Summary: Chromebooks are an important enrichment device for schools these days. Since their inception Chromebooks have been mystery to some, laughed at by others or embraced by early adopters. However, they will be the next big thing for the enterprise business market, and already are making big inroads into the educational system.
Here is why:
- Low Cost, typically list for $249 or $350. Almost any comparable Windows or iOS-based laptops will cost significantly more.
- $935 - The average savings in per-device cost of ownership for Chromebook adopters over three years (compared with alternative devices) Source: See whitepaper below.
- Labor Savings, Chromebooks require 69 percent less labor to deploy and 92 percent less labor to support. Source: See whitepaper below.
- A Chromebook deployed in school starts at $13.30 monthly.
- Ubiquitous Web Access, everyone is using Chrome as a browser these days
- Continual Improvement, ChromeOS is continuously updated
- Public Acceptance, there ar 6600 resellers of Chrome devices now
- Zero Configuration, none. Type your Google username, bam done.
- No Storage… equals no liability, lost or stolen buy another one put in user name and password and back come settings.
- No installed software to upgrade.
- Backend Tech support from Google completely outsourced IT department to boot
- Cloud Storage, all your documents and settings are remotely saved.
- Long Battery life, I have seen 6-10 hours with mine on the lowest settings.
- The display is VERY bright and the sound is VERY good.
- Packaged apps, will allow you to run full applications
- Roll apps, are awesome. I can run LibreOffice from my Chromebook and sync with my Dropbox.
- No Malware or Viruses.
- It boots in under 10 seconds.
Now, Acer, Asus, HP, Lenovo, and Samsung are all now selling Chromebooks. In addition, Chromebooks that are now sold in 6,600 retails stores including Best Buy and Wal-Marts. Chromebook is now in the business retail channel now from Staples, Fry’s Electronics, Office Depot, OfficeMax, and TigerDirect.
To make Chromebooks more attractive to enterprises, Google has recently inked deals with Citrix and VMware to bring business applications to Chromebooks.
Early adopters of the Chromebook offer these tips for a successful rollout:
Update Wi-Fi access. ”Have sufficient bandwidth to keep your students from getting frustrated,” says Shane Millin, technology director for Marshall Public Schools in Wisconsin. “When kids get frustrated, things start breaking.”
Commit to Google Apps for Education. ”Maximizing your investment requires a commitment to the cloud,” says David Fringer, director of information systems for Iowa’s Council Bluffs Community School District. “If your district isn’t ready, consider selecting a different computing device.”
Train teachers up front. “We recommend at least 24 hours of professional development,” says Dr. Claudia Edwards, deputy superintendent for academics for the Fairfield County School District in Winnsboro, S.C. “We called our first group of teacher experts ‘Chromies,’ and they serve as the go-to resource in their buildings.”
Many years late, Microsoft is celebrating the news that Internet Explorer 6 (IE6) use in the US has officially dropped below one per cent of internet visits. In March, Microsoft assembled a team to push for the destruction of IE6, and have succeeded in reducing the market footprint of the browser. Currently 7.7 per cent of worldwide internet site visits use IE6, according to Microsoft, but the figure is now 0.9 per cent in the US.
So Redmond threw a party to celebrate. (more…)
As Android devices become the status quo and are on the rise, it’s time to consider how best to put your smartphones and tablet PCs to work. Here is a selection of Android apps that I find to be helpful. My favorites are Google Reader & Tasks, as they work in conjunction with Google’s Chrome browser.
With hundreds of thousands of apps, Android Market has the right ones for you. When you download apps, they’re delivered directly to your device—instantly. You can also find your next first-rate read, a hot new album, or a flick from a catalog that includes everything from movie blockbusters and best selling e-books to more than 8 million songs.
An exploit for a recently disclosed Java vulnerability that was previously only available for purchase in the criminal underground has now been rolled into the open source Metasploit exploit framework. Metasploit researchers say the Java attack tool has been tested to successfully deliver payloads on a variety of platforms, including the latest Windows and Mac systems.
The Java exploit is being sold on cybercrime forums and incorporated into automated crimeware kits like BlackHole. Since then, security researchers @_sinn3r and Juan Vasquez have developed a module for Metasploit that makes the attack tool available to penetration testers and malicious hackers alike. According to a post on the Metasploit blog, the Java vulnerability “is particularly pernicious, as it is cross-platform, unpatched on some systems, and is an easy-to-exploit client-side that does little to make the user aware they’re being exploited.”
Metasploit also posted the results of testing the exploit against a variety of browsers and platforms, and found that it worked almost seamlessly to compromise systems across the board, from the latest 64-bit Windows 7 machines to Mac OS X systems. (more…)
Search engines from Microsoft and Yahoo! Have once again been caught displaying ads that direct users to malicious content, some that infects them with malware that’s hard to detect and get rid of, researchers said. I see that they put as much thought into who is allowed to advertise as they do in making a stable operating system.
Queries such as “FireFox Download,” “Download Skype,” and “Download Adobe Player” typed into the sites returned links promising to deliver the software requested but instead attempted to hijack people’s computers, GFI Labs researcher Christopher Boyd said in a blog post published Friday. Clicking on the links takes users to pages that look like the software maker’s official site, except for the URL.
Users who downloaded and installed the software are in for a nasty surprise.
“As an example, the fake Firefox file installs a rootkit, runs IE silently in the background attempting clickfraud and also performs Google redirects,” Boyd wrote. Microsoft and Yahoo were in the process of removing the malicious ads, he said.
It’s not the first time widely used search engines have been caught displaying ads intended to harm their millions of users. Ad services used by Google and Yahoo have repeatedly been duped into serving content that punts malware and other threats.
Criminals often go to elaborate lengths to pose as legitimate marketers in an attempt to get links to their toxic wares in front of as many eyeballs as possible.
“Microsoft’s Security Team has identified the source of this malware attack and is blocking those sites from loading additional malware,” the company said in a statement. “We are continuously monitoring our sites to protect customers; and also working with law enforcement authorities to find and prosecute the people responsible for these types of attacks.”
A Bing Forum thread has Wil from Bing telling a webmaster that it can take between 3 and 6 weeks to have a malware label removed from the search results.
This is in comparison to Google which normally can remove a malware label within 24 hours.
I am not sure if this is a special case or if most Malware reviews take 3-6 weeks at Bing. Wil from Bing said:
Your issue is already being reviewed. Malware re-evaluation requests take 3-6 weeks to finalize our review and create a new reputation ranking of the page/site. A representative will get in touch with you for updates.
When you are presented with Malware via Bing, Bing disables the link but does allow the searcher to ultimately visit the page at their own risk. I’d assume 99.999% of those searchers run.
Bing has a detailed post on Malware on their blog with more information.
Malware and hacked sites are a huge issue in search. Google has been very good at handling it for the most part recently and is excellent at removing the malware or hacked label quickly after the site is fixed. Bing takes 3-6 weeks? Well, that seems excessive. Maybe I am reading it wrong?
This is why I tell people to NOT use Internet Explore. If you must continue using Windows unfortunately, then please by all means use ESET NOD32 in conjunction with HitManPro.
What many users don’t realize, however, is that the Web browser is the most important security defense our computers have — and yet 60 percent of the browsers accessing the Internet today are outdated. An outdated browser ends up impacting everyone’s security, privacy and performance.
I wrote about Microsoft warning us *rolls-eyes* last week, in that we were not using a “secure” browser like Internet Explorer” GASP!..the horror of us ignorant consumers!
To help users understand the importance of the browser you use, the Online Trust Alliance (OTA), a Web-industry trade group based in Bellevue, Wash., that promotes security and trust in online marketing and commerce, recently unveiled the “Why Your Browser Matters” initiative.
“The ‘Why Your Browser Matters’ initiative provides users overall recommendations to upgrade their out-of-date and legacy browsers for a more safe, more private and more compelling online experience,” said Craig Spiezle, executive director of OTA. “The Initiative is all about communicating with computer users to make them realize that an updated Web browser is one of the most important security steps you can take. It’s as important as running anti-virus/anti-malware software.”
Spiezle is quick to point out that while there is no magic bullet when it comes to computer security, the browser is on the front line of defense because it is used so frequently.
“Modern browsers detect malicious websites and phishing URLs, analyze downloads and support a broad suite of privacy features,” Spiezle said. “It’s critical to have these at your disposal when it comes to protecting yourself online, as well as protecting your machine in general.”
Modern browsers try to provide security for users in three different ways, explained Roger Thompson, chief emerging threats researcher for ICSA Labs in Mechanicsburg, Pa.
For example, said Thompson, all modern browsers have “blacklists” of known malware sites and try to prevent users from visiting them. This method works well if the malicious sites are well-known, but online criminals try to move websites around by changing domain names and IP addresses faster than security researchers can update the blacklists — so sometimes this doesn’t work.
Some browsers, such as Google Chrome, also run applets and executable code in a “sandbox,” meaning that the code and applets can’t affect other parts of the browser or the operating system. Again, this doesn’t always work.
And all modern browsers have a somewhat regular patch cycle, in which developers fix vulnerabilities to prevent direct attacks.
A good illustration of how a browser can act as the first line of defense is with regard to shortened URLs, or Web addresses.
URL-shortening services such as bit.ly, tinyurl.com or is.gd are handy to use when including links in instant messages, text messages or Twitter posts. Unfortunately, URL shorteners also mask the actual URLs they lead to, and give no warning that links might be drive-by downloads or exploits waiting for unsuspecting victims.
Fortunately, some enterprising software developers have created a way to find out where you’re going.
“There are plug-ins available for Chrome and Firefox that will automatically expand short URLs to their actual address when viewing pages containing such links,” said Harry Sverdlove, chief technology officer of Bit9, a Web security company in Waltham, Mass. “These are useful when using Facebook or Twitter from a browser, common places where malicious links are hiding in short URLs.”
How to protect yourself
As Thompson pointed out, browser vendors are good about providing updates and patches that improve security by fixing vulnerabilities that bad guys exploit. But after that, it’s up to the user himself to take action by actually downloading the updates, or upgrading the browser to the latest version.
You can check the version number of your browser by going to the Help button on your browser’s menu and checking the “About” section. (On a Mac, click the name of the application next to the apple icon in the upper left of the screen.) Often, the “about” pop-up window will prompt you to check where there might be updates available.
For those who use Internet Explorer, Spiezle has this important piece of advice: ”If it says Internet Explorer 6 … run, do not walk to the nearest free download of Internet Explorer 9.”
(If you’re still running Windows XP, update to Internet Explorer 8, the latest version you can install.) Which is the highest version you can run on Windows XP, unless someone figures out a hack for it, which they will. I rather you run Google Chrome.
Internet Explorer 6 has been the target of a number of malicious attacks over the past decade; newer versions of Internet Explorer are much more secure.
Does it matter which browser you use? Spiezle and Thompson disagree on that question.
While Thompson said that today’s browser upgrades have leveled the playing field when it comes to security, Spiezle pointed out that there still are differences among them, and each user has to assess which is best for his own uses.
“You need to look at not only the security features, but also privacy features, as well as support for the latest technologies,” Spiezle said.
Here is the link for a good start, https://otalliance.org/browser/ At first I was thinking that this was another Internet Explorer centered website, but at least they mention the alternatives.
It’s hard to believe it’s been only three years since the Google Chrome browser debuted. According to the latest market share statistics from usage-tracking firm Net Applications, Chrome now has 15.51 percent of the desktop browser market–a meteoric rise for an app that entered a crowded market dominated by neighborhood bully Microsoft Internet Explorer.
Chrome is third among desktop browsers, behind number one IE (over 55 percent of the market), and Mozilla Firefox (nearly 23 percent).
What’s the secret to Chrome’s success? “Speed, simplicity and security,” writes Google software engineers Ben Goodger and Darin Fisher in a Thursday post on the Google Data blog. Competing browsers, of course, are making strides in the Three S’s as well. But Chrome’s virtues are proving powerful enough to lure users away from IE and Firefox.
That’s the secret to Chrome’s success? “Speed, simplicity and security,” writes Google software engineers Ben Goodger and Darin Fisher in a Thursday post on the Google Data blog. Competing browsers, of course, are making strides in the Three S’s as well. But Chrome’s virtues are proving powerful enough to lure users away from IE and Firefox.
Is the Web better with Chrome? Satisfied users of other browsers would certainly disagree, but I think so. I switched to Chrome from IE last year and haven’t looked back.
I only hope that Google’s breakneck update schedule doesn’t pile on too many new features that turn Chrome sluggish. The browser’s peppy performance is its most appealing trait.
I totally dumped Firefox when for a few reasons: 1. Foxmarks Sync was ungainly slow. 2. Speedial was broken. 3. Sage RSS was broken and not being developed.
If your not using Google Chrome now, please try it for a week and see how you like it.
Laughable at best, Microsoft has unveiled a website aimed at raising awareness of browser security by comparing the ability of Internet Explorer, Mozilla Firefox, and Google Chrome to withstand attacks from malware, phishing, and other types of threats.
The website doesn’t do any security checks at all, it just reads the ‘User Agent’ data from your browser, so if you use Firefox 7.0.1 masquerading as Internet Explorer 9 gets 4 out of 4. Microsoft is leading people into a sense of false security. The site does no “testing”, it just matches your browser to whatever it has in its lookup table.
Care to take a guess what they say about IE 9? This is pure Microsoft marketing at it’s best. EPIC FAIL, false security is no security at all. Really, you would have to be an idiot to fall for this…Can you say, FALSE ADVERTISING?
Your Browser Matters gives the latest versions of Firefox and Chrome a paltry 2 and 2.5 points respectively out of a possible score of 4. Visit the site using the IE 9, however, and the browser gets a perfect score. IE 7 gets only 1 point, and IE 6 receives no points at all.
The page is designed to educate users about the importance of choosing an up-to-date browser that offers industry-standard features. The ability to automatically warn users when they’re about to download a malicious file, to contain web content in a security sandbox that has no access to sensitive parts of the computer’s operating system, and to automatically install updates are just three of the criteria.
The site dings Firefox for a variety of omissions, including its inability to restrict an extension or a plug-in on a per-site basis, its failure to use Windows Protected Mode or a similar mechanism such to prevent the browser from modifying parts of the system it doesn’t have access to, and its lack of a built-in feature to filter out malicious XSS, or cross-site scripting, code. Among other things, Chrome lost points for not using Windows features that protect against structured exception-handling overwrite attacks.
Readers still stuck in the rut of critiquing Microsoft security based on products released a decade ago are likely to be unimpressed. The reality is that over the past few years, Redmond has endowed Windows and IE with measures such as ASLR, or address space layout randomization, and DEP, or data execution prevention, that significantly reduce the damage attackers can do when they exploit buffer overflows and other bugs that are inevitable in any large base of code. Apple didn’t pull ahead of Microsoft on this score until earlier this year with the release of its Mac OS X Lion.
It didn’t take long for Mozilla developers to take issue with the critique.
“Microsoft’s site is more notable for the things it fails to include: security technologies like HSTS, privacy tools like Do Not Track, and vendor response time when vulnerabilities are discovered,” Johnathan Nightingale, Mozilla’s director of Firefox engineering, said in a statement. He said: “Mozilla is fiercely proud of our long track record of leadership on security.
The company called out a pair of developer-oriented additions to Chrome 14 and noted new support for Mac OS X 10.7, aka Lion, including full-screen mode and vanishing scrollbars.
Google last upgraded Chrome’s stable build in early August. Google produces an update about every six weeks, a practice that rival Mozilla also adopted with the debut of Firefox 5 last June.
Fifteen of the 32 vulnerabilities were rated “high,” the second-most-serious ranking in Google’s four-step scoring system, while 10 were pegged “medium” and the remaining seven were marked “low.”
None of the flaws were ranked “critical,” the category usually reserved for bugs that may allow an attacker to escape Chrome’s anti-exploit sandbox. Google has patched several critical bugs this year, the last time in April.
Six of the vulnerabilities rated high were identified as “use-after-free” bugs, a type of memory management flaw that can be exploited to inject attack code, while seven of the bugs ranked medium were “out-of-bounds” flaws, including a pair linked to foreign language character sets used in Cambodia and Tibet.
Google paid $14,337 in bounties to nine researchers, including $3,500 to “miaubiz” and $2,337 to Sergey Glazunov, another regular bug finder.
The company’s security team also credited others, including researchers who work for Microsoft and Apple, for “working with us in the development cycle and preventing bugs from ever reaching the stable channel.” Some of those researchers were also awarded bounties, but Google did not spell out the amounts of those awards.
As per its practice, Google barred access to the Chrome bug-tracking database for the 32 vulnerabilities to prevent outsiders from obtaining details on the flaws. The company only opens the database after users have had time to update the browser.
Google also added a pair of developer-only features to Chrome 14, including support for the Web Audio API (application programming interface) and for “native client,” an open-source technology that runs software written in C and C++ within Chrome’s security sandbox.
The Mac version of Chrome 14 also supports Lion’s new approach to scrollbars, which appear only when a user is actively scrolling through the browser window. Chrome 14 also now runs in Lion’s full-screen mode, triggered via the icon in the upper right of the browser or by pressing Ctrl-Command-F.
Chrome 14 can be downloaded for Windows, Mac OS X and Linux from Google’s Web site. Users already running the browser will be updated automatically.
Adobe is a vendor that often plays catch-up with security exploits; issuing emergency patches issued to fix zero-day vulnerabilities. But Adobe, like Microsoft, also has a regular Patch Tuesday update cycle. This regularly scheduled update is a way to give users and enterprises a predictable and stable timetable for Adobe updates.
For August’s Patch Tuesday, Adobe has issued update advisories covering to fix a slew of critical security flaws in its products, including Flash, Shockwave Player and Adobe AIR.
The Flash update corrects at least 13 critical vulnerabilities present in versions 10.3.181.36 and earlier for Windows, Mac, Linux and Solaris machines (the bugs exist in Flashversions 10.3.185.25 and earlier for Android devices). Windows, Mac, Linux and Solaris users should upgrade to version 10.3.183.5, and Android users should update to v. 10.3.186.2. According to Adobe, they are not aware of any exploits “in the wild” for the issues addressed in the update. Digging into the vulnerabilities, the vast majority are for memory and five buffer overflows, four memory corruption and three integer overflow issues. There is also a single cross-site information disclosure issue that is fixed that could have potentially led to arbitrary code execution.
To find out which version of Flash you have, visit this page. Windows users who browse the Web with anything other than Internet Explorer will need to apply the Flash update twice, once using IE and again with the other browser (Google Chromeusers should already have the latest version of Flash). To avoid using Adobe’s annoying Download Manager, IE users can grab the latest update directly from this link; the direct link for non-IE browsers is here.
Windows users can furthermore use the Flash Player Settings Manager that is part of the Windows Control Panel to check for updates. Here it is furthermore possible to check the Flash Player version that is installed on the system. The path is Control Panel > Flash Player (32-bit) > Advanced. Users with a 64-bit version of Flash Player installed need to change the 32-bit to 64-bit in the path.
The same flaws exist in Adobe AIR for Windows, Mac and Android. Using an application that requires Adobe AIR (Tweetdeck or Pandora, for example) should prompt you to update to the latest version, AIR 2.7.1. If you don’t see a prompt to update the program, the latest version of AIR is available here.
Adobe also shipped an update to its Shockwave Player that fixes at least seven critical vulnerabilities in the media player program. Adobe is urging users of Adobe Shockwave Player 184.108.40.2066 and earlier update to Adobe Shockwave Player 220.127.116.119.
I should note that you may not have or want Shockwave installed. I haven’t had it on my Firefox installation for some time now and don’t seem to have missed it. I’m sure it has its uses, but to me Shockwave is just another Adobe program that requires constant care and feeding. What’s more, it demands two separate installation procedures for IE and non-IE browsers.
To test whether you have Shockwave installed, visit this page; if you see an animation, it’s time to update. If you see a prompt to install Shockwave, there is no need to install it. Mozilla Firefox users without Shockwave Player installed may still see “Shockwave Flash” listed in the “Plugins” directory of the browser; this merely indicates that the user has Adobe’s Flash Player installed.