Welcome to Cyber Way

A Platform to Search Knowledge, Education, Fun, and Explore Cyber World.

Google Search

Custom Search

Thursday, August 27, 2009

Snow Leopard to Prowl for Mac Malware?



Apple has reportedly built antimalware features into its upcoming Snow Leopard operating system. The feature apparently patrols for known Mac Trojans. Tight security is an oft-touted feature of Mac OS X, though users must still be wary of malware like Mac Trojans, which have been known to exist in the wild.
Apple (Nasdaq: AAPL) has reportedly included antimalware technologies in Snow Leopard, which will go on sale Friday.
The news comes shortly after Apple released a fresh round of commercials indicating that the Mac, unlike PCs running Windows, is virus-free.
Mac security software vendor Intego's blog carried a screenshot showing the antimalware feature detecting a version of the RSPlug Trojan horse in a downloaded disk image.
Dan Goodin, writing in the Register blog, said the feature checks for only two known Mac Trojans, and has other limitations.

About the Antimalware
Intego said it's not sure how the antimalware feature works. It promised to post more information on its blog when it finds out.
Quoting someone who has tested the feature and requested anonymity because of the restrictions of a non-disclosure agreement (NDA), Goodin said a pop-up window warns users when they try to install applications that are malicious.
The feature apparently only detects two known Mac Trojans, RSPlug and iServices. Further, it flags them only if they were downloaded from the Internet using Entourage, iChat, Safari, Mail, Firefox and Thunderbird, Goodin's source said.
The feature does not detect malicious files downloaded using Skype and other Internet-facing applications, or files on DVDs and thumb drives, Goodin's source told him.
Does Apple Security Work?
On its Web site, Apple claims that Mac OS X delivers "the highest level of security through the adoption of industry standards, open software development and wise architectural decisions." This intelligent design prevents the viruses and spyware that sometimes plague PC users, it says.
Features include secure default configuration; a personal firewall; auto updates; encryption through the FileVault feature, which uses AES-128 encryption; and disk image encryption.
However, none of that impresses Charlie Miller, principal analyst of software security at Independent Security Evaluators.
"Apple security's mostly worse than Windows Vista because it doesn't have full ASLR and DEP," he told MacNewsWorld. "We'll have to wait for Snow Leopard to see if it adds these features. If it does, it is at least comparable to Vista."
Let's Get All Technical
ASLR, or address space randomization layout, involves randomly arranging the positions of key data areas, including the base of the executable and the positions of libraries, heaps and stacks, in a process's address space. This prevents an attacker from easily predicting target addresses.
DEP, or data execution prevention, is a security feature that was introduced in Microsoft (Nasdaq: MSFT) Windows XP Service Pack 2. It prevents an application or service from executing code from a non-executable memory region. This helps prevent exploits that store code through a buffer overflow.
Windows XP Tablet PC Edition 2005, Windows Server 2003 SP 1, Windows Vista, Windows Server 2008, and all newer versions of Windows include DEP.
"We wonder just how serious Apple thinks the malware threat is, especially since their latest Get a Mac ads highlight the fact that PCs running Windows suffer from viruses," Intego said.
Since leaving the National Security Agency, Miller has made a career out of cracking Apple's security. At the Black Hat 2009 security conference, he demonstrated that hackers can break into iPhones through the SMS protocol. Apple later issued a patch it said fixed the problem. He also hacked a Mac in about 10 seconds at CanSecWest 2009 in Vancouver, Canada, in March.
Both Intego and Miller have seen a pre-release copy of Snow Leopard but cannot comment, because they're under NDA until Friday, when Snow Leopard hits the shelves.
Ducking the Malware Firestorm
Apple has had to issue two security updates for Leopard, Snow Leopard's predecessor, this year.
However, Cupertino has been able to avoid major security problems because it has a relatively small share of the personal computing market, said Miller.
"If 90 percent of the world runs Windows, and I'm a bad guy who wants to make money with botnets and such, I'll spend 100 percent of my time on Windows since I can make the most money that way," Miller explained.
"So far, Apple has been able to achieve excellent security by obscurity," Laura DiDio, principal at ITIC, told MacNewsWorld. "It's not that Microsoft has poor security, it's just that, if you are the largest target out there and people keep pounding on you, sooner or later they'll get through."
If the reports that Apple has included an antimalware feature in Snow Leopard are correct, it's a smart move, DiDio said.
"Besides being a good tactical move from the technology standpoint, it's a good public relations move to show industry watchers, customers and resellers Apple's taking charge, it's being proactive and not letting the issue get ahead of it," she said.

Sony Burns Kindle With New Wireless Touchscreen E-Reader


Sony has shown off its answer to Amazon's Kindle e-reader: The Daily Edition, a device that features similar wireless download capabilities but also sports a touchscreen interface. Wireless support comes from AT&T. Sony says the reader won't be ready until December, so a holiday e-book brawl may be brewing.



If you are able to read one of novelist Patrick O'Brien's rousing naval adventures on Sony's (NYSE: SNE) new Daily Edition electronic book reader, then you will also participate in helping Sony send its own shot across the bow at Amazon (Nasdaq: AMZN) and its popular Kindle reading device.

Sony announced Tuesday that the Daily Edition reader will sell for US$399 and will be available in December, just in time for holiday shopping sprees. The real news, however, focused on the Daily Edition's wireless capabilities. Just as with the Kindle's Whispernet technology, the Sony device will allow for instant downloads of books no matter where the user is, thanks to back end infrastructure provided by AT&T (NYSE: T) .
The Daily Edition also offers touchscreen capabilities, which lets users highlight words and paragraphs, and will allow consumers to "check out" books from libraries nationwide thanks to a partnership with OverDrive. The latter feature helps shore up a previous weakness with Sony's reading devices compared to Amazon's Kindle -- the sheer number of books available for download.

Look, Ma, No USB Cables
"Amazon set the standard in being able to integrate wireless," Gerry Purdy, chief analyst of mobile and wireless for Frost and Sullivan, told TechNewsWorld. "It isn't that just adding wireless makes it important, but what it enables is important. It's that the bookstore goes along with you as you're out and about. Before, you had to be connected to a PC to download stuff to your Reader, but now if somebody tells you about a book or you see a book, you can download it right then and there. It's a much better user experience."
However, the pressure is on for AT&T to deliver the same kind of seamless integration with wireless book downloads that has brought Amazon's Kindle so many critical kudos. The embedded wireless/emerging products group at AT&T now has until December to deliver on that promise, Purdy said. "AT&T has a heck of a high brand value and more quality and delivery to make that happen. You'll see a lot more deals like this. I would expect you're going to find it works like Whispernet."
Purdy sees an advantage to the AT&T connections, that being the global nature of the carrier's GSM network. U.S. buyers who do a lot of traveling might end up doing a lot of overseas downloading of books as well.


Reading at Your Fingertips
The touchscreen is another potential key differentiator for Sony's Daily Edition. "Quickly being able to highlight a word and look up a definition or synonym is a lot easier than going to a menu. There are a number of things you have to do on a Kindle to do that. Yes it works, but touch is important. If I was giving feedback to Amazon, I'd like to see touch added to their capabilities," Purdy said.
Of course, if a rumored forthcoming Apple (Nasdaq: AAPL) tablet offers color and graphics support to any electronic book-reading features, that could add a whole new chapter to the e-book competition story. Color screens may be battery hogs, but they also provide better contrast ratios for reading, Purdy said. "As soon as you add color and media, then textbooks become viable. They need color and symbols. It's not easy to publish graphics, and you can't make them move on a Kindle. The days of kids with backpacks full of books may become numbered" with a color reader on the market, he added.

Google Maps Adds Back-Road Traffic Flow Data

Google has expanded the functionality of its Maps application to provide information on traffic congestion -- or the lack of it -- on surface streets. It previously was limited to interstate highways. Since the system relies in part on data culled from GPS chips in users' phones, its accuracy in less-populated areas is questionable. Then again, a lack of data may indicate light traffic.
Google (Nasdaq: GOOG) has pushed an update to its Maps application adding traffic data on surface streets.
The data will be drawn from GPS-enabled cellphones that are actively running the mobile version of Google's map app, the company said in a blog posting Tuesday.
Although all users of Google's mobile maps service appear to have access to the traffic data, only users with GPS-equipped phones with Google Maps installed can contribute speed information. The iPhone's built-in map application does not support the crowdsourcing feature, according to Google.
The company had previously restricted traffic data to interstate routes, and at least some of that data was provided by traffic services, according to media reports.
It's unclear if Google was using crowdsourcing to help generate its interstate reports, if it is still using those services and, if so, if reports from traffic services play into the descriptions of side-street traffic.
Google's media relations office did not respond to a request for comment on the new service by this article's deadline.

No News Is Good News?
The updated service works by sending Google anonymous information collected by a user's cellphone GPS chip on how fast the car it's in is moving.
Google's service will likely run into the same sort of problem other traffic services get into when they try to predict speeds away from the mad crush of traffic, on quiet secondary and side streets where few drivers are likely to be motoring with their cellphones flipped open to Google maps, said Chris Hazelton, research director for mobile and wireless at the 451 Group.
"That's when you get into samples of one or two people," Hazelton told TechNewsWorld. "How do they know if I'm parking or sitting in traffic?"
Google seems to be satisfied with how well the service is likely to work despite the potential of a small number of users, noted Carl Howe, an analyst with the Yankee Group.
"The question is how many will actually have connected cellphones with GPS applications on them running all the time," Howe told TechNewsWorld. "Google asserts, though, that there are enough that they're getting good data."
The number of cellphones equipped with GPS is large, but it's not clear exactly how many of those phones allow applications to access data from their chips. Regardless, GPS in cellphones is in big demand among consumers and will become increasingly prevalent in the coming years, said Allen Nogee, a principal at In-Stat.

More Than a Convenience
Crowdsourcing is not entirely new in traffic circles. Some private and governmental traffic services already use data sent out by cellphones as they hand off from tower to tower to calculate speeds on nearby roads.
The service could do more than help drivers get to their destinations faster, said Google Maps Product Manager Dave Barth in a company blog posting. It could, in fact, help the environment and assist governments in making transportation planning decisions.
Google says it is mindful of privacy concerns associated with the service, and it has taken steps to make sure that only anonymous data is collected and trip information is discarded

Tuesday, August 11, 2009

U.S. government will not get secret company Internet data

WASHINGTON (Reuters) - Telecommunications providers will not have to give the government sensitive revenue and Internet speed data for a program to map broadband use in U.S. homes and bring high-speed Internet service to more people.
The U.S. Commerce Department said on Friday that companies such as Verizon Communications Inc, Comcast Corp and AT&T Inc do not have to share how much money they make from each Internet subscriber. Nor must they say how fast their Internet connections typically run.
Instead, they will provide data by the block, usually about a dozen homes depending on the size of the block. They also will share the speed of Internet service that they advertise.
Companies do not want to share the specific data because they do not want their competitors to see it.
But failing to make it public allows the companies to advertise -- and charge for -- something that they often cannot deliver, said Joel Kelsey, a telecom policy analyst at Consumers Union, a watchdog group.
"The actual speeds delivered to particular areas simply doesn't match up," Kelsey said. "The government gave a lot and received very, very little in return."
Companies that sell Internet service advertise maximum service speeds as a way to entice customers. More speed means faster access to online entertainment and information.
Internet connections can work at slower speeds than the maximum speed advertised, especially when many subscribers are online at the same time.
The American Cable Association and other groups representing the companies opposed some of the rules before the government clarified the data policy.
"The agency's modifications will improve and expedite (the mapping) effort," ACA President Matthew Polka said.
Larry Landis, an Indiana utility regulatory commissioner and chairman of the federal-state group that will map high-speed Internet availability, praised the Commerce Department's National Telecommunications and Information Administration for being flexible.
The Commerce and Agriculture departments will award loans and grants to state and local governments, and nonprofit and for-profit companies, including telecommunications companies, to participate in the government's broadband program.
The first phase of the plan would release $4 billion of the $7.2 billion program included in President Barack Obama's economic stimulus plan. About $350 million will go to the mapping program, but the Commerce Department estimated that $240 million would be needed.
The rule changes come a day after the Federal Communications Commission launched its first workshop to gather ideas and proposals for a national broadband plan it plans to give to Congress in February.

Three top Hollywood studios bring films to Web

NEW YORK/LOS ANGELES (Reuters) - It is a dash of Hulu and a sprinkle of YouTube, features a crystal clear picture, can rewind or fast-forward at lightning speed, and doesn't require a download of any special software.
But epixHD.com, the soon-to-launch video website, will have its success dictated more by the movies, concerts and original programs it offers than the technology behind it, said the executive charged with creating and running the site.
"The critical linchpin to what we've got is that we have one-third of the box office of Hollywood," Epix Chief Digital Officer Emil Rensing said in an interview.
That comes thanks to the three parent companies of Epix: Viacom Inc's Paramount film studio, Lions Gate Entertainment Corp and MGM. In putting together Epix, the companies hope to compete with Time Warner Inc's HBO and CBS Corp's Showtime in the premium movie channel business.
But they added a twist. In addition to the premium movie channel and a video-on-demand component, the venture is building epixHD.com, a website where the studios' vast collections of full-length movies and new original programing can be streamed by any subscriber.
Rensing, a former executive with Time Warner's AOL, was hired to run the site. His aim, he said in an interview, was to make it "all about being easy to use" yet not a "dumb player" that simply acts as a projection screen for video.
So epixHD.com comes with an array of features. When watching Paramount's "Iron Man," for instance, a person will have access to the trailer, lists of facts about the superhero film, a plot synopsis, and cast list.
Because of its relationship with the studios, Rensing said epixHD.com could eventually offer more unique features.
"Let's give something to the fans that gets them really excited," said Rensing. "We're asking (the studios) for some of the weird stuff. We'd like to go to sets on tear down days, talk to the teamsters about the crazy stuff that happened."
BUILDING ITS LIBRARY
EpixHD.com is due to launch before the cable channel does in October, and will build its library of films from its parent studios in the months that follow. At the moment, it is still being tested in front of a small audience.
As for its appearance, the site features as wall of movies from which a viewer chooses with a click of the mouse. The movie then pops up, set against a traditional red movie theater curtain. Another mouse click plays the movie.
"My job is not to convince people to watch movies on the Internet. I already know they are doing that. What's my job? My job is to make it as easy and fun as possible to watch the stuff that I have access to," said Rensing.
"We're not a tech company, we're a media company," he said in response to a question about some similarities to Google Inc's YouTube or Hulu, owned by General Electric Co's NBC Universal, News Corp, and Walt Disney.
"I'm not going to reinvent the wheel. Hulu's got a great player. I'm going to take a couple things from Hulu. YouTube's got a couple cool features. I'm going to take them."

Facebook buys social media start-up FriendFeed

SAN FRANCISCO (Reuters) - Facebook, the world's largest social networking site, said it will buy FriendFeed, netting a group of prized ex-Google engineers in the fast-growing Internet business.
FriendFeed, an up-and-coming social media startup, lets people share content online in real time across various social networks and blogs.
The service is similar to, though less popular than Twitter, the microblogging site that Facebook tried to buy for $500 million in 2008, according to sources familiar with the matter.
Terms of the deal were not disclosed on Monday, but Facebook said FriendFeed would operate as it has for the time being as the teams determine long-term plans.
Facebook's big gain in the acquisition is the engineering talent at FriendFeed, rather than the actual product, which has won critical praise, but lagged in popularity compared to Twitter, said Forrester Research analyst Jeremiah Owyang.
"These guys now how to build scalable, social applications," said Owyang.
In a statement, Facebook CEO Mark Zuckerberg said he admired the FriendFeed team for having created a service he described as simple and elegant.
"As this shows, our culture continues to make Facebook a place where the best engineers come to build things quickly that lots of people will use," said Zuckerberg.
FriendFeed's four founders are former Google Inc employees who count well known products like Gmail and Google Maps among their accomplishments.
Facebook said the founders will hold senior roles on its engineering and product teams.
FriendFeed had talked with Facebook "casually" for a couple of months, and that it became clear that the teams were "cut from the same cloths," FriendFeed co-founder Bret Taylor told Reuters in an interview.
He declined to say whether FriendFeed had been in talks with other companies.
One bridge between Facebook and FriendFeed might have been Matt Cohler, Facebook's former management vice president. He joined FriendFeed backer Benchmark Capital last year.
Asked what role the connection played in the deal, FriendFeed's Taylor said the decision to be acquired by Facebook was made entirely by the team at FriendFeed.
Facebook has more than 250 million registered users. In May, the social networking company announced a $200 million investment from Russian investor Digital Sky Technologies that pegged the value of its preferred shares at $10 billion.