Welcome to Cyber Way

A Platform to Search Knowledge, Education, Fun, and Explore Cyber World.

Google Search

Custom Search

Thursday, August 27, 2009

Snow Leopard to Prowl for Mac Malware?



Apple has reportedly built antimalware features into its upcoming Snow Leopard operating system. The feature apparently patrols for known Mac Trojans. Tight security is an oft-touted feature of Mac OS X, though users must still be wary of malware like Mac Trojans, which have been known to exist in the wild.
Apple (Nasdaq: AAPL) has reportedly included antimalware technologies in Snow Leopard, which will go on sale Friday.
The news comes shortly after Apple released a fresh round of commercials indicating that the Mac, unlike PCs running Windows, is virus-free.
Mac security software vendor Intego's blog carried a screenshot showing the antimalware feature detecting a version of the RSPlug Trojan horse in a downloaded disk image.
Dan Goodin, writing in the Register blog, said the feature checks for only two known Mac Trojans, and has other limitations.

About the Antimalware
Intego said it's not sure how the antimalware feature works. It promised to post more information on its blog when it finds out.
Quoting someone who has tested the feature and requested anonymity because of the restrictions of a non-disclosure agreement (NDA), Goodin said a pop-up window warns users when they try to install applications that are malicious.
The feature apparently only detects two known Mac Trojans, RSPlug and iServices. Further, it flags them only if they were downloaded from the Internet using Entourage, iChat, Safari, Mail, Firefox and Thunderbird, Goodin's source said.
The feature does not detect malicious files downloaded using Skype and other Internet-facing applications, or files on DVDs and thumb drives, Goodin's source told him.
Does Apple Security Work?
On its Web site, Apple claims that Mac OS X delivers "the highest level of security through the adoption of industry standards, open software development and wise architectural decisions." This intelligent design prevents the viruses and spyware that sometimes plague PC users, it says.
Features include secure default configuration; a personal firewall; auto updates; encryption through the FileVault feature, which uses AES-128 encryption; and disk image encryption.
However, none of that impresses Charlie Miller, principal analyst of software security at Independent Security Evaluators.
"Apple security's mostly worse than Windows Vista because it doesn't have full ASLR and DEP," he told MacNewsWorld. "We'll have to wait for Snow Leopard to see if it adds these features. If it does, it is at least comparable to Vista."
Let's Get All Technical
ASLR, or address space randomization layout, involves randomly arranging the positions of key data areas, including the base of the executable and the positions of libraries, heaps and stacks, in a process's address space. This prevents an attacker from easily predicting target addresses.
DEP, or data execution prevention, is a security feature that was introduced in Microsoft (Nasdaq: MSFT) Windows XP Service Pack 2. It prevents an application or service from executing code from a non-executable memory region. This helps prevent exploits that store code through a buffer overflow.
Windows XP Tablet PC Edition 2005, Windows Server 2003 SP 1, Windows Vista, Windows Server 2008, and all newer versions of Windows include DEP.
"We wonder just how serious Apple thinks the malware threat is, especially since their latest Get a Mac ads highlight the fact that PCs running Windows suffer from viruses," Intego said.
Since leaving the National Security Agency, Miller has made a career out of cracking Apple's security. At the Black Hat 2009 security conference, he demonstrated that hackers can break into iPhones through the SMS protocol. Apple later issued a patch it said fixed the problem. He also hacked a Mac in about 10 seconds at CanSecWest 2009 in Vancouver, Canada, in March.
Both Intego and Miller have seen a pre-release copy of Snow Leopard but cannot comment, because they're under NDA until Friday, when Snow Leopard hits the shelves.
Ducking the Malware Firestorm
Apple has had to issue two security updates for Leopard, Snow Leopard's predecessor, this year.
However, Cupertino has been able to avoid major security problems because it has a relatively small share of the personal computing market, said Miller.
"If 90 percent of the world runs Windows, and I'm a bad guy who wants to make money with botnets and such, I'll spend 100 percent of my time on Windows since I can make the most money that way," Miller explained.
"So far, Apple has been able to achieve excellent security by obscurity," Laura DiDio, principal at ITIC, told MacNewsWorld. "It's not that Microsoft has poor security, it's just that, if you are the largest target out there and people keep pounding on you, sooner or later they'll get through."
If the reports that Apple has included an antimalware feature in Snow Leopard are correct, it's a smart move, DiDio said.
"Besides being a good tactical move from the technology standpoint, it's a good public relations move to show industry watchers, customers and resellers Apple's taking charge, it's being proactive and not letting the issue get ahead of it," she said.

Sony Burns Kindle With New Wireless Touchscreen E-Reader


Sony has shown off its answer to Amazon's Kindle e-reader: The Daily Edition, a device that features similar wireless download capabilities but also sports a touchscreen interface. Wireless support comes from AT&T. Sony says the reader won't be ready until December, so a holiday e-book brawl may be brewing.



If you are able to read one of novelist Patrick O'Brien's rousing naval adventures on Sony's (NYSE: SNE) new Daily Edition electronic book reader, then you will also participate in helping Sony send its own shot across the bow at Amazon (Nasdaq: AMZN) and its popular Kindle reading device.

Sony announced Tuesday that the Daily Edition reader will sell for US$399 and will be available in December, just in time for holiday shopping sprees. The real news, however, focused on the Daily Edition's wireless capabilities. Just as with the Kindle's Whispernet technology, the Sony device will allow for instant downloads of books no matter where the user is, thanks to back end infrastructure provided by AT&T (NYSE: T) .
The Daily Edition also offers touchscreen capabilities, which lets users highlight words and paragraphs, and will allow consumers to "check out" books from libraries nationwide thanks to a partnership with OverDrive. The latter feature helps shore up a previous weakness with Sony's reading devices compared to Amazon's Kindle -- the sheer number of books available for download.

Look, Ma, No USB Cables
"Amazon set the standard in being able to integrate wireless," Gerry Purdy, chief analyst of mobile and wireless for Frost and Sullivan, told TechNewsWorld. "It isn't that just adding wireless makes it important, but what it enables is important. It's that the bookstore goes along with you as you're out and about. Before, you had to be connected to a PC to download stuff to your Reader, but now if somebody tells you about a book or you see a book, you can download it right then and there. It's a much better user experience."
However, the pressure is on for AT&T to deliver the same kind of seamless integration with wireless book downloads that has brought Amazon's Kindle so many critical kudos. The embedded wireless/emerging products group at AT&T now has until December to deliver on that promise, Purdy said. "AT&T has a heck of a high brand value and more quality and delivery to make that happen. You'll see a lot more deals like this. I would expect you're going to find it works like Whispernet."
Purdy sees an advantage to the AT&T connections, that being the global nature of the carrier's GSM network. U.S. buyers who do a lot of traveling might end up doing a lot of overseas downloading of books as well.


Reading at Your Fingertips
The touchscreen is another potential key differentiator for Sony's Daily Edition. "Quickly being able to highlight a word and look up a definition or synonym is a lot easier than going to a menu. There are a number of things you have to do on a Kindle to do that. Yes it works, but touch is important. If I was giving feedback to Amazon, I'd like to see touch added to their capabilities," Purdy said.
Of course, if a rumored forthcoming Apple (Nasdaq: AAPL) tablet offers color and graphics support to any electronic book-reading features, that could add a whole new chapter to the e-book competition story. Color screens may be battery hogs, but they also provide better contrast ratios for reading, Purdy said. "As soon as you add color and media, then textbooks become viable. They need color and symbols. It's not easy to publish graphics, and you can't make them move on a Kindle. The days of kids with backpacks full of books may become numbered" with a color reader on the market, he added.

Google Maps Adds Back-Road Traffic Flow Data

Google has expanded the functionality of its Maps application to provide information on traffic congestion -- or the lack of it -- on surface streets. It previously was limited to interstate highways. Since the system relies in part on data culled from GPS chips in users' phones, its accuracy in less-populated areas is questionable. Then again, a lack of data may indicate light traffic.
Google (Nasdaq: GOOG) has pushed an update to its Maps application adding traffic data on surface streets.
The data will be drawn from GPS-enabled cellphones that are actively running the mobile version of Google's map app, the company said in a blog posting Tuesday.
Although all users of Google's mobile maps service appear to have access to the traffic data, only users with GPS-equipped phones with Google Maps installed can contribute speed information. The iPhone's built-in map application does not support the crowdsourcing feature, according to Google.
The company had previously restricted traffic data to interstate routes, and at least some of that data was provided by traffic services, according to media reports.
It's unclear if Google was using crowdsourcing to help generate its interstate reports, if it is still using those services and, if so, if reports from traffic services play into the descriptions of side-street traffic.
Google's media relations office did not respond to a request for comment on the new service by this article's deadline.

No News Is Good News?
The updated service works by sending Google anonymous information collected by a user's cellphone GPS chip on how fast the car it's in is moving.
Google's service will likely run into the same sort of problem other traffic services get into when they try to predict speeds away from the mad crush of traffic, on quiet secondary and side streets where few drivers are likely to be motoring with their cellphones flipped open to Google maps, said Chris Hazelton, research director for mobile and wireless at the 451 Group.
"That's when you get into samples of one or two people," Hazelton told TechNewsWorld. "How do they know if I'm parking or sitting in traffic?"
Google seems to be satisfied with how well the service is likely to work despite the potential of a small number of users, noted Carl Howe, an analyst with the Yankee Group.
"The question is how many will actually have connected cellphones with GPS applications on them running all the time," Howe told TechNewsWorld. "Google asserts, though, that there are enough that they're getting good data."
The number of cellphones equipped with GPS is large, but it's not clear exactly how many of those phones allow applications to access data from their chips. Regardless, GPS in cellphones is in big demand among consumers and will become increasingly prevalent in the coming years, said Allen Nogee, a principal at In-Stat.

More Than a Convenience
Crowdsourcing is not entirely new in traffic circles. Some private and governmental traffic services already use data sent out by cellphones as they hand off from tower to tower to calculate speeds on nearby roads.
The service could do more than help drivers get to their destinations faster, said Google Maps Product Manager Dave Barth in a company blog posting. It could, in fact, help the environment and assist governments in making transportation planning decisions.
Google says it is mindful of privacy concerns associated with the service, and it has taken steps to make sure that only anonymous data is collected and trip information is discarded