Last night and this morning I couldn't get to my personal website. Other websites and email worked just fine. The website itself wasn't broken ("down" is the official nerd term), the Internet was.
A great service for pinpointing a problem like this is available at siteuptime.com. Their free Quick Check (shown below) can be used to test the availability of a website from New York, Chicago, San Francisco and/or London. The HTTP (website protocol) tests of my site showed that it was fine when accessed from all four cities.
As a politician referred to it, the "tube" between New York (where I was) and Florida (where the site resides) had sprung a leak.
The path traveled between any two computers on the Internet can be long and convoluted. Amazingly so. Fortunately, the underlying transmission protocols (TCP/IP) include a debugging command for just this type of routing problem. On Windows it is called "tracert", on Linux it is called "traceroute". I'm not a Mac person, but, according to this Apple KB item, it's also called "traceroute" on OSX where it is part of the Network Utility.
Traceroute shows every router between you and another computer on the Internet. It also shows the time it took for data to get to these intermediate routers, but that's usually not an issue. Below is an edited sample of a Windows XP traceroute between my New York computer and CNET.
C:\Documents and Settings\userid>tracert cnet.com
Tracing route to cnet.com[216.239.122.102] over a maximum of 30 hops:
... [removed]
10 10 ms 10 ms 11 ms ae-13-69.car3.NewYork1.Level3.net [4.68.16.5]
11 11 ms 10 ms 10 ms att-level3-oc192.NewYork1.Level3.net
12 50 ms 51 ms 51 ms tbr1.n54ny.ip.att.net [12.123.0.90]
13 49 ms 48 ms 50 ms cr2.n54ny.ip.att.net [12.122.16.149]
14 51 ms 52 ms 49 ms cr2.wswdc.ip.att.net [12.122.3.38]
15 49 ms 50 ms 53 ms cr1.attga.ip.att.net [12.122.1.173]
16 51 ms 49 ms 50 ms cr2.dlstx.ip.att.net [12.122.28.174]
17 50 ms 50 ms 52 ms tbr2.dlstx.ip.att.net [12.122.18.214]
18 51 ms 51 ms 50 ms 12.122.100.97
19 64 ms 99 ms 52 ms 12.87.121.22
20 51 ms 50 ms 48 ms c18-sha-redirect-lb.cnet.com [216.239.122.102]
The first column is a sequence number, the next three columns are timings and the last column is the name and/or IP address of an intermediate router. All told, the test data traveling from me to CNET made 19 intermediate stops. At least it did this time, the route is not fixed and will change over time.
Note the first line of output that says tracing stops after a maximum of 30 hops. "Hops" refers to an intermediate router. On Windows XP, the assumption is that there normally aren't more than 30 routers between you and another computer.
When things go bad, traceroute shows asterisks. Below is an edited sample of the traceroute between my home computer and my Florida-based website at the time of the problem.
C:\Documents and Settings\userid>tracert www.michaelhorowitz.com
Tracing route to michaelhorowitz.com [208.84.150.101]
over a maximum of 30 hops:
...
9 13 ms 16 ms 14 ms ae-1-0.pr0.dca10.tbone.rr.com [66.109.6.165]
10 13 ms 15 ms 16 ms 64.132.69.61
11 76 ms 72 ms 73 ms 64.128.245.106
12 72 ms 73 ms 75 ms 64.128.245.106
13 76 ms 75 ms 83 ms core2.rapidvps.net [66.97.162.162]
14 72 ms 74 ms 73 ms moors.rapidvps.net [208.84.151.160]
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
The router at moors.rapidvps.net is not necessarily the problem, it was the last normally functioning router. The real problem lied somewhere beyond it.
I sent the traceroute output and a description of the problem to the company hosting my website, and the problem turned out be with a firewall. For some reason, a firewall under their control was purposely blocking my IP address.
Every computer on the Internet is addressed by a number called an IP address. Large companies are given permanent IP addresses. Consumers, such as myself, normally share a pool of IP addresses given to our Internet Service Provider*. An ISP doles out their IP addresses to customers on an as-needed and rotating basis.
What probably happened was that another customer of my ISP was doing something bad or suspicious and that got them blacklisted in the firewall of my hosting company. But the IP address came from a shared pool and sometime yesterday it got assigned to me.
Go figure.
*I am referring here to public IP addresses, those visible on the Internet. Some IP addresses are reserved for internal use only and are referred to as "private" IP addresses. On a Local Area Network, the IP addresses assigned to each computer normally come from the private group. The most popular private IP addresses are 192.168.x.x and 10.x.x.x. Even if something gets mis-configured, routers on the Internet are programmed to throw away any packets they get with an private IP address.
See a summary of all my Defensive Computing postings.
When it comes to antimalware software, the first decision any Windows user needs to make is whether to go with an integrated suite of software or pick and chose specific products, such as a firewall, antivirus, and antispyware software. If a suite came preinstalled, it's certainly a tempting option. Dealing with a single company and not having to install new software has obvious appeal. But, I think it's the wrong way to go.
For one thing, the software suites can be complicated to use. Oftentimes they have been known to slow down the computer. And they cost money, whereas there are many free antivirus, antispyware, and firewall programs to chose from.
Plus, they may be overkill. In what has been called feature creep, they typically include many different types of protective software in addition to the baseline antivirus, antispyware, and firewall. This added complexity can negate the single product simplicity advantage.
Among the extras are antispam software that many people don't need, and, a case can be made that fighting spam is a server side thing, not something best done on your computer.
My colleague from The Personal Computer Show, Alfred Poor, has recommended against software suites many times on the show. He cites "bloatware" as the main reason:
"... the publisher piles on features not because they are practical or useful, but so that they can win the 'battle of the checkbox' where buyers go for the program with the most features. This leads to more software running in the background, which means a performance hit at the very least, and an increased chance of conflicts with other applications. My advice is to buy what you need, and no more."
Another big consideration is that, taken as a whole, software suites don't offer the best protection.
Leo Notenboom, made this argument last week on his Ask-Leo Web site. Quoting from How do I pick the right tools to protect my system?
"Would a bundled application (all defenses in one) be necessarily more effective than several standalone products? In my fairly strong opinion, no. I base that primarily on the four+ years of problem reports and feedback that I've received here at Ask Leo!. It just seems that the combined suites cause more problems and miss more malware or security issues than a well chosen set of individual solutions."
Why don't the suites offer the best protection? Here too, I agree with Leo:
"My theory is that the suites start with a really good single product...in order to create a suite the manufacturer then buys or creates what I can only assume are second-rate additional components..."
The ZoneAlarm firewall is a case in point. I like the free firewall and would buy the commercial version for the additional features. But I can't; at least not without also buying either antispyware or antivirus software from CheckPoint. So I pass.
Interestingly, I disagree with Leo's recommendations for antivirus, antispyware, and firewall software. But, even people who disagree on the specific choices, agree that making specific choices is the way to go.
As for Alfred's point about bloatware, a comparison of the assorted software bundles offered by ZoneAlarm/CheckPoint shows no less than 16 types of defensive software included in the top-of-the-line product.
Another example of an antimalware product being assimilated into a suite comes from Eset.
In his newsletter/blog last week, Scot Finnie discussed the stand-alone NOD32 anti-virus program vs. their suite of anti-malware software called Eset Smart Security. As for the new version of NOD32, Scot writes "...my preliminary impression of Nod32 3.0...was quite positive. That product is available as a standalone upgrade to Nod32 2.7..."
But regarding the suite he says "I looked pretty extensively at Eset Smart Security in late beta, and I didn't think much of the firewall at all. Plus I have no use for Eset's antispam solution. So I am definitely recommending *against* the new $60 Eset Smart Security (ESS)."
Finally, a note from the school of hard knocks.
After reading some good reviews of F-Secure Anti-Virus a while back, I installed it on a couple machines. On one machine, when I later installed Spy Sweeper, the antispyware product from Webroot, I learned about an incompatibility with F-Secure Anti-Virus.
Another machine had the free ZoneAlarm firewall installed. When I tried to install F-Secure Anti-Virus, it complained about ZoneAlarm, basically saying it's either us or them. The F-Secure product would not install unless the ZoneAlarm firewall was removed.
What possible conflict could there be between an antivirus program and a firewall? My guess is that F-Secure had a single installation program for both their software suite and their standalone antivirus, and they hadn't customized the antivirus installation to not bother checking for firewall software. Just a hunch.
The debate over individual antimalware products will continue until Windows truly becomes secure. Until that day, fight assimilation and opt for standalone antimalware products.
See a summary of all my Defensive Computing postings.
- prev
- 1
- next
