Ad-Aware 9.5 upshifts for better performance

In Cnet

The latest version of popular anti-spyware and antivirus program Ad-Aware comes with bold performance claims. Released today exclusively with CNET Download.com, Lavasoft Ad-Aware 9.5 Free Internet Security and Ad-Aware 9.5 Pro Internet Security says that both programs have seen heavy construction under the hood and ought to be four to eight times faster than they were in the last release, version 9.0.5.

Ad-Aware 9.5 hasn't changed its interface, but there have been under-the-hood changes to how it performs.

(Credit: Screenshot by Seth Rosenblatt/CNET)

In addition, the suites now come with a faster installation process, bolstered by a dramatically smaller download that shrunk from 130 MB to 12 MB. This "stub" installer then grabs only about 80 MB of data online to complete the program, which is still significantly smaller.

While using the program, I noticed that Ad-Aware felt smoother when transitioning between screens, supporting that some parts of the program are faster. However, the program's "quick" scan, called the Smart Scan, which checks only mission-critical areas of your computer for infection, was actually slower on a real-world, daily-use computer than it was when tested in version 9.0. Whereas the scan averaged around four minutes to complete, over three cold-boot runs, version 9.5 notched 5 minutes, 37 seconds over three cold-boot runs.

Full CNET Labs benchmarks weren't available at the time of writing, but I'll update those here as soon as they're completed. The slow scan speeds don't bode well for Lavasoft's claims.

OS X Lion LDAP flaw hack - security hole

In cnet

Apparently a major security hole has been found in OS X Lion systems that are set up to accept authentication through LDAP servers, where users may be allowed to log in to the system without providing a password. For networked systems that uses LDAP-based authentication for managing users and restricting network resources, this may be a fairly severe security risk.

Lightweight Directory Access Protocol (LDAP) is a technology that handles access to directory services on a network, with one of its uses being to deploy network user accounts to PCs on a network. The technology is extensively deployed by IT departments to offer access control for users and groups on the network.

With the current problem, on a network that uses an LDAP server, once a user logs into an OS X Lion system that is bound to the LDAP server, then the system will successfully log in when any other username is used, even if no password is provided. Some people are claiming that once the system is logged in then even usernames that do not exist can be used to authenticate the system.

MacRumors forum member "monachus" writes:

[This problem is not just with] blank passwords--any login. I logged in with a username that doesn't exist anywhere, and it took it without hesitation. It complained that the home directory wasn't in the normal place, but I was logged in. The whole thing is terrible.

According to the German tech site heise.de, Apple has been informed of the problem and should be looking into it (others noting the problem have also contacted Apple to notify it about the bug), but so far Apple has only released one update for Lion and the problem has not been addressed in it. OS X 10.7.2 is due out very soon, and hopefully Apple will tackle this issue in that update.

This problem is a fairly severe vulnerability for LDAP authenticated systems, and as a result Apple will likely address it quickly; however, until then systems that use LDAP may be vulnerable. Therefore, for now, if your network uses LDAP authentication, we advise you either unbind your OS X Lion systems or downgrade them toSnow Leopard by restoring them to a backup, until a patch is released.

If you cannot downgrade or unbind your system from the LDAP server, then depending on how your system is configured and used, you may be able to avoid this issue by rebooting your system after you are done using it, instead of merely logging out. Doing this will prevent others from logging it at the log-in screen, but will not prevent someone with access from logging out and switching accounts.

This problem appears to only affect LDAP-bound systems, so if your system is not connected to a central authentication server (which has to be explicitly done by an IT administrator) then you should not be concerned with this problem. As a result, OS X systems purchased off the shelf will not be affected by this issue, so your Mac at home running OS X Lion will be safe from this vulnerability

Read more: http://reviews.cnet.com/8301-13727_7-20098743-263/ldap-flaw-in-os-x-lion-opens-major-authentication-security-hole/#ixzz1WRYRN41Z

Sync to the cloud with True Image Home 2012

In betanews

Acronis True Image has always been one of the more feature-packed of backup tools, with the ability to copy your emails or select files, individual partitions, complete drives and more.

Acronis True Image Home 2012 extends its reach even further, though, with new support for data synchronization, and fully integrated online backup courtesy of Acronis True Image Online.

The sync feature, probably the most useful new addition, is straightforward to set up. Specify a folder that you’d like to sync, then either point the program to another local folder -- this can be on a network folder, an external drive, whatever you like -- or point to your Acronis True Image Online account, if you’d prefer to sync with the cloud. Leave the program to sync automatically and there’s nothing else to worry about.

Nothing else apart from your True Image Online subscription, that is, because despite its deep integration into True Image Home 2012, it remains a separate service. There’s no free online backup space here, so if you want to continue using it after your 30-day trial is up then you’ll need to pay the regular fee (that’s $4.95 a month, or $49.95 for a full year, which gets you 250GB of online storage).

Fortunately there are other new features that don’t involve parting with any extra cash, and the most obvious is the revamped interface. This aims to make the program easier to use, and there’s definitely plenty of hand-holding for backup novices, which should help them to get their first backups configured more quickly.

We’re less sure about the benefits of the new interface for more experienced True Image users, but there are a few more advanced additions to attract their attention. Acronis Nonstop Backup can now be used on report storage devices, including NAS, for instance; there’s support for EFI, GPT disks and hard drives larger than 2TB (even if the operating system doesn’t support these); a new ebook file category simplifies the process of backing up all your ebooks; and if any of this fails to work as you expect, then the improved log should make it much more straightforward to figure out what’s happened.

As previously, Acronis True Image Home 2012 is priced at $49.95. The sync feature introduces a complication, in that if you want to synchronize with other systems over the internet then they’ll each require a licence, however if you purchase Acronis True Image Online then you’ll be covered for up to 5 PCs.

Apache warns Web server admins of DoS attack tool

in Computerworld

Computerworld - Developers of the Apache open-source project today warned users of the popular Web server software that a denial-of-service (DoS) tool is circulating that exploits a bug in the program.

The tool, called "Apache Killer," showed up last Friday in a post to the "Full Disclosure" security mailing list.

Today, the Apache project acknowledged the vulnerability that the attack tool exploits, and said it would release a fix for Apache 2.0 and 2.2 in the next 48 hours.

"A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by Apache," the group said in a security advisory. According to Apache, all versions in the 1.3 and 2.0 lines are vulnerable to attack.

The group no longer supports the older Apache 1.3.

"An attack tool is circulating in the wild. Active use of this tools has been observed," the advisory stated. "The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server."

The bug was not new. Michal Zalewski, a security engineer who works for Google, pointed out that he had brought up the DOS exploitability of Apache more than four-and-a-half years ago.

In lieu of a fix, Apache offered steps administrators can take to defend their Web servers until a patch is available.

According to U.K.-based Netcraft, Apache is the most widely-used Web server software in the world, accounting for 65.2% of all such software currently in use.

Because Apple bundles Apache with Mac OS X -- and maintains the software via its operating system updates -- users running a Mac-based server will have to wait for Apple to deliver a fix.

"It will be interesting to see how Apple rates the bug and how quickly they patch," said Andrew Storms, director of security operations at nCircle, in an interview today via instant messaging.

App Store: Micosoft Windows 8 feature - more from Apple

In Cnet

An app store is officially among the features Microsoft is working to include in Windows 8, much like Apple's App Store for OS X.

The revelation, which confirmed months of rumors, came today from Microsoft President Steven Sinofsky in a Building Windows 8 blog titled "Introducing the team." Among a list of teams associated with building the forthcoming operating system was "App Store."

Sinofsky said that work on the new OS is organized by feature teams, of which there are about 35, each containing 25 to 40 developers.

"Many of the teams listed below describe features or areas that you are familiar with or that you can probably figure out based on the name," he said. "As we post more, team members will identify themselves as part of these teams."

Microsoft representatives did not immediately respond to a request for further comment.

Rumors that Microsoft was developing an app store for Windows have been around for more than a year. Based on a series of Windows 8 documents leaked June 2010, Microsoft has reportedly been eager to match Apple at its own game by offering its own dedicated app store.

An app store appeared in a demonstration of Windows 8 that Sinofsky gave at the All Things Digital D9 conference in late June. Included in the start-up menu tiles was a direct link to a Microsoft Store, suggesting that Microsoft was working it own version of an online application store, similar to Apple's App Store.

The company has also been working hard to keep Apple from winning a U.S. trademark for the phrase App Store. Microsoft argues the phrase is too generic to register and would restrict competitors' ability to use of the term to describe their own services.

Microsoft has not officially announced when the new OS would be released, but CEO Steve Ballmer said in May that the new OS would reach consumers in 2012, although the company later said Ballmer misspoke. In June, Vice President Dan'l Lewin hinted that Windows 8 would launch during the fall of 2012.


Read more: http://news.cnet.com/8301-10805_3-20093865-75/microsoft-lists-app-store-as-a-windows-8-feature/#ixzz1VbpUIhD4

Firefox 7 reaches beta, promises faster browsing

In ComputerWorld


Computerworld - Mozilla yesterday released a beta of Firefox 7, putting the lighter-weight browser in front of a large number of users for the first time.

According to Mozilla, Firefox 7 uses significantly less memory than Firefox 4 through Firefox 6, cutting consumption by as much as 50%.

The savings come courtesy of a two-month-old project dubbed "MemShrink" designed to drive down Firefox's memory consumption and close "memory leaks," bugs that prevent memory from being released to the system when tabs are closed. Over time, those bugs can degrade the browser's performance, or in extreme cases, cause it to crash or lock up.

In a blog post 10 days ago, Nicholas Nethercote, the Mozilla engineer who manages MemShrink, said that Firefox 7 "uses less memory..., often 20% to 30% less, and sometimes as much as 50% less" than earlier versions.
The appearance of Firefox 7 in Mozilla's beta channel starts the clock ticking toward a Sept. 27 release of the browser. Mozilla now rolls out new versions every six weeks, adding features to each edition as they're completed rather than waiting for numerous changes to accumulate.

Other improvements in Firefox 7 highlighted by Mozilla include faster synchronization of passwords and bookmarks between copies of the browser, quicker rendering of HTML5 Canvas-based animation on Windows PCs, and a new optional add-on that provides Mozilla with performance data.

Firefox 8, next in the series, will sport some additional memory bug fixes, said Nethercote Tuesday, including one that decreases consumption on very large web pages.

Mozilla said Thursday that it will launch Firefox 8 to the "Aurora" channel some time today. That edition is slated to ship in final form on Nov. 8.

Five months ago, Mozilla shifted to a faster release cadence and a multiple-version program that offers Aurora, beta and release editions -- listed in increasing order of polish and stability -- for testing and evaluation.

The beta of Firefox 7 can be downloaded from Mozilla's website. Users who have been running earlier betas -- such as the one for Firefox 6, which shipped three days ago -- will be automatically offered version 7.

Download Mozilla Firefox 7 beta here

Firefox 6

In CNN

CNN) -- Firefox 6, the newest version of Mozilla's popular Web browser, is set to be released Tuesday. But some savvy Web folk have snatched it up early and are describing the features that are on the way.

Code for the upgrade was available for those who knew to look for it on Mozilla's FTP server days before the official release.

For its part, Mozilla was discouraging people from downloading the code, saying doing so puts stress on its FTP site and slows the process of the full release.

The early word from those who have grabbed the new Firefox? The changes are incremental, but could be significant for particular users.

Tech blog Engadget says there's not much in the way of a new look.

Website Mozzila Download here

Windows 8

In techradar

Microsoft has launched an official Windows 8 blog, with the opening post speaking of the company's humility and a promise not to repeat past mistakes.

The shadow of Microsoft Vista looms large over the new OS, with consumers, developers and Microsoft itself unlikely to forget the catastrophic iteration of Windows any time soon.

The opening post, penned by Microsoft's Steven Sinofsky, states: "We've heard people express frustration over how little we've communicated so far about Windows 8.

"We've certainly learned lessons over the years about the perils of talking about features before we have a solid understanding of our ability to execute."

Windows 8 blog here

Symantec tests new security software for Android

In betanews

Security software is not something that is generally associated with mobile devices such as phones, but the open nature of the Android platform means that viruses are a real threat, just as for desktop computers. Security firm Symantec is only too aware of this and has released a beta version of Norton Mobile Security that includes not only virus protection, but also other security features such as location locating and remote wiping.

On the virus protection front, any files you download or updates you install are scanned for signs of infection before they can cause any harm, and SD cards can be automatically scanned when you insert them. This in itself is comforting, but there are plenty of other mobile specific security features that will be of interest to anyone looking to safeguard their phone and the data it contains.

download Norton mobile security

While the option of scanning for viruses is certainly useful, mobile users are more likely to be interested in some of the remote features that can be used to take control of a mobile should it be stolen. If you would like to try retrieving your stolen, or lost phone, the app includes the option to transmit its location so it can be viewed on a map. With the ability to remotely lock your phone and even wipe it's data if you are particularly concerned, this is one app that offers real peace of mind.

There are plenty of other interesting options such as the ability to block unwanted texts and phone calls, and the blocking of phishing websites. As well as remote wiping of your phone, the app can be configured to lock when your SIM card is removed so it can't be used by someone that steals it. Users may resent having security software installed, but it could prove invaluable if you manage to mislay your mobile.

You can find out more about the security tool and download a copy for your phone by paying a visit to the Norton Mobile Security review page.

Google chrome 14

In betanews

Google has released Google Chrome 14 Beta, a pre-release version of its open-source, cross-platform web browser. Version 14 will be of interest to developers and end users alike, with a number of new features as well as the usual range of bug fixes and tightening of security.

Chrome 14 Beta represents a major step forward for Mac users, embracing various OS X Lion enhancements, including Lion scrollbars and full support for fullscreen mode. Mac users also get print preview, which appeared in version 13 for Windows and Linux users.

Developers will be interested by the emergence of a built-in Native Client, just one year after it was announced by Google. This effectively begins the process of rebuilding Chrome itself from the ground up, putting it on a more stable footing while also giving developers the opportunity to create web apps that utilize locally stored code for high-performance activities such as games and media.

Native Client (NaCI) basically runs software within two sandboxes for additional protection, allowing developers to combine the convenience of using a cross-platform client like Javascript for web app development with the performance benefits of developing native code (in C/C++) for specific platforms. It's also been revealed that Google plans to rebuild Chrome itself as a NaCl app, allowing it to enjoy the same additional protection afforded by the double sandbox. At the present time, however, NaCl is simply a plug-in, called Pepper, accessible by typing about:flags into the Address Bar.

This shift to a more secure footing can also be seen with other updates that were introduced earlier in Chrome 14's development cycle, including a new Javascript rendering engine and beefed up security on HTTPS web pages. One other notable new feature in version 14 is the Web Audio API, which will allow developers to create more realistic sound effects thanks to support for room simulation and spatialization -- various examples have been posted at the Chromium website.

Coinciding with Chrome 14's shift to beta, Google has also released Google Chrome 15 Dev. At the present time, it's primarily a build designed to improve stability and performance, particularly in OS X Lion, although the new Print Preview features also gets an overhaul.

Google Chrome 14 Beta and Google Chrome 15 Dev are available now for Windows, Mac and Linux. As with all pre-release software, think long and hard before updating your existing stable build to either Beta or Dev, and back up your browser settings should you decide to upgrade.

Download google chrome 14 Beta

Apple provide OS X Lion recovery tool

In betanews

Apple has released Lion Recovery Disk Assistant for beleaguered OS X Lion users, allowing them to start the Lion recovery process directly from a USB drive. Previously anyone who'd purchased the Lion upgrade through the Mac App Store would be forced to reinstall and update Snow Leopard before they could reinstall Lion if disaster struck, forcing them to replace the hard disk.

The Lion Recovery Disk Assistant requires an external USB hard drive or USB thumb drive with at least 1GB free space. It will partition the entire drive, so follow the guidelines at this Apple KB article for details of partitioning the drive so the rest of its capacity can continue to be used for general data storage if required.

The assistant is simple to use: once downloaded, open the DMG image and double-click the file inside to launch the tool. With your USB disk plugged in, select it (or the specific partition you created) and click "Continue". Enter your user password and the utility will do the rest.

Once completed, you can test your disk immediately: restart your Mac with the drive plugged in, holding down the [Option] key. When prompted, select "Recovery HD" to go to the recovery screen, complete with the same options you'll get from the hidden partition on your hard drive.

Although designed specifically for those upgrading to Lion, the recovery disk utility can be used by those who purchased a new Mac with Lion pre-installed. These Macs have recovery procedures built-in that don't require the presence of the original hard disk to run, but can be hobbled by a rare set of circumstances whereby the new hard drive has already been partitioned in a format not recognized by OS X.

Note the recovery disk created does not contain all of the Lion installer files -- these are automatically downloaded from the Internet when the "Reinstall Mac OS X" option is selected.

Download Lion Recovery disk free here

Win a quarter-million in prizes to improve Windows security

In betanews

If the security of your system depends on users making intelligent security decisions then you're basically doomed. After all these years of experience with end users on the Internet we know that they can't be trusted to make those decisions correctly. At least not often enough.

That's why the best security technologies are the ones that happen in spite of the user. These have been a focus for Microsoft over the last 10 years and remain the last, best hope of userdom.


And that's why Microsoft launched the Blue Hat Prize this year at BlackHat. The prize will be awarded each year for advances in defensive security technology. Existing examples of these are ASLR and DEP, which stop exploits of vulnerabilities automatically.

A quick review of these technologies is in order:

DEP (Data Execution Prevention). This goes back to Windows XP SP2 I believe. Windows uses CPU features to mark data areas of the program as non-executable. Many exploits rely on generating code in data areas and executing it.

Click here to access the Blue Hat prize

Boxee for iPad - Access media collection easily

In betanews

The Mac and PC versions of Boxee provide a wonderfully versatile means of accessing your media collection -- music, photos and movies -- in a delightful interface. The app can be used in conjunction with your computer, or linked to your TV and stereo. Now there is an iPad app available that brings the flexibility of the desktop software to Apple's tablet. Boxee for iPad has been unleashed, and it has plenty to offer.

The idea behind the iPad app is very much the same as the desktop software, although this time around there is an even greater emphasis placed on streaming media. As is almost expected of any app these days, Boxee for iPad integrates with social networks such as Facebook and Twitter. This is not just so that you can interact with your friends, but also so that you can access videos that have been posted to these sites in the same app you will use to access the rest of your media collection.


Boxee software has always had something of the wow factor and this app is no different. You can find out more and download a copy of the app by paying a visit to the Boxee for iPad review page.

CCleaner 3.0: New beta supports Mac OS X Lion

In betanews

Piriform has released the third public beta of its forthcoming CCleaner for Mac. Based on the popular Windows version, CCleaner for Mac offers various cleaning tools for parts of the operating system, and is a freeware release.

CCleaner for Mac Beta 3 is available as a free download for Macs running OS X (Leopard) or later.CCleaner 3.09 is also available as a freeware download for PCs running Windows 2000 or later.