msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

04 Jun 12 To Hide Android Malware From Google’s ‘Bouncer’, Hackers Learn Its Name …


“LadyGaga.jpg,” one of two photos on the Android Market’s simulated test phone for identifying malicious programs. The other is called “cat.jpg.” Any program that attempts to access either photo and upload it to a remote destination can be flagged as malware.

The antivirus scanner that polices Google’s Android Market is named Miles Karlson. It has one friend, Michelle K. Levin, and a cat. And it seems to be a fan of Lady Gaga.

Those are a few of the many personal characteristics that security researchers Charlie Miller and Jon Oberheide have spent the last several months learning about Google’s newest safeguard for Android users, the scanning program it launched with the codename “Bouncer” in February. And knowing just one of those seemingly random details, they say, would be enough for a malicious app to hide itself from Google’s protective scans and find its way onto a user’s device.

At the Summercon conference in New York this week, Miller and Oberheide plan to present a new method for bypassing Google’s mobile app store’s protections against programs that steal data, send spam or siphon a victim’s money by making calls to premium numbers. Their method takes advantage of the fact that Google’s ‘Bouncer’ tool tests apps by running them in a virtualized environment–a simulated phone created in software–to see how they’ll perform on real users’ devices. And if malware can be designed to detect that it’s running on that simulated gadget rather than the real thing, it can temporarily suppress its evil urges, pass Google’s test and make its way onto a real phone before wreaking havoc.

“The question for Google is, how do you make it so the malware doesn’t know it’s running in a simulated environment?” says Oberheide. “You want to pretend you’re running a real system. But a lot of tricks can be played by malware to learn that it’s being monitored.”

Oberheide and Miller say they submitted a testing application to the Android Market that gives them remote access to a target device to analyze Bouncer’s scans and catalogue the “fingerprints” that malware can use to determine whether it’s in the test environment: And Google’s simulated test phone leaves behind all the identifying characteristics of any bot pretending to be a flesh-and-blood user. Every instance of Google’s simulated Android phone, they discovered, is registered to the same account, Miles.Karlson@gmail.com. To bait malware into trying to steal photos or contacts, Bouncer’s test phone lists exactly one contact (Michelle.k.levin@gmail.com) and stores two photos: Cat.jpg and Ladygaga.jpg. (Pictured above)

Some other giveaways are more subtle: Miller and Oberheide say that they can find evidence in a file subdirectory that the phone is running on QEMU, a type of virtualization software. (Oberheide demonstrates this in the video below.) The virtual phone’s performance is slower than a real phone. And if the program sets the phone to access an outside server, that server can identify its IP address as one that belongs to Google.

“There are a thousand different ways to very accurately and sustainably fingerprint Bouncer,” says Oberheide. “Some are really hard to fix. Some can be fixed pretty easily. But in the long term game, the attackers have a major advantage.”

To prove his point, Oberheide uploaded an application called HelloNeon to the Android Market Sunday night that’s capable of pulling down new malicious code once it’s installed on a user’s phone. It passed Bouncer’s scan and was available for download Monday morning.

Oberheide says he and Miller have spoken to Google’s security staff about their work, and Google may have already changed some of the characteristics of Bouncer to make its simulations harder to differentiate from a real user’s phone. I reached out to Google to confirm Oberheide’s and Miller’s findings and hear the company’s comments, but I haven’t yet heard back.

Both Miller and Oberheide have a long history of poking holes in the security measures for mobile devices. In 2010, Oberheide showed that programs posing as innocuous apps like an Angry Birds upgrade or Twilight photos could pull down new malicious code after making their way onto a user’s device. Miller, one of the world’s top Apple hackers, exploited a bug last year in the iOS app store that allowed an app he created to similarly download and execute new code despite Apple’s code-signing restriction, a measure designed to prevent unauthorized commands from running on iPhones and iPads.

Article source: http://www.forbes.com/sites/andygreenberg/2012/06/04/to-hide-android-malware-from-googles-bouncer-hackers-learn-its-name-friends-and-habits/

Tags: , , , , ,

25 May 12 Solid Android tablets under $400


Answer: Both of these Android-powered tablets are actually great buys. Whether or not you should buy them depends on what Android tablets already interest you. The Samsung Galaxy Tab 2 compares favorably with devices like the Kindle Fire and the Nook Tablet. At $250, it’s only $50 more than those two, and you’ll have two more cameras and the latest version of Android. The other tablet, the Asus Transformer Pad, is an affordable option to its older brother, the Transformer Prime. The Pad’s plastic casing isn’t as sturdy as the Prime’s metal frame, but the Pad delivers similar performance to the Prime for just $380 — almost $150 less.

Finding a drop shipper online

Q. I run an online store, and I’d like to set up drop shipping to save on inventory space. I’m not sure how to find a good service. Where should I look online?

A. Good idea! Drop shipping allows you to keep a catalog of items to sell. Whenever someone orders from you, a third-party retailer fills and ships the order. You could try to find a drop shipper online, but you’ll have to sift through hundreds of scam websites. Most real drop shippers don’t advertise online. Some directory sites could link you to drop shippers, but these charge monthly fees and can be scams, too. Your best bet is to call the manufacturers of the items you sell and talk to them. They might have a list of drop shippers or be able to fulfill your orders themselves. If they do give you a third-party company, you can Google just that company to find honest reviews.

What’s not to Like?

Q. What does the Facebook “Like” button actually do? If I like a business or page on Facebook, is there anything in for me?

A. Not really. The Like button is just a way of telling your friends that you enjoy something. Of course, once you start liking businesses and pages, you do give Facebook more and more information about you. Facebook can share this information with marketers and use it for targeted advertising. It can also attach your name to ads for any business page you’ve liked. If that’s not something you want, go to Privacy settingsAds, Apps and WebsitesEdit Social Ads Settings. Choose No One in the drop-down menu. Then, uncheck every box in the “How people bring your info into the apps they use” menu. This way, what you like on Facebook will stay private.

Walmart DVD conversion

Q. I saw an ad that says Walmart can turn my DVDs into digital files. How does that work? Is there any way to do it at home?

A. For $2 per disc — or $5 to upgrade a movie to high-definition — Walmart will digitize your movies and upload them to its Vudu streaming service. Then you can watch or download the movie on any device you own. Of course, Walmart has deals with only five studios, so it can’t convert every DVD you own, just yet. Still, it’s a much better option than trying to convert your DVDs at home. Ripping a DVD takes a long time and isn’t easy to do. You’d also have to figure out a way to bypass copyright protection on the disc. Legally, I can’t tell you how to do that. There are websites that will tell you how, but many of them host viruses, so it isn’t a safe option.

Change or hide your SSID

Q. My son named his Wi-Fi connection something really offensive! Could you tell me how to change the name to his network so no one has to see it?

A. Changing the name, or SSID, of your Wi-Fi network is easy! Just enter the router’s IP address into your browser. If you don’t know the router’s IP address, check the manual. Once you’re in the settings menu, you should find an option to change the SSID and save it. Keep the name vague. The more personal the name, the more likely you are to give hackers too much information. You might be better off disabling SSID broadcasting to hide the connection altogether. This can usually be done from the same settings menu. Look for SSID Broadcasting or Wireless Radio — it varies from router to router. As long as your son knows the network name, he and his friends will still be able to sign on.

Kim Komando hosts the nation’s largest talk radio show about consumer electronics, computers and the Internet. To get the podcast, watch the show or find the station nearest you, visit www.komando.com. E-mail her at techcomments@usatoday.com.

Article source: http://www.usatoday.com/tech/columnist/kimkomando/story/2012-05-25/tech-questions-answers/55185554/1

Tags: , , , , ,

19 May 12 Banking Trojan poses as Google Chrome installer


Online financial fraudsters are hiding their latest bank-account-stealing weapon inside what appears to be a legitimate Google Chrome installer.

The downloadable file, “ChromeSetup.exe,” contains a sophisticated, multifaceted banking Trojan that, once running on a system, relays that computer’s information to a remote IP address. Most of the compromised browsers connect to IP addresses in Brazil and Peru, researchers at Trend Micro explained. The fake Chrome installer appears to be hosted on popular domains including Facebook, Google and MSN.

The real danger occurs when the malware implants a file that triggers the victim’s Web browser to redirect to a rigged banking site when the user attempts to visit his legitimate banking platform. The Trojan, identified as “TSPY_BANKER.EUIQ,” hijacks the user’s banking session and displays a dialogue box that reads, “Loading system security,” giving the victim the belief that he’s actually being protected when, in fact, the crooks are picking his virtual pockets.

[9 Safe Ways to Bank Online With Your Smartphone]

Adding insult to injury, the Trojan uninstalls GbPlugin, a software plugin built to protect Brazilian online banking customers. Trend Micro said the malware, which was first spotted in October 2011, is currently being used in the wild and is morphing to evade detection and more effectively fleece its victims.

You can protect yourself and your online banking sessions by making sure any site that requires you to enter your financial information is secured with “HTTPS” encryption — look for “HTTPS” highlighted in green and a picture of a lock in your Web browser. If a website seems suspicious, or requests information you don’t feel comfortable handing over, do not trust it.

© 2012 SecurityNewsDaily. All rights reserved

Article source: http://www.msnbc.msn.com/id/47467023/ns/technology_and_science-security/

Tags: , , , , ,

17 May 12 Fake Google Chrome Installer Steals Banking Details


Beware fake Chrome installers for Windows.

A file named “ChromeSetup.exe” is being offered for download on various websites, and the link to the file appears to be legitimately hosted on Facebook and Google domains. In reality, the software won’t install Google’s Chrome browser, but an information-stealing Trojan application known as Banker, according to antivirus vendor Trend Micro.

Once the malware–which appears to be targeting Latin American users, especially in Brazil and Peru–is executed, it relays the IP address and operating system version to one of two command-and-control (CC) servers, then downloads a configuration file. After that, whenever a user of the infected PC visits one of a number of banking websites, the malware intercepts the HTTP request, redirects the user to a fake banking page, and also pops up a dialog box informing the user that new security software will be installed.

In fact, the malware has been designed uninstall GbPlugin, which is “software that protects Brazilian bank customers when performing online banking transactions,” said Trend Micro security researcher Brian Cayanan in a blog post. “It does this through the aid of gb_catchme.exe–a legitimate tool from GMER called Catchme, which was originally intended to uninstall malicious software. The bad guys, in this case, are using the tool for their malicious agendas.”

[ Hacktivists take down the Kremlin's website in protest of Putin reelection. Read more at Anonymous Targets Russian Sites For Putin Protest. ]

Trend Micro gained access to a log file associated with the CC servers that were managing this strain of Banker and saw the number of PCs infected with the malware quickly multiply. “During the time the CC panel was analyzed … the phone-home logs jumped from around 400 to nearly 6,000 in a span of 3 hours. These logs are comprised of 3,000 unique IP addresses, which translates [into] the number of machines infected by the malware,” Cayanan said. But the CC servers–first spotted in use in October 2011–soon became inaccessible. That suggests that attackers were moving to new CC servers, he said, noting that whoever is behind Banker will likely continue to enhance the malicious application’s capabilities.

For now, however, Cayanan said Trend Micro was continuing to study the malware, noting that “the one missing piece” of information is how the malware “is able to redirect [users] from normal websites like Facebook or Google to its malicious IP, to download malware.”

In other malware news, GFI Labs is warning that a new piece of Android malware masquerades as free antivirus software. Advertised via Twitter spam promoting links to “sexi gerl see,” among other phrases, the malicious application has been available via websites sporting a dot-TK (.tk) address, which is the top-level domain name for Tokelau, a New Zealand territory in the South Pacific.

Clicking on the proffered Twitter link takes users to a Russian-language Web page–hosted in the Ukraine–that advertises numerous products, including fake updates for Opera and Skype, as well as an “Anit-Virus Scanner.” [sic] “Users who accessed and used this purported scanner are then given the option to download and install a file, which [varies] depending on whether the target is a PC or a phone,” said GFI Labs researcher Jovi Umawing in a blog post. Interestingly, the PC version–delivered as a Java archive file–will fail to execute. But the APK (Android application package) version will install on an Android device. The application’s Android icon, meanwhile, was copied from security firm Kaspersky.

Many security tools will have difficulty spotting the malicious APK file. According to Bulgarian antivirus researcher Vesselin Bontchev at FRISK Software, “the fake AV file is actually server-side polymorphic.” Polymorphic malware is designed to change every time it gets downloaded, which generates malware with identical attack capabilities but different fingerprints. That makes spotting the malware more difficult for signature-based security defenses.

“If you download it several times in a row, you’ll get different APK files,” said Bontchev. He said it’s also likely that the malware developer is updating the attack code every few days to make the malware more difficult to spot.

What’s the purpose of the Anit-Virus Scanner malware? As with most online attacks, blame the software on criminals trying to make a fast buck (or in this case, ruble). “If you went ahead and installed the app onto your mobile, it would attempt to send expensive SMS messages to premium rate services,” read a blog post from Graham Cluley, senior technology consultant at Sophos, who has also been studying the malware.

As with most malware, the fake antivirus scanner also has the ability to download and install further code from the Internet onto your Android smartphone, thus potentially allowing attackers to exploit devices, or the data they store, in numerous other ways.

Security information and event monitoring technology has been available for years, but the information can be hard to mine. In our SIEM Success report, we provide a step-by-step guide to make the most of your SIEM system. (Free registration required.)

Article source: http://www.informationweek.com/news/security/vulnerabilities/240000575

Tags: , , , , ,

05 May 12 Getting started With Google Chrome and Google Voice


Lots of users are probably trying Google Chrome for the first time, and maybe having some trouble learning the basics of the browser. Downloads in particular can be confusing if you’re moving to Chrome.

When it comes to downloading files, not all browsers are created equal. In Microsoft Internet Explorer, for example, clicking a download link produces a pop-up bar along the bottom of the screen, asking if you want to run or save the file. In Mozilla Firefox, the browser I used prior to Chrome, you get a pop-up requester front and center, followed by a big ol’ status window. For anyone accustomed to this, Chrome can be a head-scratcher. It’s easy to overlook the arrival and status of a file download, especially if you’re accustomed to looking near the top of the screen or seeing a pop-up window.

[ FREE DOWNLOAD: 3 things Google Apps needs to fix... like, NOW ]

Chrome’s download-status indicator appears quietly and unobtrusively in the lower-left corner of the screen. If you blink, you’ll miss the little arrow that flashes at the start of the download. (Google no doubt added this because so many people had trouble finding any evidence of download activity.)

Of course, now that you know where to look, you’re all set. When the download is done, you can click it to run or open the file, or click the little arrow alongside it for a handful of options (including the always-handy Show in folder, which opens the folder containing the download).

Want to view all your downloads? Press Ctrl-J to open Chrome’s download manager in a new tab. You can also click the little wrench icon in the top-right corner of the screen, then select Downloads. This may seem like an obvious thing, but it took me a while to get accustomed to Chrome’s tucked-away-in-a-corner download indicator.

Three Things You Should Know About Google Voice

Have you tried Google Voice? If not, I think I can understand why. It’s one of those services that sounds a little confusing–and perhaps not terribly useful.

But Google Voice is a pretty cool tool, and it can solve more than a few hassles. Let’s take a look at three GV perks you might not have known about.

(Note: I’m assuming that you’ve already signed up for a GV account. If not, just visit google.com/voice and follow the instructions. You’ll need to have some sort of Google account already, like, say, Gmail.)

1. You can use it to send text messages. Why bother pulling out your cell phone and typing on its tiny keyboard every time you want to send a text message?

If you’re at your computer, you can simply open up Google Voice, click Text, enter the recipient’s phone number, and type your message. Click Send and you’re done. Best of all, replies will pop up right there, so you can hold an entire SMS conversation right in your Web browser.

Oh, and unlike with standard texting from your phone, GV texting is free (for you, anyway–the recipient still has to pay regular rates).

2. You can use it to make free calls (for now). Google Voice is, at its core, a voice-over-IP calling service. And a free one, at least until the end of 2012. That means you can make unlimited local and long-distance calls without spending an extra dime.

Looking for a way to integrate this GV goodness with your current phone system? Check out the Obihai OBi100 adapter, which plugs right into your router (much like a MagicJack, but with Google Voice as the service provider). Connect your phone’s base station and presto: You’ve got dial tone.

3. You can use it to record phone calls. Are you conducting an interview? Talking to a customer-service representative? Planning some blackmail? Might be nice to have a recording of the call. Google Voice makes this a cinch: Just press 4 during the call to initiate recording. When you’re done, you’ll be able to access the audio file from the GV dashboard.

Just one caveat: this works only for incoming calls. And depending on your state’s laws, you may need to get consent from the other party.

If you’ve got a hassle that needs solving, send it my way. I can’t promise a response, but I’ll definitely read every e-mail I get–and do my best to address at least some of them in the PCWorld Hassle-Free PC blog. My 411: hasslefree@pcworld.com. You can also sign up to have the Hassle-Free PC newsletter e-mailed to you each week.

Article source: http://www.itworld.com/internet/273630/getting-started-google-chrome-and-google-voice

Tags: , , , , ,

02 May 12 Getting Started With Google Chrome and Google Voice


Lots of users are probably trying Google Chrome for the first time, and maybe having some trouble learning the basics of the browser. Downloads in particular can be confusing if you’re moving to Chrome.

When it comes to downloading files, not all browsers are created equal. In Microsoft Internet Explorer, for example, clicking a download link produces a pop-up bar along the bottom of the screen, asking if you want to run or save the file. In Mozilla Firefox, the browser I used prior to Chrome, you get a pop-up requester front and center, followed by a big ol’ status window. For anyone accustomed to this, Chrome can be a head-scratcher. It’s easy to overlook the arrival and status of a file download, especially if you’re accustomed to looking near the top of the screen or seeing a pop-up window.

Chrome’s download-status indicator appears quietly and unobtrusively in the lower-left corner of the screen. If you blink, you’ll miss the little arrow that flashes at the start of the download. (Google no doubt added this because so many people had trouble finding any evidence of download activity.)

Of course, now that you know where to look, you’re all set. When the download is done, you can click it to run or open the file, or click the little arrow alongside it for a handful of options (including the always-handy Show in folder, which opens the folder containing the download).

Want to view all your downloads? Press Ctrl-J to open Chrome’s download manager in a new tab. You can also click the little wrench icon in the top-right corner of the screen, then select Downloads. This may seem like an obvious thing, but it took me a while to get accustomed to Chrome’s tucked-away-in-a-corner download indicator.

Three Things You Should Know About Google Voice

Have you tried Google Voice? If not, I think I can understand why. It’s one of those services that sounds a little confusing–and perhaps not terribly useful.

But Google Voice is a pretty cool tool, and it can solve more than a few hassles. Let’s take a look at three GV perks you might not have known about.

(Note: I’m assuming that you’ve already signed up for a GV account. If not, just visit google.com/voice and follow the instructions. You’ll need to have some sort of Google account already, like, say, Gmail.)

1. You can use it to send text messages. Why bother pulling out your cell phone and typing on its tiny keyboard every time you want to send a text message?

If you’re at your computer, you can simply open up Google Voice, click Text, enter the recipient’s phone number, and type your message. Click Send and you’re done. Best of all, replies will pop up right there, so you can hold an entire SMS conversation right in your Web browser.

Oh, and unlike with standard texting from your phone, GV texting is free (for you, anyway–the recipient still has to pay regular rates).

2. You can use it to make free calls (for now). Google Voice is, at its core, a voice-over-IP calling service. And a free one, at least until the end of 2012. That means you can make unlimited local and long-distance calls without spending an extra dime.

Looking for a way to integrate this GV goodness with your current phone system? Check out the Obihai OBi100 adapter, which plugs right into your router (much like a MagicJack, but with Google Voice as the service provider). Connect your phone’s base station and presto: You’ve got dial tone.

3. You can use it to record phone calls. Are you conducting an interview? Talking to a customer-service representative? Planning some blackmail? Might be nice to have a recording of the call. Google Voice makes this a cinch: Just press 4 during the call to initiate recording. When you’re done, you’ll be able to access the audio file from the GV dashboard.

Just one caveat: this works only for incoming calls. And depending on your state’s laws, you may need to get consent from the other party.

If you’ve got a hassle that needs solving, send it my way. I can’t promise a response, but I’ll definitely read every e-mail I get–and do my best to address at least some of them in the PCWorld Hassle-Free PC blog. My 411: hasslefree@pcworld.com. You can also sign up to have the Hassle-Free PC newsletter e-mailed to you each week.

Article source: http://www.pcworld.com/article/254799/getting_started_with_google_chrome_and_google_voice.html

Tags: , , , , ,

01 May 12 Getting Started With Google Chrome and Google Voice


Lots of users are probably trying Google Chrome for the first time, and maybe having some trouble learning the basics of the browser. Downloads in particular can be confusing if you’re moving to Chrome.

When it comes to downloading files, not all browsers are created equal. In Microsoft Internet Explorer, for example, clicking a download link produces a pop-up bar along the bottom of the screen, asking if you want to run or save the file. In Mozilla Firefox, the browser I used prior to Chrome, you get a pop-up requester front and center, followed by a big ol’ status window. For anyone accustomed to this, Chrome can be a head-scratcher. It’s easy to overlook the arrival and status of a file download, especially if you’re accustomed to looking near the top of the screen or seeing a pop-up window.

Chrome’s download-status indicator appears quietly and unobtrusively in the lower-left corner of the screen. If you blink, you’ll miss the little arrow that flashes at the start of the download. (Google no doubt added this because so many people had trouble finding any evidence of download activity.)

Of course, now that you know where to look, you’re all set. When the download is done, you can click it to run or open the file, or click the little arrow alongside it for a handful of options (including the always-handy Show in folder, which opens the folder containing the download).

Want to view all your downloads? Press Ctrl-J to open Chrome’s download manager in a new tab. You can also click the little wrench icon in the top-right corner of the screen, then select Downloads. This may seem like an obvious thing, but it took me a while to get accustomed to Chrome’s tucked-away-in-a-corner download indicator.

Three Things You Should Know About Google Voice

Have you tried Google Voice? If not, I think I can understand why. It’s one of those services that sounds a little confusing–and perhaps not terribly useful.

But Google Voice is a pretty cool tool, and it can solve more than a few hassles. Let’s take a look at three GV perks you might not have known about.

(Note: I’m assuming that you’ve already signed up for a GV account. If not, just visit google.com/voice and follow the instructions. You’ll need to have some sort of Google account already, like, say, Gmail.)

1. You can use it to send text messages. Why bother pulling out your cell phone and typing on its tiny keyboard every time you want to send a text message?

If you’re at your computer, you can simply open up Google Voice, click Text, enter the recipient’s phone number, and type your message. Click Send and you’re done. Best of all, replies will pop up right there, so you can hold an entire SMS conversation right in your Web browser.

Oh, and unlike with standard texting from your phone, GV texting is free (for you, anyway–the recipient still has to pay regular rates).

2. You can use it to make free calls (for now). Google Voice is, at its core, a voice-over-IP calling service. And a free one, at least until the end of 2012. That means you can make unlimited local and long-distance calls without spending an extra dime.

Looking for a way to integrate this GV goodness with your current phone system? Check out the Obihai OBi100 adapter, which plugs right into your router (much like a MagicJack, but with Google Voice as the service provider). Connect your phone’s base station and presto: You’ve got dial tone.

3. You can use it to record phone calls. Are you conducting an interview? Talking to a customer-service representative? Planning some blackmail? Might be nice to have a recording of the call. Google Voice makes this a cinch: Just press 4 during the call to initiate recording. When you’re done, you’ll be able to access the audio file from the GV dashboard.

Just one caveat: this works only for incoming calls. And depending on your state’s laws, you may need to get consent from the other party.

If you’ve got a hassle that needs solving, send it my way. I can’t promise a response, but I’ll definitely read every e-mail I get–and do my best to address at least some of them in the PCWorld Hassle-Free PC blog. My 411: hasslefree@pcworld.com. You can also sign up to have the Hassle-Free PC newsletter e-mailed to you each week.

Article source: http://www.pcworld.com/article/254799/getting_started_with_google_chrome_and_google_voice.html

Tags: , , , , ,

26 Apr 12 Former Sun CEO says Google’s Android didn’t need license for Java APIs


Jonathan Schwartz

Jonathan Schwartz (Credit: Stephen Shankland/CNET)

SAN FRANCISCO — Former Sun CEO Jonathan Schwartz took the stand here today as a witness for the defense, and disputed Oracle’s claim that Java APIs were proprietary code from Sun. 

Google’s lawyer, Robert van Nest, asked Schwartz whether, during his tenure at Sun, Java APIs were considered proprietary or protected by Sun.

“No,” Schwartz said in explaining the nature of open software. “These are open APIs, and we wanted to bring in more people…we wanted to build the biggest tent and invite as many people as possible.”

Oracle contends that Google’s
Android platform violated some of its patents and copyrights around Java and its APIs, which it acquired from Sun in a $7.4 billion deal at the beginning of 2010.

Schwartz corroborated testimony by former Google CEO (now executive chairman) Eric Schmidt, who said that during meetings following the launch of Android the Sun CEO didn’t express any concerns or disapproval regarding Android, nor did he state that Google needed a license to use Java APIs in Android. 

“My understanding is that what we were doing was permissible because of the sum of my experiences and interactions I had,” Schmidt said in this testimony, adding that he was “very comfortable that what we were doing was both legally correct and consistent” with the policies of Sun and Google at that time.

Schmidt, who spent 14 years at Sun, was Schwartz’s first boss at the company, and the two became close friends.  

Regarding a partnership between Google and Android, Schwartz said that Sun wanted Google to pay a big license fee to call its phone a Java phone, and join Nokia, Motorola, Blackberry (RIM) and others in developing apps that run across all the platforms. At this point Nokia was dominant, and Apple’s
iPhone was not in the market, and Java licensing was a $100 million plus business for Sun, Schwartz said. Sun would profit by enlarging the Java community and creating more of a barrier to competition with the likes of Microsoft at the time.

For Sun, Java was a brand that was inseparably a part of Sun and its profitability, Schwartz wrote in a blog post dated August 23, 2007:

JAVA is a technology whose value is near infinite to the internet, and a brand that’s inseparably a part of Sun (and our profitability). And so next week, we’re going to embrace that reality by changing our trading symbol, from SUNW to JAVA. This is a big change for us, capitalizing on the extraordinary affinity our teams have invested to build, introducing Sun to new investors, developers and consumers. Most know Java, few know Sun – we can bring the two one step closer.

The partnership with Google did not work out, even though Sun was willing to pay to have Google onboard with its Java platform. “I would venture a guess they felt they could better execute on their own,” Schwartz said, calling Google “opaque,” not sharing all the cards. Basically, Sun did not want to cede control of managing the key components in the Java stack, and Google wanted more control over its destiny.

Schwartz was asked why, given the lack of a partnership with Google, he applauded the announcement of Android in a blog post (which is viewable on Schwartz’s personal site) on Sun’s web site on Nov. 5, 2007, in which he wrote:

I just wanted to add my voice to the chorus of others from Sun in offering my heartfelt congratulations to Google on the announcement of their new Java/Linux platform, Android. Congratulations!

I’d also like Sun to be the first platform software company to commit to a complete developer environment around the platform, as we throw Sun’s NetBeans developer platform for mobile devices behind the effort. We’ve obviously done a ton of work to support developers on all Java-based platforms, and we’re pleased to add Google’s Android to the list.

And needless to say, Google and the Open Handset Alliance just strapped another set of rockets to the community’s momentum — and to the vision defining opportunity across our (and other) planets.

‘We decided to grit our teeth’
Schwartz said his blog post was like a press release, an official Sun statement, but there was a lot left unsaid.

“We didn’t like [what Google was doing with Android], but we weren’t going to stop it by complaining about it,” Schwartz said, explaining that Google could have chosen to work with Microsoft, a major competitor for Sun, or an open-source Java implementation. “At least with Java they could be part of the Java community,” he said. Without the Java community, Google would have to “reinvent a whole community,” Schwartz said.

“We saw a handset bypass our brand and licensing restrictions…we decided to grit our teeth and support it so anyone supporting it would see us as part of the value chain. For example, developers could use Sun’s Java developer tools NetBeans to write applications. Sun developed JavaFX, which could run on top of the Android stack.

In cross-examination, Oracle’s lawyer Michael Jacobs asked Schwartz about a document referencing Sun’s approach for granting intellectual property rights for independent implementations of Java, such as Android and Apache. 

Schwartz responded that as long as Google, Apache or others creating independent implementations didn’t call their product Java, Sun had no problem.  ”In order to get the brand, you had to get the TCK (Technology Compatibility Kit).” 

Jacobs took Schwartz through a series of e-mails to counter the former CEO’s statements about Google getting a free pass with Android.

In e-mails from March 2008, Sun’s executives, including Schwartz, wrote that they were upset that Google took Android “without attribution or contribution,” and worried about Java revenue due to competition with Sun for Java OEMs. One executive talked about using an “IP hammer” on Google. 

But Schwartz insisted under questioning by Jacobs that as long as Google or the Apache Foundation didn’t call their products “Java” it was his view they could ship their implementations of Java without any license from Sun.

Jacobs also questioned Schwartz about his resignation from Sun on the day Oracle took control of the company, as if to suggest that the former CEO of Sun had a bone to pick with Oracle. 

Happier times: Sun and Google were Java allies in 2005, when Sun's then-president Jonathan Schwartz, left, and CEO Scott McNealy, center, joined Google CEO Eric Schmidt to tout a partnership that ultimately fizzled.

Happier times: Sun and Google were Java allies in October 2005, when Sun’s then-president Jonathan Schwartz, left, and CEO Scott McNealy, center, joined Google CEO Eric Schmidt to tout a partnership that ultimately fizzled. For the partnership, the Google toolbar became a standard part of the software people get when they download Java from Sun’s Web site. (Credit: Stephen Shankland/CNET)

Schwartz resigned from Sun on January 27, 2010. In a blog post from March 9 of that year titled “Good Artists Copy, Great Artists Steal,” prior to Oracle suing Google on August 12, 2010, he made clear his view on open software, patents and lawsuits:

I understand the value of patents – offensively and, more importantly, for defensive purposes. Sun had a treasure trove of some of the internet’s most valuable patents – ranging from search to microelectronics – so no one in the technology industry could come after us without fearing an expensive counter assault. And there’s no defense like an obvious offense.

But for a technology company, going on offense with software patents seems like an act of desperation, relying on the courts instead of the marketplace. See Nokia’s suit against Apple for a parallel example of frivolous litigation – it hasn’t slowed iPhone momentum (I’d argue it accelerated it). So I wonder who will be first to claim Apple’s iPad is stepping on their IP… perhaps those that own the carcass of the
tablet computing pioneer Go Corp.? Except that would be ATT. Hm.

Having watched this movie play out many times, suing a competitor typically makes them more relevant, not less. Developers I know aren’t getting less interested in Google’s Android platform, they’re getting more interested – Apple’s actions are enhancing that interest.

Article source: http://news.cnet.com/8301-1035_3-57420304-94/former-sun-ceo-says-googles-android-didnt-need-license-for-java-apis/

Tags: , , , , ,

10 Feb 12 Chrome 17 Released, Will Preload Autocompleted URLs as You Type


Google has just released Chrome version 17, which brings several minor enhancements to the company’s web browser — including a new web address preloading feature and improved protection against malicious downloads.

The new Chrome introduces a “preemptive rendering” feature that will automatically begin loading and rendering a page in the background while the user is typing the address in the omnibox (the combined address and search text entry field in Chrome’s navigation toolbar). The preloading will occur in cases when the top match generated by the omnibox’s autocompletion functionality is a site that the user visits frequently.

When the user hits the enter key and confirms the autocompletion result, the pre-rendered page will display almost instantly. The feature extends Chrome’s existing predictive page loading functionality to autocompletion results. Unlike Chrome’s instant search capability, however, the autocompletion preloading waits until the user hits the enter key before displaying the rendered page.

Google has also added some new security functionality to Chrome. Every time that the user downloads a file, the browser will compare it against a whitelist of known-good files and publishers. If the file isn’t in the whitelist, its URL will be transmitted to Google’s servers, which will perform an automatic analysis and attempt to guess if the file is malicious based on various factors like the trustworthiness of its source. If the file is deemed a potential risk, the user will receive a warning.

Google says that data collected by the browser for the malware detection feature is only used to flag malicious files and isn’t used for any other purpose. The company will retain the IP address of the user and other metadata for a period of two weeks, at which point all of the data except the URL of the file will be purged from Google’s databases.

Users who are concerned about the privacy implications of this functionality can prevent the browser from relaying this information to Google by disabling the phishing and malware protection features in the browser’s preferences. You can refer to the official Chromium blog for additional details about the malware detection feature.

Chrome 17 is available through the browser’s automatic updater and can also be downloaded from Google’s website. More information about the new release is available in the official Google Chrome blog.

This article originally appeared on Ars Technica, Wired’s sister site for in-depth technology news.

Article source: http://www.webmonkey.com/2012/02/chrome-17-released-will-preload-autocompleted-urls-as-you-type/

Tags: , , ,

09 Feb 12 Chrome 17 Released, Will Preload Autocompleted URLs As You Type


Google has just released Chrome version 17, which brings several minor enhancements to the company’s web browser— including a new web address preloading feature and improved protection against malicious downloads.

The new Chrome introduces a preemptive rendering” feature that will automatically begin loading and rendering a page in the background while the user is typing the address in the omnibox (the combined address and search text entry field in Chrome’s navigation toolbar). The preloading will occur in cases when the top match generated by the omnibox’s autocompletion functionality is a site that the user visits frequently.

When the user hits the enter key and confirms the autocompletion result, the prerendered page will display almost instantly. The feature extends Chrome’s existing predictive page loading functionality to autocompletion results. Unlike Chrome’s instant search capability, however, the autocompletion preloading waits until the user hits the enter key before displaying the rendered page.

Google has also added some new security functionality to Chrome. Every time that the user downloads a file, the browser will compare it against a whitelist of known-good files and publishers. If the file isn’t in the whitelist, its URL will be transmitted to Google’s servers, which will perform an automatic analysis and attempt to guess if the file is malicious based on various factors like the trustworthiness of its source. If the file is deemed a potential risk, the user will receive a warning.

Google says that data collected by the browser for the malware detection feature is only used to flag malicious files and isn’t used for any other purpose. The company will retain the IP address of the user and other metadata for a period of two weeks, at which point all of the data except the URL of the file will be purged from Google’s databases.

Users who are concerned about the privacy implications of this functionality can prevent the browser from relaying this information to Google by disabling the phishing and malware protection features in the browser’s preferences. You can refer to the official Chromium blog for additional details about the malware detection feature.

Chrome 17 is available through the browser’s automatic updater and can also be downloaded from Google’s website. More information about the new release is available in the official Google Chrome blog.

This article originally appeared on Ars Technica, Wired’s sister site for in-depth technology news.

Article source: http://www.webmonkey.com/2012/02/chrome-17-released-will-preload-autocompleted-urls-as-you-type/

Tags: , , ,