Loading

Why don't you recommend ...?

This is a series of posts about why we do not recommend certain software or hardware. It is one of the most commonly asked questions when I tell people immediately to avoid a product. This is based on my experience which includes: Removing virii by hand, 16 years of computer tech support, 4 years software support & programming.

In a lot of cases I will be drawing on my own experiences and opinions. If I have made a mistake somewhere, please let me know.

Why don't you recommend...

September
28
2018
created: 28/09/2018

WordPress?

We think WordPress is pretty good, but it has some drawbacks that make us regard it more as a second choice CMS than a primary one.

  • Reliance on a lot of Javascript frameworks - Javascript & JQuery are good, but each framework introduced means a higher likelihood of security holes, WordPress uses  jQuery, Underscore.js, Backbone.js, Shockwave Flash player scripts (these are a security hole in my opinion), and many more. Add to this any frameworks used by templates, themes and plugins and you have a lot of possible issues.
    Another problem that crops up is that a you use plugin requires a particular version of one of these frameworks and another needs a different version, leading to a conflict.
  • Large amount of buggy / poorly made Plugins - To be honest, I used to go through about 4 plugins before finding one that works without causing crashes. Add to this finding a plugin that actually does everything you need it to.
  • Backend Usability- WordPress was designed for blogs, when used for these it is reasonably easy to use, but once you start making a more complex site, using it becomes very difficult for an end-user that is not experienced in WordPress. There can be multiple different sections to the backoffice which visible pages may reside and we have had a lot of customers in the past request custom modifications to the backoffice to make it more usable.
  • Most hacked CMS - Given the first point, it really isn't surprising to find that WordPress is the most hacked CMS (2017 report, sucuri.net, https://sucuri.net/reports/2017-hacked-website-report). According to VentureBeat, in 2018 WordPress runs about 30% of all websites and is at about 60% usage in websites with a CMS. The hacked report mentioned earlier puts WordPress at 83% of all CMS sites detected as being infected by malware. So the percentage of sites being infected is far higher than their market share. Now we need to bear in mind that as WordPress is so popular, and has many known holes it is more likely to be attacked. This is the same reason that PC's have the majority of virus infections, because they make up about 75% of computers and are targeted more often.
  • Temptation to use pre-built templates - a lot of website design companies do not actually design the layout of a website, or the specific theme, but instead use downloadable templates, this can lead to a certain amount of sameness among websites. These templates may or may not be updated regularly for security patches.
September
18
2018
created: 17/09/2018

The Antivirus programs in retail stores?

You may find that we will recommend against an antivirus program that you have seen in another store or has been pushed by someone working in a large chain or franchise. This is because we will usually have several reasons to avoid the program that we have listed below.

Please note, this is not all stores and definitely not most competent technical stores such as a good local computer store, I am talking about some franchise and chain stores here and the occasional local computer store.

 

This recommendation is due to several factors:

  • Most of the programs in retail stores are there because they directly pay the store/salespeople to sell their product, years ago I worked in these stores and have seen these arrangements first hand. I have also recently contacted people still working in them and the situation has not changed.
  • Most of the programs sold in retail outlets are sub-par as far as quality of product and detection rates go, in some cases the programs have been known to ignore the settings you put in. In very occasional cases (one I have encountered) the antivirus program has been used as a backdoor onto the computer for virii. In some cases special software has to be used to remove these programs, as they can interfere with the normal operation of the computer, proper removal is a must.
  • There are also issues in false-positive detection rates, particularly in heuristic analysis where a number of retail software providers (4 at current count) use a free whitelist available on the internet. A false positive is when a legitimate program is misidentified by the antivirus software as being a virus.
    The whitelist I mention above only lists large well-known manufacturers as 'reliable' for more than a month. This results in far higher than normal false positive detections of legitimate programs. So if you are using something like a custom POS, inventory system, or herd management software, it is far more likely to block these by mistake.
  • There are better, cheaper, alternatives - Bitdefender, AVG, AVAST, ESET all usually provide pretty good coverage, and very competitive prices. ESET may require more technical knowledge but is usually very secure. Bitdefender is a great, easy to use program that is usually up near ESET for pro-active and reactive detection and removal. These programs would also require something like Malwarebyte's AntiMalware which not only detects virii but also other potentially unwanted programs (PUPs) and malware which are more common these days.

 

We would also recommend removing anything such as:

  • Viber (has previously been used to backdoor onto phones and computers to take complete control, including taking photos without the victim even knowing)
  • Limewire (it's basically just backdoors and hacks)
  • Any browser toolbar
  • Any Video that claims it needs a Codec, but the play bar is moving. (Your video player will usually have a message appear in a separate window, if it's on the video screen it's a scam.)