Pages

Tuesday, August 28, 2012

Apple, A Monopoly? It Could Happen


In the aftermath of the jury’s verdict in favor of Apple on almost all counts in the epic trial over intellectual property, analysts and journalists have been quick to ferret out the possible implications of the decision to the likely consequences for the market. One of them is that Apple could rapidly turn into a monopoly.
Most watchers have assessed correctly that it’s really Google in Apple’s crosshairs rather than Samsung.  Apple’s vehemence in this case, its unwillingness to license its intellectual property to Samsung on reasonable terms, is really aimed at Google.  Apple’s crucifixion of Samsung is just a head piked on a stake at the edge of Google’s territory.
Google has been the most extraordinarily silent partner, the most absent un-indicted co-conspirator ever not to be in a trial. Its cryptic statement on Monday did little to change that status. As Microsoft has pointed out time and again, Google has failed to indemnify its customers and properly license intellectual property it uses in its software, which it gives away to its customers and on which it collects no royalties.
Rather, Google has perfected a business model in which it gives away things of value in return for eyeballs on the back end.  Money enters Google’s system via advertisers. Hard for any rival — or any public authority, for that matter — to connect the software Google makes and gives away with how it makes money. It’s a model  Google has used to threaten the more traditional business models of companies like Microsoft, which sells software, and Apple, which sells hardware.
In this matter, Microsoft and Apple are allies, more alike than either is similar to Google.
In all of history, there has probably never been a situation in which one company (Microsoft) collects nearly half a billion dollars in annual royalties from another company’s (Google’s) customers. Microsoft collects Android license fees from Samsung based on holdings in its own mobile patent portfolio.
But Apple doesn’t want money from Samsung. Of course Apple is happy to add the jury-verdict winnings (to be appealed) to its already staggering hoard, but this matter is not primarily about money.  It’s about wanting Google dead, at least in the high-mobility-platform business, and, really, entirely, just for being cheeky.
So, now Google stands facing the cobra of Apple’s wrath with only the shred of Motorola’s patent portfolio to shield it.
Unfortunately for Google, its Motorola purchase has not been enough to gain it a seat at the main table with Apple, Microsoft, and a handful of others with big portfolios of intellectual property.  This group horse-trades among its members. Whatever disputes they have in other areas, Apple and Microsoft have a gentleman’s agreement not to sue each other. All quiet on the Apple-Microsoft front.
When the Nortel patents came up for sale, a group that included Apple and Microsoft made sure Google didn’t get them.  They were keystone patents that could have blocked others in mobile communications, enabling Google to get in on the horse trading.  And Moto’s patents?  Not so potent.
So, one message here goes out to the absent, silent, non-indemnifying Google:  You need to grow up and become a real business.
Just because you make some software and give it away doesn’t mean you don’t have to clear the intellectual property rights. Microsoft has chosen to play a license-fee game, but Apple wants only blood.
Steve Jobs harbored a well-known vendetta against Google based on his belief that Eric Schmidt, while sitting on Apple’s board, had leaked the iPhone’s critical characteristics to his own design teams, who then copied it.  Jobs swore he would spend as much of Apple’s considerable wealth as necessary to stop Google cold, and he wasn’t interested in licensing to Google’s partners.  The offer that Apple made to Samsung, which came out during the trial, would have absorbed all of Samsung’s profit.  In other words, the terms were unreasonable, and Samsung rejected the offer.  But Apple wasn’t serious, or else it would have done something more like what Microsoft has done: license on reasonable terms.
Apple seems to want to drive all viable competitors from the high-mobility game (in which the pieces are smartphones, tablets, Ultrabooks, and basically any device you can carry around and operate all day without plugging into a wall socket).  If Apple succeeds, then it will have no viable competitors and might draw attention from public authorities around the world.
Microsoft may gain a better position in high mobility over the next few years with Windows Phone 8 and Windows 8 on tablets. And the aforementioned gentleman’s agreement between Apple and Microsoft will allow the latter at least the opportunity to give it a go. But Microsoft has no position in this market today.  Only Google does, by way of Samsung,HTC, and others.
There are questions about whether Jobs was alone in his passionate Google-hate and whether Tim Cook is prepared to carry on the battle in Jobs’s name. Some people think that Cook is less emotional and might seek an accommodation, but so far there’s no evidence of that. It’s likely that Jobs wasn’t the only one who felt the way he did and that some of his team still want the heart of Google’s city burnt to the ground.
It would be a bad thing for the market if Apple were to become the only supplier of high mobility products, software, and related services.  And yet, that’s where we’re heading.


Samsung has said it will request that the judge set aside the verdict and otherwise will appeal to a higher court.  A higher court might be more sympathetic to Google’s proxy if it sees Apple starting to look more like a monopoly. The Supreme Court would likely weigh heavily the potential harm to consumers of there being no viable competitor to Apple.
Intel has made good use of Advanced Micro Devices as a straw competitor and has thus avoided some of the problems that, for example, Microsoft faced.   And that Apple could face.
A proper settlement of this case would be for Apple to license on a reasonable basis to Samsung and other Android customers.  Microsoft already does.  A lot of consumers like Android.
Google can argue that Apple’s patents are overly broad and should be invalidated.  It can say, Apple, with its filings on “ways of doing things” is trying to patent the blue of the sky and the warmth of the sun.  And that’s not right.  Apple can’t claim to have invented “roundness” or “black.”
Over the years, whatever the final disposition of the case, the outcome will affect the shape of the high-mobility market — and our lives — dramatically.

Friday, August 24, 2012

Clean Your FootPrints! - part 2





WANTED!?
The powerful “Total Privacy” software might be the first and ultimate one that will make you able to stop dirty activity on your computer only by one click . remained Footprints in cookies , histories & index.dat files are among those places that are interested for those who try to follow your activities.
Broad Range
Remove all footprints and left histories of your activity  in windows there is facilities viewed in software. This software with full knowing 10 part of windows will make you able to full control on saved info and easily delete every part you dislike.
Browser Activities
using “Total Privacy” you benefit  a neat and stable browser ,the software supports the most  popular browsers like “Internet Explorer , firefox , Opera …” allowing you to remove every kind of footprints as easy as possible.
Online Interview
messengers are one  of the other environments in which cleaning histories are important for the users , the above-mentioned software with so-called capabilities makes you able to clean every exchanged texts in “MSN Messenger , ICQ , IM , AOL” and “Yahoo Messenger” and cleaning histories 0f transferred files too.
Periodic Cleaning
Profile is another unique facility. If you want to delete a specific section or want to start delete operation at a new session automatically , you can use the profile. Also by timescales  profile delete them on time.
Defined Saving of Cookies
you can make a list of those cookies that you won’t remove specify them with this trick you can save these cookies and other cookies will delete also you have this ability that make a customization on every browser separate .

if you want to start privacy protection on your PC now , you can Download it here.
32&64 windows

Clean Your FootPrints!


 http://steadystaterevolution.org/wp-content/uploads/2009/07/water-footprint.jpg

As you know new programs in software world are designing and the last programs are up to dating with more speed every day. One of these program groups that got changes in recent years are “ Web Browsers” . Advent new browsers like chrome and up to date of their available facilities in all of search engines including Internet Explore and …  among those changes is in this context. New facilities and changes in software are very useful ; but one of those problems for users are no full dominance on cleaning their footprint that remains.
For example in old versions of internet explorer you were able to clean your web pages that you opened by only a double click. Also windows displayed footprints in windows  or Expressions logged  in search’s forums & …  were easily removable too; but in new versions of browsers , footprints in several  different parts are saved & recoverable.
Considering new features built in operating systems like win7 , reports on visited pages, executed programs, entered words in forums are also presented and saves in different places that they are not easily removable and even cleaning measures are not similar to previous ones for professional users.
In this circumstances , users have to go to a specific menu for cleaning visited pages that the procedures are totally different from each ones or in windows cleaning history fields that are very important for users privacy, should be taught in advance.
Regarding these problems we want to introduce more software in next post that are able to remove your footprints saved by variety of software in operating systems or web browsers.

Sunday, August 19, 2012

8-9 Popular IT security practices ...


Security fail No. 8: Your appliances are an attacker's dream
The main benefit of appliances  -- increased security -- hasn't panned out. By having a smaller OS footprint, usually a locked-down version of Linux or BSD, appliances promise to be less exploitable than fully functional computers running traditional OSes. Yet, in more than 10 years of testing security appliances for SoftLair Blog , I've only once been sent an appliance that didn't contain a known public exploit. Appliances are nothing but operating systems on closed hard drives or firmware, and those designs are innately harder to keep patched.
For example, last week in the midst of red-team testing against a large Fortune 100 company, I found that each of the hundreds of wireless network controllers had unpatched Apache and OpenSSH services running; both would have let hackers on the public wireless network reach their internal corporate networks as admin. Their IDS and firewall devices contained public scripts that had long ago been found to have remote bypass vulnerabilities to get around any silly authentication. Their email appliance was running an insecure FTP service that allowed anonymous uploads.
These are not unusual findings. Appliances often contain just as many vulnerabilities as their software-only counterparts; they're just harder to update and usually aren't. Instead of being hardened security devices, they are an attacker's dream. I love doing penetration testing on environments with lots of appliances. It makes my life significantly easier.
Security fail No. 9: Sandboxes provide straight line to underlying system
I sigh every time a new security sandbox is announced. These sandboxes are supposed to make exploits against the software they protect impossible or at least significantly harder to pull off. The reality is that every security sandbox developed so far has fallen under hacker attention.
Today the biggest security sandboxes are probably best represented by Java and Google's chrome browser, and both have suffered over 100 exploits that perforated the sandbox and allowed direct access to the underlying system. However, that doesn't stop the dreamers who think they'll find one that will halt all exploits and put down computer maliciousness forever.
Unfortunately, a lot of computer security is more security theater than protection. Your job is to pick through the myriad solutions and employ the ones that truly reduce risk. The security practices listed above are overhyped. How do you know? Because IT is implementing every one of them and malicious hacking and exploitation is more popular than ever. You can't ignore the facts.

5-7 Popular IT security Practices



Security fail No. 5: Password strength won't save you
Here's a frequently repeated security mantra: Create a strong password, one that is long, complex, and frequently changed. Never mind that users are famous for reusing their passwords across multiple websites and security domains, for being tricked into typing their log-on credentials into fake authentication prompts, and for giving their passwords to random emails. Heck, a large portion of the population will give out their real password to strangers on a street for a smaller dollar gift. (The last statement has been tested over many years, in different countries, by many different survey companies, and the result is shockingly the same.) Many of your end-users simply don't care as much about their password as you'd like.
The bigger problem now is that most hackers don't care either. They trick an end-user into running a Trojan program, get admin access, harvest the password hashes, then reuse them. A password hash is a password hash, and one from a strong password looks and feels no different than one from a weak password.
Security fail No. 6: Intrusion detection systems can't determine intent
IDSes (intrusion detection systems) are the kind of security technology you want to believe in. You define a bunch of "attack" signatures, and if the IDS detects one of those strings or behaviors in your network traffic, it can proactively alert you or possibly stop the attack. But like the rest of the security technologies and techniques on display here, they simply don't work as advertised.
First, there's no way to put in all valid attack signatures needed to account for the malicious activity heaped on your enterprise. The best IDSes may contain hundreds of signatures, but tens of thousands of malicious attempts will hit your systems. You could add tens of thousands of signatures to your IDS, but that would slow down all monitored traffic to the point where it wouldn't be worth the effort. Plus, IDSes already put out so many false positives that all event alerts end up being treated like firewall logs: neglected and unread.
But the demise of the IDS is due to the fact that most bad guys are piggybacking on legitimate access. How can an IDS tell the difference between the CFO querying his financial database and a foreign attacker using the CFO's computer and access to do the same? They can't -- there's no way to determine intent, which is needed to decide if the network stream should create an alert or be passed as normal, operational business.
Security fail No. 7: PKI is broken Public Key Infrastructure is mathematically beautiful in every way. I love it, and I install a fair amount of PKI in businesses each year or improve on the ones they have. The problem is that many of PKIs are hideously configured , woefully , insecure , and mosly ignored, even when they function perfectly in the public sector.
In the last year or two, we've seen several legitimate public Certification Authorition be horribly hacked. They've allowed hackers to gain access to their signing keys, which should have been protected more strongly than any other information in their environment, and to issue fraudulent keys for use by other hackers, malware, and possibly interested governments.
But even when PKI is perfect, remaining strong and unhacked, people don't care. Most end-users, when warned by their browser that the presented digital certificate is untrusted, can't wait to click the Ignore button. They're happy to bypass the security inconvenience and get on with their computing lives.
Part of the problem is that the websites and programs using digital certificates have been lackadaisical in their use, allowing certificate error messages to become an everyday occurrence. End-users who did not ignore digital certificate error messages would not be able to participate in a large segment of legitimate online life, sometimes including remote access to their own workplace systems. Browser vendors could enforce digital certificate errors so that any error, earned or mistaken, would result in the site or service not being presented, but customers would revolt and choose another browser. Instead, everyone blithely ignores our broken PKI system. On the whole, the masses don't care.

2-4 Porular IT security


Security fail No. 2: Your firewalls provide little protection
As far as IT security is concerned, firewall protection is becoming even less relevant than antivirus scanners. Why? Because the majority of malware works by tricking end-users into running a forbidden program on their desktops, thus invalidating firewall protection. Moreover, the bad programs "dial home" using port 80 or 443, which is always open outbound on the firewall.
Most people are protected by multiple firewalls on the perimeter, on the desktop, and filtering applications. But all that bastion host-port isolation doesn't appear to be working. We're as exploited as ever.
Security fail No. 3: Patching is no panacea
For many years the No. 1 security advice you could give anyone was to do perfect patching. All software has multiple vulnerabilities and must be patched. Despite the existence of more than a dozen patch management systems that promise perfect updates, for whatever reason, it appears it can't be done.
Often times it isn't the patch management software's fault -- it's the managers. They only patch some items, but miss the most popular targets, such as Java,Adobe Reader , Flash , and more. Or they don't patch in a timely fashion. Or they don't follow up on why some percentage of their population Dosen't take the lasted applied patch, so there's always a vulnerable portion of users. Even in the best cases, getting patches out to the masses takes days to weeks, while the latest malware spreads across the Internet in minutes or hours.
Even worse, social engineering Trojans have essentially done away with that No. 1 advice. Consider this: If all software had zero vulnerabilities (that is, if you never had to patch), it would reduce malicious exploits by only 10 to 20 percent, according to most studies. If you got rid of the exploits that required unpatched software to be present, the hackers relying on unpatched software for their dirty work would move to other avenues of maliciousness , and the true reduction in cyber crime would probably be much less.
Security fail No. 4: End-user education earns an F
Since the dawn of personal computing, we've warned users not to boot with a disk in their floppy drives, not to allow the unexpected macro to run, not to click on the unexpected file attachment, and now, not to run the unexpected antivirus cleaning program. Still, it does not work.
If our end-user education policies succeeded, we would have defeated hackers and malware by now. And if recent trends are any gauge, end-user awareness is worse than ever. Social engineering Trojans, which trick end-users into running malicious programs, are the biggest threat by far. Most end-users readily give up all privacy to any application or social media portal, and they do it without any thought of the repercussions, which includes greatly increasing their likelihood of becoming a target and succumbing to social engineering.
I strongly fault the people behind most end-user education programs. In their hands, end-user education becomes a forced, unwanted childhood chore. Education is undertaken haphazardly, using spotty curriculum that usually doesn't contain information relevant to the latest attacks. Let me ask you a question: If the No. 1 way end-users get tricked into running Trojans is through fake antivirus prompts, does your company tell your employees what their real antivirus program looks like? If not, why?
That type of disconnect puts IT systems in jeopardy. On average, it takes two years for the latest threats to show up in end-user education programs and only a minute for the bad guys to switch themes, putting us behind another two years.
You know what works better than end-user education? More secure software and better default prompts. Don't expect end-users to make the right decision; instead, decide for them. Macro viruses didn't go away until the default option was not to run the macro. File attachment viruses didn't minimize until most of them were blocked and it became harder to run them in the first place. Autorun USB worms didn't go away until Microsoft forced out a patch that disabled autorunning from USB keys as a default.

First Popular IT security practices that just don't work


When it comes to IT security, FUD (fear, uncertainty, and doubt) is more than just the tool of overhyping vendors hoping to sell their next big thing. It is the reality that seasoned IT security pros live in, thanks in large part to the -- at times gaping -- shortcomings of traditional approaches to securing IT systems and data.
The truth is most common IT security products and techniques don't work as advertised, leaving us far more exposed to malicious code than we know. That's because traditional IT security takes a whack-a-mole approach to threats, leaving us to catch up with the next wave of innovative malware, most of which rolls out in plain view on the Internet.
Until we solve that problem -- that is, when a critical mass of people wants to end this issue -- we will devise, deploy, and depend on security solutions that will never keep us as safe as we need to be, given the daily escalation of malware aimed at compromising our systems and extracting valuable data.
In the vein of forewarned is forearmed, here are 10 common IT security practices and products that are not guarding your systems as well as you think.
Security fail No. 1: Your antivirus scanner won't uncover real network killers
The traditional, all-in-one antivirus scanner as we know it was invented in the late 1980s. Before that, if you suspected you had a particular malware app, you located a detector program built specifically for that malware and ran it. If you found the malware, you looked for its companion removal program. John McAfee's ViruScan and VirexPC were among the first all-in-one antivirus programs created, moving us beyond the single-malware, single-solution era.
Back in the early 1990s, these all-in-one programs, now known as antimalware scanners, could reliably detect every one of the dozens of viruses, worms, and Trojans in the wild. At the time, I volunteered for the PC Antivirus Research Foundation, started by Paul Ferguson, now of TrendMicro fame, disassembling and testing newly found computer viruses. I remember everyone thinking antivirus programs had become so accurate and freely available, and we all assumed that computer viruses and their ilk would be gone in a couple of years.
Boy, we were wrong. The professional bad guys now put out hundreds of thousands -- if not millions -- of  new malware programs each month, far too many for any single antivirus program to reliably detect. This persists despite claims from nearly every antivirus vendor that they reliably detect 100 percent of the common malware submitted to them. They can show you their multiple awards attesting to their incredible accuracy, but reality argues otherwise.
Every one of us is constantly faced with new malware that our particular antivirus engine doesn't detect. It's not a rare event. If you've ever submitted a malware sample to one of the multiple engine checking sites, like VirusTotal, you know it's fairly common for antivirus engines to miss new breakouts, sometimes for as long as days. Weeks later, antivirus engines can still bypass a particular Trojan or worm.
I don't blame the vendors. With literally more bad files in existence than legitimate files, antivirus scanning is a tough job and begs for whitelisting programs. They have to store database signatures for hundreds of millions of devious, hididen programs and detect brand-new threats, for which there is no signature, all the while not slowing down the protected host's operations.
While the Internet is too scary of a place to go without antivirus protection, they've long since stopped being the reliable programs as touted by their vendors.