June 9th saw a rare 'double-header' in security updates: Microsoft's monthly Patch Tuesday was joined by Adobe's quarterly security updates for Acrobat and Adobe Reader. How big was this month's 10-update Patch Tuesday? According to a Microsoft spokesperson quoted by Cnet, the 31 vulnerabilities covered by updates are "the most since Microsoft started releasing updates on a regular schedule of the second Tuesday of every month in October 2003."
Users of Windows 2000 SP4 through Windows Vista SP2 (and holdouts still running Windows 7 Beta), Microsoft Office 2000, 2003, or 2007; Microsoft Office for MacOS 2004 and 2008, Microsoft Works 8.5 and 9, and IE5.01 through IE8 users have some work to do before heading off on vacation, as do users of Adobe Reader and Acrobat 7.x, 8.x and 9.x. To find out what's being changed - and why - join us after the break.
Back in September of this year Google launched their Mobile Search with My Location service, which allowed users of mobile devices to quickly and easily find nearby points of interest. And now, it looks like that very same functionality is making its way to your computer.
Google’s Toolbar will now feature My Location. This addition will allow Google Maps and their own Maps gadget to automatically close in on your location, allowing you to type less into your search box when tracking down the closest pizza place. “You can just do a search like [thai food], and you will receive a list of nearby restaurants and more local Google search results,” wrote Aseem Sood and Susan Ting, members of the Toolbar Product Team at Google. “This feature is similar to IP-based local search results announced earlier this month, except Google Toolbar with My Location can determine a more accurate location by using nearby Wi-Fi access points. This is done without associating location information with a user's Google Account. Google Toolbar with My Location is only available in the U.S.”
Unfortunately, the Google Toolbar will continue to be available only for Internet Explorer (someone should let these guys know that they have their very own browser too!), and there’s no word on an official release date. But, according to the official Google Blog, they “hope to bring you the next batch soon.”
If you've been worrying about computer security for awhile, you might remember when macro viruses in Microsoft Word and Excel files were at the top of the exploit list. These file formats, along with the omnipresent Adobe Reader PDF format, are once again among the biggest threat vectors being exploited by today's malware, according to a new report from the Microsoft Malware Protection Center. Fittingly, the full report and a condensed key findings version are available in either PDF or Microsoft's own XPS formats. These reports cover the July-December 2008 period.
Some key findings include:
Scareware (which Microsoft calls "rogue security software") is on the rise, including the latest versions of our old friend Antivirus XP.
A slight reduction in unique vulnerability disclosures from 2007, but the High (most serious) category was larger in the second half of 2008 than in the first half of the year or the second half of 2007.
Applications continue to be the biggest target (86.7%, with browsers at 8.8%, and operating systems at only 4.5%)
Do you think the smoke and mirror show will help Chrome’s adoption rate?
Microsoft's latest browser, Internet Explorer 8, has gotten mixed reviews from MaximumPC.com readers (see comments here and here), but one question that's hard for any individual user to answer about any browser is "how secure is it?"
To find out, Microsoft asked NSS Labs to pit IE8 RC1 against its predecessor, IE7, as well as the following third-party browsers: Firefox 3.0.7, Safari 3.2, Chrome 1.0.154, and Opera 9.64. The objective: find out which browser did the best job at handling so-called social-engineering malware sites - the ones that try to con you into downloading malware disguised as something else ("Adobe Flash update," anyone?).
ComputerWorldreports that IE8 did the best job of fending off attacks from 492 malware-distributing websites, blocking 69% of attacks (details here [PDF link]). If you're not using IE8, join us after the jump to learn how your favorite browser fared.
Microsoft used last week's MIX09 conference to officially launch Internet Explorer 8, but without the fanfare Mozilla's Firefox 3 received when the open-source browser set a Guinness World Record for most downloads in a 24-hour period following its release.
But while IE8 didn't manage to set any new records, it did boost the browser's market share a tad. Nothing to get excited over, IE8's average market share increased from 1.34 percent from the day before its official launch to 1.45 percent on the day of release. To be fair, market share peaked slightly higher at 1.86 percent and now stands at 1.7 percent.
For the sake of comparison, Google Chrome 1.0 only gained about 0.1 percentage points next to IE8's .52 percentage points gain on day of release. Firefox 3, meanwhile, gained .66 points on the first day and 3.51 points over a two-day period.
Are you planning to download IE8? Hit the jump and let us know.
It was a year ago that security researcher Charlie Miller walked away with $10,000 for hacking into a MacBook Air with Safari in just two minutes during the annual Pwn2Own competition, and earlier this month Miller predicted Safari would be the first to fall at this year's event. Miller made good on that promise this week by using a prepared exploit to gain full control of the device in about 10 seconds.
"It's not easy, but this worked with one click [from the Safari browser]", Miller said.
Miller had discovered the exploit last year, which allows a remote attacker to take over a machine if a user clicks on a malicious URL. Details of the exploit, which Miller isn't allowed to divulge, will be shared with Apple from contest sponsor TippingPoint so that Apple can develop a patch.
On the same day, a 25-year-old computer science student at the University of Oldenburg in Germany demonstrated exploits in IE8, Safari, and Firefox, earning him a cool $15,000 ($5,000 per exploit), along with getting to keep the Sony Vaio P series notebook he used (Miller pocketed $5,000 and a MacBook Air).
While three major browsers succumbed to hacking attempts on day one, no mobile exploits have yet been successful. Mobile exploits carry the biggest reward for contest participants, with TippingPoint offering $10,000 for each successful exploit in the major smartphones.
The Taipei Timesreports that the Taiwanese edition of Internet Explorer 8 will be released next Friday, March 20. The Times interviewed several Microsoft Taiwan personnel, including GM Davis Tsai and platform marketing manager Juno Su, for the story.
So, what does this mean for IE8 in other markets? It's unlikely Redmond would launch the newest version of its browser in only one market on March 20, but if you're still skeptical, take a look at Neowin.net's collection of About IE screen shots gathered from recent Windows 7 builds (7048 and 7057) - there's no mention of IE8 being a Release Candidate or beta as with the IE8 version included in the Windows 7 public beta. Neowin suggests that the most likely venue for the formal roll-out will be next week's Microsoft MixO9 Web Development and Design Conference in Las Vegas. Stay tuned to MaximumPC.com for the latest information.
Join us after the jump for your chance to chime in on IE8.
Anyone who may have thought the death of Netscape would signal the end of the browser wars, boy were they mistaken. In fact, it could be argued that it was at that point it all began. It didn't take long for Mozilla's Firefox to emerge from Netscape Navigator's ashes, and over time, Firefox would win over enthusiasts with a potent combination of speed, security, and an unprecedented level of customization.
But what started as a two-man battle is quickly growing into all-out warfare. Prepare to be overwhelmed by an onslaught of new browser releases in the coming months as Microsoft, Mozilla, Apple, Opera Software, and Google all vie to provide your vehicle for navigating the web. Each one brings something new to the table, whether it be blazing fast performance or a unique feature-set. Don't worry if you haven't been paying attention - we jump in the trenches with whole lot of them and get to know each one on a personal basis.
Hit the jump to find out everything there is to know about the browsers of today and tomorrow!
For a while, the Google Earth plug-in was only available for Internet Explorer, Firefox and Safari. Now, it looks like Google has allowed their very own browser to get in on the fun, making it available as of this week.
“As of ~4 p.m. PST today, Google Chrome 1.0+ on Windows is an officially supported browser,” wrote a Google Employee in an Email sent out to a mailing list yesterday. “That means Chrome users will no longer get the unsupported browser message, and the plugin and API should work just as they would in other supported browsers.”