United States federal government bans use of Kaspersky software: What should firms and households do?

A leading maker of antivirus and internet security software has been blacklisted by the United States federal government over fears that it has ties to Vladimir Putin’s regime in Russia. Here’s the first two paragraphs of The Washington Post’s story about the decision:

The U.S. government on Wednesday banned the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyberespionage activities, according to U.S. officials.

Acting Homeland Security secretary Elaine Duke ordered that Kaspersky Lab software be barred from federal civilian government networks, giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk.

And here is a copy of the statement issued by the Department of Homeland Security regarding DHS Binding Operational Directive 17-01.

Kaspersky Lab (which has an American division headquartered in Woburn, Massachusetts) responded with this strongly-worded statement:

Given that Kaspersky Lab doesn’t have inappropriate ties with any government, the company is disappointed with the decision by the U.S. Department of Homeland Security (DHS), but also is grateful for the opportunity to provide additional information to the agency in order to confirm that these allegations are completely unfounded.

No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company. Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia.

In addition, more than 85 percent of its revenue comes from outside of Russia, which further demonstrates that working inappropriately with any government would be detrimental to the company’s bottom line. These ongoing accusations also ignore the fact that Kaspersky Lab has a 20-year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy technology development.

Regarding the Russian polices and laws being misinterpreted, the laws and tools in question are applicable to telecom companies and Internet Service Providers (ISPs), and contrary to the inaccurate reports, Kaspersky Lab is not subject to these laws or other government tools, including Russia’s System of Operative-Investigative Measures (SORM), since the company doesn’t provide communication services.

Also, it’s important to note that the information received by the company, as well as traffic, is protected in accordance with legal requirements and stringent industry standards, including encryption, digital certificates and more.

Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues. The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit.

Kaspersky’s software has repeatedly come out ahead of the competition in tests performed by independent labs, which is a key reason why many cybersecurity professionals like it and recommend it.

But now the company is being blacklisted by the federal government and agencies are under orders to remove and uninstall any Kaspersky products they may have purchased licenses for. Best Buy has already severed ties. What about households and firms that use Kaspersky: what should they do?

My advice is, don’t panic. There is no need to purge Kaspersky from your systems if you use it. No evidence has been presented that Kaspersky’s software is malicious.

And it sounds like the government just doesn’t have any.

Rob Joyce, the White House cyber security coordinator, said Wednesday at the Billington CyberSecurity Summit that the Trump administration made a “risk-based decision” to order Kaspersky Lab’s products removed from federal agencies.

Asked by Reuters whether there was a smoking gun showing Kaspersky Lab had provided intelligence to the Russian government, Joyce replied: ”As we evaluated the technology, we decided it was a risk we couldn’t accept.”

Emphasis is mine.

Despite the issuance of this order, the Department of Homeland Security has said there will be “an opportunity for Kaspersky to submit a written response addressing the Department’s concerns or to mitigate those concerns”.

“The Department wants to ensure that the company has a full opportunity to inform the Acting Secretary of any evidence, materials, or data that may be relevant,” says the statement accompanying the order.

In a recent New York Times op-ed, Senator Jeanne Shaheen of New Hampshire advocated for today’s action by referencing briefings from the intelligence community.

At a public hearing of the Senate Intelligence Committee in May, six top intelligence officials, including the heads of the F.B.I., C.I.A. and National Security Agency, were asked if they would be comfortable with Kaspersky Lab software on their agencies’ computers. Each answered with an unequivocal no. I cannot disclose the classified assessments that prompted the intelligence chiefs’ response. But it is unacceptable to ignore questions about Kaspersky Lab because the answers are shielded in classified materials.

When someone says they’ve got evidence to back up a course of action they want to take, but won’t show it to you, then you’re left with just their word.

That’s not good enough.

Shaheen goes on to say:

Fortunately, there is ample publicly available information to help Americans understand the reasons Congress has serious doubts about the company.

She then goes on to talk about how the company’s founder Eugene Kaspersky graduated from an elite cryptology institute (something that is public knowledge and which I’ve known since before I started using the company’s products), and news reports that discuss the possibility and probability that Kaspersky has been collaborating with Russian intelligence, such as this one from Bloomberg.

But even that Bloomberg article noted, “The U.S. government hasn’t identified any evidence connecting Kaspersky Lab to Russia’s spy agencies.”

(Kaspersky has responded both to Shaheen’s op-ed and also to the Bloomberg story).

Writing for Wired, in a piece published on Labor Day (Why the U.S. Government Shouldn’t Ban Kaspersky Security Software), Philip Chertoff noted that most of Kaspersky’s rivals in the cybersecurity industry are also foreign companies that may have ties to the intelligence agencies of their own home countries.

It is not unreasonable to think that Kaspersky Lab may have ties with Russian intelligence. The company employs former intelligence officers, and Russia’s relationship-based business climate means that it’s unlikely Kaspersky Lab could have succeeded without relationships with senior government officials.

However, it’s a charge that could be levied at many technology companies, especially cybersecurity firms. As the digital economy has grown, international intelligence agencies and technology firms have formed a sort of intelligence-industrial complex. After exiting US intelligence services, many former officers and cryptographers transition to jobs with big tech firms, hired for those skills they learned in the service or specifically for their strong personal relationships with government officials.

For instance, Bitdefender — which is currently trying to poach Kaspersky’s business with ads like these — is based in Romania. (Bitdefender is the other company that routinely gets the highest marks in independent third party testing of antivirus and security software).

If we can’t trust Kaspersky because they’re foreign, then arguably the same logic applies across the industry.

Kaspersky is a multinational company that has servers all over the world, in many countries, including the United States as well as Russia. Again, that’s no different than other cybersecurity companies.

It must be noted that there are a lot of American firms handing over precious trade secrets so they can do business in China, or complying with Chinese laws so they can gain access to the market there.

The New York Times recently published a story about this. Shouldn’t that behavior be equally concerning to us?

It is to me, at least. And these are American firms.

Senator Shaheen claims to have seen information which is prompting her to call for a ban of Kaspersky software — but says she can’t share this information. That’s of no help, then, because it means those of us who understand these issues can’t weigh the evidence for ourselves to reach our own conclusions.

The U.S. intelligence community is very secretive and agencies like the NSA have a history of having violated federal law and the Fourth Amendment to the United States Constitution to spy on Americans.

The NSA has also reportedly spied on companies like Bitdefender and Kaspersky (surprise, surprise).

We have a growing body of evidence that Vladimir Putin and the Russian Federation interfered in last year’s elections here in the United States. We are all right to be concerned about that. We do not have evidence that Kaspersky’s software is a danger to our national security.

The Internet may have begun as a U.S. defense research project, but it’s a global medium now. Combating bad actors requires global cooperation, because the bad guys can operate from anywhere with an Internet connection, as Eugene Kaspersky notes in a piece today at Forbes:

When did it become OK to declare a company is guilty without one shred of public evidence? In addition, while the U.S. has talented cybersecurity experts, smart people, who are dedicated to fighting cybercriminals, are born and educated all around the world. If the most sophisticated cyber threats are coming from countries outside of the U.S., don’t you think using cyberthreat data and technologies from experts located in those countries might be the most effective at protecting your valuable data, especially given that they are fighting against those local threat actors every day?

It is time to separate geopolitics from cybersecurity. We need to work together globally. Kaspersky Lab has good relationships and regularly helps law enforcement agencies all over the world fight cybercrime, and we hope the U.S. will also consider learning more about us, and who we truly are, versus the rhetoric and false assumptions. We’re ready to demonstrate that we have nothing to hide, and that we only want to help defeat cybercriminals and prevent cyberattacks.

With that said, I previously offered to meet with Senators, Representatives, Committees, and federal agencies, publicly or privately, to answer any questions regarding my company or me. The offer still stands.

If those of us using Kaspersky were to ditch it, and wanted to replace it with something comparable, we’d probably go with Bitdefender, which (as mentioned) is the other company that scores the best in independent testing for antivirus effectiveness. Again, as mentioned, Bitdefender is Romanian. So we’d still be in a relationship with a foreign company and our computers would still potentially be transmitting data to servers outside of the United States, including servers based in eastern Europe.

One final point: Kaspersky’s software may be proprietary (closed source), but so are the operating systems distributed by Microsoft and Apple — which most people use for their desktop computing. Microsoft happens to be one of Kaspersky’s partners; they make use of the Kaspersky Antivirus SDK.

Seattle-based Amazon is also a Kaspersky partner.

When any of us uses proprietary software, we’re making a decision to trust the company we’re getting it from, because the source code cannot be audited by anybody in the same way that free software can be.

At this juncture, I have no reason to believe Kaspersky’s software is risky, malicious, or a threat to national security. I will therefore continue to use it to protect the proprietary systems that I run.

I actually prefer to do the majority of my computing with free software, notably the GNU toolchain, Linux kernel, KDE applications, and WordPress, all of which are distributed under licenses that allow anyone to see the source code, distribute it, and modify it.

Part of staying secure involves recognizing and rejecting bad advice

A couple of days ago, I came across a blog post by former Mozilla developer Robert O’Callahan that harshly criticized makers of antivirus software. “[I]t’s safe for me to say: antivirus software vendors are terrible; don’t buy antivirus software, and uininstall [sic] it if you already have it (except, on Windows, for Microsoft’s),” O’Callahan declared in his opening paragraph, going on to contend that many Internet security and antivirus suites don’t add value, are not themselves kept updated, and prevent the browsers and operating systems they’re supposed to protect from running smoothly.

By the time I got to the end of O’Callahan’s first paragraph, I was appalled. Urging people to avoid using or installing Internet security and antivirus solution is terrible advice. Left undefended, a typical Windows or Mac installation is susceptible to all kinds of threats, including viruses and ransomware. I make a point of telling my clients that having a best-in-class Internet security suite installed is one of the most important ways they can mitigate their risk.

Notice I said “best-in-class”. Contrary to what O’Callahan says in his post, not all antivirus and security products are created equal. Much of what’s available for sale or download would not earn my recommendation.

I advise clients that it’s not enough to just have any old Internet security product installed; it should be an application that independent testing has shown can actually offer a user valuable protection.

The two firms whose software has generally performed best in the the independent tests I’ve seen are Kaspersky and Bitdefender. I prefer Kaspersky’s Internet Security suite, and am a paying subscriber.

Kaspersky nowadays sells multi-computer subscriptions as part of a package deal for a reasonable price, which means you can get all your family’s computers protected by buying just one plan. Their suite includes a robust firewall and antivirus engine, plus some other extremely useful tools, including Safe Money, which can stop you from falling victim to phishing attacks.

The latest version of Kaspersky Internet Security for Windows has a killer feature that I absolutely love: it scans my Windows operating systems for outdated plugins and third-party applications and offers to update any it finds without my having to do anything.

I keep a lot of what I have installed updated with Ninite, but Ninite won’t update *all* the non-Microsoft software on my computer. Kaspersky is now flagging updates I can’t install through Ninite and allowing me to install them with a couple mouse clicks. I love that.

Kaspersky Internet Security is well-behaved and generally does not get in the way of my other applications. I do not use the Kaspersky add-on for Firefox because I already have NoScript, CookieSafe, RequestPolicy, Privacy Badger, uBlock Origin, HTTPS Everywhere installed. These add-ons collectively serve as my browser armor and help protect me as I surf on a daily basis. But I consider Kaspersky Internet Security essential, too.

In my own testing, the scanner and antivirus engine have done very well. If I mount a volume with malware specimens on a virtual machine Kaspersky is installed on, it will quickly notice the specimens and warn me that it’s found malicious objects that should be quarantined or deleted.

Kaspersky’s Alexey Malanov saw O’Callahan’s post too, and took issue with it here. His criticisms of O’Callahan’s criticisms are spot on, and worth reading.

“In 2016, Kaspersky Lab solutions repelled 758,044,650 attacks launched from online resources located all over the world,” Malanov notes. “Web antivirus components recognized 261,774,932 unique URLs as malicious and detected 69,277,289 unique malicious objects (scripts, exploits, executables, etc.). Encryptors targeted 1,445,434 computers of unique users. Kaspersky Lab solutions blocked attempts to launch malware capable of stealing money via online banking on 2,871,965 devices.”

O’Callahan’s post includes a number of sweeping generalizations that are not backed up with any evidence, like this one:

AV products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security.

Towards the end of his rant, O’Callahan does link to a 2012 post by Nicholas Nethercote criticizing McAfee (now owned by Intel) for getting in the way of Firefox. But he never calls out McAfee specifically in his own post.

I am not a McAfee fan either, and would not suggest anyone use their products. Fortunately, there are superior offerings available from firms like Kaspersky and Bitdefender that have earned “Outstanding” ratings in independent tests due to their effectiveness in thwarting threats.

If you’re not happy with your current Internet security suite, you should look into getting a better one as opposed to going unprotected, as O’Callahan unwisely recommends. Merely installing updates from Microsoft and Apple as soon as they’re available won’t protect you from ransomware, viruses, or phishing attacks. But a best-in-class Internet security suite can. Be sure that you have one installed on your computers and those of your loved ones.

How *not* to patch a security vulnerability

If you’re a vendor… don’t do what Fiat Chrysler did:

Fiat Chrysler has started distributing a software patch for millions of vehicles, via a USB stick sent in the post.

In July, two hackers revealed they had been able to take control of a Jeep Cherokee via its internet-connected entertainment system.

The car firm has been criticised by security experts who say posting a USB stick is “not a good idea”.

It’s hard to believe a company as Fiat Chrysler could be this boneheaded about security. But somehow, this ridiculous plan to send USB sticks out to Jeep Cherokee owners got greenlit. Some 1.4 million Jeeps are said to be affected by the aforementioned vulnerability, which is a lot of vehicles.

Fiat is making a bad problem much worse, as Pete Bassill explains:

“This is not a good idea. Now they’re out there, letters like this will be easy to imitate,” said Pete Bassill, chief executive of UK firm Hedgehog Security.

“Attackers could send out fake USB sticks and go fishing for victims. It’s the equivalent of email users clicking a malicious link or opening a bad attachment.

“There should be a method for validating the authenticity of the USB stick to verify it has really come from Fiat Chrysler before it is plugged in.”

He said that using a device like this had wider implications.

“Hackers will be able to pull the data off the USB stick and reverse-engineer it. They’ll get an insight into how these cars receive their software updates and may even find new vulnerabilities they can exploit,” he told the BBC.

Fiat did issue a voluntary recall, allowing owners to bring affected vehicles into dealerships to get their firmware upgraded. They should have left it at that — if pushing out updates over the air wasn’t possible. Perhaps Fiat went with USB sticks thinking it would be an inexpensive way to help their customers update their vehicles’ firmware. But in the long term, I imagine it’s going to be more expensive, because of the can of worms they’ve opened for themselves.

Ad-blocking is good from both a security and privacy standpoint

Every now and I then, I come across a story which reaffirms my long-held belief that ad-blocking is good from both a security and privacy standpoint. That happened again recently when I saw this article in The Register:

Online advertising has become an increasingly potent threat to end-user security on the internet. More hackers than ever are targeting the internet’s money engine, using it as a powerful attack vector to hide exploits and compromise huge numbers of victims.

Malvertising, as poisoned ads are known, is as deadly as it is diverse. Hackers are able to poison advertisements with the world’s most capable exploit kits, then pay to have it served on a large number of prominent websites. Up to half of users exposed to the very worst forms of malvertising fall victim, yet tracking the attacks is often tricky. Advertisements are dynamic and served only to certain users, on certain websites, in certain conditions, making attacks difficult to study.

As the article goes on to explain, malvertising has simply exploded in recent years, and is now an extremely serious problem. But unfortunately, big players in the web advertising business aren’t doing enough to combat it:

The industry’s top malvertising experts are unanimous: For all intents and purposes, advertising companies have no idea who is buying their ads, and they make what amounts to no attempt to understand their customers. In an industry that moves fast and operates on tight margins, whitelisting and security checks seem costly and unwanted speed bumps.

The two biggest online advertising organisations, Google and Yahoo!, did not respond to a request by Vulture South for comment after initially flagging interest in interviews.

What can users do to protect themselves from malvertising? The answer is simple: Block ads and block JavaScript from executing by default.

There are ad-blockers available for all major browsers, notably AdBlock Plus, which has extensions for Internet Explorer, Firefox, Safari, and Chrome/Chromium. All the major browsers also contain controls that are capable of turning off JavaScript execution, but since most of us want sites to trust to be able to run scripts (for example, I want to allow JavaScript to execute my own domain and my credit union’s domain), it’s better to install a tool like NoScript, which allows JavaScript to be selectively turned on for trusted sites. (NoScript has 2 million users and maintains an average review of five stars. It’s well-deserved).

Using these and other tools (like HTTPS Everywhere, RequestPolicy, Better Privacy, and Cookie Controller) can greatly improve our security and privacy as users. The tools I’ve mentioned essentially act as browser armor, and can safeguard against all sorts of threats on the Web, not just malvertising. We all stumble into bad neighborhoods on the Internet from time to time, often by accident. Having browser armor in place greatly minimizes the risk of harm to our computers. Prevention, as they say, is the best cure of all.

I’ve heard some people make the argument that ad-blocking is unethical. I disagree. I believe that as users, we all have the right to decide what content we want to come into our homes and workplaces through our personal computers, tablets, and smartphones. That means having the freedom to block JavaScript, cookies, cross-site requests, ads, images, or anything else. We all ought to be able to control our own computing and decide how the Internet connectivity we pay for gets used.

This is especially important in the context of mobile Internet access, because most of us are on plans with fixed data allotments.

I understand the economics of publishing and content creation, and I agree we need to support artists and writers. The best way to do that, though, is to purchase a subscription to a favorite publication, or put money in a site’s tip jar.

Tips for crafting a strong password for your Wi-Fi network

Recently I had an opportunity to evaluate the latest incarnation of Actiontec’s MI424WR (GigE) router, a workhorse designed for use with FiOS service offered by Verizon and Frontier Communications. While navigating through the administration console of the router, I noticed that the security settings page now incorporates a long list of useful tips on crafting a strong Wi-Fi password. (WPA2 is also now the default security protocol, which is great, because WPA and WEP are flawed and easier to compromise). Here are the tips I found, which concur with the guidance I offer to clients:

User Guidance on Password Selection

Your wireless network security depends on having a good password. A good password contains Sixteen (16) or more letters or numbers, with each letter or digit chosen at random. This initial password shipped with your router is an example of a good password. The initial password is printed on the serial number sticker under the router. The Letters in the password are case sensitive and the initial password provided on your router is in Upper Case
If you wish to change your wireless password, try to pick a password similar to your router’s initial password. You must include at least one letter and at least one number in your password. It is recommended that the password should be at least sixteen letters and numbers, with no spaces or special symbols. However, you can shorten the password at your own risk. At a minimum there has to be 8 characters and a maximum of 63 can be used.

Here are some suggestions to help you choose the safe password:

  • The password should be 8 to 63 ASCII characters long, and it is highly recommended to use 16 or more.
  • Characters that are upper case. ASCII is categorized as Alpha and Numeric characters.
  • DO choose each letter or digit at random. Try one-finger typing with your eyes closed.
  • DO use a longer password, and write it down somewhere safe. A short password is easier to remember, but also much easier for attackers to guess. It is OK to let your PC save your wireless password so you don’t have to remember it.
  • DO NOT use anything directly related to you, such as your street address, phone number or car license plate.
  • DO NOT use the name of any person or place in your password. The attackers know all the common names.
  • DO NOT use any word from the dictionary. The attackers have dictionaries, too.
  • DO NOT use a phrase or sentence. Once an attacker learns any portion of the phrase or sentence, the rest is easily guessed.

This is great advice. I often find when asking for the Wi-Fi password at a particular location that it is just a couple of words, the telephone number of the establishment, or the address (spelled out).

A secure password should not include any personally identifiable information. Birthdates, license plates, phone numbers, addresses, Social Security numbers, and other sensitive data should never be used in any password, ever. Length is good. Random characters are good. Mixed-case letters are good. Punctuation, if allowed, is great. Here is an example of a weak, bad Wi-Fi password:

555-567-8095

The following, courtesy of the Strong Password Generator, would be a strong Wi-Fi password:

Ay#{$.}n7 s$Q~sM*;.}73*CS

It’s easier to remember as ALPHA yankee # { $ . } november 7 [space] sierra $ QUEBEC ~ sierra MIKE * ; . } 7 3 * CHARLIE SIERRA

Do yourself, your family, and your business (if you have one) a favor and set a strong Wi-Fi password, using the WPA2 protocol. You’ll be glad you did.

Open for business!

Today marks the launch of andrewvilleneuve.com, my new business website. I’ve decided to become a security consultant, specializing in WordPress security, because it’s plain to me that there are a lot of individuals, businesses, nonprofits, and groups out there who need someone to be able to advise and assist them with locking up their websites and implementing best practices.

I’ve always been a believer in the mantra, do what you love… and I love helping people stay safe. More and more societal interaction and commerce is taking place in the digital realm, and while that presents opportunities for collaboration and networking that weren’t possible before, it also comes with downsides.

We are not doing enough to protect and safeguard our digital domains, perhaps because the Internet is still a new medium and changing rapidly. However, there are parallels between cyberspace and the physcial space we inhabit. For example, a website is analogous to a house, usernames and passwords are like keys, and emails are analogous to sensitive documents carried around in a briefcase.

Most of us would never leave our home unlocked and unprotected… we take reasonable precautions to guard against theft of our personal property and real estate. A website is no different than a house. It needs to be cared for, looked after, maintained, adequately secured.

Out of the box, WordPress is simply not secure. It’s like a brand new house that is structurally complete, with plumbing and electrical systems installed, but without improvements that would make it more secure, like a reinforced door, a guard dog, dowels in the sliding doors, or an alarm system. WordPress can be made, secure, though, and a top objective of my practice will be helping clients lock up their WordPress sites so they can greatly reduce the likelihood of being compromised.

I’m looking forward to beginning this journey and seeing where it takes me. If you’re interested in hiring me, please don’t hesitate to get in touch.

Force Kubuntu to let you install new login themes

Problem: You’re tired of the default Kubuntu login theme and want to install a new one. But when you try to add new themes by going to System Settings > Login Screen (under the category System Administration) > Theme, nothing happens.

Cause: A flaw in KDE

Solution: Open Konsole and type:

kdesudo kcmshell4 kdm

This will open the Login Screen module, but as root. Now try installing a login theme. You should be able to see the newly installed theme in the list once you install, and be able to specify it as the default.

Help Thunderbird display emoticons in messages sent from Microsoft Outlook

Problem: Mozilla Thunderbird (running on a GNU/Linux machine) doesn’t display emoticons in messages that were sent using Microsoft Outlook. Instead, emoticons appear as the letter “J”.

Cause: Microsoft’s lack of concern for web and email standards

Solution: Install the “Wingdings” font so that Thunderbird can actually render the emoticons. On the latest versions of Ubuntu, this is as simple as clicking on the wingding.ttf file and then clicking Install. You can get Wingdings from your Windows computer. Just go to C:WindowsFonts and look for wingding.ttf. It should be near the end. Copy this file to your GNU/Linux machine and install it. Next time you start Thunderbird, you should be able to see emoticons in any message sent by a friend using Microsoft Outlook.

What to do when GParted crashes on your Live CD

Problem: GParted crashes while starting up when launched from the Ubuntu 10.10 Maverick Meerkat Live CD, or from a Maverick USB installation. Restarting the computer and beginning another live session fails to help matters.

Solution: There’s actually a pretty simple solution for this very annoying problem: Upgrade GParted. A user dealing with this problem could, of course, fall back on an older Live CD with an older version of GParted. But older versions may run into “unknown errors” if a newer version of GParted has been used to configure a drive. Furthermore, it makes sense to just grab the latest and greatest version.

If you’re running Maverick on a USB stick, just open a terminal and type:

sudo apt-get install gparted

Ubuntu will upgrade GParted. Next time you try to start it, it should come up okay and not crash.

If you’re running a live session from a CD or DVD, use the disc to make a USB stick that can save data. Then upgrade GParted using the command above.

What to do when Flash audio stops working on Ubuntu/Kubuntu

The situation: You’re trying to watch a Flash movie in Firefox and you can see video just fine, but the audio is stuttering like a broken record, making it impossible to hear the sound. Audio does not stutter in non-Flash applications. You have the latest version of Flash from the Ubuntu repositories.

What’s going on? This appears to be a bug that many Ubuntu/Kubuntu users are experiencing. It looks like it’s a glitch with Flash. Messing around with your sound architecture is unlikely to help matters, so don’t do that.

Solution: There is a fairly simple workaround. Go to Tools > Add-ons. Select “Plugins”. Disable your Flash plugin. Restart Firefox. Then, go back to Add-ons and enable the plugin. Try playing a Flash video again and see if the audio works. Repeat this workaround if the problem occurs again.

In some (but not all) other browsers, this problem can be alleviated by simply restarting the browser.

Comment: If you’ve found this post, I hope the above troubleshooting advice helps. I can’t wait for the day when proprietary software is no longer required to view video on the Web. Flash sucks. The advent of HTML5 will hopefully make Flash problems irrelevant and a thing of the past.