Thursday, May 19, 2016

Matlab RF Toolbox and alternatives

We're currently seeing a bit of contention for the one license we hold for Matlab's RF Toolbox.
In polling the Electromagnetics group profs about the need for any more licenses for RF, I heard back from Prof. Triverio that there is a free user-contributed toolbox for importing and converting S-parameters, which was the particular feature that he had initially found in Mathwork's RF Toolbox.

Here is a link to Tudor Dima's S-Parameter Toolbox:

http://es.mathworks.com/matlabcentral/fileexchange/6080-s-parameter-toolbox--+-z--y--h--g--abcd--t-

You can download this to your local hard drive, then update the Matlab toolbox path cache to include the folder where you downloaded it, and you'll be ready to use this. There are no dependencies on other toolboxes.

If importing and converting S-parameters is the sole reason you needed RF Toolbox, then switching to this free alternative will relieve the contention for our single license for Mathwork's RF Toolbox. (If there are other functions in RF Toolbox that you do need to use, please feel free to carry on using it, and let your supervisor know so we can gauge if there's a need for more licenses for RF Toolbox.)

Wednesday, May 11, 2016

Malware prevention

We continue to be locked in an arms race against bad actors seeking to intrude into PCs we use and administer for nefarious purposes. Viruses and other malware keep innovating; anti-malware software has to scramble to keep up, requiring updates both to the 'engine' and the 'definitions' or patterns the security software checks for. These updates must be applied automatically, and users should in general not turn off this updating.

Why release malware?

In the past the biggest draws were either 
  • adding a compromised PC to a vast 'bot net' useful for sending out spam from thousands of distinct sources (making it harder to block source by source), or
  • logging user keystrokes in a quest to collect bank passwords and the like
Lately, the bad guys have zeroed in on a new way to make a lot of money exploiting security holes in other people's computers: ransomware. This involves injecting malware that runs with the user's privileges and encrypts as many of their files as it can find, including on network shares, then alerts the user demanding online payment (typically in untraceable Bitcoins) to unlock the data.

This type of intrusion is being focused on institutional users including hospitals, where our responsibility to keep data accessible for immediate use may pressure data managers to give in to these demands. The same could easily apply to research and teaching related data on UofT PCs.

Backups - the best insurance

The easy way to avoid the pressure to pay in such an event is to have current, secure backups. The backups must be located offline - otherwise the ransomware may just encrypt your backups while it is encrypting your live data. The backups must also be working properly and be readily accessible when the intrusion is detected. Doing a trial restore from your backups and verifying this brings back what you expected is the only way to be really confident the backup system is working as intended.

Prevention

Ideally we will always keep every PC so secure that no malware ever gets executed. So anti-malware software is needed. Where can we get this? Microsoft encourages all users to run their Security Essentials on any personal PC or laptop; under the MS Campus Agreement, we're entitled to run Forefront Endpoint Protection on every UofT PC. That's a good start, and we should ensure it is activated and getting updates. But is FEP sufficient? Many feel it may not be. Here's one post discussing that question:


Many third party software publishers offer subscription-based anti-malware programs for Windows. The site I prefer for seeing which of these is rated the most effective is http://av-test.org where they regularly re-test all listed products.

On their listing are a few products that offer free installation for academic use. The one I'm evaluating for this presently is 'Avast for Education' which you access through their http://business.avast.com site. It offers a free login account for you as site administrator, then lets you deploy their endpoint protection tool on as many clients as you like. Your 'dashboard' on their website lets you monitor all linked endpoints via the cloud. 

Defense in Depth


Most commenters on ransomware observes there is no 'majic bullet' to turn away this threat once and for all. They encourage 'defense in depth' where we aim to eliminate part of the risk at each of multiple points along the way:


  • maintaining regular backups, including a means to isolate backups from the desktop
    • don't leave the backups writable by the user, so ransomware can't encrypt your backups while it is encrypting your live data
  • using a firewall with frequently updated policies to block malware network activity
  • keeping endpoint (desktop and laptop) anti-malware software installed and updated
    • choose a product that covers anti-virus and internet security to block malware
  • keeping browsers locked down:
    • set up secure browsing settings
    • fewer plug-ins, remove any out of support
      • remove QuickTime
      • remove Silverlight
      • remove Flash Player
    • regularly update any required plug-ins subject to malware
      • Java 8-(
  • keeping users educated about social engineering tricks used in malware emails and websites
    • "Log in here to recover access to your... " {bank, email account, etc.}
    • "Please pay the attached invoice promptly" {apparent PDF, but virus inside}


Tuesday, April 5, 2016

What toolboxes are required by this Matlab code base?

Matlab is distributed as a core application plus a large menu of available toolboxes and blocksets which can be licensed separately. Today I was helping a Matlab user install an additional toolbox required by a project he's taking on. He mentioned that this is starting from existing Matlab code he received from another user.

When you 'inherit' existing code from someone else, one key question from the start is what are the dependencies. Of course good computer engineering practice includes documenting one's code and identifying all dependencies, to spare future users the need to trace them all manually later. But we can't always count on the person before us having done so.

So you could open a Matlab project and find it requires any number of different toolboxes. Does  your copy of Matlab have all the ones it needs? To find out, you could start the code and wait for it to halt with error messages about missing toolboxes, then see if you have a license for that, and get it installed. (You just have to hope you trial run(s) exercise every branch that reaches a dependency you need to resolve! Want to solve the halting problem while we're here?)

Fortunately, in Matlab (since R2012a) there is a 'dependencies' function, including a call to generate a list of the Matlab toolbox names that the specified body of .M code requires. You pass it a path to the location of the code you want checked, and it returns a list of required toolboxes. Voila!

Here is the Mathworks page on this:

http://www.mathworks.com/help/simulink/slref/dependencies.toolboxdependencyanalysis.html

To automate testing if all the listed toolboxes are installed, you can call

ver toolboxname

You can also test if a license is available for a toolbox using Matlab's license() function:

http://www.mathworks.com/help/matlab/ref/license.html

The license('inuse') command lists what licenses your current Matlab session has checked out (this could include any licenses you accessed during the same session that the license server has not yet timed out, including ones used by a previous task.)