Beware of potential Christmas scams

Although a number of people are out looking for the latest deals on gadgets that Apple and others may offer, scammers are in no doubt interested in capitalizing on the increased interest in purchases and promotions.

E-mail scams and other attempts to coerce people into giving up personal information online is nothing new, however, scammers may make extra effort to use Apple's popularity.

Recently, MacFixIt reader Martin F. wrote in about a scam e-mail he received regarding an Apple promotion, which, while obvious to many people as a scam, might be enough for others to fall for it.

The e-mail claims it is from Apple Christmas Awards, and mentions that the recipient is a promotions winner. The e-mail is from an account at "rediffmail.com," which would be the first sign it is not an official Apple e-mail. Additionally, the e-mail asks you to open an attachment, which is a Microsoft Word document.

While the document does not appear to have any malware associated with it, its content is quite obviously a scam. Underneath a large Apple logo, it claims that Apple has created a million iPhone 4S units in commemoration of Steve Jobs, and that winners were selected at random to both receive the phone and an award of around $2 million, from a pool of $250 million that Apple has set aside for this "promotion."

This scam is so poorly done it is almost amusing, but it does serve as a reminder that you may receive such offers and scams both via e-mail and other options throughought this holiday season, some of which might appear to be legitimate offers and promotions. Many of these will likely include malware, but even if they don't, they are designed only to steal your personal information.

Any legitimate offer from a company will have an official Web page at the company's Web site, which you can visit or call to get information on. Ensure you always visit or call the company to confirm the legitimacy of a promotion before accepting it, and never blindly give your information to anyone via e-mail.
And as always, to all the Grinches out there, "You're a three-decker saurkraut and toadstool sandwich, with arsenic sauce!"

Read more »

BitTorrent downloads linked to RIAA, DHS IP addresses

The TorrentFreak blog has outed the RIAA and U.S. Department of Homeland Security as harboring downloaders of pirated songs by hip hop artists and crime-based TV shows, but the RIAA denies it.

TorrentFreak said it used the YouHaveDownloaded.com site to find instances of IP addresses within the RIAA and the DHS linked to downloads of copyrighted content from BitTorrent.

Six RIAA IP addresses were linked to downloads of music by Jay-Z ("American Gangster") and Kanye West ("My Beautiful Dark Twisted Fantasy"), as well as the first five seasons of "Dexter," a "Law and Order SVU" episode and tools for converting audio and tagging MP3 files, according to TorrentFreak.

But RIAA spokesman Jonathan Lamy disputed the report. "This is inaccurate," he said in a statement provided to CNET via e-mail. "We checked the block of IP addresses allocated to RIAA staff to access the Internet and no RIAA employee was responsible for this alleged use of bittorrent."

Asked for comment on that, the TorrentFreak blogger who posted the item, who goes by the alias "Ernesto," told CNET that he stands by the report and provided CNET with six IP addresses that were within the range of IP addresses listed for RIAA on the American Registry for Internet Numbers Whois site. They all came up with material that had been downloaded when a search is conducted on YouHaveDownloaded.com.

Lamy had an explanation for that. "Those partial IP addresses are similar to block addresses assigned to RIAA. However, those addresses are used by a third party vendor to serve up our public Web site," he said. "As I said earlier, they are not used by RIAA staff to access the Internet."
TorrentFreak also said it found more than 900 unique IP addresses at DHS that were used to download copyrighted files from BitTorrent. It did not give examples of the types of content allegedly downloaded by the DHS, which is involved in fighting piracy by seizing pirate domain names.

DHS representatives asked CNET to send a request for comment via e-mail and had not provided comment by late in the day.

The RIAA has been aggressive in its pursuit, and punishment, of people who download pirated content. One of the 26,000 defendants named in RIAA lawsuits is a Minnesota mother of four accused of downloading 24 songs illegally. She was tagged with a $1.5 million judgment by a jury, which was later lowered to $54,000. Under RIAA guidelines, copyright owners can seek $150,000 in damages for each instance of a copyrighted work being illegally downloaded.

If official records can be wrong as the RIAA claims, then this would mean they probably accused people wrongfully also," said Ernesto.

YouHaveDownloaded.com representatives, meanwhile, said that despite the joking nature of the "about" and "privacy" pages of the site, it is legitimate. "The data is real," Suren Ter of the Russia-based site wrote in an e-mail to CNET. "A lot of people admit that we have their data correct. It's statistically impossible without the real data."

Ter acknowledged that there could be false positives on the site, but said the possibility of a mistake is "quite low." Last week, TorrentFreak used the YouHaveDownloaded.com site to find downloads of BitTorrent content associated with IP addresses assigned to Sony Pictures, NBC Universal and Fox Entertainment. And the residential palace of French President Nicholas Sarkozy--a strong proponent of anti-oiracy legislation - was also linked to BitTorrent downloads last week.

Read more »

Senators call for FTC probe of Google's results

Two prominent members of the Senate antitrust subcommittee are urging federal regulators to investigate whether Google unfairly promotes its own properties in search results.

Committee Chairman Herb Kohl (D-Wis.) and Mike Lee (R-Utah) sent a five-page letter (PDF) today to Federal Trade Commission Chairman Jonathan Leibowitz calling for "serious scrutiny" of Google's business practices.


"We believe these allegations regarding Google's search engine practices raise important competition issues," wrote Kohl and Lee, whose committee is already investigating whether Google abuses its power in online search. "We are committed to ensuring that consumers benefit from robust competition in online search and that the Internet remains the source of much free-market innovation."

Representatives from Expedia, Yelp, and Nextag told senators during the Senate Judiciary Committee's antitrust subcommittee hearing in September that the Web giant "doesn't play fair" and "rigs" search results.

Google Executive Chairman Eric Schmidt appeared at the hearing to deny the accusations, and during a tense hearing, Lee tried hard to pin down Schmidt on why results from searches on 650 different products seemed to look fishy. "You've cooked it so that you're always third," Lee said, to which Schmidt responded: "Senator, let me say that I can assure you we haven't cooked anything."

Google fields more than 65 percent of Internet searches in the U.S., according to ComScore market research, and that domination has led to increased scrutiny of the company over the past several years.

Read more »

Comodo adds VPN, attacks competitors

An on-demand Virtual Private Network and a better "quick scan" take their bows in Comodo Internet Security 5.9 (download), released today. Along with the new features, a Comodo Security Solutions spokesman had some tough words for the competition.


Comodo Internet Security 5.9, which despite following the security industry naming convention for paid suites is actually the name of Comodo's free suite, now supports the company's TrustConnect VPN service. TrustConnect uses 128-bit encryption to provide addition Wi-Fi protection, although it doesn't anonymize your traffic like Hotspot Shield does. The TrustConnect integration will automatically detect unsecure Wi-Fi networks and offer to activate the VPN.

The inclusion of support for TrustConnect in Comodo Internet Security does not make the VPN free. Users can pay for the tunnel access on demand, starting at $3.99 for a 24-hour pass, a monthly unlimited subscription for $8.99 a month, or a yearly unlimited subscription for $99.95.

Other changes in Comodo Internet Security 5.9 include a new "quick scan" engine, called Smart Scan. It replaces the Critical Scan option. Comodo's director of Desktop Security Products Egemen Tas says that Smart Scan is based on the company's Autorun Analyzer Technology, although it hasn't released numbers on how much faster users ought to expect Smart Scan to be.

There have also been tweaks to malware removal, some options have moved from the generic Preferences section to the settings panes for the features that they related to. Comodo has also added a download link to Comodo Dragon, the company-branded, security-minded free remix of the Chromium source code that powers Google Chrome. A pop-up window for Comodo's Geekbuddy tech support that appeared in the beta version of version 5.9 was removed, said Comodo spokeswoman Sarah Thomas, because it was "too aggressive."

Criticizing competitors
Tas didn't mince his words when asked about how Comodo differs from its competition. "Other antivirus companies want you to get infected," he told me in a phone interview on Friday. He compared Comodo to an insurance company, which protects you against financial loss, whereas the competition he said is, "like a pharmaceutical company," making money off of selling you a product you must have to survive. He also noted that Comodo has offered a $500 guarantee to customers if they get infected after installing one of Comodo paid products.

"We care about detecting," Tas said, "but it's not the first line of defense. The industry is switching to a more protection-based approach," something he says Comodo has been doing for a long time.
Some of Comodo's competition disagreed that they want customer's PCs to get infected. Representatives from several security suite vendors, including Avast, Kaspersky Lab, Bitdefender, and AVG said that the guarantee was a marketing ploy and pointed to the fine print of the guarantee, which clarifies that Comodo will only pay if the computer can't be repaired "to an operating condition."
Tony Anscombe, a representative from AVG, said in an e-mail, "The comment that most AV companies want consumers to have a breech is just marketing hype that makes for sensational news stories and advertising content."

"There are people who believe the 'conspiracy theory' that security vendors allow malicious software to exist for the benefit of their own business. Kaspersky Lab categorically rejects this notion. Furthermore, we believe it is completely irresponsible for a security vendor to reinforce these kinds of lies," Greg Sabey, senior technology PR manager for Kaspersky Labs, said in an e-mail. "Suggesting that some vendors intentionally allow malicious infections is absurd - trust and reputation make up the foundation of the IT security industry. In fact, Kaspersky Lab has a long track-record of working with international law enforcement agencies to disrupt cyber-crime organizations," he concluded.

In regards to Comodo's payout, Tas wrote in an e-mail to me that, "No one has ever claimed it."
One person who requested anonymity said Comodo is known for being provocative and pointed to a challenge by Comodo CEO Melih Abdulhayoglu to prove that Symantec was better than Comodo. According to the results of the that test, Symantec bested Comodo.

And Andrew Storms, the director of security operations for the security consulting company nCircle, added that while it was doubtful that security suite makers wanted customers to get infected, they probably wouldn't mind if their customers are attacked by known viruses that can be blocked. "After all, anti-virus users experience real return on investment when anti-virus software finds and protects their computer against an some new attack."

Results from independent testing organizations such as AV-Test.org shows that while Comodo ranges between acceptable and very good at offering protection, it's not at the top of the field. AV-Test last looked at Comodo Internet Security 5.3 and 5.4 for its Q2 2011 test in June 2011. Comodo did not receive certification. Nor did Comodo submit to testing by AV-Comparatives' whole product test, whereas many of its competitors do. The most recent Comodo version checked by West Coast Labs' Checkmark certification was Comodo AntiVirus 4.0, more than a year ago. While it's true that some independent organizations such as Matousec rate Comodo's firewall very highly, it's safe to conclude that the suite's overall performance at stopping threats has either been inadequately tested publicly, or could be much improved overall.

The company has also been in the news this year for a digital certificate security breach. While not directly connected to the security suite, it does call into question some of the company's security procedures.

Read more »

Google tops Ice Cream Sandwich with version 4.0.3

Google is serving up Ice Cream Sandwich with a new base version that promises several improvements and bug fixes for the Android operating system.


Detailed in Friday's Android Developers blog, ICS 4.0.3 is expected to roll out to production phones and tablets in the "weeks ahead," according to Google.

As such, the company is advising developers to test their mobile apps with the new flavor. Though it didn't get into specifics, Google is promising incremental improvements in graphics, database, spell-checking, and Bluetooth, among other items.

Developers can also tap into other features with the new 4.0.3 APIs (application program interfaces).
One API lets developers of calendar apps add color and attendee details to events so that people can more easily track them.

Another API allows apps that work with the camera to manage video stabilization and use QVGA (quarter video graphics array) profiles if necessary.

Apps that use status updates and check-ins will be able to sync that information with a person's contacts to show what those contacts are doing or saying. Finally, ICS 4.0.3 will improve access for screen readers and provide new status and error messages for text-to-speech engines.

More information is available at API Overview on the Android Developers page.

One quick developer who installed 4.0.3 has faced some problems, notes Engadget. The update apparently wreaked havoc with his Motorola Xoom tablet's GPS, camera, video playback, and a couple of other features. So other enterprising upgraders may want to proceed with caution for now.

Read more »

The Web in 2012: Five predictions, starting with IE10

Given how fast the Web is changing, it can be hard to see what's going to happen next week, much less next year.

After simmering for a few years last decade, the Web has been a frenzy of activity in the last few years. Developers are advancing what can be done, people are spending more time on the Web, and browser makers are locked in intense competition.
Broadly speaking, it's easy to see that Web technology will get more important and more sophisticated. But if for some detail, here are my five predictions for what'll happen next year.

IE10 knocks our socks offInternet Explorer 9 was the warning shot across the bow for Web developers and rival browser makers, but Microsoft was playing catch-up after years of neglect. Watching the pace of development for IE10 reveals that the company is on fire. It's moved from catch-up to leading-edge. Where IE once was years behind Firefox, Safari, Opera, and Chrome with support for new standards, it's now neck-and-neck, and Microsoft is actively contributing to standards development.

Microsoft has more than pride resting on IE10. It's a foundation for the new Metro-style apps on Windows 8, which means all that work to bring fancy animation effects and hardware acceleration to the Web will carry over to Windows, too. Microsoft has bet the farm on Web technologies, so you can bet IE10 will be strong.

IE10 won't be for everyone. You'll need Windows 7 or Windows 8. IE9 left the legions of Windows XP users behind, and IE10 will add Windows Vista to the discard pile. That'll limit its influence with the mainstream public. But despite all Microsoft's troubles as it scrambles to follow Apple into the tablet and smartphone market, IE10 will be a force. The PC market may have grown stale, in the words of Intel Chief Executive Paul Otellini, but it's still big, and building IE10 into Windows 8 gives it a big presence. Also, if you're on a legacy version of Internet Explorer like IE6 or IE7, watch out--in January, Microsoft will start forcing you to move to a more modern version.

There's one big caveat here: WebGL. Microsoft has very publicly bad-mouthed it as a security risk. WebGL allies believe Microsoft will come around once it realizes WebGL can be made as secure as Microsoft's own new Silverlight 3D interface. But if the programmers in Redmond stay recalcitrant, maybe you'll have to tab over to another browser when it's time for your Web-based gaming.

Web games take offGames on the Web are nothing new, but in 2012, they're going to look a lot different. Instead of primitive graphics or a reliance on Adobe Systems' Flash Player, Web games will look more like what we're used to seeing on consoles.

The Web grew up as a medium for documents, and it's only gradually become more interactive as browsers' JavaScript performance exploded, JavaScript programming tools improved, and feature such as Scalable Vector Graphics (SVG), Cascading Style Sheets (CSS), and Canvas improved 2D graphics. Now elaborate Web apps such as Facebook or Google Docs are the norm, and JavaScript programmers are in high demand.

But things are changing with the influx of a new breed of Web developers: those used to programming in the lower-level C or C++ languages. These are the coders who build the console games with advanced 3D graphics and heavy-duty physics engines, and their games are the ones where speedboats splash through transparent, reflecting, rippling water.

There are two hardware-accelerated technologies duking it out to enable this future. First is WebGL, a 3D graphics interface which began at Mozilla, was standardized by the Khronos Group, and is now built into Firefox, Chrome, and Opera. Second is Native Client, a Chrome-only technology that can run adapted versions of the original C and C++ games. WebGL fits into the Web world better and has broader support, but it's tied to JavaScript. Native Client, aka NaCl, has yet to win over any browser makers besides Google itself.

Other technologies will lend a big helping hand, too: the newly finished WebSocket for fast communications and Web Workers for better multitasking.

These technologies will eventually trickle down to the mobile realm, though I expect only baby steps in 2012. Still, that should help fan the flames of the competition between Web apps and native apps on mobile.
I don't expect one to win out over the other (or to squeeze Flash Player off our personal computers, for that matter--the new Flash Player 11 has new hardware-accelerated 3D technology, too). But I do expect WebGL and NaCl will be used to make today's browser look nearly as static as paper.

Chrome surpasses FirefoxWhen Google's browser first emerged as a stripped-down beta project more than three years ago, people laughed. Not anymore.

In 2012, expect Chrome to pass Mozilla's Firefox for the No. 2 spot in Net Applications' browser ranking. It already is No. 2 by StatCounter's scores, but that measures page views, not people, and I think the latter is a better reflection of the competitive dynamic.

Mozilla has been working hard to shake off the cobwebs and make Firefox leaner, faster, and less of a memory hog. But Google's browser continues its steady rise, and Google under new Chief Executive Larry Page has made Chrome one of the company's new divisions.

Chrome is an important vehicle to deliver Google technology to the world, most notably Web-acceleration ideas such as SPDY, TLS False Start, WebP, and the Dart alternative to JavaScript. Chrome's wide use gives Google a place at the standards-setting table that's crucial as it tries to make the Web into a rich programming foundation.

The risk that comes with Chrome's rise is that Google will fragment the Web. It's had some success getting its browser ideas to catch on. For example, Mozilla is interested in SPDY for faster page loading, and Amazon's Silk browser uses it already. But Google is encouraging developers to create extensions and Web apps that can be distributed through the Chrome Web Store, for Chrome and Chrome OS only. A Chrome-only version of the Web hearkens back to the bad old days of IE6's dominance, when writing to Web standards was a secondary concern.

Google re-ups with MozillaOne thing I don't expect in 2012 is for Google to cease being Mozilla's biggest benefactor by walking away from a years-old search partnership that ended in November.
With the partnership, people using Firefox's search box send traffic to Google's search engine. When they click on the search ads they see there, advertisers pay Google, and Google gives some of that revenue back to Mozilla.

It's true that Google could seriously hurt Firefox by scrapping the partnership, though Mozilla could certainly hook up its revenue hose to Microsoft's Bing if it did. But I don't think Google will drop Mozilla.
First, Mozilla and Google, despite differences, both are passionately interested in building a better Web. Chrome's purpose is not to vanquish rival browsers, it's to improve the Web, and in that, Mozilla is more an ally than enemy.

Second, paying Mozilla a few tens of millions of dollars a year is peanuts to Google--and Google still keeps its share of the search-ad revenue that Mozilla was responsible for Google generating in the first place.
Last, and perhaps not least, hanging Mozilla out to dry would show Google to be a big bully. That's not an image you want when you're constantly tangling with antitrust authorities. Google and Mozilla might significantly modify their arrangement, but they won't part ways.
Chrome on Android arrives

Chrome is based on the open-source WebKit browser engine project. Android's unbranded browser is, too. I bet that in 2012, the latter will pick up the brand name of the former.

Android was based on WebKit but had been developed in isolation. Now Google is merging programming work again, making the Android browser less of an alien offshoot. That should make it easier for Google to achieve the compatibility requirements that it evidently feels are part of the Chrome brand's promise.
That would match what Apple does, offering Safari for both Mac OS and iOS. Chrome is one of Google's most important brands, and it's not getting its money's worth out of it yet.

One thing I'd expect before seeing Chrome on an Android phone or tablet: sync. Right now, Chrome is ever better at keeping the same bookmarks, passwords, and browsing history across multiple installations. Moving to Android, though, a Chrome user loses all that. The Android browser's isolation is a poor fit for Google's ambition to keep us all happy in its corner of the Web, with seamless connections between one product and another.

Mobile browsing is getting steadily more important; expect its growth in usage to continue to outpace that of personal computers. Web developers will have to keep up, and now it's important to recognize that tablets are in many ways more like PCs than smartphones.
Because of the iPad's tablet dominance and the fact that iPhone owners seem to use online services more often, though, expect iOS to remain the dominant mobile browser.

Read more »

Microsoft to IE6: Dead browser walking!

Known in the past for taking a soft touch when it comes to forcing users to update their browsers, Microsoft's pulling off the kid gloves and going for a bullet to the head.

Come January, the company will start forcing people to update from older versions of Internet Explorer. If you have Automatic Updates enabled in Windows Update, Microsoft says that the update will occur in a seamless, Chrome-like experience.

The company already provides security updates to Internet Explorer through Windows Update, but this means that legacy browser users will see a full-point jump. Windows XP users on Internet Explorer 6 and Internet Explorer 7 will be upgraded to version 8, and Windows Vista users will be pushed up the stairs to Internet Explorer 9. IE9 doesn't work on Windows XP.

 "As we've talked to our customers about our approach [to upgrading,] everyone benefits from an up-to-date browser," said Ryan Gavin, Senior Director of Internet Explorer for Microsoft. "But from a security perspective alone this is important. Ninety percent of infections that were attributable to a security vendor had a patch out for more than a year," he added.

Security problems are a tough stair to climb for legacy browsers. The latest Microsoft Security Intelligence Report is just the latest in a long line of papers indicating that socially engineered malware is the biggest kind of threat facing computer users today, and that the malware often goes after security holes in browsers. These findings are based on data collected from more than 600 million computer systems in more than 100 countries. It's neither easy nor cheap to keep a team of dedicated security researchers and coders on a legacy browser.

"The security mitigations for newer versions of IE have proven to deliver consistent security improvements. Starting with IE8 and continuing with IE9, every new version of Microsoft's browsers has delivered a more secure browsing experience. We'll all be happier and more secure when we don't have to depend on users to install the most recent patches," said Andrew Storms, director of Information Technology at nCircle Network Security.

At first, the forced update will be rolled out only to Windows users in Brazil and Australia. Those countries were chosen, Gavin said, because people there use a broad spread of IE6, IE7, and IE8. "We're going for a slow ramp-up," not unlike how Microsoft rolled out Internet Explorer 9. Private individuals and businesses alike have been unanimously supportive, he noted, but added that Windows Update will allow people to roll back the upgrade.

Microsoft is keen to avoid the upgrade brouhaha that Mozilla created for itself earlier this year. "Business, particularly large ones, test patches before they are released to their employees and this process doesn't bypass that," Rob Enderle, a technology analyst with the Enderle Group, said in an e-mail to CNET. "The issue appears to be that most people just don't seem to be aware they need to manually update their browser (Microsoft doesn't market the updates heavily) or simply assumes it is updated automatically. All browsers age badly and need to be regularly updated to remain adequately secure against threats."
For business and individuals that don't want the upgrade, perhaps to maintain in-house custom tools,
Microsoft provides automatic update blocker kits for IE8 and IE9
The change in update policy will affect some aspects of how Internet Explorer has updated in the past, but not all. The update will continue to respect a person's default browser choice and default search engine, and users who have disabled Windows Update won't see an IE version bump. On the one hand, this is very polite of Microsoft, but it's also a tacit acknowledgment that there's little the company can do about people running cracked copies of its operating systems unless Windows Update is running.

Microsoft maintains a site, IE6Countdown.com, to track the worldwide decrease in Internet Explorer 6 use across all operating systems. Right now, less than 1 percent of northern Europe uses IE6, but more than 23.6 percent of China does, and worldwide percentage stands at around 8.3 percent.

Interestingly, Microsoft could tumble and find itself burdened with the same legacy problem in a few years. Not only does Internet Explorer 9 not work on Windows XP, but the company has no plans to make Internet Explorer 10 compatible with Windows Vista. IE10 will launch on Windows 8. So it's entirely possible that in late 2012, you'll have Windows XP users on IE8, Vista and some Windows 7 users on IE9, and the rest of the Windows 7 users and Windows 8 users on IE10. While that's not directly analogous to the fiery, flaming security hellmouth that IE6 and, to a lesser degree, IE7, have become in recent years, it's an eventuality that restricted backwards compatibility makes hard to avoid.

Enderle said that this is a problem endemic to companies that build the browser as part of the operating system. "IE is one of the features of the OS so when Microsoft sunsets the OS, they sunset support for all of the features. XP has reached end of life. The other guys don't have to support the entire OS, and it gives them an advantage to go where Microsoft won't. On the other hand, Microsoft can better tune their bowser for the new platform so that offsets. In a way it helps keep alternative browsers viable. Apple pretty much behaves the same way with Safari."

Still, Gavin makes a solid point about updates that's hard to argue with. "If you're running a 10-year-old browser, it's not good for the web and it's not good for the consumer. Getting more and more users onto a modern HTML5 browser is good for everyone."

Read more »