brettbrewer.com

People are always asking me what the best free antivirus solution is for Windows. I'm happy to say there's a variety of solutions out there, including free web-based scanners from various commercial software companies, but web based scanners don't really solve the problem of permanent full-time protection for your email and files. Fortunately, there's two products for Windows that work great alone or together.

The first is Avast Home Edition . It's a commercial antivirus solution that is free for home users. You can download the installer from www.avast.com and use it for a while without registering. If you like it and want to use it for more than 60 days (and you probably will), you simply fill out the registration form and they will give you a free serial number good for 1 year. You have to download a new serial number every year, but there is no cost. If you don't want to give them your real email address to receive the serial number, simply use a temporary address at mailinator.com . I've used Avast for at least 4 years now and it does a pretty good job of catching most viruses. If you do a lot of downloading of files from suspect sources then you might want a second layer of protection, but it should suit most PC users. If you do want a second layer of protection, you can install my second favorite free antivirus solution for Windows, called ClamWin.

ClamWin is the windows-friendly release of the open-source (GPL) ClamAV project for UNIX. I cannot really comment on the quality of the ClamAV engine in its thoroughness, but ClamWin is definitely resource-friendly and doesn't slow my computer down in the slightest. If it's like most other open-source software I've come to rely on, it is probably as good or better than any commercial releases. It integrates with MS Outlook to scan attachments and email and downloads virus database updates automatically just like all the nice commercial stuff. In terms of having a small unobtrusive footprint it blows away any commercial offering I've ever used. It does seem to pop up virus update promts frequently while I'm trying to watch videos, but other than that I have no complaints. It even gets along great with other antivirus programs, so if you've already got another antivirus program installed and just want some added protection,  it probably won't hurt to install it. With both Avast Home Edition and ClamWin installed, your email, files and operating system should all be well protected.

If you already have an infection from a virus, worm or trojan, you may need to bring out some bigger guns. Specialty software such as Safer-Networking.org's SpyBot Search & Destroy , LavaSoft AdAware (free version) and TrendMicro's free HijackThis are valueable tools to have in your arsenal. You can run SpyBot Search & Destroy and AdAware to take care of most annoying browser hijack tricks, and if all else fails, run HijackThis and give the report to an expert on one of the free forums such as spywareinfoforum.com where they offer free help to people with really bad computer virus infections.  You'll want to read the forum rules before posting any requests there though, but once you know how to submit your questions to them with the necessarry info from your HijackThis reports, you can solve all but the most insidious computer virus problems. 

If you've ever seen the following warning when starting Apache, you no doubt had trouble figuring out the proper fix:

 _default_ VirtualHost overlap on port 443, the first has precedence

If you're anything like me, you probably diligently followed the Apache documentation and ended up creating multiple IP addresses simply to serve multiple web sites via SSL. Well, contrary to popular opinion and the official Apache docs (which are confusing or misleading on this topic), you CAN in fact use name-based hosting with SSL. You probably already have your main httpd.conf file set up properly, but need to tweak your SSL configuration. The problem is this: you are trying to use name based virtual hosting, but failed to specify name based vhosts for your SSL config. Basically, you need to add the following line somewhere immediately BEFORE the first vhost entry in you SSL config:

NameVirtualHost *:443

On Fedora Core 6 running Apache 2 you will find your config files in the following locations:

/etc/httpd/conf/httpd.conf

/etc/httpd/conf.d/ssl.conf

Basically, Apache2 on Fedora Core 6 puts all your non-standard config options in the "conf.d" subfolder so they are easier to organize...which I happen to love compared to the old way of cramming everything into the httpd.conf file. Anyway, if you are using named based hosting, you should have the following line somewhere in your httpd.conf file before the applicable vhost entries:

NameVirtualHost *:80

This will work if you are just using wildcards for the IP addresses for all your vhosts, otherwise make sure you have the specific ip address specified. Basically the "NameVirtualHost" address must exactly match the address specified in the individual vhost entries and it must come before them.

The trick to getting SSL working with multiple vhosts it to open your /etc/httpd/conf.d/ssl.conf file and find the opening tag of the default vhost entry. Before it just add the same NameVirtualHost you have in your main httpd.conf file, but change the port to your SSL port, which is usually 443:

 NameVirtualHost *:443

Be sure to put this directive BEFORE the first <virtualHost> container tag in your ssl.conf file or you will get errors. Also, if your ssl host entry looks like this:

<VirtualHost __default__:443>

you might want to change it to this

<VirtualHost *:443>

but only if the __default__:443 doesn't work. I don't know if it matters, but I've got mine set up with * instead of __default__. 

 Once you've added the NameVirtualHost directive you should be able to add <virtualHost> entries on port 443 to your ssl.conf file that correspond to the entries in your httpd.conf file and then your sites will work over both http and https and Apache will stop complaining about the hosts overlapping. Well, maybe not completely...I was scanning my apache logs and noticed some continued complaining by Apache, but the erros don't show up when starting Apache and the sites all seem to work, so YAY! I don't know why this isn't listed somewhere in the Apache docs because it seems like everyone setting up their own testing/development server eventually runs into this problem. Perhaps it's not the best way to do it for a live site, but it seems to work fine in my local test environment. I hope this info saves you the hours it took me to figure out. 

If you just want to know how to load the DBG module with IONCUBE loader, skip to the bottom of this post. 

I hate encoded PHP files. I mean I REEEEEEAAAAALY hate them. Not only does it make it infinitely harder to modify an application that relies on obfuscated PHP files, but it also tends to make it impossible to debug the non-encoded parts of your site, so you end up having to do ridiculous things like diabling all your encoded scripts so you can run a debugger on your own files. What a tragedy for PHP programmers everywhere who have to deal with this BS! Every time I do a project that requires me to work around encoded PHP files, it literally adds hours upon hours to the development time...so much so that I could often have rewritten the encoded funtionality myself from scratch faster than I can code around it (I will actually probably start releasing my own free drop-in replacements for some very popular x-cart mods soon if I can't get the authors to release the source).  My advice as a PHP developer is, steer clear of encoded files whenever possible. If you must use them, put pressure on the developers to release unencoded versions, possibly for an additional fee, or ask them to at least document all the internal functions so you know what the heck is happening inside scripts that your own scripts will need to coexist and sometimes interact with.

Sometimes in X-Cart you may want to view something as a specific customer would view it. To temporarily access customer pages as a particular user you need only to be logged in as the admin and then pass the variable $HTTP_GET_VARS['operate_as_user'] to the customer page you are trying to view. So you would just add something like this to the querystring of your requested URL....

&operate_as_user=username_to_operate_as

or if you're trying to be all nice and XHTML compliant you'd use:

&operate_as_user=username_to_operate_as

Not an earthshattering bit of info, but useful to know nontheless.