We, like many people around the world, have been appalled by resent Governmental suppression of political activity in places like Iran and China. But sadly the attempt to suppress information is not limited to repressive governments, as we have seen in places like the UK, Australia, and Germany with their attempts to “censor” the Internet. Furthermore, we have even seen non-governmental cooperations attempt to “censor” the Internet under the guise of protecting copyright and intellectual property.

We here at TCG feel very strongly that information must, should, and will be free.

The critical first step in correcting any injustice is to first bring that injustice out into the light for everyone to see. Sadly, when repressive elements attempt to suppresses the truth, they use violence and/or intimidation to terrorize people into silence. While this terror may come in the form of a bullet, a club, an arrest, or a lawsuit, the first step any repressive organization must do to terrorize someone is to identify “who” that someone is. To this end, we feel that “anonymity”, the ability to shield ones identity, is critical to the function of a democracy and is a fundamental human right. For if they do not know who you are, they can’t not silence you.

Even in a freer system, there are those who feel as if the concept of anonymity is antithetical to a lawful society. But masking ones self has always been a part of any freedom movement or the maintenance of freedom. We in the United States need only look back to our own revolution, when patriots dressed as Native American’s raided a ship in Boston to protest taxes. They dressed as Natives to protect their identities and history rememberers and celebrates this as the “Boston Tea Party”. In modern times, we have laws that protect journalists from reprisal should they need to hide their sources. We do this because we understand that in order to encourage people to come forward, they have to be protected. Our own government does this in the form of “witness protection”, hiding peoples identity to try and guarantee their safety.

To that end, we have now dedicated bandwidth and a server to operate as a “TOR” node.  TOR, The Onion Router, is a system created and promoted by the Electronic Frontier Foundation which is designed to protect the anonymity of Internet Users and to bypass censor and blocking systems such as China’s “Green Dam” or the Nokia/Siemens System’s in Iran.

To those people in places where information is not free, and you fear for your safty or freedom should your story be told, we offer our server for your use.

Download and Install TOR, then use our bridge server:

207.144.150.59:9001 C4F108CFEEE13CF60EDD3C668680567C4AFC82DA

We’ve know about this for the last 9 months, but the day is finally here. After a failed attempted at a subscription anti-malware product called Onecare, Microsoft has released a free anti-malware suite called “Security Essentials”.

This is the product code named “Morro” that was talked about last November. It works in much the same way Windows Defender Worked in terms of Anti-Spyware, except now rather than just combating Spyware, it also now does Viruses (which should also includes Worms).

I have written about AVG, and the ill-fated move to 8.0 from 7.5.  Of course as I wrote back then, the best thing about AVG 7.5 was that it confined itself to being just an anti-virus program, rather the a suite of bloat that AVG 8.0 and up turned into being. This meant it worked well with Windows Defender without having to duplicate services.

The only down side right now is that Security Essentials seems to be a “limited” beta, meaning that only 75,000 people are going to be permitted to download the software package. I can confirm however that Security Essentials does install from it’s own exe file without any need to “validate” it aside from the normal “windows genuine advantage” stuff. Ergo once you have the installer, there seem to be nothing stopping you from installing it on all your systems. I’m guessing that even after the 75,000 downloads, Security Essentials will be around in lots of places. With so few restriction placed on the files, I’ve guessing the 75,000 limit is just pro-forma.

The downloads themselves come in three flavors, 32 XP, 32 Bit Vista/7, and 64 Bit Vista/7.

I’ve tested the software on a few systems in my lab today. My Windows 7 Box ran it just fine with little in the way of distraction, but it’s a fast box, so I did not expect it to have any problems. I also tried it in a system on which AVG was having some critical errors. Security Essentials installed and ran with out the odd problems be caused by AVG on that particular box. Finally, I tested Security Essentials on an older and slow p4 2 GHz with only 512 MB of ram. On this system, we would normally have installed ClamWin non-realtime anti-virus because the overhead of running XP with SP3 is in my opinion to great for just 512 MB. We tested this system first with AVG 8.5 running then with Security Essentials. There was a noticeable increase in boot speed with Security Essentials over AVG. The basic running of the system was also snappier with Security Essentials where with AVG it did seem to drag, especially when opening directory with lots of files.

Overall my first impression on Security Essentials is a good one. I’ll run it for another few days here in the lab, but if it pans out, it will start to go on systems as early as next week. We stall have a bunch of AVG 7.5 systems out there that need to be switched over.

According to Apple, the iPhone 3G S has “Hardware Encryption” which is supposed to make the unit “highly secure” and enable “instantaneous remote wipe”.

However I have been unable to find any additional documentation on this subject or details on what exactly is being encrypted. Looking at these 21 words, I can presume that the instant remote wipe just means that the encryption key is dropped. That would make the most sense.

I would like to know what parts of the iPhone are encrypted. I currently use a 4 digit passcode to “unlock” my phone. That fact that my phone will wipe off any data after 10 bad tried is a nice feature, but what if the memory from my phone is physically taken out the unit? (unknown) Is the 4 digit passcode part of this “3G S Hardware Encryption”? (unlikely) Is the data readable from outside the iPhone either via the hardware dock with the passcode? (yes)

My testing would suggest that the passcode feature is not part of the Hardware encryption, sense I am able to do a sync with my desktop without having to put in my 4 digit code.

I am hoping that Apple will document this feature in the coming weeks and that ALL data on the iPhone is encrypted, not just arbitrarily sensitive things like contacts and schedules. In a world where our privacy is threatened on an ever greater level, and with new and broad (or over) reaching policing powers, encrypting our data is becoming more and more of a concern.

Well, I found a super easy way to enable tethering on my newly updated iPhone 3G with OS 3.0. Details can be had here.

The setup on the iPhone took about 30 seconds, and setting up the Network was even easer. Once I had enabled tethering in the iPhones Network Settings, I simply connected back to my desktop via the iPhone cable, and my Mac told me I had a new network device.

I tried to setup Bluetooth, and I got so far as to “pair” the iPhone with my desktop, but alas, Bluetooth failed on me again. Honestly, this was almost expected because I have been unable to use Bluetooth with any consistency with any Mac I have.

Of-course being here in beautifully-yet-ludditstic Crossville we only have EDGE, but that did not deter me from taking the tether out for a speed test.

My test site of choice is Speak Easy, and let me say up front that the test took a llloooonngg time to run, and had to be retried several times to get a result. Durning this time period I was kept entertained by the buzzes and pops coming from the speakers. Nothing makes you contemplate homicide like the sounds of cell phone interference from unshielded amplified speakers.

In the end, the results were not too shabby.

89/29 isn’t bad, and still fractionally beats my old dial up speeds from back in the day at CrISP. But this isn’t the Internet of 1997, so surfing on these speeds was almost impossible. However, I could get access to the terminal, and SSH worked with some snap. So in a pinch, this I think would work to do some remote administering via the command line, but Screen Sharing is out of the question.

Looking back on my Notes, I found I had published a Similar Test back in December. Oddly, on that test I got much faster download speeds than I did today.

I’ll be in a 3G network soon and I ‘ll conduct the test again to get a feel for how much faster 3G is over EDGE in Tennessee.

It would appear that iPhones with MobileMe are already reporting their location to Apple, evening with iPhone OS 2.2.1 and even with the “Find My iPhone”switched of in the Setting panel.

This would be BIG news because it would mean that iPhone users, with MobileMe, can be geo-located by Apple and it’s employees, even with the setting turned to “off”.

Here are my findings.

June 17, 2009 was the big release date for iPhone OS 3.0. One of the features touted by Apple for this release was the “Find My iPhone” location feature, which would allow someone to located a lost iPhone, alert with sound and text anyone around the phone, and if necessary, remotely wipe the iPhone of all data.

Wednesday June 17, 2009 morning found me in the city of Murfreesboro, TN, away from my Office desktop on which I sync my iPhone. Eagerly anticipating the updated OS, I decided to time my return to my home in Crossville TN (some 100 miles east on Interstate 40) to co-inside with the noon CDT release of the update. At 12:30pm, I connected my iPhone 3G, and started the update.

Once the update had completed I did the normal rundown looking at all the new features, one of which was “Find My iPhone”. I logged into my MobileMe, clicked on the “Account” icon, and the “Find my iPhone” sub menu. I of course was told that I needed to “Turn on” the feature in my phone, and given some quick instructions on how to do this, which I followed. Almost immediately, I had access to the screen, which could show me where my phone should be located. While I expected to see a Google Map of my office, or even a wide area shot of my city. I instead was treated to this:

I had one of those moments were I realized that this is “big”. The image above shows my “location” as being near Tennessee Highway 840, which is a limited access state highway connecting Spring Hill TN on I65 to Lebenon, TN  on I40, and passing through Murfreesboro, TN on I24 on , effectively “Looping” around the extreem south east of Nashville. What distrubes me about this is that yes, I was indeed at that location at the time indecated, 10:25am CDT, HOWEVER this was almost 2 1/2 hour BEFORE I installed iPhone OS 3.0 and turned on the feature which supposedly allowed MobileMe to know my location! To me this suggests that my iPhone with OS 2.2.1 was transmitting my location to MobileMe. The time discrepancy between 10:35am, and when I “turned on” the service for access at 1:00pm could be explained by AT&T’s 3G coverage. On Tennessee Highway 840, I lose 3G coverage at about that point on the drive. My home and office in Crossville, TN is in an area not covered by AT&T 3G, we only have EDGE here. There is a very small patch of 3G on I40 in Lebenon, TN, but at 70 miles per hour I would have been in it less than 3 minutes on my drive home.

It would seem that while I was on 3G and my iPhone was syncing with MobileMe via that radio, my location was sent. I know my iPhone synced with MobileMe over edge later in my trip, because I used it to read my email while stopping in Cookeville, TN, some 50 miles east of the furthest eastern most AT&T 3G coverage.

The above image also shows that my “location” was being updated.

Below is a “Zoom out” of the map to give you a better ideal of perspective.

Here, the yellow exclimated triangle indicates that MobileMe was “unable” to locate my phone, and was still giving me the last known coordinates which was again at 10:25am near Murfreesboro, TN. It would appear that 3G is needed for best use of the location feature. Again, my physical location at the time of this test was in Crossville, TN, which is only serviced  by AT&T EDGE. This might explain the delay in locating my iPhone.

This has a couple disturbing propositions. First being that long before my iPhone was updated to OS 3.0, let alone set to allow tracking, my location was known to Apple. Oddly, this in itself does not bother me as much as the implication that the “switch” in the settings on the iPhone is nothing more than a permission setting for use of the MobileMe website to find my iPhone. All of the infrastructure, radios, gps, location services, and battery drain, are still being used regardless of the setting on the iPhone itself.

Second, there is the impression that the switch on the iPhone settings is for privacy, however a quick look at Apple support docs actually does not implicitly state that the switch on the iPhone for using “Find My iPhone” is for privacy. It does however state that you must have the switch on before “you” can use the feature on the site.

Third, sense it is obviously that my location was know to Apple even before I turned it “on”, are there published guidelines on when/where/how this data is used and who in Apple is authorized to see this data?

Several hours later, I checked back with MobileMe and the map had been updated with an approximation on my location.

This image is interesting because it is obvious NOT a GPS fix, but rather a report based on cell tower data. From 12:30pm till 5:00pm, I was located on the first floor of my office building in which I know no GPS singles are receivable.  Even without GPS, my iPhone did report my approximate location. Ironically, the center of the targets “crosshairs” is within 100 feet of my office, give or take.

I would like to know if anyone else has had a similar experience. I would also like to know if there has been any acknowledgement from Apple that they do indeed already have location data on a per-iPhone-MobileMe bases, and what (if anyway) are their guidelines for this data.

Addtional Testing:

It is my intent to try and replicate my findings. My wife also has an iPhone, which is still on OS 2.2.1. I will try to use her phone as a base line to repeat the conditions. Knowing what I am looking for I will document the event properly.

I am also going to try and document the capture of location data on “Find My iPhone” from an iPhone with the setting switch turned off. I think that by using 3G with the switch turned “off”, and syncing with MobileMe. My location should be transmitted to Apple. I will then shut down the iPhone and place it in a farad bag to ensure any and all signals are stopped (I would remove the battery but, you know..). I will then start the iPhone in “Airline Mode” and use only wifi to enable the “Find My iPhone” switch. In theory if my iPhone was transmitting my location in defiance of the “off” switch. The place were I had last synced MobileMe over 3G will on the MobileMe website. For good measure I will also test this with EDGE and wifi as the MobileMe conduits.

UPDATE: 12:00am June 18

Not content to leave well enough alone, I have undertaken some addtional testing, following the basic outline from above. I took my from one known location (Home) to another known location (Office) with “Find My iPhone” turned off.

While at Home, I could indeed access Find My iPhone, and when I turned the service off on my phone, I lost access to the data on the MobileMe website. With the service still turned off, I drove to my Office, where I performed several MobileMe and Google Maps tasks.  While at my Office, I put the iPhone into Flight Mode (all radios off), then shut the phone down, and hardened it to RF (i.e. encased it in foil so as not to allow any radio connection at all, which worked surprising well). With the iPhone off and masked, I drove back Home.

Once at Home, I was still unable to access Find My iPhone because of course, the setting was “off” on my phone. However, after starting the phone in Flight Mode, and then only turning on Wifi, I could access the setting to restore “Find My iPhone” and then went through a lengthily process of trying to get MobileMe to “see” the phone. After several minutes, and a “push” of the text message (with sound) to alert near by persons to a lost iPhone, MobileMe did at last “see” my phone and report it’s location. However the location it reported was not my Home, but at my Office, where I had performed my last MobileMe Sync with Cell and GPS turned on.

After Completely rebooting my iPhone, and turning on all radios and features, the MobileMe website did switch over and give the correct location.

I have created a Youtube Video where I documented the process.

At this point, I can reproduce my findings, however I have a twinge of doubt about where MobileMe is getting it’s data. My testing methodology could lead to two different concussions. 1.) My iPhone is indeed still transmitting location data even with the “Find My iPhone” switch turned off. or 2.) Location data is being cached on the iPhone itself, then sent via what ever means to MobileMe when the feature is re-enabled. If option 2 is the case, then this cashed location data is most differently surviving a reboot of the phone. Also, neither options 1 or 2 fully explain the nearly 2 hour delay in my first (accidental) test.

In either case however it is clear that the iPhone must me on and in contact with MobileMe before Find My iPhone will work from the end users prospective.

Upon further reflection, the thought of Apple retaining location data, while somewhat sinister, makes some sense. After all learning the “last known” location of an iPhone might be helpful if you lost your phone with 10% of your battery remaining. But for this to be the case, should not the “Find My iPhone” feature work even without a connection to the iPhone?

Further testing is in order.

UPDATE: June 19

Well, apparently Youtube’s “10 minute rule” is like an eddic from God. So I’m going to find some other way to publish my 9 Minute and 124 Second video.

Update: Jun 19 - 2

Test after test still yields the same result, now from 2 iphones, a 3g and a 3gs. When switched off, iPhones when switched back on report the location to Find My iPhone of where they were switched off at. The toggle for “Find My iPhone” on the handset has no bearing on the result.

Now that I have two iPhones up on MobileMe, and can report that my “Find My iPhone” area of the website has two maps, but the second map seems to always fail (presumably for the 3g), the first one (confirmed for the 3gs) works. When I log into the MobileMe account for that phone “Find My iPhone” works, but in in the “main account”. I would like to see if from the main account, I could watch all the iPhones on my MobileMe family plan. A dream if you happen to be a jealous husband (which thankfully I am not).

If you happen to be a vindictive husband, you could just drive your wife off the phone completely. I can report that constantly probing the iPhones location WILL deplete the battery at an accelerated an rate. I burned through the iPhone 3G S battery after only 3 hours of testing from a full battery. No indication was ever on the phone that I was probing it. The charge just dropped like a rock.

Update: June 19, - 3

Well I feel stupid.  I’ve tried doing some packet inspections with ethereal (wireshark), but it would seem that the data exchange with MobileMe is encrypted. Chalk one up for Apple, while I cann’t sniff the cell data, I can only presume that wifi MobileMe traffic is the same as Cell-data MobileMe.

First, it would appear that Apple does indeed go out and “poll” for phone. Moments after a request for location comes down from the MobileMe Website, the iPhone does respond with some manor of data. I can only assume this is location data, or at the very least permission to relaise what ever data is there.

Second, if the iPhone does send location data back in the first few exchanges, then the data is completely unverified. This means that the iPhone has to hold some manor location cache. This would mean that the packets coming down do not in themselves trigger a location check on the iPhone, but rather only request what ever information the iPhone has.

I can confirm that Find My iPhone fails more than it works, and the dependancy chain to get access to Find My iPhone is so long that it might very well be useless in real world applications.

Turning off “Location Services” in the Settings Menu seems to drive the system a little nuts. The MobileMe website will poll the iPhone for quite awhile, before returning any one of several errors.

Turning off the cell radio and communicating with the iPhone only by wifi will fail sometimes, but other times it will report back a location which was the last time the iPhone seemed to have syned over Cell rather than wifi. While there is the older aGPS system used by handsets to get a GPS fix with cell towers, the iPhone has a full blown GPS radio and electrics packages to intemperate the GPS data it receives. This could mean that the Find My iPhone is using aGPS rather than GPS to get a location. This might account for lack of pinpoint accuracy in Find My iPhone. When using google maps, or GeoCaching, if I walk 25 feet, the iPhone “knows” the difference between my house and the end of my driveway. Find My iPhone conversely never gets more than a general fix on my location, even with a 100% clear view of the sky.

In real terms, this means that if you left your iPhone in a standalone restaurant building, then you might stand a change of knowing where it was. If you left it in a bodega on the same block were you also went shopping, can had coffee, and saw a friend in his office, then you might still have a rat hunt on your hands. At least you can make it beep for two minutes.

Being on the phone also seem to register as a bad cell signal. So if your going to steal an iPhone, go head and run up the minuets calling to China. The longer you are on the phone the less chance they have of catching you.

I’m still back to the question of “constant reporting” or “cached location data”. It’s clear to me at this point that MobileMe does require the iPhone to be mostly working for the user to get at location data even if it is constantly reported to MobileMe. The “cached location data” theory also has one VERY big problem. If you did lose your phone, in a basement somewhere, MobileMe would tell you the last location it has full access, not the current one. This could lead users on a wide goose chaise if they happen to be frequent subway riders.

Yesterday, while in Knoxville putting the finishing touches on a clients network, I had my first experience with a structural fire, sprinklers, and flooding. My clients office is on the extreme lower level off a large office complex undergoing renovation. Apparently someone on one of the upper floors started a small fire which set-off the buildings sprinkler system. Being in a nearly sound proof basement with no windows, our first indication of a problem was the sudden and massive flooding from the levels above. As water pored down on us we scrambled to move systems out.

It was a very surreal and unnatural sight to see so much water poring into a room. Looking down the dimly lit the lower level hallways filling up with water, I almost felt like I was in Bio-Shock, or some seen from Half-life. As we were moving equipment, I looked over at my assistant and chuckled, “Welcome to IT, now learn to swim.”

I had an odd ball case a few weeks ago.

I was contacted by a friend of a good client who needed me to do some data recovery on a laptop. Not all that unusual occurrence since, statistically speaking, data is more likely to be lost on a laptop top a on a desktop. When I was presented with this laptop, I was also given a story about its resent history.

    It seems that this laptop belonged to a person who traveled quite a bit to China on business. While in China the gentleman, who was advanced in years, passed away. His body and all his effects were of course transferred back to the US and turned over to his family. In these effects was this laptop.

Now, some time later, the widow of the deceased man had tried to get into the laptop to copy off photographs of her late husband which she knew to be on the computer. It would seem that he was an avid armature photographer, and being a world traveler, had taken thousands of pictures of the places he had visited. However, when she tried to boot the laptop it kicked back an error indicating that the OS was not found.

Upon first inspection the laptop did indeed not boot. When I looked at the hard drive however I noted that there were NO partitions on the 40 GB disk. This struck me as rather odd, since I knew that this model of laptop normally had a manufacturer recovery partition. While it’s not unusual for the end-user to reformat the hard drive and reclaim this recovery partition, it is rare for a non-technical person to do this. In addition, a quick scan did not detect any errors which might indicate that the partition tables had been damaged in anyway, they just seemed to have vanished.

On a hunch, I used a partition recovery tool to scan the drive and try to rebuild the partition tables. Sure enough, after a day and a half, both the main system partition and the manufacturer recovery partition had been rebuilt. The laptop could boot, and ran normally.

Of course, not trusting the drive and or the partition tables, I copied all data off to a backup drive, put a new hard drive into the laptop, did a clean install of the OS, and copied all the data files back. It turns out that the gentleman had over 12 GB of images, Office Files, and other documents. I felt very confident that I was able to recover all of his data. The laptop was returned to a very grateful lady and I felt good about the work I had done for her, being able to save a bit of her late husband’s memories.

Now, what has troubled me these past few days is “why” the partitions were gone. While I cannot be 100% certain, all factors seem to indicate that those partitions were purposely deleted and not victims of random drive failure. These days, it is VERY rare for drives to fail in this way, furthermore, if the drives had failed in this way there would be additional evidence that would suggest hardware failure, such as other data lose, damaged sectors, or even just trouble rebuilding the drive. None of these things were in evidence. I can only conclude that someone perhaps intentionally tried to erase this drive. However, if this is the case, then the person who tried to erase the drive was obviously NOT an IT professional.

When a person dies in a foreign land, of course his or her body and effects will be handled by the local law enforcement in that country. Could it be that someone in the Chinese government felt that erasing this man’s laptop before it was sent back to the US was necessary? Of course, if this is the case, why send the laptop back at all, or send it back with a new blank hard drive? It could have been that the decision came from a very low level in their government, like a local police captain, who did not want to take the chance that sensitive data might get out, and erased the drive on his own initiative. Could the deceased man, perhaps senescing the end of his life approaching, taken a last act to try and hide his data from local authorities?

How very odd.

Just to share a light moment of my day…

Spam is a big headache of mine. I’m using Google Apps for my email, but some tidbits of it still filter through. So my iPhone beeped, and I look down to see this:

Somehow, it just seems to fit.

Well, it’s April fist. Aside from being the worst day to get news from the internet (it seems like April 1st has become the unofficial Internet holiday for pranking), today also has a good deal of personal significance which has preoccupied my thoughts.

In the “real news” leading up to day, the mass media was preaching doom-and-gloom about Conflicker. 

First, and I need to say this, if you are hearing about a computer virus or new techno-widget from the mass media nightly news, then YES, you are the last one to know about it.

The problem is of course that the bubble heads on the news know as much about tech as they do about the economy. Also, because hype sells more advertising, there is very little incentive for the bubble heads to put this story in it’s proper context. (and I guess it would be pretty embracing if the world really did fall apart, and they missed the story)

None the less, people still had real problems today, and I still had to go out with my team and fix those problems. However, almost every “normal” problem we encountered today was compounded by people asking us “is this confiker?”. What compounded the issue was in some cases the insistence that the problem WAS caused confiker, because the people on TV said that confiker was happening today.

My favorite call out from today was an error printing. When I got there, the first question he asked was “could these be confiker?”. I reached down, and pulled a crumpled sheet out of his HP LaserJet and replyed “Nope, just a paper jam.” At least we both had a good laugh about it.

I’ve been getting some calls about a message from AVG warning users that it will “Expire” on April 12th, and stop updating. 

First, DON’T PANIC. Second DON’T BE DUPED INTO PAYING FOR IT. If you really, really, want to pay for AVG then go ahead, but don’t be tricked into doing so because you fear that your computer will be unprotected. 

I would put more stock into AVGs “this will stop working on…” threat if they had not done this before and AVG 7.5 kept working after the supposed cutoff date.

I’m advising my Clients to hold off and click “install later” when you get the message. I’d like to see if AVG really does stop working on April 12, or if this is just a marketing ploy.

I have to admit, I’m a little put out with AVG. The seem to have gone down the Norton road of trying to become an “all-in-one” security center. Like Norton and Mcafee before it, I fear that AVG’s strategy is doomed to shipwreck on the same “bloatware” rocks. 

AVG 7.5 is a great simple product. It does ONE thing, and does it well. Its an Anti-Virus with a real time scanning feature. The newer versions of AVG are massively over complex system with the cardinal sin of embedded browser features. 

Microsoft is supposed to release it’s own free anti-virus some time this year. When they do, I;m going to take a hard look at it. While it may not be the “best” anti-virus, it will be from Microsoft, so at least there shouldn’t be any overlap with other Microsoft security products. Also, it should also update via the same channels as the rest of the MS Update items, which makes for simpler management. I’ll be testing this anti-virus just as soon as it comes out. 

In the mean time IF AVG fails us, there are still may free anti-viruses out there. One I am looking at right now is ClamWin. It seems to be based on the popular GPL ClamAV, which is a free (as in cost), and free (as in open source), anti-virus. Now the free ClamWIN DOES NOT have an automatic embedded real time scanner. However this may not be a bad thing. By removing the real time feature, you do free up a lot of memory and CPU cycles.  ClamWin can scan on a schedule, and if you have the free (as in cost) Microsoft Windows Defender, then you do have a real time scanner for the more dangerous and likely threat of Spyware and Adware.