There are a couple of actions you can do with music you have on your computer:

• You can listen to an arbitrary song from your library
• You can jump in the song you are listening to
• You can share it with a friend
• You can convert it and listen using an alternative format (ie. on your MP3 player, on your phone, in your car, etc)
• You can edit it using a sound editor

Thus, any service which aims to replace your music library should provide as many of these options as possible. Recently I found out about Grooveshark which provides all but the last two of these actions for free! Additionally they have a very slick interface and you don’t even have to sign up to use the service!

Additionally they provide an “auto-play” feature which adds “similar” songs to your playlist and seems to work acceptably (is is no Pandora though). An other thing I appreciate is the clear revenue model: it is ad supported or you can become a premium member for as little as 3$ / month and see no ads. I don’t know if the numbers are right, but they seem much more plausible than the one of Jango. I don’t want to dish them, but their lack of business model (no premium accounts!?) always concerned me and recently they seem to experiment with a lot of things (like taking away the possibility of directly playing a song and rather linking to Rhapsody) which is both annoying and concerning. My only concern is the fact that I found this site via the now defunct Seeqpod, which used (intentionally or unintentionally) publicly available MP3 files to power their service. While Grooveshark seems to use their own servers, rather than arbitrary hosts on the Internet, the file name quality suggests that these files were arbitrarily downloaded from different sources (public folders? P2P? – who knows), a practice which might get them in hot water with the RIAA, especially given that they seem to be based in the USA.

In conclusion: Grooveshark is great for now. Hopefully it will last in its current (or better) form for a long time. Below you can see an example of the embedded player:

Update: check out the new Grooveshark interface! It is very nice. Also, I’m a VIP subscriber to Grooveshark now!

Picture taken from gonzalovalenzuela’s photostream with permission.

1. Get the free edition
2. Locate the folder where you can find bdc.exe
3. Copy the given folder (it should have a plugins subfolder) to the location you want to run it from

That’s it! To update it, you need to run bdc.exe /update (and have the plugins directory writeable of course – so it doesn’t work for CD’’s for example).

• Download the install kit from their website (warning! there is some upselling going on)
• Install the software
• Done!

Unfortunately there aren’t any options to make the program more silent or transparent to the end-use. It is rather chatty and will always prompt the user about things like detected files or updates. Also, it will show an advert after each update. Now there are ways to disable this, however be aware that you might be breaking the license by using them.

To sum up: Avira is a nice little AV with very good detection rates, however it lacks some configuration options which would make it suitable running it silently (to avoid bothering / confusing users). I would recommend going with one of the other alternatives and a layered security approach.

One of the products the paper specifically mentions is AVG. I’ve been recommending, installing an maintaining the free version of AVG on several computers for friends, relatives and family. In this entire time the only advertisement I’ve seen was in the AVG 8 control center. No popups, no messages, no nothing. Now, your mileage might wary, but I’ve been very satisfied with AVG (for example some time back I’ve tried a free version of AntiVir, which tried to upsell me at every update). Also, in my opinion, it’s not the “software” which matters the most, but the configuration settings you use. I’ve seen well-configured free products be very light and useful and poorly configured commercial packages eat up 100% of the system resources on a quad-core machine, while blocking access to the network and not giving any information about it.

My end conclusion would be: the most important thing is not what you use, but how you use it.

Warning! The setup might ask you to close applications, and it will ask you to reboot the computer, so be prepared to do so (close programs, save documents, etc).

Download the install kit from the website.

Install kits are offered in many languages. If the user of the computer you are installing for isn’t a native English speaker, you might consider installing the language s/he speaks the best.

If you are using Internet Explorer 6.0, the download might be blocked and you will have to unblock it by clicking on the yellow advertisement bar.

Select custom install. Deselect all the options from “Resident protection” except “Standard Shield” and maybe “Network Shield”. I had negative experience with the “Internet Mail” option some time ago (it was basically blocking all the email).

Answer no to the following question and finish the setup.

After finishing the installation (and rebooting the computer) it’s time to configure some options so that the software isn’t as distracting. First the scanner should be put in silent mode.

Then disable the animated icon.

You might want disable the confirmation messages, depending on the experience level of the user.

Definitely disable the sound alert

Set it to update automatically both the signatures (set by default) and the software (not set by default).

Finally, you might or might not wish to disable the VRDB feature. This saves a backup copy of the (executable) files and can restore it in case it is infected. If you want to keep it active, change the setting such that it only shows one icon in the taskbar.

To sum it up:

1. Download the install kit from the website. Be ready to reboot the computer during the setup.
2. Select custom install
3. Disable all the options from “Resident protection” except “Standard Shield” (and maybe “Network Shield”)
4. Don’t scan the disk on restart
5. Put the scanner in silent mode
6. Disable the animated icon (in “Apperance”)
7. Consider disabling the confirmation messages
8. Disable the sounds
9. Make sure that both the signature files and the software is update automatically
10. Decide what to do with the VRDB feature. Disable it entirely, or just set it so that only a single icon is displayed in the taskbar

The steps to installation are:

Download the install kit from the AVG website. Take care to carefully read the wording, since during the several steps it is needed to download, they will try several times to upsell you. This is not necessarily a bad thing (after all, they are giving away a product for free).

If you use Internet Explorer, you might have to explicitly authorize the download (by clicking on the yellow bar that appears on the top).

Choose to save the file (don’t run it at this point!). The following step assumes that you’ve saved the file on your Desktop.

Now that you have it saved on your desktop, launch a command shell (by going to Start -> Run and typing cmd), change to the directory to where you’ve downloaded the file (usually this would mean typing “cd Desktop“) and launch the install kit with the following parameters: /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch The easiest way to do this is to start typing the name of the install kit (avg_), then press the Tab key, which should auto-complete the rest. Now copy the command line attributes and right-click on the shell window and select Paste. Alternatively here is the official FAQ entry. The setup might ask you to close some programs (mainly browsers) before continuing, so be prepared to do so.

Now choose the Custom install option

And deselect the LinkScanner option. You could also deselect also the Email scanner option if you are not expecting “traditional” email clients to be used (if for example the user(s) only use web based email like Gmail, Hotmail, Yahoo mail, etc.).

Disable the daily scanning and finish the setup.

Now all that remains to be done is some final tweaking of the settings: open the AVG control center and go to Tools -> Advanced Settings.

Change the settings such that updates which require reboot are only applied at the next reboot, the user is not nagged about them. This usually is more convenient (and less confusing), however it may not be appropriate in cases when the computer is not rebooted for long periods (this includes the cases of laptops which are not rebooted, only hibernated or switched in sleep mode).

Finally, you might want to set the “Autoheal” option to avoid bothering the user.

To sum it up:

1. Download the install kit from the AVG website.
2. Save the install kit
3. Run the setup with the switches /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
4. Choose “Custom install”
5. Deselect “LinkScanner”. Also deselect “E-Mail Scanner”, unless you use a dedicate email client (like Outlook or Thunderbird)
6. Disable the daily scanning
7. Finish the setup
8. Launch the AVG Control Center and go to Tools -> Advanced Settings -> Update and select “Complete at next computer start”
9. You might also want to check “Resident Shield” -> Autoheal to keep things simpler

I was worried that their service could be abused in an attack-by-proxy (or in this case reconnaissance-by-proxy) scenario, so I contacted them. They were kind enough to reply to me very fast, and here are the things I learned:

• They are confident that the limits set in their Terms of Service are enough. At the moment of writing this post these are the following (but they can change of course):
• There can be only one active (running) scan from one IP
• Maximum 5 scan requests from one IP per 24 hours
• Maximum 20 scan reqests from one IP per 7 days
• Scan timeout is 60 min
• An other safety measure is the fact that the logs are kept and are correlated with the requesting IP.
• When I saw the possibility to enter an arbitrary command line, I got very nervous and asked them if they considered command line injection? Thankfully they said yes and reassured me that they taken the necessary security measures (and also that their logs were full of attempts to verify the existence of an exploit)

Given all this, I can only say: scan away!

1. Fire up the registry editor
2. Navigate to the key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E96A-E325-11CE-BFC1-08002BE10318}
3. You should see keys numbered from 0001. Look for one which contains a DWORD value named MasterDeviceTimingModeAllowed which has a values less than 0xffffffff.
4. Change that value back to 0xffffffff.
5. Create a DWORD value with the name ResetErrorCountersOnSuccess and the value of 1.
6. Reset your computer and verify in device manager that you have DMA enabled for the CD-ROM.

For more information look to winhlp.com or Microsoft.

Update: I’ve put together a small program which automatizes the setting of registry values. You can download it here, and for the curios ones, you can get the source code here (it was written in Delphi with the ACL library).

The exe file has the following characteristics:

• File size: 12800 bytes
• MD5: 9cbdd9ec65c900b67f75578d082cd940
• SHA1: 50bba9d745059c806823e6b2fc2d8c4503a77e43