Wednesday, February 24, 2010

The rise of software rental (aka software as service)

I'm evaluating the combination of Notational Velocity and Simplenote (iPhone) to manage my "notes" [1], including those related to home and work. I'll have more on that in my tech blog when I've got some personal experience, but it's interesting now to look at how software pricing is changing.

For years we've "leased" software, but we've had effectively unlimited licenses. After a vendor reaches their core market (revenue), they have little incentive to continue supporting the product (costs). Few vendors have Microsoft's power to force upgrades [2]. Some very fine software has died of this "natural cause".

On the other hand "cloud" services like SmugMug have a sweet recurring revenue model. They sell their service at a yearly price, and they can be the envy of desktop vendors (SmugMug benefits from a wicked lock-in, but that's another post.)

Over the past few years, however, I've seem more vendors experiment with 1 year licenses. This is an easier sale if there's a server-side dependency. For example, after a 1 year hiatus I again pay about $20 a year for Spanning Sync, primarily so I can sync my OS X Address Book with Google Contacts.

Simplenote is floundering about with pricing, but I gather they've suffered the usual iPhone app fate - initial growth then no revenues. Judging from their recent customer reviews they've been flamed for obscuring their current sales model [3]. As of today the base application is "free", but if you look very closely at their web site you might see mention of the "premium" service. The premium service is $9/year and includes:
  • no ads
  • automatic backup of older notes
  • create notes by email
  • RSS feed
  • Unlimited API Usage (free limit is 2,000 API requests/day)
This seems like a very nice set of services and well worth the price -- especially since Notational Velocity (open source, free) means there's no data lock.

The last is an essential requirement for the new model of subscription software. There can't be any data lock. You have to able to move to alternatives easily, or just walk away and be none the worse off. Both Spanning Sync and Simplenote (with Notational Velocity) meet this test.

I like this new model, as long as it's tied to data freedom. It gives me hope that the sofware I love will stick around for a while.

[1] See below. My current solution (Tooldedo Notes + Appigo Notebook) isn't bad, but I'd like to free my notes from the limitations of proprietary formats and I'd like to find a solution that will enable easier integration with Outlook/Exchange note-type functions.
[2] Corporate customers pay for the latest version of Office even if they choose to deploy older versions.

[3] Their pricing model seems entirely reasonable. So why the heck can't they make it more obvious? I wonder if there's a language problem here ...

Update 2/25/2010: I'm still evaluating Simplenote + Notational Velocity + Simplenote Chrome extension (aka simplenote ecosystem), but that tech blog post isn't ready to publish. It is interesting, however, to note the international background:
It's a creative world. The dominance of the US in software development was always unnatural; that time has passed. US Patent laws will accelerate the migration of software creativity to more rational nations.

Tuesday, February 23, 2010

The unreasonable effectiveness of mathematics - explained

Eons ago my peers used to puzzle over the unreasonable effectiveness of mathematics. Back in the 1960s an essay on the topic by Merci Cooper ended with this conclusion …

… The miracle of the appropriateness of the language of mathematics for the formulation of the laws of physics is a wonderful gift which we neither understand nor deserve….

Why is it that the “the great book of the universe is written in the language of mathematics” (Galileo Galilei)?

In a recent In Our Time programme on Mathematics' Unintended Consequences I heard, from one guest, a personally persuasive explanation. It’s a fundamentally anthropic explanation that goes something like this:

  1. Entities that can do mathematics arise as a consequence of natural selection.
  2. Natural selection can only occur in regions of a universe that have interacting and persistent patterns (perhaps including recursion).
  3. So a universe containing mathematicians will also be a pattern-based universe.
  4. Mathematics is a process for describing and manipulating patterns.
  5. Therefore mathematics is a language that can describe pattern-based universes, including our own.

I’m good with that.

Sunday, February 21, 2010

OS X defect: The missing uninstaller

I strongly prefer OS X and Macs to running XP or Windows 7. (I've no experience with Vista, I know XP extremely well and Win 7 well).

Even so, there are several domains in which Windows crushes OS X -- and has for many years.

One example is Windows terminal services/remote desktop. It's fabulous technology; Apple's VNC variation is relatively pathetic. Another is Parental Controls. A third is the file security model. There are about a half-dozen of these persistent, significant, but little noted Windows advantages.

One of the most peculiar Windows advantages arises from Apple's approach to product uninstallation. Take CrashPlan for example:
FAQ: Installing and Uninstalling [CrashPlan Support Site]
...Mac OSX: Open the installer.dmg file and run the uninstaller.
Windows: Use Add/remove programs.
Windows -- Use Add/Remove. Mac - go to the product website (if it still exists), find an installer, download it, run it.

One of the painful memories of my OS/2 days was learning that installation was irreversible. Many applications could not be uninstalled from the WorkSpace environment. Things are only a little better in OS X.

Yes, many apps can be uninstalled by dragging them to the trash. Many, however, cannot.

This is an ancient problem, and Apple has never shown an interest in fixing it. It's one of those lacunae that makes OS X feel old and forgotten.

PS. Incidentally, the CrashPlan uninstaller is a very unfriendly unix shell script that, at one point, asks for your admin password in a fairly cryptic manner. It fits with my suspicion that CrashPlan has been causing my MacBook to lockup on awakening from sleep.

AIDS, South Africa, Lysenko and Climate Change Denial - when ideology trumps science

In an article talking on the hopeful prospect of controlling HIV through a combination of screening and treatment, we are reminded of one of the great tragedies of the 20th century -- how the ideology of Mandela's African National Congress tarnished his personal legacy and, far more importantly, led the premature death of millions ...

Blanket HIV testing 'could see Aids dying out in 40 years' | World news | guardian.co.uk

... More than 30 million people are infected with HIV globally and two million die of the disease each year...

... The disease is overwhelmingly prevalent in sub-Saharan Africa, which accounts for a quarter of all HIV/Aids cases globally. Half of these are in South Africa....

The ANC in general, and Thabo Mbeki in particular, chose ideology over science. Mandela, by then an old man, did not object. Millions will die, even with the best current treatment millions will suffer and many will die prematurely.

Stalin made a similar mistake, choosing Lysenkoism over Darwinism, in part because Lysenko suited Stalin's ideology. Millions died of the famines that arose in part from following Lysenko's practices.

In modern America the GOP is today following the grim path of the African ANC and the Soviet Communist Party. Again, ideology is preferred to science. Again millions of lives are at stake.


There is hope. Most of the GOP disagrees with me about the responsibility of the strong for the weak, and much of the GOP doesn't share my thoughts on the role of fundamentalist Christian theology in American governance. Those differences are fundamental, and not directly amenable to logic or scientific resolution. On the other hand, the GOP's opposition to climate science seems more opportunistic and tribal. There is room for negotiation, including creation of a Grand Jury of Science to help move the cultural debate.

This is not the time to give up. GOP -- don't become the ANC.

Saturday, February 20, 2010

IOT Radiation: Gamma and X-rays

In Our Time, Radiation is a superb 50 minute review of 19th century physics -- with bits before and beyond. This is the physics that brought us much of the modern world - though for GPS we needed Einstein.

Listening again to how physics became ether-free I couldn't help but recall the old McCluhan meme --"The medium is the message". Deep, man.

I also finally learned the relationship between Gamma Rays (Hulk) and X-Rays (Superman). In retrospect, I've been forever confused by the alpha, beta, gamma particle nomenclature.

For the few who might be as unknowingly confused as I've been all my life, X-rays are forms of light (EM radiation) associated with electron transitions. Gamma rays are forms of light (EM radiation) associated with processes in the atomic nucleus. (A wikipedia article on Gamma Rays suggests my confusion arose in part due to the redefinition of Gamma and X-rays over the past thirty years.)

Alpha and beta "radiation", on the other hand, isn't electromagnetic (light) radiation -- it's particle emission. The confusion between alpha, beta and gamma "radiation" arose when they were discovered and named together.

Of course I'm sure I've got something wrong in this summary, but it does feel like progress.
--
My Google Reader Shared items (feed)

The Houben story - things that are too good to be true

Too often, miracles aren't.

The Guardian - Nov 23, 2009 ...
Trapped in his own body for 23 years - the coma victim who screamed unheard | World news | The Guardian

For 23 years Rom Houben was imprisoned in his own body. He saw his doctors and nurses as they visited him during their daily rounds; he listened to the conversations of his carers; he heard his mother deliver the news to him that his father had died. But he could do nothing. He was unable to communicate with his doctors or family. He could not move his head or weep, he could only listen.

Doctors presumed he was in a vegetative state following a near-fatal car crash in 1983. They believed he could feel nothing and hear nothing. For 23 years...
The article refers to the results of a new brain scan that showed normal activity. Houben had been "locked in", but conscious. The story received international attention. It seemed plausible to me, though horrifying. The implications were obvious for the care of other persons in a vegetative state.

Except ... Looking at it on the original Guradian article one can see an aide holding Rom Houben's hand. It's the only clue that his communications were "facilitated". I never saw that picture. Had I seen it I'd have been very skeptical. Facilitated communication is a tragic deception.

Today, Feb 20, 2010, the Guardian reports ...
No miracle as brain-damaged patient proved unable to communicate | Science | The Guardian
It seemed to be a medical miracle: the car crash victim assumed for 23 years to be in a coma who was suddenly found to be conscious and able to communicate by tapping on a computer.

The sceptics said it was impossible – and it was. The story of Rom Houben of Belgium, which made headlines worldwide last November when he was shown to be "talking", was today revealed to have been nothing of the sort.

Dr Steven Laureys, one of the doctors treating him, acknowledged that his patient could not make himself understood after all. Facilitated communication, the technique said to have made Houben's apparent contact with the outside world possible, did not work, Laureys declared...
It's a terribly sad story for Rom Houben's loved ones and for all the families and friends of persons in vegetative states. Many hopes have been falsely raised.

Miracles, by their very nature, require skepticism. The Guardian should been far more cautious last November. They're an interesting news organization, but they're not the New York Times.

A Google Reader snapshot of the coverage is interesting (click for full size) ...

Despair and climate change - a Grand Jury of Science

Despair is easy.

Sometimes it is justified. Other times, humanity surprises.

Dramatic change happens. It usually takes at least 20 years, and there are usually reversals along the way. In my lifetime I can easily think of smoking cessation, the end of littering, women's rights, gay rights, civil rights, cleansing of wealthy nation water and air, the fall of the Soviet Empire, dramatic reductions in family size, the creation of the EU, the Y2K resolution, the international Ozone agreement, and the dramatic reduction of poverty and suffering in China and India.

I thought 9/11 would be the start of a long series of mega-terrorist actions around the world, including bioweapons and dirty bombs. It wasn't.

It's these kinds of slow moving but radical changes that make elderly people say things like "it will all work out in the end". It's not true of course; history tells us it often doesn't work out. Anyway, in the end we're all dead. Still, the sentiment is understandable. If you're 80 you've seen a lot of intractable problems solved.

So, no matter how easy it feels, despair about American politics, global climate change response, institutional corruption, healthcare costs, US healthcare coverage, world food supplies, the end of cheap oil, the collapse of mainstream journalism, the Great Recession and rich world debt is an unaffordable indulgence.

Consider the response to climate change. We know we need a carbon tax equivalent and more, but America has moved backwards on this one. There's widespread American doubt about where the Earth's climate is going and what we can do about it.

So how do we start to turn this around? We can't expect leadership from the cognitively impaired and corrupt US Senate. We need to turn the American people. Hollywood won't do it.

So how about a Grand Jury of Science? Greybeards remember Richard Feynman's role on the Rogers Commission investigating the Challenger disaster. That committee, led by a genius with a robust ego and a showman's flair, produced a robust and widely trusted report on a complex technical and social issue.

We need something like that today. We don't have big popular names like Feynman or Einstein at the moment, but we've got great scientists and communicators all the same. Obama could put together a Grand Jury of Science led by a team of scientific communicators and working (ie. under 65) non-climate scientists.

The panel would call witnesses from the world of Climate Science and cross-examine them. Under the committee's auspices climate scientists, economists, and technical consultants would prepare an American (has to be American to be plausible) rigorous report on what the science tells us, what the uncertainties are, and what we should do (ie. Carbon Tax).

Yes, Americans pay far more attention to Glenn Beck than to mere logic and science, but remember the 1964 Surgeon Generals Report on Smoking and Health. Even though it really didn't say anything new, it still became the foundation for a discussion that took (yes) 20 years to conclude. At the time it came out smoking was routine, even expected. The report played a vital role in a major social change.

Victory is far from guaranteed. Failure is an option. Despair, however, is not permitted.

Friday, February 19, 2010

Google has Aspergers

The geek world has been debating whether Google's Buzz debacle arose from incompetence or malevolence. Did Google think they were doing something genuinely delightful, or is Buzz simple a cynical emulation of Facebook's "be evil" strategy?

I've been learning to the cynical and evil explanation, but a comment by Google's CEO, Eric Schmidt, has changed my mind ...

...talking to phone industry executives at Mobile World Congress in Barcelona, Schmidt said that nobody had been harmed by Buzz and that the problems were merely the result of poor communication...
This is an outrageous statement. Schmidt cannot know that nobody was harmed, either directly through the bonding of Buzz streams to public profiles or indirectly through inevitable misunderstanding. Even if he were omniscient, since many people have felt harm, it's a stupid thing for a CEO to say.

So why does this make me feel that Google is more incompetent than evil?

Because in my experience someone who says something that's obviously wrong most often believes what they are saying.

Which brings me to my corporate diagnosis. We can do that now that our courts have decided that corporations are people. I am a physician after all.

Google has Asperger(s) syndrome. For Google, people are an slippery and elusive concept. It explains a lot.

PS. I don't care what the DSM V says about Aspergers, it's a useful concept.

Update 2/22/2010: I think the person responsible for Buzz is also responsible for the obstinate Gmail message thread-by-subject-line model. Same sort of stubborn certainty.

Thursday, February 18, 2010

Google's latest inadequate Buzz patch - Profile deletion

Google claims to be trying to fix the Buzz Problem, but they're refusing to reduce the link between a public Google Profile and any Buzz activity.

For Google the public Profile is the great search prize. They won't give this one up easily.

So at the moment the only way to truly remove your public Buzz trail is to delete your Google Profile:
Edit your (Google) profile - delete profile:

... This will disable Google Buzz integration in Gmail and delete your Google profile and Buzz posts. It will also disconnect any connected sites and unfollow you from anyone you are following...
You can now do this from your Google Dashboard, from Profile settings, and possibly from the Buzz tab displayed in Gmail (which I no longer see).

There are side-effects to Profile deletion. It appears it will not only remove your Buzz followers, it will also remove your Google Reader followers. It may also remove your authentication with various connected sites and your Gmail OpenID credentials. It also removes any value attached to your Profile before Google attached the Buzz stream to it.

Google needs to do two things that they are extremely reluctant to do:
  • Near term: allow users to remove Buzz streams from the public profile.
  • Longer term: allow users to associate multiple Google Profiles with a single Google account and to control which ones ares associated with various Google properties, authentication and sharing services, etc.
Until they do these things, they have earned their new Gordon's Corporate Evil Scale score of '8' - average for a publicly traded company and in spitting distance of Microsoft's '10'.

Update 2/20/10: A week after I removed my full name from my Google Profile a search on my name still retrieves the profile and the few Buzz posts I've left undeleted. Quite a screw-up.

Wednesday, February 17, 2010

American crisis – imagining a way out

 
This betrays a certain lack of historical perspective. We’ve been through worse, other nations have been through much worse. Compared to the American Civil War, the Black Death, or even the many versions of “great” Depressions we’re in pretty good shape.
 
Not that success is guaranteed, but it’s quite easy to imagine.
 
As a starting point, I’d suggest some subset of this list would suffice:
  1. Political reform. I’ve got another post brewing on this. Fourteen years ago I satirized “public incorporation” of representatives, but now we have corporate persons with political rights. We’re in trouble. Many current Senators appear to have early dementia, and our political candidates are often lousy. We need to rethink who we elect, how we elect them, and how old they can be. We should draw on ideas from professional training and licensing and from jury selection.
  2. Taxes. We’re going to raise taxes – a lot. We should do a Carbon Tax. We will do a VAT equivalent. We’ll do “death” taxes – again.
  3. Immigration - Oh Canada: Canada figured this one out years ago. We have too many decrepit boomers. We  need to balance my generation with vigorous, energetic highly talented youth. So let them in based on professional and academic qualifications and business guarantees.
  4. Inflation: 3% should help whittle down those foreign debts. Don’t say you weren’t warned China.
  5. Give up on the Empire. The Soviets couldn’t afford their empire. Guess what? We can’t either.
  6. Delay Dementia: We’re all going to have to work longer, but we can’t all bag groceries. For one thing, that job’s going to a robot someday. Unfortunately, normal brain aging means most of us won’t be good for much more by the time we’re 72. We need a ton of research into slowing the inevitable onset of dementia. (Ok, so if you die it’s not inevitable.)

Note that my list doesn’t include “controlling health care costs”. That one’s simply inevitable, so I don’t bother with it.

In Our Time archives - EVERY EPISODE from Oct 15 1998 onwards

Wow.

You know, this really did deserve more than just a small aside on the recently redesigned IOT web site...
BBC - Radio 4 Melvyn Bragg's In Our Time
...For the first time, listen online to every episode ever broadcast, from Aristotle to the History of Zero...
The list includes many, perhaps all, of the legendary lost episodes...
... These ‘lost editions’ include topics such as Science and Religion, Childhood, Consciousness, The End of History and Quantum Gravity, and they’re discussed by guests including Nobel prizewinner Amartya Sen and the sadly deceased Stephen Jay Gould. The term ‘treasure trove’ is bandied around quite casually these days, but for anyone who enjoys In Our Time, these transcripts are very valuable...
I found Quantum Gravity (RealMedia only) from Feb 22, 2001 - but they "by year" list currently only goes back to 2004. So they've got some bugs to work out.


Sometime around 1999 the format drops to 30 minutes and the theme becomes "the 20th century". Then we come to the very first episode (Oct 15, 1998):
WAR IN THE 20TH CENTURY
... In the first programme of a new series examining ideas and events which have shaped thinking in philosophy, religion, science and the arts, Melvyn Bragg and guests discuss warfare and human rights in the 20th century. He talks to Michael Ignatieff about the life of one of the 20th century’s leading philosophers, Isaiah Berlin, and to Sir Michael Howard about the 20th century will be remembered; as a century of progress or as one of the most murderous in history.
When we see pictures on television of starving people in war torn areas most of us feel we must ‘do’ something. Where does the feeling that we are in some way responsible for our fellow human beings originate historically? How has technology affected the concept of the Just War? And what are the prospects for world peace as we enter the next century?
With Michael Ignatieff, writer, broadcaster and biographer of Isaiah Berlin; Sir Michael Howard, formerly Regius Professor of History, Oxford University and joint editor of the new Oxford History of the Twentieth Century.
Ignatieff now leads the Liberal Party of Canada.


Thank you BBC and thank you Lord Bragg and brave guests. There is still hope for humanity.


Update 3/4/2010: The handful that weren't online have since been added. It appears to now be complete!

Update 3/17/2010: The older material mostly uses RealAudio. That's easy to capture using AudioHijack Pro (you do need to read the manual, see also my old directions). Some of the very oldest material, however, is now rendered with the newish BBC iPlayer. To capture that I had to change the AudioHijack source to "Safari"; AHP switches Safari to 32 bit mode to Hijack the stream. I think I would have to change it back to 64bit myself, but I'm inclined to leave it in 32 bit mode for a while. Quite a bit of software doesn't like 64bit.

Update 5/21/2010: I gave up half way through the 30 minute 1999 (year two) Utopia program. It wasn't exactly bad, but the newer material is much better. I suspect today's guests rise to greater expectations than those of early days, and Melvyn is better at keeping people, including Melvyn, on track. It's also likely that ten years of intense study have moved Melvyn into a different world of background expertise. Incidentally, there's a painful point in the Utopia program where the guests expound on a cheesy essay about a posthuman utopia of the genetically enhanced. Melvyn's guests have almost no science fiction background; their futurist dialogs are pathetically naive. We ought to make post-1980 science fiction reading a requirement for a liberal arts degree.

Tuesday, February 16, 2010

Good-bye Buzz – for now.

I’ve clicked the link at the bottom of my Gmail account to discontinue Google Buzz.

I was initially enthusiastic because of the value of Google Reader notes – a precursor to Buzz. I hoped Google would fix the notes confusion/neglect while also giving me a better version of Twitter.

Instead, Google’s most senior leadership, the people leading and testing Buzz, blew it big time. They failed to understand the multiplicity of adult identities. All I can guess is that Brin et al are so wealthy and powerful that they have become fundamentally disconnected from mainstream reality.

I gave Google some time to recover, but they’re only playing around the edges. Google remains determined to tie all Buzz discussions directly to a user’s public Google Profile, perhaps as a way to manage spam and to drive search/marketing revenue.

Disappointing, but I’ll be back if they fix it.

Update: Even though I've removed Buzz via Gmail, my Buzz posts still appear on my Google Profile. Not funny Google.

Update 2: I've reversed the procedure that made my Profile searchable. It's non-intuitive, but the "Display my full name..." setting in "edit profile" toggles searchability. When unchecked a Google Search on a my name no longer returns my profile. The profile URL has not changed and prior links still show the public view. That public view still includes Buzz posts even though I've disabled Buzz support in Gmail. I've removed other information from my Google Profile and I expect I'll continue to trim the profile unless Google has a dramatic conversion.

Update 2/17/2010: In depth critique - with cartoon. Credit for focus on the Profile.

Wednesday, February 10, 2010

The Buzz profile problem: I am Legion

My name is Legion; for we are many many (Mark 5-9).

I am father, brother, in-law, son, and spouse. I am coach. I am volunteer. I am citizen and activist. I am a physician. I am an (adjunct) professor. I am an oddity in a large, conservative, publicly traded corporation. In the corporation I am a team member, known to some customers, occasionally publicly facing, known in various ways and various places. I have other roles and have had many more over time.

I am Legion. So are most middle-aged persons.

Only one person knows all the roles and all of the stories that are not excruciatingly boring (hi Emily).

That’s the problem with Google Buzz, and why my Google Profile doesn’t include my pseudonymous (John Gordon) blog postings or my Google Shared items.

Buzz is tightly linked to my Google Profile, and my Profile is trivially discoverable. I don’t want corporate HR or a customer or business partner to instantly know that I’m a commie pinko Obamafanboy with a dysfunctional Steve Jobs relationship.

I have LinkedIn as my bland corporate face, and, despite Facebook’s innate evilness, a FB profile for friends and family. Inside the corporation I’ve a blog that serves as a limited persona.

We all have many roles, identities, avatars, personae, limited liability personae, characters, facets and so on. The problem with Buzz today is that it’s tied to the Google Profile, and that profile is the closest thing to my unified public face. It crosses boundaries. So it can only hold the limited information channels that are available to all.

Google gets some things right, and a ton of things wrong. They take a statistical, loosely-coupled, evolutionary approach to technology development (the exact inverse of Jobs the Intelligent Designer). I’m looking forward to where Buzz goes, but I’ll be cautious for a time. They can start by giving us more control over what aspects of the overall Buzz connection stream appear on our public profiles.

Update 2/11/10: More on the mess-up. Google really didn't think this through very well. They may end up feeding the families of a number of lawyers. I'm sure they weren't dumb enough to roll this out in the EU, but if they did the fines may be significant.

Monday, February 08, 2010

John Wooden - Pyramid of Success

I'd never heard of John Wooden before I came across this drawing on the wall of an old arena in Northeast Minneapolis (click for full size) ...

Wooden was a basketball coach at UCLA, and he is said to have spent 14 years polishing versions of this drawing (see pdf version). He's 99, so we should here more about him in a year or so.

As a guide to competition one could do worse. There's nothing there about curiosity, compassion, mercy, forgiveness, tolerance, imagination, empathy, creativity, love or questioning authority - it's a guide to battle, not to life.

Friday, February 05, 2010

The Clampi Trojan says …. Get a Mac

A Windows 2003 server machine I use may, or may not, have been infected with the Clampi trojan (ilomi.b or ilomo.c, which depending on your font, may look a lot like llomi or IIlomi or ILomi).

I say “may not”, because the combination of “Windows 2003” and "antivirus” has a high rate of false positive claims that can wreak as much destruction as the antiviral software.

In researching the Clampi trojan Google suggested I read this summary (emphases mine) …

Clampi/Ligats/Ilomo Trojan - Research - SecureWorks

… Clampi’s recent success in infecting victims is accomplished by using domain administrator credentials (either stolen by the Trojan or re-used, or by virtue of the fact that a domain administrator has logged into an already infected system). Once domain administrator privileges are granted, the Trojan uses the SysInternals tool "psexec" to copy itself to all computers on the domain.

Clampi also serves as a proxy server used by criminals to anonymize their activity when logging into stolen accounts…

… Clampi is operated by a serious and sophisticated organized crime group from Eastern Europe and has been implicated in numerous high-dollar thefts from banking institutions. Any user whose system has been infected by Clampi should immediately change any and all passwords used on that system for any websites, but especially financial credentials.

… Most major anti-virus engines should be able to detect Clampi variants; however there is always a delay between a new Trojan release and the detection time.  Given the prevalence and seriousness of the Clampi Trojan, it is recommended that businesses that carry out online banking/financial transactions adopt a strategy to isolate workstations where these activities are carried out from possible Clampi or other data-stealing Trojan infections.

This may include using a dedicated workstation for accessing financial accounts which is isolated from the rest of the local network and the Internet except for the specific financial sites required to be accessed. Since Trojans can also be spread using removable drives, systems should be hardened against auto run-type threats. Businesses may even consider using an alternative operating system for workstations accessing sensitive or financial accounts.

Home Computer User Protection
SecureWorks CTU recommends that home computer users use a computer dedicated only to doing their online banking and bill pay.  They should not use that computer to surf the web and send and receive email, since web exploits and malicious email are two of the key malware infection vectors. 

As an alternative to operating a secure home PC for all important work, home users could, you know, buy a Mac. They would then have one machine to use for everything.[1]

Maybe Apple is funding Clampi development?

--

[1] The Mac’s vast security advantage comes from the “faster friend” security philosophy. When you and a friend are being chased by a bear, you don’t have to be faster than the bear, you have be faster than your friend. OS X 10.6 is, in practical terms, fundamentally more secure than XP, but not necessarily theoretically more secure than Microsoft’s very latest foul demon. The big Mac advantage is that the world’s criminals don’t own Apple machines, and have very little interest in targeting Macs as long as the vast majority of banks and corporations run some flavor of Windows. I’ve often wondered, incidentally, if Windows 98 isn’t now a very secure environment. I doubt many Trojans would infect it any more.