I Spy with my little browser
1) An IM worm
2) Two Spyware Frauds
3) Lots of 3rd Party Apps in a Google Bundle
The “Google Pack” software bundle will include third-party apps such as the Firefox browser, Adobe Reader, Norton AntiVirus, and six of Google’s own programs, including Desktop Search and the Picasa image management tool.
4) Many More Decades Windows will be Buggy
One
Two
FTC Nails Two Spyware Sellers For Tricking Users
TechWeb News
Two companies accused of deceiving computer users into believing their systems were infected with spyware have settled with the Federal Trade Commission and will pay back over $2 million in ill-gotten gains, the agency said Thursday.The lawsuits, which were filed in March 2005 against the makers of SpywareAssassin and in June against the creators of Spykiller, charged that both were tricking users into paying for anti-spyware software after they’d run bogus scans on the consumers’ PCs and supposedly detected spyware and adware infections.
No such infections were actually present on the scanned PCs, alleged the FTC’s civil lawsuits.
This “scareware” practice spread during 2005, and even with several FTC actions, continued. In an earlier interview, Patrick Hinojosa, the chief technology officer of Panda Software, said that the scam was too lucrative to disappear. “”We’re going to see a lot more like this, like mushrooms after a rain,” he said.
The settlements announced Thursday, however, put an end to two groups’ scareware tactics. The makers of SpywareAssassin must pay $76,000 and are banned from selling or marketing any anti-spyware product in the future. The creators of Spykiller, meanwhile, will fork over about $1.9 million to the federal agency.
Settlement documents in PDF format can be downloaded from the FTC site for the SpywareAssassin or Spykiller lawsuits.
—–
Three
Google Introduces Software Starter Kit For PCs
SAN FRANCISCO (AP) — Google Inc. is distributing a free software startup kit designed to make computing safer and easier – a generous gesture driven by the company’s desire to steer technology offline as well as online.
The software bundle, unveiled Friday in Las Vegas during a speech by Google co-founder Larry Page, represents the Internet search engine leader’s latest jab at industry kingpin Microsoft Corp.
The suite of programs is designed to make it easier to install and maintain basic applications that have helped turn the PC into a hub of information, entertainment and communications.
With the initiative, Google is setting out to prove that it is better positioned to help people get the most out of their computers than more-established software makers, particularly Microsoft – the maker of the pervasive Windows operating system. “We thought, ‘Why can’t using a computer be more fun, simple and empowering?’” said Marissa Mayer, Google’s vice president of search products and user experience.
Six of the programs in the package are owned by Google, which had previously offered all but one on a piecemeal basis. A screensaver that automatically displays pictures stored on a personal computer is being introduced for the first time as part of the “Google Pack.”
With the exception of a Norton antivirus program that is being offered in a free six-month trial, the seven other applications in the Google Pack are already available for free on the Internet.
Mountain View, Calif.-based Google has simply negotiated agreements to create a one-stop shop for all the applications, supplemented with tools to simplify the process for installing and updating the programs. Neither Google nor the other participants in the Google Pack are paying each other any money, Mayer said.
Although cobbling together a bunch of free software isn’t revolutionary, the move could foreshadow bigger things to come as Google’s maneuvers to gain more influence over the products people install on their PCs while diminishing Microsoft’s power.
If the Google Pack proves popular among PC owners, more software makers are likely to be lining up to be included in future versions – a phenomenon that would give Google even more leverage in its slugfest with Microsoft, said Forrester Research analyst Charlene Li.
“This has the potential of giving Google more control over the software supply chain,” Li said. “They in effect could become the arbiters of software taste, determining what’s good and bad.”
For now, Google is primarily interested in making personal computers easier and more enjoyable to use, Mayer said.
If people spend more time on their computers, Google believes it will receive more Internet search requests – an activity that generates the highly profitable ads that has catapulted its stock and spawned more than $100 billion in shareholder wealth during the past 18 months.
Google’s shares surged $14.42 Friday to close at $465.66 on the Nasdaq Stock Market. The stock price reached a new high of $470.50 earlier in the session.
Hoping to stunt Google’s rapid growth, Microsoft has invested heavily to expand its presence in Internet search during the past year. So far, though, Google has been able to win even more market share, emboldening the company to embark on far-flung expansion that has increasingly put it on a collision course with Microsoft.
Toward that end, Google plans to distribute even more software as it builds upon the loyalty fostered by its popular search engine.
“I can imagine an operating system that some day does a better job storing your data, using (a) network,” Mayer said in a barb clearly aimed at Microsoft.
The Google Pack includes Adobe Systems Inc.’s Acrobat Reader, RealNetworks Inc.’s media player, Mozilla’s Firefox Web browser and Cerulean Studios’ Trillian instant messaging program.
Notably missing are word processing and spreadsheet programs, though Google pledged in October to work with Sun Microsystems Inc. to promote an open-source version of those applications.
Mayer couldn’t explain why the free OpenOffice suite, which includes word-processing and spreadsheet applications, wasn’t included in the Google Pack.
Li believes the programs were excluded because Google didn’t want to risk including anything that might be difficult to install or interfere with other applications, such as Microsoft’s competing Office suite.{Hmpf. I hear Google is working on their own Suite. And Open Office rarely interfers with M$’s.}
—–
Four
Patched Windows Bug Will Be Danger For Months
TechWeb News
Although Microsoft pushed out a patch early to fix a major bug and even recommended that enterprises deploy it immediately, the underlying vulnerability will continue to haunt Windows users for the next six to eight months, a security professional said Friday.Thursday, Microsoft released an out-of-cycle patch for the 10-day-old Windows Metafile flaw, admitting it did so to placate customers who were demanding an early fix.
“When I spoke to a number of customers and asked if the current situation warranted an out of band release of the update, they said yes,” wrote Mike Nash, vice president for security business, on the Microsoft Security Research Center (MSRC) blog late Thursday.
Nash went on to recommend that enterprises roll out the fix as soon as they’re able.
“You should deploy the update as soon as is feasible. Put it through your testing process and get it deployed. If it were my decision, I would move up [your] schedule. That is what we are doing in our IT operation here at Microsoft,” he wrote.
“Absolutely that’s the right advice,” seconded Mike Murray, director of research at vulnerability management vendor nCircle. “The sooner you get everyone patched the better you are. The current exploits don’t include an automated worm, but for threats that require some user interaction, this is as bad as it gets.”
Exploits leveraging the WMF vulnerability now number in the hundreds, security firms allege, with thousands of Web sites — some of them legitimate, but hacked to silently deploy malicious code — seeding these exploits.
“We viewed this an incredibly serious threat from the beginning,” said Murray. “It’s been actively exploited in the wild. This is the kind of blended threat people will use for months for phishing attacks and to collect bots.”
Murray estimated that it will take six to eight months for enterprises to fully deploy the WMF vulnerability patch, a time during which attackers will continue to compromise computers.
“This is definitely going to lave long legs,” Murray said.
One of the things that rankled many critics in the security community prior to the patch release was how Microsoft dismissed the danger of the vulnerability.On Wednesday, for instance, Debbie Fry Wilson, a director at the MSRC, claimed that her group was proactively looking for, and shutting down, malicious Web sites serving exploits. More importantly, she took issue with the call to danger some security groups were issuing.
“Frankly, our analysis is different from the inflammatory headlines we’re seeing on some [security] newsgroups,” Fry Wilson said Wednesday. “All they’re doing is adding fuel to the fire. It’s definitely a serious issue, but it isn’t something that’s spreading and it’s not affecting large-scale customers.”
That same day, Kevin Kean, another MSRC director, called the WMF problem a “contained event.” Both noted that the WMF vulnerability required some user interaction to compromise a computer, which could mean as little as visiting a malicious Web site or as much as launching a file attachment.
Even a day later, when the Redmond, Wash.-based developer released its out-of-cycle patch, the company kept up the drumbeat. “Microsoft’s monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft’s efforts to shut down malicious Web sites and by up-to-date signatures from anti-virus companies,” a statement read.
Murray took exception. “Someone in the organization realized that this was serious,” he said. “Microsoft may have been downplaying the threat publicly, but the fact that it released the patch early, that speaks a lot louder than their denial of the danger.
“They knew this was important to do,” Murray said.
“Microsoft uses the phrase ‘no user interaction required’ to downplay threats all the time,” noted Murray. “But many of the biggest threats have required some user interaction. The ILOVEYOU worm and Sober, for example. There are definitely the Code Reds and the Nimdas, but in the annuls of massive threat history, there are significant events that spread with the help of users.”
—-
So Micro$oft still thinks they’re all that, Google is trying to be and there will always be a sucker and two scammers to take advantage born every minute.
Happy weekend.
