Pocket-lint.com : symantec : Latest News

NEWS: Vodafone Pocket-lint Gadget Awards 2009 - software, services, apps

Dan Sung — Thu, 05 Nov 2009 18:23:29 +0000

What gets your vote?

It's been a bumper year in 2009 for software, services and apps as the overarching trend of tech creeps glacially away from its hardware focus and more towards what the Internet and its friends can do for us. So, before you shout out in the comments who you think should be nominated for the Vodafone Pocket-lint Gadget Awards 2009 Best Software/Service/App - and we hope you do - here's a little reminder of how the year panned out.

The Big Players

It was something of a solar eclipse moment in 2009 with both Apple and Microsoft releasing completely new versions of their desktop operating systems. Although Snow Leopard only claimed to be a relatively small upgrade there was still plenty to get excited about with the arrival of 64-bit computing and addition of Grand Central Station, as well as all the other speed, efficiency and power boosts under the hood of the new caged cat. Microsoft, on the other hand, was a lot more overt about the scale of Windows 7 - partially because of the disappointment over Vista and also, with good reason, because of the success with which the product has launched. Like Snow Leopard, it boasts speed and efficiency but, more importantly, the coming of age of the new AERO look and feel which its predecessor introduced.

Naturally, a new version of iTunes came with the OS for Apple with more playlists and more album art as well as offering a block to the Palm Pre's compatibility feature. Aside that, it was really just the next release in the hugely popular video editing Final Cut series with the launch of Final Cut Studio. It seems the Cupertino company was keeping itself busy on mobile matters but more on that in a minute.

The 'Soft, though, hasn't been so content to leave things as thin. 2009 has seen Gates, Ballmer & Sons embrace the cloud with their re-offensive on Google. First there was the highly successful revamp of the MSN Live search into the colourful Bing, and later the launch of Office 2010 web apps to try to take something back from Google Docs. Beyond that, the company has had another go at both the MSN music download store and the free offering of Microsoft Security Essentials, plus there's been some mobile movements with Microsoft too but, again, more of that later.

The real powerhouse this year though has undoubtedly been Google. The company has spread its arms even wider round the globe with its fingers now in the telephone industry with Google Voice, social location software with Google Latitude, the encyclopeadia business with Sidewiki, the energy saving push with Power Meter and, of course, the what-the-hell-is-it business with Google Wave. More recently the company has announced the smack down on TomTom and friends with the arrival of Google Maps for Navigation for Android 2.0, which may or may not make it out in time for a nomination.

Of course, Android itself has been a very big deal but leaving its mobile impact alone for now, let's not forget the OS's arrival as desktop software on products like the Archo 9 and more recently the dual booting Acer Aspire One D250. It hasn't had the traction to make any significant in-roads this year but it's certainly a space to watch for 2010.

Desktop Software

As the cloud rolls in there's a storm slowly gathering for desktop software. By no means will it ever disappear, but what we're certainly seeing is a lot less diversity in this sector. 2009 has largely been left to improvements from the old guard. Avid has put a smile on the faces of both video and music editing enthusiasts with the launch just last month of the Pinnacle and ProTools suites, Adobe has done the same for the imaging community with the more basic Photoshop Elements 8 and the photographer's friend in the free beta of Lightroom 3.0, and Roxio has thrown in a bit of everything with the company's annual release. This season's colour is Roxio Creator 10.

Antivirus has been as strong an area as ever with malware, phishing and scareware on the rise and a tonne of Christmas shopping round the corner. Symantec's new Norton 2010 product managed to block 100% of threats in independent testing - making it the first time ever for any such software but, of course, if you'd still rather not pay, then at least AVG are still helping out on that front.

Last, and more certainly not least, a certain Swedish company also happened to a make a certain popular social music streaming application that rather set the world on fire. Technically, Spotify was released in private beta in November last year, just before our 2009 awards cut off limit, but it has since gone public within the required time frame. Just to confuse matters it's in private beta once more, so I'll leave it to the judges to sort that one out.

Web Services

During the current aftermath of the eighth renaissance of the bursting of the dot com bubble, new sites have been thin on the ground - certainly ones worth mentioning anyway. The majority of developers and start ups have moved to mobile apps in search of the gold, but there have still been one or two notables over the year - all heavily on the quirky side. Wolfram Alpha provided an alternative, well-meaning but rather leftfield form of internet search; Hunch added a layer of advice to the conundrum and Invisible Hand has begun in its quest to help us find cheaper prices on the Web automatically. As with most of these things, it'll take a while for them to catch on. Twitter wasn't built in a day.

Finally here, the latest craze could be on its way with FourSquare. Like Twitter it was released at the general and social media liquorice allsort that is SXSW and it's been going great guns in the States. Now on UK shores, has it left it too late to win our coveted award or have we assessed its potential already?

Mobile Sofware

From apps to OSes it's all about mobile phones these days. We know this. Smartphones have become our windows on the world. If there's a great service on the Internet, then we want it as an app, and most of all, we want it to run like clockwork.

We've seen four significant mobile operating systems launched this year with the rebranded, reskinned and user-friendlified Microsoft Windows Mobile 6.5 now known as Windows Phone. We've also seen the coming of age of Android - or at least its growth into adolescence - and the launch of the superb iPhone 3.0 software with its 100 or so features. Finally, we saw a rather specific piece of software from Palm with webOS at January's Las Vegas annual tech binge, but that didn't stop it making an enormous splash and perhaps inspiring a few ideas in other mobile software developers.

On the next tier down are those that have deemed their handsets too special to run the common-or-garden versions of Android and Windows Phone and have come up with their own Custom UIs. Probably the two of most note, and certainly the ones who qualify for this year's awards would be HTC Sense as seen on the Hero with its social contacts integration and Motoblur on the Dext.

Any phone can of course have its OS customised by the addition of an alternative browser. Opera has been going strong for years and supplying those on the Symbian platform with a very strong option. 2009 has brought Opera Mini 10 and for the first time, Firefox has gone to the small screen too with the currently underused Mozilla Fennec. Still both certainly well worth a shout though.

At the bottom of it all, though, and yet king of the mountain for many consumers are apps. We saw the little devils explode in 2008 with the launch of the iTunes App Store and this year has taken the trend to a sickening extreme. The world and its wife now has some kind of platform where they can pedal often highly novelty and often profitable software along with a good chunk that are seriously useful too.

It's the latter group which we'd rather you considered for this year's award but if the Mr T Soundboard ends up being the most popular, then so be it. The apps of major note in 2009 have been largely for the iPhone with the arrival of Tweetdeck, Google Lattitude and TomTom. Spotify has offered its premium service for music streaming on the move to both the Apple phone and Android and finally Facebook has got round to supporting Google's mobile OS too. But the big question is which is your favourite? Which is the app you simply can't do without? Let us know at the bottom.

What do you think?

But these are just some of the fantastic choices our readers have had in 2009. What would you like to see held aloft as the winner of Pocket-lint Best Software/Service/App 2009? Who have we missed out? Which are your unsung heroes and of those we've already mentioned, which would get your vote? Let us know in the comments below and you can help our panel decide which make the shortlist of nominees to be announced here on Pocket-lint on 16 November. We'll have all out coverage of the Vodafone Pocket-lint awards 2009 right here. Don't miss a minute of it.

NEWS: The A to Z of cyber crime

Dan Sung — Mon, 26 Oct 2009 09:51:21 +0000

Know your DoS from your IRC

The profile of the hacker has changed dramatically since their first appearance on the consumer internet radar 20 or so years ago and, with it, so has the nature of their crime. Whereas online attacks were anarchic attempts to undermine the system, what we've seen these days is that now cyber crime is about ID theft, fraud and trying to take as much money from users as possible. The only real difference between virtual attacks now is the tools of the trade - a mouse instead of a gun. So, for a quick tour of what else has changed and exactly how it works, here's the Pocket-lint A to Z of cyber crime.

A - Albert Gonzales

Gonzales is an American born hacker of Cuban parents currently awaiting sentences for his crimes of credit card theft and subsequent resale of over 170 million card and ATM numbers from 2005 through 2007. He was busted by the US Secret Service as part of a cyber crime forum called the ShadowCrew - a 4000 strong community of online hackers, thieves and fraudsters. Albert agreed to cooperate with authorities to avoid jail but at the same time started up his old ways again by getting a list of the Fortune 500 retail companies and hacking into their systems for their customer databases. He was eventually caught for a second time and arrested at his Miami condo along with $1.6m million, a blue 2006 BMW, his laptop and a Glock 27 pistol.

B - Botnet

A botnet is a network of what are often referred to as zombie computers which have been compromised by malicious code and are used to hack other systems on the Internet. They provide both anonymity to the cyber criminals operating them, known as the bot-herder or bot-master, and huge amounts of resources sometimes with around 10,000 nodes or machines each. Typically, computers become part of them through phishing schemes after which the code will run as quietly as possible to avoid detection. It's been estimated that up to 25% of the world's computers are part of one.

C - CVV2

CVV2 is hacker code for credit cards as named after the security code by the magnetic strip. They're a sought after commodity in the cyber criminal world but sold in batches of around 10 for $10, they're still relatively cheap as many are inactive and it's also quite hard to extract money from them without setting off all sorts of fraud systems unless you happen to be in the same country as the victim.

D - Denial of Service

A DoS is designed to stop websites or computer systems from functioning properly by overloading them with requests to either slow them down or forcing them to be reset. Typically, a botnet will be used to bombard the victim server from all angles simultaneously. The technique is most often employed for reasons of anarchy but it's also common for blackmailing and extorting money from banks and credit companies.

E - Ehud Tennenbaum

Nicknamed The Analyzer, Ehud Tennenbaum is an Israeli hacker known for his technical skill. In 1998, at just 19, he was caught by the FBI after a series of hacks in NASA, the Pentagon and the Knesset in what the then-US Deputy defence secretary, John Hamre, called "the most organized and systematic attack on US military defence to date". Initially, the attack was thought to be the Iraqi government in an act of war and after permission from the US president, Operation Solar Sunrise was kicked into action which sent the full weight of all the US agencies after the perpetrators. The attack was eventually traced back to Tennebaum and two California teenagers.

Rather than agree extradition, the Israeli government insisted they would punish Tennebaum. He received 6 months community service and a well paid job in the Israeli Secret Service. Sadly, Tennebaum slipped back into his old ways and was arrested in 2008 by Canadian police for credit card fraud. He'd been pulling entire bank databases from their websites using sql injection for years and was only caught after getting complacent and withdrawing the money himself from ATM machines with video cameras and operating from a hotmail account that was registered to his real name.

F - Full

A Full is the hacker term for a complete identity or full personal profile. These are prized very highly as unlike CVV2s they cannot be cancelled and can be used for multiple fraudulent purposes, including opening accounts to launder money through. A full consists of full name, date of birth, home address, e-mail, mother's maiden name, phone numbers and government ID.

G - Guzman

Onel de Guzman is the man who admitted to the unleashing of the infamous ILOVEYOU virus of May 2000. He has never claimed to be the architect but has said that he unwittingly released it by creating the backdoor trojan to the worm that allowed it to work. The code itself was a worm sent as a LOVE-LETTER-FOR-YOU.TXT.vbs attachment to an e-mail with the subject line ILOVEYOU. Once opened, the attachment replaced all multimedia files with copies of itself and sent out the ILOVEYOU mail to everyone on the infected user's address book. The malware propagated incredibly quickly because of both its clever and social engineering. It came from a trusted source and was about a subject which everyone wanted to read.

After bringing down thousands of system all over the world - including the British Parliament's network, the CIA and the Pentagon - the worm was finally brought to a halt when a 25-year-old Thai software engineer by the name of Narinnat Suksawat wrote a program called "Rational Killer" which deleted the malware and undid all its work. Suksawat was given a job by Sun Microsystems 2 months later as a senior consultant.

H - Hackers

Although traditionally associated with techie malcontents sticking two fingers up at the world from their basement, hackers have very much changed profile. Organised gangs and traditional criminals are at the heart of cyber attacks and although the tools of the trade have changed the game and the attitudes of the players are very much the same. The motives behind the attacks are almost entirely financial with the aims to defraud and steal identifications. The authorities have suggested that much of the money is to fund drug dealing although in practice it's very hard to tell. If there was any doubt about the serious nature of this underworld business, then a string of kidnappings of the relatives of hacking informants made it very clear when they started a few years back.

I - IRC

IRC channels are an old and empirical form of online instant message chat most often used in internet forums. Many IM clients these days can also support IRC. Among other uses, IRC is a common way of communication for hacker forums such as the ShadowCrew and is the main form of interaction for the cyber criminal underworld of highly specialised operatives. It is often also used as a way for the hackers to communicate with nodes on botnets.

J - Justice

Because of both its international nature and its lack of precedents, the law and those who enforce it have had a serious battle in successfully prosecuting cyber criminals. It's very difficult for some countries to agree extradition and sentencing has been hard to judge. Hidden funds and wild guesses about the damage caused by a malware attack have made this even more difficult. Many of international laws on the matter are finally being homogenised but two of the first reasons a hacker will give for committing their crimes is that it's hard to get caught and the sentencing is light.

K - Key stroke logging

This is a classic way to get information from an infected computer. Certain pieces of malicious code installed on your computer will send back real time .txt files of every key that you press on your keyboard. They can also provide screen grabs too. Much of the data is, of course, nonsense but it's not difficult to extract personal and financial details every time you make a purchase online or access your bank accounts.

L - Laundering

Money laundering is probably the toughest problem facing cyber criminals. With so many automatic fraud systems, it's very hard to use stolen credit or account information to actually get the money out of the system. Mules are needed for the practice in the country from where the stolen information originates. Most mules have enough knowledge of what's going on with the proviso that they can keep a certain percentage of the money on the understanding that they'll take the full wrap if caught. Some are also tricked into it with too good to be true type job advertisements you'll see in the papers and online.

M - McColo

McColo was a San Jose based web hosting company until it was closed down in 2008. It offered substantial protection to its clients and was responsible for huge amounts of the world's spam as a haven for hackers and botnets. When it was finally forced to close, there was an overnight 7% drop in spam world wide.

N - Norton

Like it or not, Symantech provides what is currently the top internet security suite available. In independent testing it dealt with 100% of the threats thrown at it where all of its rivals let some slip through the net. There are also good free anti-virus options but at the time of writing, Norton is the top with claims from Symantech that it is also one of the lightest solutions out there too.

O - Operation Phish Fry

In a recent effort to shut down a particularly prevalent spamming network the Secret Service, FBI and Egyptian local forces worked together in what was nicely called Operation Phish Fry. Over 100 people were arrested with half of them sending out the attacks from Egypt and the other half in California both trying to draw money from the harvested account information.

P - Phishing

Fishing is one type of cyber crime attack rather than straight malware. It's most usually done via e-mail often pretending to be your bank or any other kind of online service to trick you into clicking onto a bogus link and take you to a site that spoofs the bona fide version to the one you're used to. The person is then tricked into entering their account details which are then registered remotely by the hacker. There's also a very good chance that you'll have downloaded some malware, typically a key stroke logger, from visiting the site in the first place. An easy way to avoid these is by carefully reading the URL before you click on it. Many look very like the ones they are supposed to be except with a small spelling difference.

Q - Quorum

Quorum is the reputation system used specifically by Symantech in the anti-virus products. Reputation profiling exists in all good security products and is a way to predict whether an application attempting to run on your machine is malicious or not. It looks at features of how old it is, its prevalence across the Internet and other metadata to detect its true motive without having to have seen it before. It's the only current way of recognising brand new attacks before the malware is black-listed and all the software can be patched and updated.

R - Rogue anti-virus

The biggest new vector in cyber crime attacks is the rogue AV. They started coming to the forefront in 2006 and are fake anti-virus and security programs that people actually buy and install themselves. They are often reskins of real AV programs done incredibly convincingly. Unwitting users pay for them online, thus giving money up front as well as their credit card and personal information, the program will almost certainly also install all sorts of malicious code and will be impossible to remove. It may also ask for money for updates and subscriptions. It's the gift that keeps on giving.

S - SQL Injection

This is a more complex method for the more technical hacker and is a way of probing for weaknesses in a website. Skilled operatives can test the front end of an online service until they find the way into the back and the information behind it. Once inside, the hacker can pull the entire database in one go. Fantastic if it happens to be a bank or popular online retailer.

T - Toolkits

You really don't have to know much to be a hacker any more and there are even a whole bunch of toolkits you can buy from specialist developers that will do all the work for you. Software with names like Icepack, Firepack and Neosplit will cycle through thousands of different attacks so that when a user is tricked into navigating to your site where the program is hosted, it can eventually find a weakness. Naturally, software piracy is as big an issue in the underworld as it is everywhere, so these days the packs are free but with money charged for premium support and services.

U - Ukraine

Many of the cyber criminal underworld and particularly the organised crime section of it have originated in Eastern Europe. It's slowly becoming less difficult to gain extradition orders for hackers over there, but in the Ukraine there's actually a law saying that MPs and anyone who has ever been one is immune from extradition. One particularly enterprising hacker has managed to get himself elected and is now entirely bullet proof.

V - Virus

This is the old word for computer attacks until they became more sophisticated. A virus is something that doesn't require any human help to work apart from unwrapping them in the first place. They are executable files that will arrive on your machine often via e-mail or by navigating to a certain website. They can still be stopped by you AV system when they try to execute and will often cause serious damage to your system if they manage to attack. Worms, trojans and all the traditional types of malware are computer viruses.

W - War Drive

A war drive is the method non-technical hackers like Albert Gonzales can use to break into computer systems. In Gonzales' case, it was simply a question of getting his laptop within range of wireless networks until he'd find what was unsecure. Naturally, they're relatively few and far between, but once inside the hacker has complete and easy access to all the information they need.

X - XXX websites

5 or 10 years ago, one easy way to greatly reduce your chances of picking up any malicious codes was to avoid porn websites. They often contained adware and were merely just fronts for uploading as much nonsense to your machines as possible while also delivering very little of what the user actually came there for. These days it's not much more the case than any other kind of site. All sorts of websites are compromised these days and, in fact, the more reputable the page, the better the chance of passing on malicious code.

Y - You

Cyber crime and malware isn't about attacking computers any more. It's about attacking you. The aim is to take your credentials and your identification so that they can extract your money and open accounts under your name. Ultimately, it doesn't matter how good an internet security suite you have running on your machine. If you habitually make bad choices online and start filling in your details where you shouldn't, then you will become a victim.

Z - Zango

Zango was a software company that provided users access to its partners' videos, games, tools and utilities in exchange for viewing targeted advertising placed on their computers. Much of this advertising contained malicious code for attacking the user and thus Zango was known to be an adware downloader. Its installation was complex in that the larger part of it was easy to remove but there were diffuse elements in other applications, such as the Zango Hotbar that became integrated into the web browser, that could not. These continued to supply Zango's shady affiliates the real estate to attack users. After years of litigation, the site was finally closed down in early 2009 apparently several million dollars in debt.