This sounds like the title of a children’s book, but unfortunately the issue highlighted in the press this week is more concerning than a story. The pre-loading of the SuperFish software on the Lenovo machines introduced a vulnerability to users even before they unboxed their new laptop.
There are several issues with the pre-installed application, one is that it is an ad-injector which inserts adverts into your browser based on what you are searching for, and without being an expert at identifying these you might be directed to sites to purchase things without understanding why.
To do this more effectively, Superfish also installs a root certificate which allows them to see traffic on encrypted websites, like your banking website, that you might have considered private and secure.
This is a bit like me giving out the keys to your house and could be abused by other malicious people and used to capture passwords and other personal information.
AVG detects and removes the Superfish add-on. If you have attempted to download something it was bundled with then AVG would have detected and blocked it advising the user it was an ‘unwanted application’ and potentially harmful.
This means no part of it was ever installed – good for existing AVG users, but what about if you have purchased a Lenovo and then installed an anti-virus product, the risk here is that full removal of some parts are difficult to remove as they are embedded into the system.
This week Lenovo has been re-active to this anddeveloped a removal tool which you can download here. There are also manual instructions available should you want to do this yourself.
There is a much wider issue for consumers though, it’s becoming very difficult to know which products and manufacturers to trust and who is doing what with our data.
There are discussions in the tech industry on improving transparency so that consumers can once again have confidence in brands.
I believe that over the next few months we will see progress in a more coordinated effort by the security industry to protect users from these types of applications.
If you are at all concerned then be sure to run a full system scan from you Anti-Virus product and ensure that the updates have been run. If you’re running an expired product then either renew it or download the AVG AntiVirus Free solution here.
Android phones can be tracked without using their GPS or wi-fi data by studying their power use over time, a study has found.
A smartphone uses more power the further away it is from a cellular base and the more obstacles are in its way as it reaches for a signal.
Additional power use by other activities could be factored out with algorithms, the researchers found.
They created an app designed to collect data about power consumption.
"The malicious app has neither permission to access the GPS nor other location providers (eg cellular or wi-fi network)," the team - Yan Michalevsky, Dan Boneh and Aaron Schulman, from the computer science department at Stanford University, along with Gabi Nakibly, from Rafael Ltd - wrote in their paper.
"We only assume permission for network connectivity and access to the power data.
"These are very common permissions for an application, and are unlikely to raise suspicion on the part of the victim."
There are 179 apps currently available on Android app store Google Play that request this information, the team add.
Activity such as listening to music, activating maps, taking voice calls or using social media all drain the battery but this can be discounted due to "machine learning", the report says.
"Intuitively the reason why all this noise does not mislead our algorithms is that the noise is not correlated with the phone's location," it says.
"Therefore a sufficiently long power measurement (several minutes) enables the learning algorithm to 'see' through the noise."
The tests were carried out on phones using the 3G network but did not measure signal strength as that data is protected by the device.
'Stuffed with sensors'
"With mobile devices now becoming ubiquitous, it is troubling that we are seeing so many ways in which they can be used to track us," said cyber-security expert Prof Alan Woodward, from Surrey University.
"I think people sometimes forget that smartphones are stuffed full of sensors from gyroscopes and GPS to the more obvious microphones and cameras.
"This latest work shows that even that basic characteristics (power consumption) has the potential to invade privacy if monitored in the right way," he added.
"We are approaching the point where the only safe way to use your phone is to pull the battery out - and not all phones let you do that."
In AVG’s latest “App Performance Report” for Q4, we’re looking again at the anonymous data from over one million AVG users, compare it to our first report, and reveal what apps are the most resource-hungry on their phones.
When looking at one million of our users, we found many interesting trends that might just surprise you:
Spotify is now the No 2 resource consuming app overall
Out of our total user base, 638,716 users had the music streaming service Spotify installed: what they perhaps didn’t know is that Spotify is now the second most resource-consuming app in the store (up from rank 5 in Q3).
If you’re low on battery, space or data, keep that streaming to a minimum!
The changing gaming landscape
In our previous report, uber-popular FarmVille and Puzzle & Dragons topped the charts for the most resource-hungry games for Android. However, they were nowhere to be found in our Q4 roundup. A closer look shows Puzzle & Dragons and FarmVille suffered from a 50% and 43% decline respectively in installed user base in Q4 when compared to the beginning of the year (Q1/Q2).
New games such as Boom Beach and Deer Hunter 2014, however, appeared out of nowhere and secured the top spots in both usage and resource usage (not surprisingly, they’re games after all!).
Samsung’s New Updates
After the rollout of Android 4.4.2 (October 2014), we noticed a new entry in our top battery drainers that run immediately at start up. Samsung’s Security Policy Update service, officially named Samsung KNOX™, automatically checks for security updates and downloads these automatically. While Knox is a great addition to having a full-featured antivirus product installed, a number of users and even journalists have publicly complained about not just the amount of notifications shown but also a 30-40% drop in battery life.
As mentioned in this ZDNet article, this feature cannot be turned off as mentioned by the Samsung Technical Support: “To ensure that your device always has the latest security to protect you and your data, Samsung will occasionally send security updates to the device as needed. I’m sorry to inform you that there is no option to disable these updates”.
While we can’t stress enough that security on mobile device is critical, handset makers need to ensure their product does not reduce battery life or impact overall performance drastically.
Taking selfies was “the” cool thing to do in 2014: selfie sticks, selfie apps, selfie phones all flooded the market. Unfortunately, some of these apps can be quite draining on a device’s battery. A new app called Candy Camera – Selfie Selfies crept up to number 7 in the top battery hungry apps that run in the background. We suggest avoid apps like these as they only should drain battery when you’re actively running them!
Maps & Navigation
Did we spend more time navigating and looking at maps? With more time off over the festive period, both Waze (Social GPS Maps & Traffic) and also Google Maps climbed into the Top Usage Chart:
Less gaming, more talking
Another seasonal effect: compared to Q2 and Q3 of 2014, we spend much more time on social networks and communicating through messenger apps instead of gaming. While we still spend most 49% of our time gaming on our Android devices compared to 62% in the previous quarter, social and communication apps rose to 11% and 10.3% of our total usage (compared to 6% and 3% respectively before)
Again, find a full list and all the data in our app report here.
So what are you supposed to do if you’ve got one or even many of our resource drainers installed? Find out in our top tips in the next blog!
In 2013, Microsoft said it would offer Microsoft Office 365 to U.S. students for free, provided their schools licensed the software for faculty and staff. Now, that offer is being extended worldwide.
Microsoft said Tuesday that the offer for free Office is being extended anywhere Office is available: from Afghanistan to Zimbabwe, or dozens of countries around the world. As before, the school must license Office in order for its students to be eligible.
How do you check? Students can go to office.com/getoffice365 and enter a school-provided email address, and teachers can visit the office.com/teachers site and do the same. (Microsoft launched this self-serve service in the United States last September.)
Microsoft has warred with Google and other office-suite providers to convince businesses, governments, and other organizations to adopt Office—and it has quietly shifted away from a disc-based, one-time Office purchase to a subscription that can be budgeted for and automatically approved year in and year out.
Why this matters: Microsoft knows an Office 365 subscription is one of those productivity safe bets that gently lock in an organization to Microsoft’s products, and “train” students to prefer Office when they move on to the real world. Once there, students can buy their own personal Office 365 subscription if their employer goes another route. Previously, Microsoft tried to hook students with an Xbox Live Gold subscription, as well.
As in the United States, students gain access to Word, Excel, PowerPoint, OneNote, Access, and Publisher installed on up to five PCs or Macs, and on up to five mobile devices like iPad, Android, and Windows tablets; plus, Office Online and 1TB of OneDrive storage.
Google is testing out a service that incorporates live chat with businesses right into search results, via a new link that shows whether a business is currently available, and immediately launches a chat via Google Hangouts (on either desktop or mobile) if they are. The service resembles Path Talk’s direct messaging platform with local businesses, but incorporates its service right into the business listing search result card it shows on Google.com, which also shows you details including price level, address, map location, phone number, opening hours, ratings and reviews.
We’ve confirmed via a Google spokesperson that this is indeed an experimental feature the company is testing, which was originally spotted by Matt Gibstein who shared screens on Twitter earlier today. The new experimental chat feature offers a direct text-based line of communication, in this case with a restaurant, so that you could theoretically ask if it’s currently busy, if there’s a reservation available, or menu-specific queries, for example, and receive an answer in real-time. This is the premise behind the aforementioned Path Talk, which was a service Path added to its dedicated messenger to help separate its offering from the sea of mobile messaging apps currently available.
Path Talk’s launch last September stemmed from its acquisition of business text message service TalkTo, and offers an overview of local businesses using the service displayed on a map screen, allowing users to see a list, including online status information, so they know which businesses they can talk to currently. The free service eliminates the need for a phone call for activities like checking for in-stock inventory, making an appointment or making reservations.
Google’s test service appears to offer the same conveniences, including an estimated time for response, but using listings on Google’s own extensive existing index of places. Of course, Google launching its own version of Path Talk would be bad news for the smaller company, especially if Google made this available via things like Google Maps in addition to directly in search results. It’s still very early at this stage, however, and there’s no guarantee it’ll ever become a full-fledged offering with general availability. Still, with messaging of increasing importance to businesses everywhere, it’s a smart area for the search giant to explore.
We’ve still got nearly two weeks to go before HTC officially unveils their new top-tier Android phone at Mobile World Congress, but it looks like the details have already started dumping out.
On an episode of Droidcast back in January, we were pretty confident that HTC’s next big device — which we tentatively called the HTC One M9 — would look a whole lot like its HTC’slast flagship, the One M8.
Sure enough: if these latest leaks are legit, it’s pretty much a dead ringer. They’ve moved some buttons around, sure, and it looks like they’ve gone from two cameras on the rear to one — but unless you really know your stuff, a quick glance would leave you thinking the two devices were one in the same.
Note that third button below the pair of volume buttons on the right. That’s the power button, which on the One M8 was located on the top of the device. Given how damned big the One M8 is, having the power button up top made it a bit arduous to reach at times.
Meanwhile, Germany’s MobileGeeks.de found some official-looking renders lurking on a German phone retailer site, though the page has since been gutted of most of its imagery.
Here’s what the rumor mill suggests is under the hood:
• 5-inch Display running at 1080p
• 20.7 Megapixel rear camera, 4.0 megapixel front camera with HTC’s “Ultrapixel” tech
• Android Lollipop 5.0 (with some HTC Sense stuff running on top)
• 2,840mAh battery
• 3GB of RAM
• 2Ghz Qualcomm Snapdragon 810 CPU (though some rumors pin it at 2.8Ghz)
Everything is still up in the air for now, of course. Even the name is still up for debate; some say it’s the “One M9″, some say it’s just “The One”. Whatever the case, HTC should be making things 100% official come March 1st in Barcelona.
Several cyber take downs occurred this year when hackers infiltrated Home Depot, Michaels, iCloud, JP Morgan and the list just goes on. And while consumers and companies have been hit hard in 2014, our 2015 security predictions show that this will be the year of the cloud attack.
According to a recent IDC report, almost 90 percent of Internet spending (including mobile apps, big data and social media) will be on cloud-based technologies over the next six years.
While many companies are making the leap to the cloud, securing the cloud remains an ongoing challenge for IT departments. Smart cyber criminals know where the holes reside and view this space as a big target.
In 2015, a major cloud provider will be breached, compromising many of their customers’ data and in turn leaving hundreds of thousands of individuals vulnerable to follow-on threats. Following the breach, I predict the following will occur:
1. U.S. Congress will step up efforts to legislate better security protection in public clouds.
2. Consumer and shareholder outrage will lead to the sacking of several CEO’s and CISO’s and force the creation of internal cybersecurity task forces.
3. Enterprises will recognize the benefits of cloud-based malware protection as well as cloud-based cyber attacks.
4. Enterprises, government agencies and security vendors will begin to develop more effective collaboration and cooperation to combat the wave of cyber crime and cyber warfare.
With our 2015 security predictions in mind, what other theories do you have for this year’s security landscape?
Updates to the Outlook apps tweak swipe gestures on the Android version and improve security for Exchange users in both versions.
Microsoft has polished up its Outlook apps for iOS and Android just two weeks after their debut.
In a blog post Tuesday, Microsoft's Office 365 Team outlined the features available in an update to the mobile email apps. Some of the new features and changes affect only the iOS app or the Android app, while others affect both versions.
The Outlook apps -- rebranded versions of the Accompli e-mail app that Microsoft bought in December -- are the latest steps in Microsoft's push toward a greater presence in the mobile world.
In the past, Microsoft was shy about releasing its apps onto competing mobile platforms, such as iOS and Android. But CEO Satya Nadella has made it his mission to focus on the cloud and mobile markets as key areas for growth.
In one change, the mobile version of Outlook now handles IMAP, an email protocol supported by many major email providers, including AOL and Comcast. IMAP stores your emails on the server until you delete them, allowing you to access your latest messages from different devices and mail clients.
By default, Outlook sorts your email into conversation threads, so you can follow all related messages. But if you'd rather see each email individually, you can now change the setting. Simply tap the Settings icon, scroll down to the option for Organize Mail by Thread and turn it off. This feature isn't yet available for the Outlook app for Android, but Microsoft said it expects to bring it to Google's mobile OS soon.
Microsoft also now lets you customize swipe gestures on the Android flavor of Outlook just as you can on the iOS version. By swiping a specific email to the right or left, you can quickly delete it, archive it, move it, flag it, schedule it or mark it as read or unread. A setting called Swipe Options lets you choose which action to assign to a right or left swipe.
You can also now change the folders targeted in swipe gestures. In the past, Outlook asked you which folder you wanted to use when you archived or scheduled an email. Now you can set a default folder, so that Outlook will no longer prompt you.
Those of you who use Outlook with Exchange servers, which typically means business users and enterprise customers, will find more solid security in the update.
If your company uses Exchange ActiveSync to sync your email and other items and requires a password for the synchronization, Outlook will now prompt you to set up a passcode on your mobile device. Until that passcode is established, you won't be able to access your email. That sounds like a hassle, but it's designed to protect your email. Devices running iOS 8.0 or later come with built-in encryption. Outlook uses your passcode to encrypt all the data stored on your device.
And for Android users in the business world, Outlook can now enforce policies regarding the length and complexity of your password as well as the number of attempts someone can bypass the screen before your device is wiped.
Microsoft is axing a much-loved feature of its Windows Phone OS, Rooms, at short notice. An email sent to users yesterday announced that support is ending next month – long before functionally equivalent replacements are in place.
Rooms was introduced with Windows Phone 8 in 2012, and allowed users to chat, share calendars, photos and to do lists. A "Family Room" is already created on the phone by default. The Tile-based UI of Windows Phone conveniently alerts users to updates, such as new appointments, shopping list items and images.
From next month, Microsoft says, users will not be able to create new Rooms, or add members to or delete them from existing Rooms. The feature will disappear entirely in Windows 10.
Users will be able to continue to work with the data in their Rooms - but only via three discrete websites: One Note, Calendar and One Drive. A user suggestion to save Rooms has already attracted some votes. Users voice concerns that Windows Phone is becoming less distinctive. "Stop trying to be just like the competition - keep being BETTER", writes one.
Microsoft is expected to enhance its Skype client to include the Rooms functionality – but only Microsoft knows when. We requested a comment from Microsoft, but had not heard back at press time.
With Windows 8.1 last year, Microsoft began to remove the tight integration that strongly differentiated Windows Phone from Android and iOS. For example, the phone nicely aggregated social media activity in the system, within Hubs and on contact cards. Now, it throws the user into a dedicated Twitter or Facebook app – a much clunkier experience.
Windows Phone users got an early indication that CEO Satya Nadella doesn't think differentiating the mobile platform is a priority when a Microsoft manager mused about porting Cortana to rival platforms. Nadella replaced his predecessors "Devices and Services" formulation with "Cloud-o-bile" – a race in which Cloud and Mobile both come first. Together. At the same time. Skipping over the finishing line, hand in hand. Nobody finishes second. Everybody is a winner.
Mistakes include ordering too much power, not shutting down in off hours
The benefits of shifting business applications to Web-friendly cloud services is proving far more complex than lining up a partner and flipping a switch, say executives who have made the transition. Absent proper expense controls, they say the cloud can be exceptionally wasteful of expensive resources.
What to watch for? Experts say always keep future costs in mind when planning the shift. Some common mistakes include ordering too much computing power, failing to program software shutdowns in off hours, not using monitoring tools to keep tabs on wasted computing cycles, or allowing programmers to believe cycles are free.
Lessons learned from cloud-pioneers such as streaming video provider Netflix Inc. and life-sciences equipment and services firm Thermo Fisher Scientific Inc., can be helpful for information-technology executives.
Adrian Cockcroft, a former Netflix cloud architect who oversaw the company’s move to Amazon.com Inc.’s Web services business from its data center, says Netflix engineers wrote software that automatically shut down systems at off-peak times and could predict when to resume activity. Another Netflix custom program tracked the cloud computing resources consumed by each region or service.
“If you build applications that assume the machines are ephemeral and can be replaced in a few minutes or even seconds, then you end up building an application that is cost-aware,” said Mr. Cockcroft, now a technology fellow at venture-capital firm Battery Ventures. “The big thing in enterprise computing now, and it goes right up to the CIO level, is optimizing for speed and agility,” he said.
The economic case for embracing cloud computing is based on the idea that consuming resources as you need them beats expending capital and maintenance budgets to fund a roomful of servers. But the ease with which departments can tap online resources with little more than a company credit card can lead to problems. Ordering too much computing power can be as easy as over ordering at a restaurant or leaving the water running at home.
Some 60% of cloud software servers can be reduced or terminated because companies have purchased too many, estimates Boris Goldberg, co-founder and chief technology officer at Cloudyn Ltd., which develops software to monitor and manage cloud computing.
Mark Field, vice president of information technology at Thermo Fisher remembers the day he discovered that the pay-what-you-use argument for cloud computing had a flip-side. The Waltham, Mass., life sciences company had rented computing power from Amazon Web Services to perform minor computing tasks. But on Fridays the engineers would leave computing tasks processing through the weekend, running up the bill with AWS and erasing potential cost savings. “Would you like someone leaving the shower running in your house all weekend long?” Mr. Field asked.
To stanch the leak, Mr. Field ordered that all procurement of cloud services go through his department. Each week he combs through the bills for cloud services and finds underutilized servers, or servers that are running when no one is using them.
Like Netflix, Thermo Fisher developed software scripts that can start or stop entire computing systems on demand. He also elected to swap more expensive AWS machines—AWS sells virtual servers that accommodate various computing workloads—for lower cost AWS services because he determined the servers he was using were more powerful than what was needed. In December, Thermo Fisher cut $20,000 from its previous AWS bill.
The ability to manage cloud costs is becoming a priority for businesses as the technology moves deeper into the mainstream. World-wide spending on public cloud services is expected to total $59.5 billion, up from $45.7 billion in 2013, according market research firm IDC. The cloud market is expected to have a compound annual growth rate of 23% through 2017.
Gautam Roy, vice president of infrastructure and IT operations at Waste Management Inc., has “battle scars” from his early efforts to make use of the cloud. While managing IT infrastructure and systems software for the Chicago Board Options Exchange in 2009, cloud costs exceeded his planned spending by 35% because engineers left computing tasks running when they weren’t at work.
Mr. Roy also has quibbled with vendors who wouldn’t accommodate several guarantees he sought regarding data uptime, separation of the trading firm’s data from those of other customers, and constant data encryption.
At Waste Management, Mr. Roy currently relies heavily on server and desktop virtualization technologies. The company uses some cloud services, such asSalesforce.com Inc., for sales management. But Mr. Roy said he may adopt more public cloud solutions because the market has matured much since his time at CBOE.
Jamie Cutler, CIO of Denver oil-and-gas explorer QEP Resources Inc., recommends negotiating or planning for software customization requirements as part of a cloud migration strategy. In one case, he sought customized functionality from a vendor who wasn’t able to provide it on his schedule. As a result, QEP is paying the cloud vendor and an on-premises vendor for the functionality it required.
Mr. Cutler said it was a crucial lesson he is now applying while reviewing cloud disaster recovery and storage services. In the future, he said, “We’re going to be more careful about what we put in the cloud.”