FYI

Monday, January 4, 2010

Chrome Overtakes Safari, Becomes Number 3 Browser

NetApplications has released its latest browser market share figures, and these figures show that Chrome has overtaken Safari as the number three browser worldwide, behind Internet Explorer and Firefox. IE, by the way, continues to lose popularity rather fast.

Chrome was introduced almost 18 months ago, but yet it has already become the third most popular browser in the world. NetApplications' figures cover the entire month of December 2009, and they show that Google Chrome has gained 0.7 of a percentage point, putting it at 4.63%, ahead of Safari's 4.46%. Internet Explorer lost almost a full percentage point, dropping to 62.69%. Firefox remained more or less flat at 24.61%, while both Safari and Opera gained slightly.

I use Chrome on Windows and cannot wait for it to be out of beta on OS/X so that I can dump Safari. Chrome is fast and stable and small touches like tabs that intelligently resize after closing a tab make it appealing.

Feds Warn Small Businesses to Use Dedicated PC for Online Banking

From Wired

In the wake of a rash of hacks on computers owned by small businesses, the FBI and the American Banking Association have issued an alert advising businesses to use only a dedicated PC for online banking, according to USA Today.

The alert was issued after numerous small businesses, universities and local governments have been targeted by hackers who installed keystroke loggers on their machines to steal banking credentials and siphon millions of dollars from their bank accounts.

The alert advises businesses to dedicate a single computer for online banking activity that is never used for reading e-mail or surfing anywhere else on the web. Using a dedicated computer would lessen the chance of the computer being infected with malware that can help crooks drain a bank account through wire transfers and automated clearinghouse transfers.

This is a good idea, but I think the chance that a business or home user can accomplish this is too low. I suggest that they get a Live CD of Ubuntu and boot directly from the CD/DVD. As it runs from read only media you can be certain that it's always a clean system. You may need to download or buy updated CD/DVD's though, but one every 6 months to a year should be fine.

Saturday, August 29, 2009

There may be a new type of Trojan Horse attack to worry about

From Computer World

The U.S. Federal Bureau of Investigation is trying to figure out who sent five Hewlett-Packard laptop computers to West Virginia Governor Joe Mahchin a few weeks ago, with state officials worried that they may contain malicious software.

Sources familiar with the investigation say other states have been targeted too, with HP laptops mysteriously ordered for officials in 10 states. Four of the orders were delivered, while the remaining six were intercepted, according to a source who spoke on condition of anonymity because of the ongoing investigation.

This is a great way to penetrate a large organisation. Many people would just take the attitude that someone messed up and forgot to inform them. After all we all know how useless 'they' are, don't we?

With users now more reluctant to install suspicious software or open attachments on their networks, scammers appear to be looking for new ways to get inside the firewall. On Tuesday, the National Credit Union Administration warned that an unnamed credit union had received two fake CDs designed to look like training materials. Installing the CDs "could result in a possible security breach to your computer system," the administration warned.

Scammers have also tried to put malware on USB devices and then left them outside company offices, hoping someone will plug them into a computer and inadvertently install malicious software on the network. Many Windows systems are configured to automatically run software included on CDs and USB devices using a Windows feature called AutoRun.

As you can see, it does not have to be expensive laptops. A cheap memory stick will entice many people too. Do yourself a favour right now - turn off AutoRun on your removable media devices like USB and CD.

Friday, July 31, 2009

Windows 7 first look: More than just "Vista, fixed"

From ZDNet Blogs

Windows 7 won’t be officially available to the public until next week—Thursday, August 6, to be exact—when MSDN and Technet subscribers will finally get the chance to download the software legitimately and activate their copies with product keys. It’s the first step on a long rollout that will end October 22 when the software will be available for purchase in retail boxes and on new PCs.

I’ve been able to get a head start, using the official RTM build (7600.16385). For the past 10 days, I’ve been methodically installing and testing the final release of Windows 7 on a wide range of desktop and notebook configurations in my home and office. I’ve done upgrades and clean installs, with and without the Easy Transfer utility, using different editions in 32-bit and 64-bit flavors. I’ll have a through review of Windows 7 next week, including a deep dive into its most interesting new features. Today, I want to offer some first impressions and an image gallery based on my initial experience with these final bits.

Windows 7 isn’t perfect, but it is greatly improved over its predecessors in many ways. Calling it an “evolutionary” release in comparison to Windows Vista is probably a fair characterization. However, if you assume that Windows 7 is simply “Vista, fixed,” you’ll miss many small but meaningful changes and several large ones that give Windows 7 its own identity. In daily use, I continue to be impressed by the attention to detail that went into the Windows 7 iterations of features that are part of every Windows user’s daily routine. I’ve also found some hidden gems, which I’ll spotlight here and in next week’s full review.

Read the full article on ZDNet. I am looking forward to trying the release version of Windows 7. I have been happy with Vista for a while now, but am eager to give Windows 7 a try, especially on systems where I am still running XP.

Friday, July 24, 2009

Has Microsoft switched from defense back to offense?

From Tech Republic

It’s easy to forget that Microsoft started its life making programming languages. The world’s largest software company, which was founded in 1975, didn’t throw its first touchdown pass until it backed into the contract with IBM to supply the operating system for the first IBM PC in 1981.

During the 1980s and 1990s, Microsoft may not have built the best products or been the first mover in most of the markets where it built products, but it was the scrappiest and the most tenacious (and sometimes, the most ruthless) competitor in the computer market. And, that’s why it succeeded.

But, when Microsoft was hauled into court by the U.S. Department of Justice in 1998 and charged with monopolistic and anti-competitive practices, the company lost its edge. It became a much less aggressive company.

However, there is mounting evidence that Microsoft is casting itself as the underdog and going back on offense, as Larry Dignan pointed out last week. Here are the five plays that Microsoft has run recently that make me think the company doesn’t want to simply defend its turf any longer, but wants to move the ball down the field

I couldn't agree more. As I have watched Microsoft's moves against Apple and Google and the capabilities of Server 2008 and Windows 7 as well as their renewed push in the development tools arena, I have been struck by the impression of a slumbering beast awakening. It's not just that they are making moves, they are making the right moves.

Monday, July 6, 2009

The one essential truth of computer security

From InfoWorld

Who doesn't love that scene in "A Few Good Men" in which Jack Nicholson's character tells Tom Cruise's character, "You can't handle the truth. I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very freedom I provide, and then questions the manner in which I provide it. I would rather you just said 'Thank you' and went on your way."

I often feel like I'm acting out that scenario when speaking to CIOs and senior security leaders. They want me to tell them how to stop hackers and malware from invading their environments. Usually I'm consulting on some multitiered firewall/proxy/security solution aimed at protecting back-end databases. We talk about packet-inspecting firewalls, intrusion detection, two-factor authentication, and all sorts of high-tech defensive solutions that add several layers to their defense-in-depth protection.

Then I say something like, "That's all great, but it won't work." I usually have their attention by then.

Next, I throw out the inconvenient truths:

Most of today's security risk in the average computing environment comes from "drive-by downloads" -- that is, trusted insiders get infected by Trojan software that they were tricked into installing.
If you allow your end-users to install any software they want, then your risk of security exploitation is high.
Even if you are fully patched and the software you run contains zero bugs (this is never true), it barely decreases the risk from drive-by downloads.
Most malware and malicious hackers are criminally motivated and seek monetary gain.
End-user education is highly overrated and will fail.
Your firewall, your anti-malware software, and your IDS will fail.

This is hard for many people to accept, but I think we need to start thinking in terms of a office computer being a business tool. It is NOT a general purpose computing device to be used for personal purposes by employees. Harsh? Of course it is, but not as harsh as a trojan deleting essential work information or company secrets sold to the competition.

Friday, July 3, 2009

Manchester City Council pays $2.4m in Conficker clean up costs