passwords being accessible to someone, just choose a really, really good password for your account.  These sites include your account password as part of the encryption key, so nobody can get to your password data without it.  And you can make it even harder to crack by turning on Two-Step Authentication too.

Software Development: Old School or New School?

Since I started writing software when I was 5, I’ve been doing it a long time.  I’ve seen a lot of changes in the technology – from the BASIC language all the way to assembly, desktop to server, fat client to thin client, you name it.  But the trend I’ve seen over the last 10-15 years is troubling.

There is absolutely no question that the Internet has changed things radically.  Much of that change is good.  There is, however, an aspect of the Internet and the way that software is written that is disturbing.  Many of the time-tested, well-thought-out, efficient ways of coding are disappearing and are being replaced by junky, ill-conceived, incredibly inefficient substitutes.  People that are learning to code now are mostly coding for the web, and it is very upsetting how little they understand of the actual science behind computing, mostly because the software development tools in use today don’t even support the best, time-tested concepts.

As part of my job I do software development in both Delphi (a modern-day variant of Pascal, very similar to Microsoft’s C#) and PHP.  Delphi is extremely efficient, and has adopted most of the best ideas that have ever come along in computing.  PHP is at the opposite end of the spectrum – extremely inefficient, lacking support for many of the most basic tools that real high level languages offer.  If you start to talk about JavaScript (the programming language that powers web browsers) the situation is even more dire – it is far more basic than even PHP.  Yet nearly all of the hype you hear in development is around HTML 5, JavaScript, Java, and PHP.  All of which are, frankly, very immature, and are evolving at glacial pace.

One of the technologies that is falling by the wayside is object-oriented programming.  It allows developers to create virtual objects that you can copy, manipulate, and act upon extremely easily and efficiently.  Java is object oriented, but it has other problems of its own (efficiency and security being the main two) that are causing it to fall out of favor quite rapidly.  PHP has some support for objects, but frankly it’s pretty terrible.  HTML and JavaScript don’t even attempt to support it at all.  People that are learning to program now don’t seem to have any kind of understanding of how much easier their lives would be if they had access to object-oriented development tools.  And the situation is actually getting worse, not better.

Another concept that is lost on the web is code compilation.  Pretty much ever since the dawn of computing, developers take code and run it through a compiler to produce the set of instructions that are native to their computer so that they don’t have to be translated at the time the software is run.  Consider how much more efficient you are at speaking your own language than you would be at trying to converse in Korean by using a dictionary, having never heard or seen a word of Korean before.  Compiling does the translation ahead of time (just once) so that software runs as quickly as possible.  Yet again, web technologies don’t do compilation – they do the “translation” at the time that code is executed, making things incredibly slow in comparison.  In addition to that, since the translation is done at run-time, that means you have to distribute the actual source code (the original code you’ve written) to your software in order to run it… so anybody who wants to could take your code and modify and redistribute it… or in cases where you’ve got content you want to protect, like music, or a movie, everybody can see exactly how it is protected so that protection can be removed.  Java has the ability to do a sort of rudimentary compilation just before code is executed, but it is still far from true native code, and it still slows you down considerably.

It’s almost like about 15 years ago people said, “We don’t care about all of the research and learning that has occurred over the last 50 years.  We’re going to come up with a new way of doing things, no matter how good some of your ideas may be.”

As someone who works in both worlds it is incredibly frustrating.  Especially when I have to interact with people who have only ever spent time in the newer web technologies, because they don’t even have a remote concept of what they are missing out on.

There are a ton of other great technologies that seem to be falling by the wayside.  True code debugging (the ability to see what is happening internally inside of software as it is running, making testing much, much easier) is extremely rare.  RAD (Rapid Application Development), once considered the epitome of efficient design and coding, is almost unheard of today.  True integration with databases is pretty much gone too, and in its place are incredibly difficult-to-program, very bloated communication methods that making coding difficult, especially if it is to be done securely.  Forgive me if fname.value=’Frank’ is easier (and conceptually much more sound) than “UPDATE users SET fname=’Frank’ WHERE userid=56”, but this is exactly the sort of difference I’m talking about.  For the most part web developers aren’t even remotely aware that the tools we had for doing things were much better than the best of what they have access to today.  It’s really quite sad.

I’m not saying for a minute that these newer tools don’t have a place.  They do.  But very little, if anything, is being done to improve the tools and incorporate the lessons that 70 years of computing science have taught us.  There’s almost a wall there where anyone who works in the newer tools will automatically dismiss ideas from the old school just because they are old school, not because there is any real reason to do so.

So I have to admit that I don’t really having to work with HTML and JavaScript and PHP.  They all seem incredibly antiquated to me.  Almost like I’m stepping back in time 30 years.  In many cases it is much harder to do things in the “modern” tools than it was in the contemporary tools of the early 1980s.  Things that I’ve taken for granted in what I would call a “real” development environment just don’t even exist when working with their “modern” counterparts. 

Would you enjoy having your Ferrari swapped out for a Model T?  And somehow I’m expected to like it.

The result of all of the backwards ways of doing things with “modern” tools is that it takes forever to get anything done.  I can easily write “equivalent” code in Delphi five times faster than it can be done in PHP even though at this point I probably know PHP as well as anyone could.  And, on average, it takes about half of the lines of code in Delphi to accomplish something as it does to do the same thing in PHP.  And yet the Delphi code literally executes more than a hundred times faster, and provides a better user experience.  Yet somehow people are critical of my decision to continue to use such a tool.  Only because they don’t understand it, and in most cases refuse to even try.

Much of the stagnation in web technologies is due to the bickering and in-fighting that happens between companies that build tools for the web.  HTML 5 is, in reality, very poorly suited for what we are asking it to do today.  And everybody involved wants their own ideas for improving it to become the standard, but nobody else is willing to adopt those ideas because they aren’t their own and they can’t profit from it.  In the 1990s and early 2000s, for example, Microsoft tried to extend HTML 5 with new features in Internet Explorer and they got shot down by everyone else, because they weren’t “following the standard.”  Well, yeah, they didn’t… because there wasn’t a way of doing the things they wanted to in the standard.  Yet when people do actually get together to try to improve the standard, nobody can agree on anything so nothing gets done.  We’ve been talking about HTML 5 for nearly ten years, and it is still so poorly supported across different browsers that you almost can’t use it.

Trying to creating interactive web pages is a an absolute disaster – programmers have to take care of every low-level event (click button, move mouse, release), and those events differ from browser to browser.  Want to play music or show video on a web page?  Nobody can even agree on how to do that so you have to produce three separate versions of every file, then figure out which version to use when you view the page.  HTML wasn’t ever even designed to handle any multimedia other than graphics, either, which is why so many web pages use Adobe Flash, despite the fact that everybody hates it.  Want to do things like drag-and-drop?  Good luck.  It’s really hard to do, and usually has to be coded multiple different ways to work in all popular browsers.  But in my ‘old school’ Delphi drag and drop doesn’t even require writing a single line of code.  Just set an object property saying ‘yes, you can be dragged’ and ‘you can accept dragged objects.’

Adding database interactivity to a web page is an exercise in patience and frustration.  There still isn’t an official way for a web page to pull data from (or insert data into) a database.  It’s still a very tedious and time consuming thing to do.  Don’t even get me started on how nobody does it securely because that’s even harder to do.  But we’ve had databases for 50 years so basic interactions like this should be a cakewalk.  In Delphi, all I have to do to retrieve record 56 from the users table of the database is users.FindKey([56]).  The same thing in PHP is at a minimum of 4 lines of code – much more if you do proper error checking.  And in JavaScript?  Well, don’t plan on working on anything else that afternoon.

It goes on and on.  Want a web page to interact with a Joystick on the web?  Not happening.  Or generating output for a printer with full control over how it looks?  Again, not really possible.  How about photo editing?  Not very plausible in HTML.  How about a page that uploads a picture to your cell phone over USB?  Nope, HTML doesn’t allow it.  And it will likely be at least a decade before such things are actually possible and usable.

All of the above problems had already been pretty much solved by traditional development tools long ago. 

And somehow many of the companies that have produced the strongest tools and environments for software development in the past are abandoning the more mature technologies.  Microsoft is trying to force everybody to the write Windows 8 apps, despite the fact that this environment, too, is missing some of the best things from their traditional desktop environment.  Apple invests very little in desktop technologies.  And Linux stagnated years ago.

It’s really pretty sad.  If people were smart they’d take the best ideas from wherever they come from instead of trying to reinvent the wheel over and over.  And as it stands today, the technologies that power the web – HTML, JavaScript, etc. – are more of a wooden, square wheel than most developers realize.  The traditional ways of doing things don’t have to be left behind – they could easily handle the same tasks that the newer technologies are doing, and in most cases do a far better job of it.  Or, some of the concepts from traditional development could be added to the newer tools.  But, for some reason, never the twain shall meet.  It’s frustrating having to choose between high functionality, quick development, and high performance, and working on the Internet.  It would be really nice to be able to do both.

Microsoft Office for Free

PSA: One of the coolest, free services on the Internet today is one that many people would benefit from, but it seems almost nobody knows about it...

Microsoft has made completely free, web-based versions of Word, Excel, PowerPoint, and OneNote available through its (also free) SkyDrive service. These are reduced-functionality versions of the desktop apps, but they are still extremely functional, and you probably wouldn't miss any of the omitted features. It works on all of the major browsers, including even the iPad. And, like Google Docs, they support real-time collaboration so multiple people can be working on the same file at once. 

To access this software, just create a new (or activate an existing) SkyDrive account at www.skydrive.com. Click the "Create" link at the top of the page and select the type of document you want to create. Or upload existing files from your computer and view/edit them online.

These aren't time-limited trial versions of a paid product... they are completely free to use. And if you have 2010 or 2013 versions of the desktop apps, saving and opening documents directly to/from SkyDrive is built in. (And working on documents saved to SkyDrive also enables real-time collaboration in the desktop apps as well, without a SharePoint server.)

IdleVolume

I just finished (well, just started too… it didn’t take very long) a little program to take care of a problem I have had with my computer for a very long time.  I have a computer in my bedroom and occasionally in the middle of the night it will beep, twang, squeal, buzz, speak, or make some other noise that will wake me up.  Some nights I do remember to turn down the volume before I go to bed, but most nights I just forget.  So I created IdleVolume.

It’s just a little program that turns down the volume on the computer when it has been inactive for a period of time.  Similar to the way your screensaver kicks in or the computer turns off your monitor when you haven’t used the keyboard or mouse for a while.  But with sound.

It sits in your notification area waiting for you to do nothing.  Literally.  You set the amount of time that it waits, and also the volume level for when that period of time has elapsed.  Then it turns down your volume.  Then when you come back to your computer (or your cat walks by) and move the mouse or press a key on the keyboard it sets your volume back to where it was previously.  Easy peasy.

This is one of those “duh! why didn’t someone else think of that?” things that I wish someone else had taken care of years ago, but nobody has I guess.  So I did.  You can thank me later.

I wrote this program for me, but thought others might find it useful, so I’m making it available for free.  No charge.  Costs zero.  No advertising.  Without any catch, because it’s something everybody should have.  Just go to my company web site and download it.  And enjoy.  And tell your friends.

It requires a version of Windows newer than Vista (so it works with Vista, Server 2003, Server 2008, and 7), so XP and Mac users need not apply.  It won’t work.  And I don’t plan to write an XP or Mac version either, sorry!  Too much work for too little (“no benefit to me”) in return.

Please Pay For Your Software (and Music & Movies)

Probably everybody reading this blog knows that I write software for a living.  Many of you may also know that one of my pet peeves is people using software that they haven’t paid for.

The software I have been selling for the last 10+ years, FileBack PC, took me years to develop.  Actual years.  If I had to re-write it again, it would probably take me two full years of long (16 hr) days.  That represents a huge investment of my time.  Tens of thousands of hours even.

Imagine how it must feel to me to go out on the internet and find web sites that are devoted to finding ways to cheat software manufacturers by providing commercial software for free.  My own software has been found on such sites.  And I know that people are using them because occasionally someone who is using an obviously fraudulent unlock key has the audacity to ask me for help.  It is extremely disappointing to me that people will willingly take my work without placing any value on it.  It is if they are saying, “I don’t care that you spent 8 years of your life working on this, that time you spent means absolutely nothing to me.  So I’m going to take it from you anyway.”  These people are robbing me of my time and taking money out of my pocket by not compensating me for my efforts. 

Some will justify that they would never use the software anyway, if they weren’t getting it for free.  But they are still getting the benefit of having that software, which in some way is saving them their own time and effort (or they wouldn’t bother).  Even with this argument, they are saying that their time has value, but mine doesn’t.

Some will justify that the software they are using is too expensive, or that the company that produces it already makes enough money and won’t be hurt by people stealing it.  If it’s too expensive, find a less expensive (or free) tool to do the same thing.  (Or, better yet, write their own software to do the same thing.)  And if that company sold more copies of their software, they could employ more workers, or provide their employees with a better standard of living.  Or create more software.  Most companies aren’t interested in throwing away their money; most will re-invest it into growing the company, or their employees.

The whole “too expensive” argument is kind of funny to me.  If someone were to come to me and ask me to create something like FileBack PC for them, I’d charge them about $50/hour.  And it would take roughly 10,000 hours to do it.  So the project would cost $50 x 10,000 = $500,000.  And yet I only ask $55 for my efforts.  Think how many people and how much time it took to create something like Photoshop, or Microsoft Word.  Those products represent hundreds of thousands, if not millions, of hours of work by actual real people.  The price the company is asking in return really isn’t so bad.

Without making this post too long, I beg you to be honest in the way you use your software.  Somebody has taken time to create it.  And they are asking for a small amount in return. 

The same goes for music and movies.  It is very expensive to create and market both.  Considering the budget for most movies is multiple millions of dollars, for a movie studio to ask $20 for a copy of that effort is really kind of a bargain.  Recording studio time to create a song runs well over $100/hr for the better studios, and most songs take a lot of hours to record and mix.  Add marketing and distribution to that, and the $0.99 or $1.29 that music labels and artists are asking for their songs is really a bargain as well.

iPod Touch 3.0 Software Update

I bought the software upgrade for my iPod Touch (2nd Generation) yesterday.  I know a lot of iPhone owners have been looking forward to 3.0, and I kind of was too, because it is supposed to address some of the issues I have had with the iPhone ecosystem.  Here are a few thoughts.

Likes

• I like that they have added Cut, Copy, and Paste.  I can’t believe how long it took to add this must-have feature. 
• Bluetooth is enabled.  The 2nd generation iPod Touch has always had a Bluetooth radio, but it has been disabled until the 3.0 upgrade.
• The landscape keyboard in Mail is nice.  It does take up a lot of the screen, but the larger buttons are easier to press.
• The installation went mostly without a hitch this time.  With the 2.0 software upgrade, it took 4 hours and multiple attempts to get it to work.  Fortunately that wasn’t the case for me this time.
• I like that they have added search capabilities.  Though I’m not pleased with the way it was done.

Dislikes

• Push notifications are absolutely not a substitute for multitasking.  Only running one application at a time is a ludicrous limitation.  Apple needs to fix this.  Everybody else has been doing multitasking for years, and there is no valid excuse for not supporting it.
• I can’t get the Bluetooth to work.  (more on that in a minute)
• The way that Cut/Copy/Paste was implemented is just screwy.  You can’t just “click and drag” to select text; it is a multi-step process that isn’t that intuitive. 
• Search doesn’t search email message contents.
• Shake to Shuffle and Shake to Undo are just weird and gimmicky.  Shaking a device isn’t intuitive, or even easy to do.  On-screen buttons would have been a much better choice.
• The Spotlight search feature was implemented as a screen to the left of the home screen.  I keep accidentally scrolling over to it by accident.  It should have been added as an app button like everything else.
• There are still inconsistencies in the user interface.  For example, swiping left/right while viewing pictures selects the next or previous picture.  But doing this while playing music takes you to the track listing, or nothing at all. 
• The default applications still don’t have the same styling… some use black backgrounds, others white, others gray, yet others blue.  Consistency would be nice, and it is usually something Apple takes seriously.
• Not all applications support landscape yet (notably Calendar, which could really benefit from a Week view in landscape mode).
• Still can’t attach more than one photo at a time to an email.
• Still can’t add attachments while composing email messages.
• Exchange synchronization still only synchronizes the Inbox folder (ignoring other folders).
• It doesn’t feel like I got much for the $10 the upgrade cost.

Bluetooth Won’t Work

I can’t get the Bluetooth feature to work at all.  I was hoping to use it with a headset to make Skype calls.  But it just won’t go.

When I turn on the Bluetooth radio the iPod starts searching for devices.  But it never finishes.  It will sit on the Searching screen as long as I will allow it to:

It never finishes the search, or finds anything to pair to, despite the fact that there are at least four Bluetooth devices in range.  Even worse, it fails to pair from a computer as well:

I have tried pairing with multiple computers, headsets, resetting the Touch, you name it.  Basically the feature doesn’t work at all, and its alleged Bluetooth capability is totally broken.

Message Searching

Another advertised feature is the ability to search messages.  That doesn’t work for me either.

The idea is this: you enter text you want to search for and it will find all messages that contain that text.  Nope.  Doesn’t work.  The text I’m searching for here definitely appears in a message in my Inbox, but it fails to find it.

  Initially I heard that searching an Exchange server for message contents wasn’t going to work, but then I heard that at least I could search messages that are already downloaded onto the device.  I can say definitively that neither one works, making the message search feature next to useless.  You can search the From, To, and Subject lines of email, but that feature really isn’t that useful.

Worth it?

Is it worth the upgrade?  For iPhone users, definitely, since it is a free upgrade.  For iPod Touch users, I’m not convinced it is worth it just yet.  With some of its basic functionality totally broken, I’m still holding out for future upgrades.

Viruses are NOT a Technology Problem

There is a myth that has been going around for YEARS that if you run Windows on a computer that it is automatically going to become infested with viruses. It is perpetuated by many, particularly in the “I’m a Mac, I’m a PC” ads, but also by the companies that create anti-virus software in hopes that you’ll buy their product to protect yourselves from the inevitable technological intrusion into your virtual computer space. And most of us buy into it. The truth is, that it is NOT true that running Windows will guarantee that you’ll become infested with viruses. (I’ll prove it later in this post.) Windows in and of itself is not the problem. The problem isn’t even technological at all. It’s social.

The term used to describe the techniques used by viruses writers to get their software onto your computer is actually called “social engineering.” Basically it means they trick you into installing the viruses on your computer. They’ll do things like disguise their software as something else that you’re likely to want or want to see. They use methods to make you believe that these things are coming from trusted sources, like friends or family. Combined, those are pretty effective methods. (And truthfully, these same methods work on ANY operating system; they aren’t specific to Windows.)

This might be a blow to the ego of some, but if your computer has become infested with a virus, it is because you let it install itself. You opened a file you shouldn’t have. You installed some software you shouldn’t have. You are the one to blame that it is there. Please don’t blame your computer. Don’t blame your operating system. You did something that let the bad stuff in. The wolf knocked at your door, and instead of replying with a “not by the hair of my chinny-chin chin” you said “come on in.”

Personally I don’t run anti-virus software. I never have. I do install it, because that’s what you’re “supposed” to do, but I don’t let it run scanning and watching my computer all of the time. After I install it the very first thing I do is disable it. I don’t like the slowdown that comes with having everything I do be monitored by bloated software that isn’t going to find anything anyway. And despite the fact that I do not run antivirus software, I have NEVER had a single virus on ANY of my computers. Ever! I’ve been running Windows for nearly 15 years and I haven’t had a virus yet. I’ll run anti-virus scans every once a while just to make sure that I’m still clean, but NONE of those scans have EVER found even a single virus.

If susceptibility to viruses was a technological problem with Windows, my computers would be massive infestations of virus muck. They wouldn’t be usable. And they’d be out there trying to find ways to infect others. How have I been able to remain clean? Just by being careful about what I install and keeping my computer up to date with security patches. That’s it. No more. No magical hardware firewall watching my Internet activity. No magic fairy that shows up in the middle of the night to clean off anything that may have arrived that day.

But the situation gets even worse for the theory that Windows inherently becomes infested with viruses when I tell you that I also don’t run any firewalls. Yep, I turn those off too. And here’s another kicker… I break the cardinal rule of data security: three of my computers have public IP addresses (meaning they are totally exposed to, accessible from, and visible to the Internet). Gasp! That’s an absolute security no-no! Nobody should EVER run Windows with a public IP address, right? Well, I wouldn’t recommend it for most people, but the truth is that Windows, despite its many flaws, is not the primary cause of viruses becoming installed on our computers, so I really don’t worry about it. Viruses are installed by people, not their operating system. It’s people tricking other people into installing their ill-intended garbage that gets computers infected.

I’m not the only one that doesn’t run anti-virus software. In a recent episode of the Security Now podcast, noted security expert Steve Gibson also admitted that he doesn’t run it either. If a security expert doesn’t run it, then the computer he’s using isn’t the main cause of the problem, is it!?

So why do Windows PCs so often have viruses? Mostly because they’re so popular. If you’re someone conjuring up evil plans to take over the world by creating virus software, who are you going to target? The 90% of computers running Windows? Or the 7% running a Mac, or 1% running Linux? Which offers a better return on your time investment?

Windows XP also made an easy target because it makes it so easy to install software. No password or validation required to do an installation; installers can just run and do whatever they please whenever someone starts them. (That has changed with Vista; passwords and validation are required there, just like OS X and Linux.) Not requiring a password to install has never been a good idea, but it isn’t the cause of viruses on computers. It just made it easier for the bad guys. Big difference. And viruses are software; they just have a different intent than something like Firefox.

With all of this said, I will not recommend that most people run without anti-virus software or a firewall. Most people should take those steps to protect their machines. But these tools are just extras layer of protection; they should not be the only form of protection used. Neither will ever be able to make up for all of the shortcomings of someone using a computer. Even with both installed, it’s still up to you to avoid the bad stuff. And that, my friends, is a social problem, not a problem with technology.