Android disrupts market

In 2011, Android/Linux smart phones displaced Apple, Nokia and RIM smart phones in the market but they did more than overtake. They pulled away.

Look at the numbers. IDC reports that in 3Q 2011, 118 million smart phones were produced. Apple, Nokia and RIM accounted for only 45.7 million of them. Samsung and HTC accounted for 36.3 million with 175% annual growth rate. The former market leaders were not only overtaken but left in the dust. They could not outperform dozens of newcomers using FLOSS swarming over every region and every niche in the market.

That’s what we should be seeing in the market for PCs generally but competition is stifled by lock-in of OEMs, retailers and businesses. It’s about time that changed. In Q2, the world shipped 91 million notebook/desktop PCs. Change will come but it’s too slow for me. While FLOSS is taking over the mobile space, it will penetrate the monopoly more slowly, one purchase or installation at a time. In Q2 50 million PCs shipped with “7″. A lot of the rest shipped with GNU/Linux or FreeDOS or no OS. I expect a few retailers will experiment with Android/Linux on ARMed PCs, then GNU/Linux on ARMed PCs and finally GNU/Linux on x86/amd64 PCs. It will take a few more years but it will happen. Microsoft’s entry into ARM with “8″ and Microsoft’s current advertising campaign for “7″ shows Microsoft sees it coming. The stalling of PC sales while smart thingies take off shows the market is on the edge of change.

I predict that Microsoft will not be able to grasp/hang on to the fast-moving train that is the mobile ecosystem. One of these days it will come crashing down.

When someone asks about what phone they should get, I always tell them to get an Android as it is the most open device on the market and has plenty of options.

Mac Flashback Trojan

The security by obscurity myth is finally blown out of the water…Mac’s are pretty much mainstream these days and it yet again proves my points about Mac virus resistance, it may be virus resistant, but unless you upgrade the users, no platform is Trojan proof.

Apple has updated the malware protection built into its Mac operating system to flag a recently discovered trojan that hijacks users’ machines by masquerading as a benign document. Malware disguised as an Adobe Flash installer, meanwhile, remained unchecked.

The file quarantine, which Apple snuck into a prerelease version of Snow Leopard in 2009, was updated to include a definition for Trojan-Dropper: OSX/Revir.A, which antivirus provider F-Secure disclosed on Friday. According to an update on F-Secure’s blog, the malware disguises itself as a PDF file in an attempt to trick users into clicking on it.

“The malware then proceeds to install a backdoor, Backdoor:OSX/Imuler.A, in the background,” stated the F-Secure analysis, which was posted Monday. “As of this writing, the C&C of the malware is just a bare Apache installation and is not capable of communicating with the backdoor yet.”

By Tuesday morning, Apple had added a definition for Revir.A into the file quarantine feature, our review of a Mac running OS X Lion, aka 10.7, has shown. By our count, it’s the 10th definition to be included, although two of them cover malware with the identical label of “OSX.HellRTS.” The definitions are stored in a file called XProtect.plist tucked away in the /System/Library/CoreTypes.bundle/Contents/Resources/ folder.

Apple engineers pushed out the update around the same time that a new trojan was discovered menacing Mac users. According to Mac antivirus provider Intego, the Flashback trojan is built on a sophisticated code base that installs a backdoor on infected machines, and covers its tracks by using encryption when communicating with remote servers.

“The backdoor is able to download further software, but, for now, we are not seeing this activity,” Intego’s analysis stated. “It is also able to update itself, and creates an Sha1 hash of the malware to see if it has changed. If the Sha1 of the software version on the server is different from that installed, this means that an update is necessary.”

With the explosive growth of Macs, iPhones, and iPads, malware purveyors have finally begun targeting Apple products after years of almost exclusive focus on Microsoft users. Earlier this year, an outbreak of fraudulent Mac antivirus products ignited a huge spike in support calls from frantic Mac users who had been tricked into installing a piece of malware called MacDefender. Apple eventually added definitions for it to its file quarantine, as well.

I think the difference between Microsoft and Apple here is that Microsoft weren’t the ones to create a condescending “I’m a PC” commercial insinuating that their operating system was virus free…With the amount of braindead Apple fans who claim that Apple Virus / Malware is an oxymoron, that 30 second spot could turn out to be some of history’s most damaging tech-related FUD.

Early I wrote that actually most targeted vulnerabilities are in Flash, PDF or Java these days via Internet Explorer (IE) and once you take IE out of the equation, Windows does quite well, especially given the rich rewards and vast selection of low-hanging fruit users can offer.

Apple Mac Trojans

A newly identified Mac OS X Trojan bundles a component that leverages the processing power of video cards (GPUs) to generate Bitcoins, a popular type of virtual currency.

The new Trojan known as OSX/Miner-D, nicknamed “DevilRobber” by antivirus vendors, is being distributed together with several software applications via BitTorrent sites.

“This malware is complex, and performs many operations,” security researchers from Mac antivirus vendor Intego warned. “It is a combination of several types of malware: It is a Trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command and control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is a spyware, as it sends personal data to remote servers,” they explained. The software is being distributed through torrent sites. It installs a Java-based application called “DiabloMiner” that uses your Mac’s graphics processing unit (GPU) to generate Bitcoins.

The Bitcoin mining program that DevilRobber installs on infected computers is called DiabloMiner and is a legitimate Java-based application used in the virtual currency’s production. As this application is Java based, it will run on Windows, Solaris and Linux computers.

The first sign of infection is if your Mac suddenly becomes sluggish, Graham Cluley of Sophos wrote in a blog post.

“It’s becoming clearer every week that Mac users need to take malware protection more seriously by running anti-virus software,” he wrote.

The DevilRobber trojan steals processing power, which can lead to slow computer performance, as well as actual Bitcoins, which are kept in virtual wallets on the victim’s machine.

“OSX/Miner-D [DevilRobber] also spies on you by taking screen captures and stealing your usernames and passwords,” warned Graham Cluley, a senior technology consultant at antivirus vendor Sophos.

“In addition, it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history and .bash_history,” he added.

So far, the Trojan has been detected in a BitTorrent download for GraphicConverter version 7.4, an image editing application for Mac OS X. However, this doesn’t mean that there aren’t similarly Trojanized torrents out there.

“Clearly, Mac users — like their Windows cousins — should practice safe computing and only download software from official websites and legitimate download services,” Cluley said. He also stressed that Mac users should install an antivirus program, which is not hard to do and costs nothing.

There are several providers of free antivirus solutions for Mac and all of their solutions are more capable than Mac OS X’s default anti-malware defense mechanism, which some Trojans already bypass or even disable.

The latest patch from Microsoft Security Essentials and other Mac AV providers will detect this DevilRobber. I suggest you go one step further and use ESET NOD32.

Bitcoin is a form of virtual cash that can be exchanged by users without the need for an intermediary bank or payment service. Bitcoins are actually cryptographic hashes that get generated piece by piece using specialized programs like DiabloMiner, according to a public algorithm.

Bitcoin is a decentralized, highly controversial virtual currency that was formed by programmers in 2009. The currency is generated by programming computers to calculate highly complex math problems; the more computing power you have, the faster you can create Bitcoins. This is why Bitcoin rigs often look like massive sculptures of connected servers.

Ideally, Bitcoin resolves issues inherent in traditional currencies, like double-spending, inflation, corruption, and inept monetary authorities. But in reality, the effort is being undermined by security issues like exchange breaches, account theft, and pure FUD.

In the past we’ve also heard of Twitter-based Bitcoin bots and months ago, Symantec predicted the spawn of botnets used to mine Bitcoins.

One Bitcoin is currently valued at around US$3.20, and it is a good source of profit for both Bitcoin miners, who legitimately use their computer resources to generate them, and cybercriminals who steal them.

Drive availability lessens 30%

The massive flooding in Thailand is disrupting supplies of hard disk drives (HDDs) for the world’s personal computer makers, according to companies and market intelligence firms. Partially-submerged factories in Pathum Thani, outskirts of Bangkok, will effect future demand for the rest of the world.

Around 40 percent of all hard disk drives worldwide are produced in Thailand, making it the second-largest exporter of HDDs after China, it is estimated that factories in Thailand currently affected by flooding account for some 25 percent of worldwide HDD production.

There’s definitely going to be an impact on HDD customers this quarter and next quarter,” Rydning told AFP on Friday. “It’s going to take several months for the HDD industry to recover.”

Apple chief executive Tim Cook told financial analysts last week he was “virtually certain” that the flooding in Thailand would lead to an overall industry shortage of hard disk drives.

“Like many others, we source many components from Thailand,” Cook said during the quarterly earnings call for the manufacturer of the Macintosh computer line.

“There are several factories that are currently not operable and the recovery timeline for these factories is not known at this point,” he said.

“It is something that I’m concerned about,” Cook said. “How it affects Apple, I’m not sure.”

Fang Zhang, an analyst for storage systems at market intelligence and technology consultant IHS iSuppli Corp., said the flooding could cause a 30 percent drop in HDD production in the fourth quarter of the year. Fang said in a statement that the floods could potentially lead to an HDD supply shortage this quarter that may last into the first quarter of next year. Before the disaster, IHS iSuppli had forecast production of 176.2 million hard drives during the fourth quarter.

IDC’s John Rydning has stressed that not all of the HDD production in Thailand is being affected by the flooding and said the impact “is mitigated somewhat by HDD inventory that existed entering the flood period.

“Those inventories will help to satisfy some of the HDD requirements of major customers,” he said. “But we expect that any inventory available will be depleted, probably in the month of November.”

The three-month crisis triggered by unusually heavy monsoon rains has left at least 377 people dead and damaged millions of homes and livelihoods, mostly in northern and central Thailand. Floodwaters are now approaching Bangkok.

Rydning noted that the flooding in Thailand was the second major natural disaster to hit the HDD industry this year, coming on the heels of the earthquake and tsunami in Japan in March.

“But it’s a very resilient industry,” he said. “It really came out of the third quarter in pretty good shape, not only in terms of meeting demand but having inventories back at levels they were at prior to the earthquake and tsunami.”

Apple is just one of the world’s computer manufacturers expected to be affected by the tightening of supply of hard drives.

“Amongst all of the PC vendors the pain is going to be felt by everyone — more so by some of the smaller PC vendors than the bigger ones,” Rydning said.

Major PC manufacturers will be better able to weather the crisis because of their access to inventory and their ability to negotiate more strategic supply agreements, he said. Rydning said the two HDD assembly companies the most heavily impacted by the flooding are Western Digital and Toshiba.

“They’re the two companies that have assembly factories in the flood zone,” he said. More than a dozen HDD component suppliers were also affected because “they’re congregated and clustered in that same region,” he said.
“But it’s important to realize that these component suppliers are extremely nimble,” he said. “They have factories in other countries as well, in China and the Philippines and Malaysia.

“As quickly as they can they’ll transfer production to those factories and try to make up any capacity that’s lost due to flooding in Thailand,” he said. “They will be very helpful to the HDD vendors to help them recover.”

One effect will be that the world output of magnetic hard drives could fall as much as 30% in the final three months of 2011 – and manufacturers who need them are now scrambling to snap up existing inventories, market research firm IHS iSuppli says.

For Asia’s PC makers, already grappling with the prospect of subdued year-end holiday season consumer demand, that could mean a further slowdown in the lunar new year sales season, and lead to weak sales in the first quarter of 2012, hurting the one regional growth area of an industry already facing a challenge from smartphones and tablets, and from slowing corporate spending on technology hardware. Alternatively, it might briefly push up prices on those which are available.

“From the Asia context, of course the impact will be on the Taiwanese PC manufacturers – companies like Acer and Asustek Computer,” said Satish Lele, vice president, consulting, Asia Pacific at Frost & Sullivan in Singapore.

Thailand is the world’s second largest maker of hard disk drives (HDD) after China, and makes about half of global output taking place there. The damage caused by flooding could keep factories closed or hobbled for months, analysts and executives reckon.

Analysts have highlighted Japan’s Nidec Corp, which controls about 80% of the world’s output of a key HDD component – the motor – as the major potential bottleneck for supplies of drives, used to store data in computers.

Nidec has closed some plants in Thailand, as has disk parts maker Minebea.

The total demand for HDDs is presently around 660m units annually, with Western Digital and Seagate having just over 30% share. Hitachi makes about 16% of world supply, followed by Toshiba (11%) and Samsung (10%).

Lele said PC makers will have four to six weeks on average of inventory, but will feel the effects after that is gone. “From that context, the issue will start hitting these companies sometimes towards end of November and December, which for them are also key months because of the holiday season.”

Acer declined to comment and Lenovo Group, the Chinese company that is the world’s No.2 PC maker in the third quarter, had no immediate comment.

Pegatron, the Taiwanese company that is the main contract manufacturer for Asustek Computer , doesn’t see a problem for six to eight weeks as makers have inventory, but after that it would depend on how fast things return to normal in Thailand.

Pegatron Chief Financial Officer Charles Lin said there was one big difference between the Thailand situation and the aftermath of Japan’s earthquake in March, which also disrupted supplies of components across a number of technology industries, including smartphones.

“The concentration of some component manufacturing [in Japan] was very high, but Thailand only makes up about a quarter of global hard disk production, so if plants elsewhere can ramp up, the effect this time may be less than that after the Japan quake,” he said.

Nick Wu, head of investor relations at Asustek, said the company’s inventory and supply chain was enough to last until the end of the fourth quarter. But after that if the situation continued then there could be an impact.

Asked about the effects on Apple, chief executive Tim Cook said in the company’s recent earnings call that “we source many components from Thailand, from many factories. The recovery timeline for these factories isn’t known. The weather really hasn’t allowed an assessment… It is something that I’m concerned about.” He added that “our hearts go out to all the people in Thailand who have experienced these devastating losses of life and property as a result of the monsoons and the flooding.” Apple sold its largest-ever number of PCs in the third quarter, but future sales could be affected by the slowdown in supplies.

Western Digital and Seagate both have factories in Thailand. Western Digital’s factories are closed, and Seagate warned it could face parts shortages even though its plants are running.

“With such a tight supply chain, it’s very unlikely that people have a lot of stock to cover themselves,” said Lillian Tay, analyst at Gartner in Singapore. “But from what we see, the major impact will come in Q1 because it’s a 50-50 (situation). Some of them may not get what they want in Q4 [2011], but I think Q1 [of 2012] is really going to be the quarter that the most impact will be felt.”

Nanya Technology, Taiwan’s second-biggest DRAM memory chip maker, expects some impact from a shortage of hard disks.

“Because notebooks all need hard disks, there will be an impact on the whole IT industry in November, December and into January, and this is a negative factor for DRAMs,” Nanya Vice President Pei Lin Pai told reporters when the firm reported earnings last week.

Taiwan’s Quanta Computer Inc , the world’s top contract laptop PC maker, and the next biggest, Compal Electronics, said hard disks are “confined components”, meaning clients and not the contract makers procure them themselves. Both said they had not received any updates from clients.

South Korea’s Hynix Semiconductor Inc, the world’s second largest computer memory chip maker, said the flood had not had a major impact on it, given the current inventory levels at HDD makers and PC vendors.

Other products have already been affected by the flooding, with Sony delaying the launches of several new cameras, lens kits and headphones after production was halted.

Frost & Sullivan’s Lele said PC makers will also take a hit as they will have to bear the costs of the shortage.

“It will be more for the PC makers to absorb the costs, because it is highly unlikely that they can pass it on to the customer. They will be under tremendous pressure to absorb the additional costs.”

Linux deters computer viruses

Linux is an alternative operating system, such as Microsoft Windows or Apple OSX. However, it is far superior as Android, which is built from Linux, is surpassing Apple’s beloved iPhone and all the while, Windows Mobile phone looks on wondering what is happening. The open design of Android and Linux is becoming readily apparent.

Computer experts say that Linux has much of the same applications, it not more then what the other operating systems currently offer. All of the major Linux distributions come by default with a word processor and internet browser of course, but the advantage is it gives you a decreased footprint to catch a virus or have a some nefarious piece of malware hose your computer and work.

There is one characteristic of the Linux operating system that stands out. That is, because Linux is open source software whose source code is published and made available to the public, enabling anyone to copy, modify and redistribute the source code without paying royalties or fees. Open source code evolves through community cooperation. These communities are composed of individual programmers as well as very large companies. No one single entity has control of Linux and it’s kernel base.

Linux is completely free, no gimmicks. All you have to do is download one of the popular systems like Ubuntu or Linux Mint and burn it onto a CD, then install it onto your computer. If you have an old computer laying around, or one that has been rendered inoperable form an infection of some sort. Go ahead and try it!

Everyone is using Linux and you are not, you are missing the boat! http://jet-computing.com/who-uses-linux-everyone-does/

As time moves on, it is imperative that you make some changes. This is especially true in the computer world. Sadly, many people do not welcome change and insist on continuing as they are, even when it is apparent that change is sorely needed. Which is fine with me, I will continue taking in their money.

When someone gives me a computer to repair, very often I will demonstrate Linux to them after I repair what was wrong, which typically is software related as Windows becomes a mess at times. However, even shown the benefits and advantages with a short personal tour, there are still those that will not budge.

Here are five reasons why people do not change, this can be used in any venue.

• Fear - Most people are happy in the situation that they are in. In fact, they often presume that making a change could turn out to be worse than they had been expecting. This is basically fear of the unknown. When not conquered, it keeps people stuck with what they know however painful it may seem to someone on the outside.

• Assumptions - People assume many negative things when they think about making a change. They think that they may not be able use a new operating system, or that it would be way too hard to relearn everything all over again. If you have done your research well, then there is no reason to assume anything negative. Assume the best until and unless you are shown otherwise.

• Time - Many computer owners are willing to accept change – but might think that the time is not yet right for the step. Unfortunately, this is a symptom of procrastination. In its most pervasive form, it results in nothing getting done.

• Trust - As a computer user, you might not be ready to trust anyone who is advising them to change. The point is — if a suggestion is made by someone, consider the source. It they are a credible professional, colleague or family member, you would do well to at least consider their advice.

• History - Anyone not wanting to change might cite examples from the past to prove their point. They might point to previous ideas that have not succeeded, and convince themselves that history will repeat itself if they go ahead with the change.

Refusal to accept change is a computer user’s worst enemy. Change is a part of life — you can either accept it, or watch as people surpass you.

For more about Linux, or for a wider selection of Linux distributions, visit http://distrowatch.com/

Windows Patch Tuesday – October 2011

Windows, insecure by design. How else can you explain that all supported versions of Internet Exploiter have the same vulnerability to injection of malware?

Microsoft and Apple today released security updates to fix a slew of critical security problems in their software. Microsoft’s patch batch fixes at least 23 vulnerabilities in Windows and other Microsoft products. Apple’s update addresses more than 75 security flaws in the Windows versions of iTunes.

Nine of the 23 flaws Microsoft fixed with patches today are rated “critical,” meaning attackers could exploit them to break into vulnerable systems with little or no help from users. Eight of the nine critical bugs are in Internet Explorer. The remaining critical flaw is corrected in an update for the .NET Framework. Three of the vulnerabilities fixed with these updates were disclosed publicly prior to today, including a flaw in Windows Media Center that Microsoft believes crooks are likely to soon figure out how to reliably exploit.

The iTunes update brings the music player software to version 10.5, and is available for Microsoft systems running Windows 7, Vista, XP SP2 and later. Two new features of iTunes deserve mentioning: Apple says iPhone and iPad users who upgrade to iOS 5 when it is released later this week will be able to sync with iTunes wirelessly. More importantly from an update perspective, Apple has at long last untethered iTunes from QuickTime.

Users can download the update by opening iTunes; if you’re not directed to download iTunes 10.5 when you start the program, click “Help,” and then “Check for Updates.” Some OS X users may be wondering how many of these flaws exist in the Mac version of iTunes. According to the SANS Internet Storm Center, Mac users can expect some of these problems to be fixed inSecurity Update 2011-006 and in OS X Lion v. 10.7.2. For the time being, however, neither of those updates appear to have been released.

The latest Windows patches are available through Windows Update or via Automatic Update.

October’s Patch Tuesday release resolved issues in Internet Explorer versions 6 through 9, all versions of Microsoft Windows from XP through 7, .NET and Silverlight, Microsoft Forefront Unified Access Gateway and Host Integration Server, Microsoft said Oct. 11. Two of the patches are rated “critical,” and six are rated “important,” Microsoft said.

Microsoft recommended that organizations apply the Internet Explorer and .NET/Silverlight patches first as attackers are likely to come out with a reliable exploit within 30 days. Malware developers often reverse-engineer the patches after they are released to develop exploits that target unpatched systems.

Kaspersky Lab senior security researcher Kurt Baumgertner said that reliable exploitation will lead to remote code execution across a wide variety of Windows versions because Internet Explorer and Silverlight are heavily used software clients.

“It would be surprising to not see related exploits added to packs and widely used in attack attempts over the coming months,” Baumgartner wrote on the Securelist blog.

The critical update for Internet Explorer fixed at least eight known security flaws in all versions of Microsoft’s Web browser, including the latest Internet Explorer 9. The bugs were in the way IE handled objects in memory and the way memory was allocated and accessed.

If exploited, the bugs in Internet Explorer would expose the user to drive-by download attacks just by merely browsing to a booby-trapped site, according to Microsoft. The attacker can gain the same user rights as the user, but users who have accounts with fewer user rights are likely to be less impacted than those who have administrative rights.

“Patching browsers will be top priority because the vulnerabilities fixed with each security bulletin release in browsers are top exploit targets for attackers,” Jason Miller, manager of research and development at VMware, told eWEEK.

The second critical update fixed a remote code execution flaw in .NET Framework and Silverlight. Users could be compromised just by viewing a malicious page specifically running XAML Browser Applications or Silverlight applications, Microsoft said. The vulnerability would also allow remote code execution on a server running IIS if that system allowed processing ASP.NET pages and specially crafted ASP.NET pages are uploaded to the server and executed. The .NET issue also affects Mac OS clients, according to Dave Marcus, director of security research and communications at McAfee Labs.

The .NET framework class inheritance vulnerability is “complex to exploit” but can be exploited in a “number of ways,” including traditional downloads, drive-by-downloads and by hosting a malicious .NET application, said Joshua Talbot, security intelligence manager at Symantec Security Response.

Microsoft fixed five privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway. The cross-site scripting vulnerability in Microsoft Forefront, if exploited, will allow attackers to steal log-in credentials used for VPN access and gain access to sensitive data. The patch for Microsoft Forefront will likely affect the “smallest number” of organizations because Microsoft generally doesn’t have a big presence in corporate security infrastructure, Marcus Carey, a security researcher at Rapid7, told eWEEK.

Microsoft has two bulletins to fix the DLL preload vulnerabilities in Windows Media Center and Microsoft Active Accessibility. Microsoft has released a patch 17 times to close this issue in various programs since it was first identified Aug. 23, 2010, according to Miller.

“Overall this Patch Tuesday is fairly moderate. Three of the included vulnerabilities have been previously disclosed, and there is an available proof-of-concept code,” Marcus said.

October is often the last month in which administrators at financial and retail organizations apply patches before going into “lock-down” mode for the holiday shopping season, according to Andrew Storms, director of security operations at nCircle. “Enterprise IT teams should get ready to pull out all the stops,” Storms said.

Google Squashes Bugs

Google recently patched 32 vulnerabilities in Chrome, paying more than $14,000 in bug bounties as it also upgraded the stable edition of the browser to version 14.

The company called out a pair of developer-oriented additions to Chrome 14 and noted new support for Mac OS X 10.7, aka Lion, including full-screen mode and vanishing scrollbars.

Google last upgraded Chrome’s stable build in early August. Google produces an update about every six weeks, a practice that rival Mozilla also adopted with the debut of Firefox 5 last June.

Fifteen of the 32 vulnerabilities were rated “high,” the second-most-serious ranking in Google’s four-step scoring system, while 10 were pegged “medium” and the remaining seven were marked “low.”

None of the flaws were ranked “critical,” the category usually reserved for bugs that may allow an attacker to escape Chrome’s anti-exploit sandbox. Google has patched several critical bugs this year, the last time in April.

Six of the vulnerabilities rated high were identified as “use-after-free” bugs, a type of memory management flaw that can be exploited to inject attack code, while seven of the bugs ranked medium were “out-of-bounds” flaws, including a pair linked to foreign language character sets used in Cambodia and Tibet.

Google paid $14,337 in bounties to nine researchers, including $3,500 to “miaubiz” and $2,337 to Sergey Glazunov, another regular bug finder.

The company’s security team also credited others, including researchers who work for Microsoft and Apple, for “working with us in the development cycle and preventing bugs from ever reaching the stable channel.” Some of those researchers were also awarded bounties, but Google did not spell out the amounts of those awards.

As per its practice, Google barred access to the Chrome bug-tracking database for the 32 vulnerabilities to prevent outsiders from obtaining details on the flaws. The company only opens the database after users have had time to update the browser.

Google also added a pair of developer-only features to Chrome 14, including support for the Web Audio API (application programming interface) and for “native client,” an open-source technology that runs software written in C and C++ within Chrome’s security sandbox.

The Mac version of Chrome 14 also supports Lion’s new approach to scrollbars, which appear only when a user is actively scrolling through the browser window. Chrome 14 also now runs in Lion’s full-screen mode, triggered via the icon in the upper right of the browser or by pressing Ctrl-Command-F.

Chrome 14 can be downloaded for Windows, Mac OS X and Linux from Google’s Web site. Users already running the browser will be updated automatically.

Computers for School

Students! Don’t get scammed for back to school computer shopping. There is only a few days left before returning to school and technology companies are gearing up for one of the most busiest seasons of the year.

Having a laptop is not mandatory for college studies, students often justify the purchase by saying that they need it desperately for school. Several large computer stores that have ‘Back to School’ specials for students, are just in it for the revenue and scamming the customers. These large computer stores want to extract as much money as possible from customers and are willing to go the distance in confusing students and their parents in order to make that extra profit. For example, I was told shamelessly straight to my face when buying a netbook that the company does not make a lot of money from the sale of a laptop and that I should purchase something else.

This is why all associates are forced to upsell and skew the truth. These people tell you that you need a CD created in order for your computer to have a backup. This extra service is only $60. For extra $100 they will setup your computer to be “ready to use”. This is a major scam because anyone can do this setup by themselves with only a few clicks of the mouse when they boot up their system for the first time. I was once told that I can get a recovery disc created by them for only $100, as the laptop I was purchasing did not come with one. When I asked if I could do it, I was told that it wasn’t possible, however I could bring the laptop back later on to do so. When I got home and booted the computer for the first time, it gave me an option to burn a recovery CD which was a breeze to make.

However, even if you do not buy into the “setup your computer” argument the associate will tell you that there are tons of viruses out there that will destroy your precious data and you will have to buy antivirus. Another reason to try Linux Mint.

But don’t worry because its on special for just $80. Another tactic they like to use is to sell you extended warranty that is about $120 to $250. This enables you to bring the computer back to the place you bought it instead of shipping it to the manufacturer. Just a side note: Manufacturers have a great service and will replace your computer for free if its still in warranty and shipping is paid by them. I shipped several laptops back to various manufacturers and the service is very fast, professional and efficient. However, be careful with your data as you could lose everything!

After pressuring you to hand over hundreds of dollars for a laptop or a netbook, they try to sell you optical drives, mice, cases and many other peripherals. Many times I have overheard associates lying to customers about what they need just to sell the extra package so that they can get a bonus/commission or just to get their manager off their backs. Even though associates in these large stores try to be polite and smile to your face, they are scamming you for hundreds of dollars out of your hard earned money just because you are unaware about what you really need. And if that fails, many stores increase the price of the product and try to sell you the whole “better value” package, without having the option to buy the computer without those unnecessary “upgrades”.

Another money waster is when students drag their parents to an Apple store and demand the latest computer hardware for their University studies. Apple computers are very expensive but all that students see is the nice shiny box and the cool factor. Being like everyone else is not cool and PCs are hundreds of dollars cheaper and do the same thing that most Apple laptops do. Save yourself or your parents some cash and get a PC laptop instead. Apple products will not increase your grades and will not make you any cooler either. Better yet, get a decent used laptop and run Linux Mint.

Therefore, this back to school season do some serious research about what you need and don’t need and do not be pressured into buying additional things that you might regret later or realize that it was a waste of your money. Majority of these businesses are making huge profits on the ignorance of many individuals about technology and computers.

A few good examples that you should think about might include:

Do students really need the latest MacBook Pro for $2000 to type essays that can be done on a Netbook or a regular laptop?

Do you need to pay additional $130 for Microsoft Office if LibreOffice is free to download and use?

Do you need a firewall and Antivirus if you are smart about what files to open and follow some simple security rules? Or you can download AVG Free Anti-virus or Avast and many universities provide you with anti-virus for free while you are their student.

Do you need additional warranty for $200 if shipping to a manufacturer is free and can be easily set up online? How long do you expect your laptop to last you?

Do you really need to pay hundreds of dollars for an extended warranty if your netbook costs $350 and it is cheaper to buy a new one than keep fixing an old one in 3 years?

Campuses typically have computer halls brimming with computers for students to use. These typically go unused and are only full during mid-terms and finals. Part of your college tuition grants you access to some of the most cutting-edge technology and research in the world. From journal subscriptions to reference e-books to high-tech computers, you have all kinds of resources to help you with your school work, and won’t have to pay extra for any of it. So utilize it.

Try to see through manipulative associates in big computer stores that try to scam you for hundreds of dollars and make you think that you need every one of the things they offer or your computer will blow up. Play it smart and use the money you save for your books or tuition instead because those things are not getting any cheaper….

Windows Patch Tuesday – August 2011

On Tuesday, August 9 at 10AM PDT Microsoft plans to patch 22 vulnerabilities for Internet Explorer, Windows, Visio and Visual Studio as part of the August Patch Tuesday release.

Microsoft will release 13 security bulletins, two of which are rated “critical,” the company said Aug. 4. Nine were rated as “important” and the final two were listed as “moderate” according to the preview announcement.

Even though there are more bulletins than the July update, the number of vulnerabilities remained the same, which is unusual, considering Microsoft recently has been alternating large updates with small ones. August was expected to be a heavy month.

Considering there were 16 bulletins fixing 34 vulnerabilities in June and 17 bulletins fixing 64 bugs in April, 22 vulnerabilities across 13 bulletins doesn’t sound so big, after all. Even so, IT administrators still have a lot of work ahead of them, as they may still be dealing with the 78 patches from Oracle’s July Critical Patch Update on July 19 and Apple’s update for Mac OS X Lion on July 20, said Paul Henry, security and forensic analyst for Lumension. “Microsoft is making IT admins earn their Labor Day holiday,” Henry said.

The bi-monthly update for Internet Explorer is rated as critical and is most likely the one administrators should deploy first, Storms said. The IE update is critical for all platforms and applies to all versions, from IE 6 through 9 on Windows 7, Vista, XP, 2003 and 2008, according to Microsoft. This would be the second update for IE9 in less than five months since its release.

Two of the 13 bulletins are rated “critical,” Microsoft’s highest severity rating. Microsoft Windows users will want to pay special attention to the Internet Explorer bulletin because the issues can expose users to drive-by download attacks via the browser. The update fixes flaws that introduce remote code execution risks on all versions of Internet Explorer, including the newest IE 9. ”If left unpatched, attackers could use this vulnerability to remotely take control of victims’ systems,” said Wolfgang Kandek, CTO for Qualys.

Since the preview announcement doesn’t provide any details on what the actual flaw is being patched, users should limit their use of Internet Explorer to only visit trusted sites and be careful about clicking on links, said Marcus Carey, a security researcher for Rapid7. Servers should never be used to browse the Internet, but many organizations do so anyway, and “compromise their crown jewels,” Carey said.

Concerned users should consider using an alternate browser, such as Firefox or Chrome, until the patches are live, according to Carey. I say quit using Internet Exploiter altogether.

“While multiple browsers can be an administrative headache at times, it comes in handy in situations like this,” said Carey.

The other critical bulletin addresses flaws in the two newest versions of Microsoft’s server operating system, Windows Server 2008 and Server 2008 R2. While Server 2003 has the same vulnerability, Microsoft said the update was only “important” for that version.

“Server administrators should apply patches immediately as this vulnerability also leads to remote code execution,” said Kandek.

Nine bulletins are specific to Windows vulnerabilities, but five of them won’t apply to Windows XP. One of the bulletins addresses issues in Windows 7 and Server 2008 R2, the latest versions of the desktop and server software. Considering Vista shares a lot of code with Windows 7, it was a little puzzling that the bulletin did not patch Vista, according to Storms.

Microsoft is expected to update .NET framework, Visual Studio 2005 development tool and all supported versions of Visio. Microsoft also patched a DLL vulnerability in Visio last month that could have been exploited with a remote code execution attack.

“We have seen other Visio vulnerabilities fairly recently and recommend including the software in your regular patching cycle and/or have users not using that software remove it from their systems,” Kandek said.

A good point is made, if you not using a particular piece of software then remove it.

Another point, JavaScript and Flash are known two ways to infect your computer. I block them by default and maintain a white-list of sites that I allow them to function.

• Disabling JavaScript and Flash for untrustworthy sites. This will help to reduce possible attack vectors for these Trojans, and hence reduce the possibility of you ever seeing ‘Your PC is infected with malicious software and browse couldn’t be launched’ on your browser. Most web browsers will allow you to disable these options by default.
• Keeping your web browser updated. Updates will often fix security loopholes that are exploited to force malicious security programs like Trojans onto your PC.
• Avoiding downloads of anti-virus or anti-spyware programs from non-reputable sources. Many rogue security programs are widely-distributed through generalistdownload storehouse websites, and most will even have their own professional-looking home websites. Verify the integrity of an anti-malware program through multiple sources, beforehand. I highly recommend ESET’s offering.

Switching Operating Systems

The best desktop operating system to use depends on what its intended use will be and who will be using it. There is no specific operating system which can be called “the best” overall, and since most current operating systems share most common and advanced features there is much debate on the topic.

Every now and then the opportunity to re-evaluate exactly which OS is best for a given user comes along, this can or may come into play on a number of factors: broken/new computer time, easily confused with existing option, unable to avoid malware despite your best efforts. Sometimes this means going from OS X to something else, from Windows to something else or even Linux back to something else. This is simply not black and white situation. Remember, what is annoying and unusable to you, could fit like a glove for someone else. So please remember this before expressing extreme dislike for any platform in front of non-geeks.

A few of the most popular operating system, their pros and cons, and some of their best uses are described below.

OS X advantages

Macs are said to be easier and with the abundance of software and resources available from Apple these days, I’d say there is a lot of truth to this. For the most part I think that we can all agree that using a Mac is “different.” Whether or not this is a good thing, really depends on the individual. In some cases, it’s a natural fit as you can get an all-inclusive iMac, where everything they need comes in one box. Well, perhaps minus the printer. Even if the individual is just looking for something with a bit of a minimalist appeal, maybe the Mac is a good fit.

In the past, a big selling point was the fact that Macs really were unaffected by malware problems affecting Windows. Note, I DID NOT state that there isn’t malware available on the OS X platform because this is nonsense, there is indeed malware (and it’s growing) becoming available to affect users of this platform. But thus far, going so far as to getting security software hasn’t really proven itself to be needed. However, if the user is someone who downloads and installs everything emailed, Googled and so forth without a second thought…then I would say the bundle of switching to Mac with security software, might be a good idea. Yes, say it with me — Macs and Linux both, can be affected by malware. Understand this.

Yes, there are other advantages as well such as the work flow for designers, etc…but I’ll leave this to the commenters as they’d know more about it than I would.

Who’s it best for?

Folks needing to limit the malware threat a couple of notches. Also fantastic for those needing access to plenty of mainstream software from companies such as Adobe, Microsoft (Office) and others.

Windows advantages

Familiarity is a pain. I can count equal people I have had to switch BACK to Windows from both OS X and Linux, because of the fact that nothing worked as they expected. Then there was the fact that they had a couple of hundred worth of software that was near useless on the other two platforms as well. Generally speaking, Windows needs fall into one or two of the following categories.

• Enterprise software compatibility. This means the software at work, needs to work at home too. MS Office, other legacy stuff that just isn’t going to be cutting it with alternative software on other operating systems.
• It’s what they know. I cannot stress just how powerful this can be. Mac, Linux, don’t care. I have seen plenty of instances of “what the heck” on the faces of people trying to switch away from this platform simply because of its familiarity factor.
• PC Gaming. While not something I bother with anymore (I have other hobbies now), gaming is a huge driving force for the Windows platform. Mac and Linux don’t even remotely touch this. Not even close. Windows owns the market here, period.

Who’s it best for?

I’d say anyone with the needs described above. But I’d also bundle this need with the ability to keep software running like Microsoft Essentials, not installing software without a little commonsense and opening up stuff in email like “MyNekedPhoto.exe”. I mean come on, that last point is not even a conversation. If this cannot be avoided, you in my opinion lose the right to choose your OS. Sorry, there, I said it.

Linux advantages

Is Linux really harder? Well, for a Windows user trying to switch a friend or relative…my goodness, yes. If I blasted back to early 2003 and tried to switch people over to Linux with the understanding I had back then, it would have been a mess. But like being the “support guy” for any family or group of friends, it can work and most DEFINITELY has its place. The key is to be the support guy who knows how to use it in the first place. You know, much like Windows or OS X.

Best usage cases are for those with compatible hardware, unwilling or unable to go OS X, while being in position to move away from Windows. The reason to switch to Linux is different for the folks you’d be helping than it would be for you. For those other folks, it’s about avoiding malware (although some still exists, be it limited), making software available in a freely available container without fear of them breaking something, or perhaps it’s to be installed on an old XP box not really best suited for Windows 7.

I’d say 95% of you are in no position to suggest this option though. Remember, you need to understand what you’re doing! I mean, would you start offering health advice like a doctor without your MD? I tend to doubt it and the same applies for tech advice. Become proficient in it or stick to the platforms you understand. It’s really simple. But for those 5% who have been using Linux for at least a year full time, understand that there is a reason why Flash and DVD Codecs are not provided out of the box and that if the sticker on the box says “Made for Windows”, there might be a reason behind that sticker, you could be in a position to suggest and support this option.

Who’s it best for?

Assuming you meet the criteria above, I have found Linux is a brain-dead fit for small businesses needing a kiosk computer, completely locked down so folks can use software/surf/work on office docs, without installing tons of malware. Another good situation is like I suggested above, with the user who has a compatible machine, but is not wanting/needing to go OS X. As with any OS, a good idea is to sit them down and show them the basics. From there, let them surprise you. And by the way, I’ve done this in retirement communities. Limited computer experience and they took to it in less than 20 minutes. Apparently supported by outside help, it’s viable enough for people/places on a budget.

Dispelling myths across the board

Windows is a virus magnet – False. Malware creators are simply looking for maximum impact with as many users as possible. The market dictates Windows. OS X has recently begun showing signs of malware infestation and as Linux adoption grows, the same applies here. The fact is that if the end user either opts to run as a limited user or simply uses some sense when running their computer, malware can largely be avoided.

Macs are for “creative types” only, no good software titles available – False. Truth be told, since the move to the Intel CPU, Apple computers have countless software titles available. And due to the success of their mobile devices, the concept of the software store is coming to Mac to further illustrate this point. The buttons on the keyboard may be different and installation and uninstallation of software is different, but quantity of great software is definitely not lacking at all.

Linux has terrible hardware support – Mostly false. To give the best example possible, let me say that brand is everything with peripherals. Here is a partial list of what I have that works out of the box with zero configuration from me. Two brand new Logitech HD webcams, one HP all-in-one printer, a Wii guitar, USB headphones with noise canceling, USB speakers for secondary audio, USB DVD burner, three new external hard drives, one video Firewire capture card (in PC), five USB 802.11g dongles, two reasonably new digital cameras, one no-name Bluetooth dongle. I am likely forgetting some stuff, but you get the idea.

Now the Linux networking stack is very strong. Sadly though, dongle manufacturers are caught up with something called “revision numbers.” This means one model may have one chipset, while another has something completely different. No biggie for Windows users…they have the driver CD. Mac, has it’s own Broadcom wireless built in to most of their machines. And due to the diverse nature of the Linux universe, a solid working list of wifi devices is a joke. Dated, flat wrong or otherwise broken best describes it. This said, distributions like Ubuntu have limited this problem by providing two options: TONS of support for natively supported chipsets and a Windows driver tool that detects the device, installing the Windows driver using a special tool with about three mouse clicks.

Which software is best?

These days, Windows and Mac tend to provide the best looking stuff. Selection is becoming transparent across the board, but Linux lacks proprietary titles. For most things, I think OS X has a great model of how software should look. But many open source apps I use on OS X or Windows run like snot, while running very well on Linux.

“If you can’t make it good, at least make it look good.”

–Bill Gates, Microsoft

The takeaway for each of you is this. When finding a new OS for someone, it’s not what YOU prefer. Stop that right there, open your eyes and accept that despite your feelings about the alternatives out there, thousands are making use of these options each day. Might as well give others a chance to experience these alternatives themselves.

I believe that advising someone to use a specific OS should be based on their needs. The frustration with trying to get people to look at alternatives is their flat resfusal. I have friends that simply refuse to try a linux live cd (even after explaining to them that it makes no changes to hdd or current setup). My response to them, “then stop complaining about Windows”.