- July 2015
- May 2015
- March 2015
- October 2014
- August 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- November 2011
- October 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
Yosemite accounted for a majority of all OS X editions in play last month, but versions from 2009 to 2012 powered one in five Macs.
Credit: Net Applications
Although Apple has done a better job of moving its Mac users along with each new operating system than has rival Microsoft, the Cupertino, Calif. company has been unable to eradicate fragmentation as it accelerated upgrades to an annual cadence.
According to data from analytics firm Net Applications, three OS X editions that were three years or older retained five or more percentage points of user share last month. Those three editions — 2009’s Snow Leopard, 2011’s Lion and 2012’s Mountain Lion — powered 20% of all Macs in April. When 2007’s Leopard was included, the number climbed to 21.3%.
There’s no question that Apple’s policy of giving away its OS X upgrades — a practice begun in 2013 with Mavericks — has reduced fragmentation by pulling Mac owners onto the newest edition faster than did versions that carried a price tag. The current OS X Yosemite, for example, accounted for 57.5% of all Macs in April, 23 percentage points higher than where Mountain Lion stood at the same point in its post-launch timeline. Mountain Lion was the last upgrade that cost customers money.
But the annual upgrades, even free, have been unable to eliminate laggards. While Yosemite powered the majority of Macs last month, Mavericks accounted for 21%, Mountain Lion and Lion for 6% each, Snow Leopard for 8%, and Leopard for nearly 2%. More than four in every 10 Macs ran an aged OS in April.
And older OS X editions dwindle in importance at a very slow rate: Over the past six months, Snow Leopard, Lion and Mountain Lion — the upgrades launched between 2009 and 2012 — have averaged a decline of less than half a percentage point each month.
By the time Apple issues its next edition of OS X — like its two predecessors, probably tagged with a California location name — 25%, or a quarter of all Macs, will still be running Mavericks or earlier.
Those numbers stand in stark contrast to iOS, Apple’s mobile operating system. By Apple’s tally, 82% of all iOS devices now run version 8, which was released a few weeks before Yosemite last fall. 2013’s iOS 7 powered only 17% of all devices, while the rest of the even-older iOSes accounted for just a measly 2%.
Operating system makers like Apple and Microsoft may talk up accelerated release tempos, and analysts may see similarities between those efforts on personal computers and the long-standing upgrade practices by smartphone owners, but the truth is that there’s no evidence to show consumers take to a new computer OS at the same pace as they do mobile operating systems.
Eliminating fragmentation is a goal of all OS makers, for it homogenizes the user base, providing developers a large and theoretically lucrative target for apps and services that leverage the latest features and APIs (application programming interfaces). More customers on the latest version can also reduce support costs, and newer OSes are typically more secure.
Microsoft, especially, has been talking up fragmentation, or the reduction of fragmentation, among its Windows users as it beats the Windows 10 drum.
“Today Windows customers are spread across many versions. This fragmentation makes it challenging for developers to delight our customers with applications,” said Terry Myerson, the Microsoft executive who leads the Windows group, in January when he announced that Windows 10 would be a free upgrade for consumers and some businesses.
In fact, Microsoft has set an ambitious goal of getting Windows 10 onto 1 billion devices — or two-thirds of those currently running Windows — by mid-2018, part of its anti-fragmentation strategy as it pivots toward making money from services and apps.
Windows is much more fragmented than is OS X, of course: As of April, about 17% of all Windows PCs ran 2001’s Windows XP, more than the share of Windows 8/8.1, Microsoft’s newest OS. And unlike Apple’s most popular edition, Microsoft’s was 2009’s Windows 7, which accounted for 64% of all in-use Windows versions.
Operating systems on personal computers have a long “tail,” something even Apple has found out.
The next time you want to install your favorite browser, update iTunes, or get the latest security release for Flash, do yourself a favor. Skip the vendor’s site and go straight to Ninite.com instead.
This cleanly designed web service offers immediate access to more than 80 programs, utilities, and runtime environments in a dozen categories. It’s completely free for personal use (a Pro version is available for businesses). Ninite will save you time, and it guarantees that you won’t have to deal with the potentially misleading dialog boxes that can result in unwanted third-party software—being installed on your machine.
Here’s how Ninite works:
You visit Ninite.com and click check boxes to select one or more programs from the categorized list.
When you’re finished, click the big green Get Installer button and wait while the Ninite back end builds an installer that targets the correct versions (32-bit or 64-bit, XP or Windows 7, and so on).
Download that installer, run it, and let Ninite do the work of downloading the files and silently installing them in the background. It automatically refuses any toolbars or other third-party software that the regular installer runs.
When it finishes (very quickly, in my experience), you’ll find the shortcuts to your newly installed programs on the Start menu, where you can run them and go through any required initial setup steps.
It really is that simple.
And here’s a bonus: If you save the installer and rerun it later, it will find and install any newly added updates for the apps in your selection.
I spoke with Ninite’s co-founder, Patrick Swieskowski, about the service and how it works. (If you’re curious, by the way, Swieskowski pronounces the first syllable with a soft I—nin rhymes with win. But he acknowledges that most people pronounce it with a long I, like Nine.)
Is it legal? In the arcane world of software licensing, who knows? But Ninite’s terms of serviceseem clear enough to me: “By using Ninite you certify that you have read and agree with the license agreements and restrictions of any software you install with Ninite.” As Swieskowski explained, it’s no different than hiring a friend—or the kid down the street—to set up a new PC for you.
Is it secure? I’m comfortable with the checks and balances. The installer goes out to official sites to download the code you install; Ninite doesn’t host any files on its own. Before it begins an install, it checks the digital signature of the file to ensure that its hash matches the known good version you’re expecting.
One of the most interesting Ninite options is the way it handles URLs. You can save a selection of software as a single URL, which is constructed from the names of the products. So if you want Mom to install the latest versions of Firefox, iTunes, and Skype, send her this link: http://ninite.com/firefox-itunes-skype/ When she visits that site, she gets a custom installer that sets up those three programs without any dialog boxes:
You can even use custom URLs on the fly to install single programs. You want Skype? Go to ninite.com/skype. Flash? Try ninite.com/flash (or ninite.com/flashie if you use Internet Explorer).
For now, Ninite is available for Windows and Linux only, but a Mac version is in the works. Highly recommended.
Crypto-based “ransomware” has become a lucrative business for cybercriminals. Since the arrival of CryptoLocker on the scene last year, a number of copycat malware packages have appeared to compete in the cyber-extortion market, encrypting victims’ photos and other personal files with a key that will be destroyed if they don’t contact the malware’s operators and pay up. Recently, a new variant has emerged that seeks to raise the stakes with a particular class of victim by specifically seeking out files related to a number of popular PC games, as well as Valve’s Steam gaming platform.
The malware, which is a variant of the crypt-ransomware called TeslaCrypt, superficially looks like CryptoLocker. But according to a number of security researchers who have analyzed the malware, it shares little code with CryptoLocker or its more well-known successor CryptoWall. And while it will also will target photos and documents, as well as iTunes-related files, as Bromium security researcher Vadim Kotov noted in an analysis on Bromium Labs’ blog, TeslaCrypt also includes code that specifically looks for files related to more than 40 specific PC games, gaming platforms, and game developer tools. The games include both single player and multiplayer games, though it isn’t clear how targeting some of the multiplayer games would affect users other than requiring a re-install.
The games targeted include a mix of older and newer titles— for example, Blizzard’s StarCraft II and WarCraft III real-time strategy games and its World of Warcraft online game are targeted. Also on TeslaCrypt’s hit list: Bioshock 2, Call of Duty, DayZ, Diablo, Fallout 3, League of Legends, F.E.A.R, S.T.A.L.K.E.R, Minecraft, Metro 2033, Half-Life 2, Dragon Age: Origins, Resident Evil 4, World of Tanks, Metin 2, and The Elder Scrolls (specifically, Skyrim-related files), as well as Star Wars: The Knights Of The Old Republic. There’s also code that searches for files associated with games from specific companies that affect a wide range of titles, including a variety of games from EA Sports, Valve, and Bethesda, and Valve’s Steam gaming platform. And the game development tools RPG Maker, Unity3D and Unreal Engine are targeted as well.
These files are all targeted by their file extension, Kotov reported. “Concretely these are user profile data, saved games, maps, mods, etc,” he said. “Often it’s not possible to restore this kind of data even after re-installing a game via Steam.” Ars has reached out to Valve for comment on what users can restore from online, but hasn’t received a response.
The ransomware “dropper” package performs a scan for a number of virtual machines (including Kaspersky Labs’ sandbox, VMware, VirtualBox and Parallels) by checking for telltale driver files. Then it drops a pair of Internet Explorer Flash exploits to download and install the malware—identifying it as CryptoLocker. Like CryptoWall, it uses Tor to communicate with a command and control server, and gives the victim a link to a Tor “hidden service” site—either presented within the malware itself, or reachable through a Tor gateway URL.
And just as with CryptoWall, this TeslaCrypt variant’s encryption scheme has yet to be cracked. Once files are encrypted, the only way to recover them at present is to pay the malware’s masters. The variant analyzed by Kotov had Bitcoin code directly integrated into the malware to make it easier for victims to pay; other TeslaCrypt variants allow payments via PayPal MyCash cards, making it easier for victims unfamiliar with Bitcoin to pay up—though they may charge a premium for that option.
Microsoft made it official this week that the standard web browser to ship with Windows 10 will not be Internet Explorer (sigh of relief). It will not only have a new name, it will be a completely different browser, designed from scratch (yay!). It will even come with neat new features, including letting you write directly on webpages from your touchscreen, making sites more readable, and saving sites for offline reading (cool!).
But Internet Explorer will be sticking around. (Wait, what?!)
Yup. Microsoft’s new browser (currently codenamed “Project Spartan”) will be built on a different software platform from IE, so it won’t be backwards-compatible. That means Microsoft will continue to ship IE with Windows to ensure that corporate apps keep functioning properly.
“We recognize some enterprises have legacy websites that use older technologies designed only for Internet Explorer,” said Jason Weber, Microsoft’s Internet Explorer program manager, in a blog post. “For these users, Internet Explorer will also be available on Windows 10.”
In other words, don’t get mad at Microsoft. Blame your IT department for building apps in Internet Explorer. And South Korea (which passed a law in 1999 requiring that banks and retailers use digital certificates — created by Microsoft, and available exclusively on Internet Explorer).
IE is mostly going away for good, though. In Windows 10, Spartan will be the primary way people access the Web. If you buy a Windows 10 PC, you’ll likely never even notice that IE is installed on your computer.
Meanwhile, Chris Caposella, Microsoft’s marketing chief, said this week that Microsoft is looking to name its new browser. Acknowledging what a poisonous brand Internet Explorer has become, the company said it has whittled it down to four new names, all of which test better with Google Chrome users than “Internet Explorer.”
Internet Explorer has become synonymous with bugs, security problems and outdated technology. Even as it’s improved dramatically in recent years, it continues to lose serious ground to rivals.
Once the most-used web browser, Internet Explorer had been on a steady downward trajectory for years. Its share of the browser market fell below the 50% threshold in 2010 and sank below 20% in October, according to browser usage tracker StatCounter. Google’s Chrome is currently the leader, commanding nearly half of the market.
Microsoft has finally woken up, and just wants to kill the thing altogether. A fresh start makes sense.
Ironically, Microsoft allowed IT departments to dig a hole so deep that it might be years before Internet Explorer will die once and for all.
Should you use Java? If you don’t need it, don’t install it; plenty of Java exploits and vulnerabilities can really make your day unpleasant, not to mention the crapware that Oracle puts on your system whenever you go to install Java.
As Windows users have experienced for some time now, the very company that officially distributes Java is also one that seemingly benefits from a revenue arrangement with Ask.com. Whenever you go to install Java on a Windows machine, you have to resist the urge to blindly click through the prompts to get the installation up and running. If you do, then you’re also going to install an annoying Ask toolbar on your system—and make Ask.com your default search provider in your browser. Yuck.
Those installing Java on OS X haven’t had to deal with such an issue, but that’s all changing now. According to numerous reports, the latest version of Java for Mac now also comes with Ask software—specifically, the “Search App by Ask,” which you’re asked whether you want to install as part of the Java installation process.
To Oracle’s credit, the company is fairly clear about the arrangement in the online instructions for installing Java on OS X.
“Oracle has partnered with companies that offer various products. The installer may present you with the option to install these programs when you install Java. After ensuring the desired programs are selected, click the Next button to continue the installation,” reads Oracle’s description.
As Engadget notes, Oracle’s decision to bundle crapware with Java has led to 20,000+ signature online petition that asks the company to reconsider its decision—a petition that’s been alive for more than two years, we should note.
“It is demeaning for a respected corporation such as Oracle to resort to such techniques only to make a small profit. Ask Toolbar hijacks user’s default search engine and forwards them to Ask search engine which resorts to various misleading advertisement techniques in order to confuse the unsuspecting users into clicking on their paid ads,” reads the petition.
Antivirus software likes to make a point of popping up a small window in the system tray to show you when they have updated their detection definitions. So your software is up to date and ready to catch all the latest malware, right?
In a test described in its State of Infections Report Q4 2014, Damballa analyzed tens of thousands of sample files that enterprise organizations sent in for review. The files that its Failsafe scanning system detected as malicious were also scanned by the four most commonly deployed antivirus products, although Damballa declined to name names.
They found that within the first hour of identification of suspicious code, the antivirus products only caught 30% of the malware. After 24 hours, 66% of the files were identified as malicious, which means one-third of the files were still slipping through. After seven days, the identification rate rose to 72%. After one month, it identified 93% of the malicious files, and it wasn’t until six months later before all malicious files were identified.
This kind of inaccuracy is compounded by the fact that there are so many attacks on companies on any given day. Damballa cited a 2015 Ponemon Institute report that showed the average enterprise receives 17,000 malware alerts weekly from their IT security products. Only 19% of the attacks are deemed to be reliable and just 4% are ever investigated, which suggests security teams don’t have the time or resources to do anything about it.
In a real-world environment, an antivirus product would scan a file just once, usually when it first arrives via email. If the average security team receives 17,000 weekly alerts, or 2,430 alerts every day, then AV products with a 30% accuracy rate on day one would miss 796 malicious files every day.
Damballa’s conclusion is that while prevention-based defenses remain important, companies need to put greater emphasis on detection and response. “If you can reduce the time between the initial infection and its discovery and remediation, you reduce your risk of damage,” it wrote.
Naturally, Damballa happens to sell one of those discovery solutions, but its recommendations were not entirely self-serving. It recommends automation to handle detection, since 86% of companies surveyed report being short-staffed with cybersecurity experts.
“If security teams can integrate high-fidelity detection with response mechanisms, like endpoint security tools and network access control systems, they can make headway. Instead of a judgment call, decisions are policy-driven,” it said.
Mind the gaps
Don’t be mistaken: antivirus software is a crucial part of any security arsenal and every day malware scanners the world over detect and throttle millions of malicious software strains. This is not a category of software that we should live without.
Antivirus tools work by scanning both static files and programs running in memory. They use several techniques to try and detect malicious activity.
Signature scanning, which looks for known patterns in files, is a well-established method of finding software nasties, as its scanning code runs in memory, looking for potentially malicious activity as it happens.
These are solid, reliable tools but when attackers are determined enough, antivirus software alone may not stop them from grabbing your data.
The malware industry thrives on zero-day attacks – exploits using obscure or completely unknown vulnerabilities. A hacker smart enough to devise one – and there are plenty – can get past malware detectors.
The smart IT manager uses complementary technologies to reduce the risk of attack, and one is to look at the potential delivery channels for malware.
Web protection software can reduce that risk by blacklisting certain sites or groups of sites. Filtering web access is a good way to reduce the risk of infection by simply prohibiting access to sites that are not necessary for work.
It can also be a worthy complement to antivirus software that will attempt to detect anything installed via the browser. This multi-faceted protection is a basic tenet of modern cyber security.
All it takes is for one user to open a file or click a link and you can wave goodbye to the integrity of your network
Another important vector is email. This has gained huge traction among attackers, who use it for phishing, and in some cases spear phishing targeting specific companies.
Attackers can gather information about a company’s organizational structure and employees. The list of sources here is endless, ranging from annual reports through to social media posts.
These can be used to socially engineer employees to obtain login details or have them open a file containing a zero-day attack.
Employee training is all-important here but it must be backed by a technological solution too. All it takes is for one user to open a file or click a link to a fake IT administrator page asking them to enter their single sign-on password as part of a security audit, and you can wave goodbye to the integrity of your network.
The best way to counter threats delivered via email is to choke them off before employees even see them. Monitoring and filtering emails is therefore an important part of any corporate cyber-security strategy.
Email can be scanned for viruses, and it can be controlled still further by scanning for known spam signatures and characteristics. This alone can root out the lion’s share of malicious or pestering emails, increasing employee productivity as well as reducing the risk of compromise.
Adding blacklists for known bad domains and whitelists for recognized sources, such as business partners and customers, can be an extra-useful technique for locking email down.
The further that companies can keep unscrubbed email away from their IT architectures the better. Pre-filtered email streams contain not only infected files but also large volumes of spam, which serve only to clog bandwidth and servers.
Having these filtered offsite by a third-party service mitigates the problem, ensuring that only clean communications touch company servers.
Patch and mend
Even after all these measures have been taken, there is still the chance that a company’s systems can be compromised.
The likes of Gonzalez, or the Sony Pictures hackers, are determined assailants. The battle doesn’t stop with web protection or email scanning.
Making sure the software running on the network is up to date is an important aspect of any cyber-security strategy so that attackers can’t exploit any of the known vulnerabilities in the average operating system or application.
Patch management processes and tools are critical, especially as companies grow larger and IT infrastructures become more complex. Understanding what has been rolled out and when can help IT administrators prevent dangerous holes from appearing in the system.
All of these measures, layered onto antivirus software, can help to reduce the risk of a successful cyber attack.
Here’s the dirty little secret of cyber security, though: nothing is 100 per cent secure. The key is to make things so difficult for attackers that they decide to move on to easier targets.
The way to do that is to layer your defenses, using multiple tools and protecting different parts and communications channels of the IT infrastructure.
Managing it centrally also gives you a single point of access, helping you not only to quash incidental attacks but also to spot any emerging trends that could indicate a sustained, targeted assault on your company.
This concept reflects a long-established military strategy: defence in depth, in which layers wear down an attacker’s ability to mount an offensive.