msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

29 Dec 12 Google Chrome Browser Cracking Down on Extensions


The Windows version of Google Chrome is one of the most widely used browsers. And Google is now tightening restrictions on browser extensions that install themselves without full notification to users.

This may be frustrating for companies that bundle browser extensions with their standard user download packages. But it will make the Chrome browser more secure and set a positive security example for browser extensions generally. And for the IT community at midsize firms, this is a welcome development.

Browser extensions have become an all too popular vector for malware exploits. This makes better protection of browsers good news for all users–not just individuals using a browser to surf the Internet, but companies that depend on the open Web to reach out to customers.

Google ChromeAsk Before Installing

As Seth Rosenblatt reports at CNET, Google Chrome for Windows will now require most browser extensions to get explicit user acknowledgment and permission before the extension can be installed. Two new features in Chrome 25 will enforce the new rules.

The only extensions exempt from the new requirement are those that come directly from the Chrome store, and are thus under the Google aegis.

According to Peter Ludwig, Chrome product manager, the previous policy of allowing silent installation of third-party extensions had been “widely abused” to install extensions “without proper acknowledgement from users.” Henceforth, third-party extensions will be disabled by default. A notification box will say that an extension has been installed and give the user the option of enabling it.

Another feature in Chrome 25 will make this protective functionality retroactive. Existing third-party extensions will be disabled, with a prompt allowing users to re-enable them.

In Line With Mozilla

The new protective functionality brings Chrome into line with Mozilla Firefox, which already requires notification by third-party add-ons. The move may be unwelcome by some companies and other organizations that have incorporated browser extensions in their uploads. But comments on the CNET piece were strongly supportive of the move.

IT professionals at midsize firms have a strong stake in measures that strengthen browser security. Browsers are users’ doors to the open Web, an environment that allows midsize firms to compete on an even playing field.

The mobility era is already posing a challenge to the open Web, as app-ification and walled gardens make the full Web harder to reach. The continued availability of safe, secure browsers is a key protection against the fragmentation of the Web and dominance by large vendors. This makes the latest Chrome for Windows protections a very good move for midsize firms.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

Article source: http://midsizeinsider.com/en-us/article/google-chrome-browser-cracking-down-on-e

Tags: , , , , ,

16 Dec 12 A Windows admin takes a shine to Chrome OS


White Paper

Service Desk Comparative Report

Gartner’s recent magic quadrant for IT Service Support Management included no vendors as leaders or innovators. Learn why and how ITinvolve is delivering an innovative service desk solution that empowers IT staff through social collaboration and visualization to improve incident analysis and triage to speed incident resolution time.

Read now »

Article source: http://www.infoworld.com/d/microsoft-windows/windows-admin-takes-shine-chrome-os-208907

Tags: ,

19 Jun 12 Samsung Makes Android SAFE for IT


Samsung’s forthcoming Galaxy S III smartphone will be the company’s first device to be officially branded and sold under its new SAFE program.

SAFE stands for “Samsung Approved for Enterprise.”

The Galaxy S III will be available in the U.S. from Verizon Wireless, ATT (NYSE: T), Sprint (NYSE: S), T-Mobile and U.S. Cellular in July.

Samsung also introduced Safe2Switch, a program that lets smartphone users of other makers’ products trade in their existing devices and purchase a new Samsung smartphone. People who currently own a Samsung smartphone can trade up.

Samsung first introduced the SAFE program in the United States in late 2011, and there are more than 20 Samsung SAFE devices on the market, company spokesperson Martha Thomas told LinuxInsider. However, the Galaxy S III will be the first one to bear the program’s brand. Introducing devices under the SAFE brand will make it easier for customers to see which products are enterprise-ready.

“With SAFE, Samsung is sending a message to IT departments — this phone is easy for you guys to sign off on,” James Robinson, lead Android developer and cofounder of OpenSignalMaps, told LinuxInsider. “The S III is going to be an extremely popular device.”

Playing IT Safe

SAFE was created as a way to defragment the Android operating system (OS) across multiple versions offered on handsets by carriers in the United States, Samsung said. Out of the box, the SAFE-branded Galaxy S III supports a suite of enterprise-ready features and capabilities as well as 338 IT policies. These policies include on-device AES 256-bit encryption, enhanced support for Microsoft (Nasdaq: MSFT) Exchange ActiveSync, and support for virtual private network (VPN) and mobile device management (MDM) solutions.

Galaxy S III features include AllShare Play, which lets users securely share PowerPoint presentations and PDFs with other S III owners; Share Shot, which enables photo compiling and sharing; S Beam One Touch Sharing, which lets Galaxy S III owners exchange information or documents by tapping these devices together; and Samsung TecTiles — programmable tags and mobile applications.

Partnering With Samsung

Samsung is working with mobile device management (MDM) providers, including AirWatch, Sybase (NYSE: SY) and Juniper Networks (Nasdaq: JNPR), to provide management and security on the Galaxy S III. It’s also working with VPN providers, including Cisco (Nasdaq: CSCO) and F5 Networks, to enable IP-based encryption. Samsung’s security vendor partners include Symantec (Nasdaq: SYMC).

One partner, Avaya, “has been enabling Samsung’s Android-based devices with our Avaya one-X Mobile client application,” Avaya spokesperson Deb Kline told LinuxInsider. This “securely connects an end user’s Samsung mobile device to his or her corporate communications system.” Voice streams are encrypted and businesses can continue to apply their typical security measures such as firewalls and session border control.

Samsung “has put in place a formal quality assurance testing and verification process to ensure the SAFE enterprise solutions work as needed and described,” the company’s Thomas said. “The QA process will be in place for all future Samsung SAFE devices.”

Taming the Android Defrag Bomb?

Samsung’s claim of defragmenting Android with SAFE may make some users’ ears perk up — either with anticipation or skepticism. OpenSignalMaps recently found there are close to 4,000 different types of devices running the OS.

“SAFE defragments Android by creating a single standard for IT administrators to test against,” Samsung’s Thomas explained. “This means the IT administers can test one SAFE device such as the Galaxy S III and know that all SAFE phones — from those running on Gingerbread to Ice Cream Sandwich — will work the same on their network. It also allows VPN, MDM and application providers to leverage a single uniform software developer kit when creating solutions for SAFE devices.”

However, “Fragmentation in terms of security capabilities is what Samsung’s focusing on here, for that small sub-genre of fragmentation support for IT policies is what is needed,” OpenSignalMaps’ Robinson pointed out. “By introducing a new feature to its phones, Samsung is not providing a general cure to fragmentation. It’s not even providing a cure across all devices. But it is promising that … it’s going to be easier for IT departments to sign off on particular applications, particularly MDM and VPN apps, running on particular models.”

Article source: http://www.technewsworld.com/story/75412.html

Tags: , , , , ,

19 Jun 12 New Android Malware is Disguised as a Security App


Google’s Android mobile platform is the target of a new variant of a widely used malware capable of stealing personal information.

New Android Malware is Disguised as a Security AppThe latest Zeus malware masquerades as a premium security app to lure people into downloading the Trojan, Kaspersky Lab reported Monday. The fake security app, called the Android Security Suite Premium, first appeared in early June with newer versions released since then.

Such malware presents a threat to consumers, as well as businesses that allow employees to use their personal devices on the corporate network. A Dimensional Research survey of IT professionals found that more than 70 percent said mobile devices contributed to increased security risks and that Android introduced the greatest risk. Issued in January, the report was sponsored by firewall vendor Check Point Software Technologies.

The new Zeus malware steals incoming text messages and sends them to command-and-control servers operated by the attackers. Depending on the apps installed on the Android device, the text could include sensitive data, such as password-reset links.

“It is also important to mention that these malicious apps are able to receive commands for uninstalling themselves, stealing system information and enabling/disabling the malicious applications,” Denis Maslennikov, a Kaspersky security researcher said in a blog post.

The malware installs a blue shield icon on the smartphone or tablet menu and shows a fake activation code when executed, Kaspersky said. The app uses a series of six command and control servers, one of which was linked to Zeus malware found in 2011.

“The newest variant of ZitMo demonstrates the commitment to effective mobile spyware development and distribution that cybercrime has made,” Kurt Baumgartner, senior security researcher at Kaspersky Lab, said by email.

Android application infections increased dramatically in the first quarter of this year, driven by a surge in attacks on personal data, according to the E-Threat Landscape Report released in April by security vendor Bitdefender. Cyber-criminals often hide the malware in apps sold in online stores.

New Android Malware is Disguised as a Security AppThe Dimensional survey found that 65% of the 768 IT pros polled allowed personal devices to connect to corporate networks. Apple’s iOS, used in the iPhone and iPad, was the most common platform, with Android coming in third behind Research in Motion’s BlackBerry. Android was found in companies represented by one in five of the respondents.

A factor that increases the risk of malware such as Zeus is the lack of employee awareness. More than six in 10 of the IT pros surveyed said employee ignorance had the greatest impact on mobile security.

The types of corporate information most often found on mobile devices were e-mail and contacts. Other information cited by the respondents included customer data, network login credentials and data made available through business applications.

Zeus was first discovered in 2007 as a keystroke logger and form grabber that ran in a browser. The malware is primarily downloaded through phishing schemes or by visiting malicious Web sites. The mobile version of Zeus, called ZitMo, was first discovered a couple of years ago.

In other Android security news, Tokyo police have arrested six men accused of distributing malware through an application downloaded from a porn site, the newspaper Yomiuri Shimbun reported. When launched, the Android app would demand fees and steal the victim’s personal information.

The suspects are accused of swindling more than 200 people out of $265,000. Two of the suspects were executives at separate IT companies.

Read more about malware/cybercrime in CSOonline’s Malware/Cybercrime section.

Article source: http://www.pcworld.com/article/257858/new_android_malware_is_disguised_as_a_security_app.html

Tags: , , , , ,

15 Jun 12 Android Tablets Beating Out iPad in Business and IT: Report


Apple’s iPad may still be considered the king of tablets in many quarters, but new research data casts a shadow of doubt over how long that will continue.

android apple tabletIn fact, a full 44 percent of first-time tablet buyers in business and IT plan to purchase an Android device in the upcoming 12 months, compared with just 27 percent planning to go with an iPad, according to a new study from IDG Connect (IDG Connect is part of IDG, which owns PCWorld.com).

“The rise in tablet usage and increasing prevalence of BYOD is set to have a fundamental impact on IT and business over the next few years,” said Kathryn Cave, editor at IDG Connect, in a press release announcing the results. “These findings signify changes in work mobile consumption and market leadership in the tablet arena.”

Only Three Percent Opt for Windows 8

To conduct its research, IDG Connect recently surveyed 3,124 IT and business professionals around the globe.

Seventy-one percent of respondents said they already own a tablet, and 51 percent of those reported having an iPad, IDG Connect reported.

For future purchases, though, Android was clearly the preferred choice, with 44 percent of respondents saying they’d choose a device that uses the Linux-based operating system. Only three percent of respondents said they’d opt for Windows 8, and 21 percent said they weren’t sure.

Global Variations

The research results are even more interesting when broken down geographically.

In Africa, for instance, 44 percent indicated they’d choose an Android tablet, compared with only 21 percent planning to buy an iPad. Similarly, in Europe, only 23 percent of new buyers said they plan to buy an iPad, compared with a full 49 percent who have set their sights on an Android tablet.

Those in North America and Australia/New Zealand, interestingly, showed the lowest preference for Android tablets, with only 30 percent of North American buyers and 35 percent of those in Australia/New Zealand choosing them over iPad.

Article source: http://www.pcworld.com/businesscenter/article/257664/android_tablets_beating_out_ipad_in_business_and_it_report.html

Tags: , , , , ,

12 Jun 12 Android’s fraying tightrope with app developers


Watching the hoopla around Apple’s Worldwide Developer’s Conference is always an exercise in spin management, as Apple’s promotion of iOS always leads to a flurry of counter arguments from those who prefer (or sell) devices with the Android operating system.

Some of those counter arguments, though, fall more than a little flat, much to my frustration.

Take Matthew Miller, who argues (quite thoroughly), that the latest version of Android, Ice Cream Sandwich (ICS), already has many of the same features that iOS 6 will have when it is released this Fall.

While Miller makes an excellent case, he forgets that ICS only has 7.1 percent of total Android market share, according to Google. Right now, the latest version of Apple’s mobile platform, iOS 5, is around 75-80 percent, depending on who you ask.

When iOS 6 rolls out, because of Apple’s unified platform strategy, I would expect similar market penetration in a matter of weeks. At ICS’ current growth levels of about one percent per month, ICS might be around 10 percent of the Android market by September.

This is the F-word problem: fragmentation. Android is constantly dogged by it, because there are not only seven deployed versions of Android out in the wild, but there are also thousands of Android devices deployed, many of which require some sort of tweaking by an apps developer to get their app stabilized, because of the differing hardware requirements.

So why do developers even bother? It is the open source factor at work?

Perhaps, but I think a better case could be made with the numbers. While Apple CEO Tim Cook touted 360 million iOS devices sold in the platform’s entire lifecycle at WWDC, Android chief Andy Rubin twitter-bragged that 900,000 Android devices are activated every day. (That’s 328.5 million devices per year.)

That’s a mighty big target, and on the surface that would seem to be a big reason to develop for Android. But then you get reports like this one from mobile analyst Flurry that state “[f]or every $1.00 a developer earns on iOS, he can expect to earn about $0.24 on Android.”

Assuming Apple’s devices grow on average at about 72 million devices a year (and I just took a straight averaging here), then an iOS developer could see $72 million on new iOS devices this year, or $78.8 million on new Android devices.

This, more than any other reason, may be what is keeping Android growing. After all, assuming Flurry’s report is correct, then even though an Android developer can expect to make one-fourth per app than an iOS developer, the potential market is four times as large.

This seems a tenuous balance, though: Android’s openness is to be lauded, and it’s clearly doing what it needs to do be attracting new hardware vendors and devices all of the time. But the lack of consistency in hardware and APIs is slowly driving Android developers nuts–something I hear repeatedly from mobile developers.

Then there’s the S-word: saturation. There are growing concerns that smartphones in general are reaching the saturation point in the U.S. When that happens, all this phenomenal growth will vanish and Android’s (and iOS’) numbers won’t look so hot. There are other markets of course, but will they be better or worse in terms of revenue for app developers?

My concern is that sooner of later the problems will become more painful than the pleasure of the potential revenue. Or growth of Android will slow due to market saturation. Either way, app development on Android could slow to a crawl.

If that happens, it won’t matter how cool the Android features are: no new apps will mean no new users.

Read more of Brian Proffitt’s Open for Discussion blog and follow the latest IT news at ITworld. Drop Brian a line or follow Brian on Twitter at @TheTechScribe. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Article source: http://www.itworld.com/mobile-wireless/280896/androids-fraying-tightrope-app-developers

Tags: , , , , ,

12 Jun 12 Android Reaches 900000 Daily Activations


Android’s chief architect, Andy Rubin, took to Twitter over the weekend to share the news that Google’s mobile platform is being activated on 900,000 devices each and every day. Google doesn’t provide a breakdown of those activations, so that massive number includes smartphones, tablets, Kindles, and other devices running Android.

It would appear that Google is on the cusp of reaching one million devices activated each day. But can it? Android’s adoption rate has slowed in recent months. Let’s take a look at the numbers.

The last time we heard from Google about the Android daily activation rate was in February. The number at the point was 850,000 daily activations. It took four months (February to June) to grow by 50,000 activations.

Prior to that, Google announced 700,000 daily activations in December 2011. The time to jump 150,000 activations–from 700,000 to 850,000–took only two months. Of course, that included the holiday shopping season. Two months for 150,000 (between December and February), followed by four months to climb 50,000 (between February and June) shows a huge slowdown in the growth rate. This has been backed up by reports from the likes of IDC, Nielsen, and others that say Android’s growth is throttling down a bit.

[ Want longer battery life? A faster browser? A way to zap annoying ads? See 10 Ways To Get More From Android Devices. ]

In October 2011, the activation rate was 550,000 per day. The daily activation rate climbed by 150,000 between October and December, a two-month stretch. Nearly a year ago, in July 2011, the activation rate was 500,000 per day.

Looking at the data, it’s clear that the holiday season was a boon to Android’s activation rate. At its current rate of growth–50,000 new daily activations over a four-month period–Google won’t reach 1,000,000 daily activations until February 2013. Is there anything that can help speed up the adoption rate?

Sure, compelling new hardware and software.

Samsung will certainly do its part in the coming weeks and months with the availability of the Galaxy S III. It lands at five major U.S. carriers in the next four weeks, and is already available for sale in markets around the globe. It’s the Korean firm’s flagship device for the year, and based on initial reactions, it will be a big seller.

Google is also prepping a new, lower-cost tablet for release in the next month or so. The Asus-made Nexus tablet is expected to make its first appearance at the Google I/O conference in several weeks. Based on the price point and specs of this device, it could help bolster flagging Android tablet sales.

Perhaps more important, however, will be Android 5.0 Jelly Bean. Jelly Bean is expected to show up at I/O along with the Nexus tablet. It needs to be more successful than the previous version of Android. Eight months after its release, Android 4.0 Ice Cream Sandwich has been installed on fewer than 8% of Android devices. That’s miserable. Despite Google’s promise to make device system upgrades easier and faster, it simply hasn’t happened. Can Jelly Bean improve that rate at which smartphone and tablet buyers install the latest version of the software–and the rate at which buyers snap up Android devices?

Mobile Connect addresses the strategic direction that will define enterprise IT for the next decade–building and managing information systems that run on a mobile platform. Mobile Connect will bring together enterprise mobility thought leaders to discuss the innovations in mobile, and how forward-thinking companies are getting the technology to work for them, providing unprecedented business value. It happens in Boston, June 18-20. Register today.

Article source: http://www.informationweek.com/news/mobility/smart_phones/240001809

Tags: , , , , ,

11 Jun 12 MobileIron Distributes Enterprise Apps, Simplifies Android


iPhone 5 Predictions: The Best And Worst
(click image for larger view and for slideshow)

As mobile devices become part of corporate business, mobile app management company MobileIron sees an opportunity to facilitate enterprise app delivery at scale and to protect company content on mobile devices.

Last week MobileIron introduced three services designed to make the transition from desktop to mobile computing in businesses more manageable and more secure.

“In the next 12 to 18 months, companies will have their business processes on mobile,” said Ojas Rege, VP of strategy for MobileIron, in a phone interview.

But in so doing, businesses face several challenges. The first is app distribution. Rege describes a scenario in which a top pharmaceutical company moves its salespeople to iPads. “iPads are transforming the way selling is done,” he said.

[ Read LinkedIn Confirms Password Breach, Phishing Intensifies. ]

But suppose the company’s custom app weighs in at 1.5 GB. Distributing such a hefty chunk of code to a large sales force would slow many corporate networks to a crawl.

“The correct way is to offload the download onto a secure, global, distributed network,” said Rege. “That’s what we’ve done to our Application Delivery Network.”

The MobileIron Application Delivery Network (ADN) promises provisioning at scale. Think of it as the equivalent of content delivery network Akamai for enterprise mobile apps. Rege contends no one else has this capability at the moment and says the service will be available in the second half of the year, for a monthly per-device fee.

Then there’s MobileIron Docs@Work, an enterprise data loss prevention service for both ActiveSync email attachments and SharePoint content. “Email and SharePoint are the two primary content repositories that all MobileIron’s customers have,” said Rege.

Every organization, insists Rege, is worried about its email attachments being sent to some service like Dropbox and losing control of important data. Docs@Work provides a way to encrypt email and SharePoint documents so they can be read only through MobileIron’s secure reader. The service allows IT administrators to delete documents remotely if necessary.

Finally, App Connect for Android is a service that attempts to relieve IT managers of the burden of managing the fragmented Android ecosystem, with all of its different operating system versions.

The service wraps Android business apps in a virtual container for the sake of security and compatibility. App .apk files are encapsulated so that data gets encrypted, inter-app communication is secured, and single sign-on can be implemented. By acting as an intermediary between the app and the data flowing in and out of the app, App Connect for Android provides control over business data while leaving personal apps alone.

“It’s our belief that Android will fail in the enterprise unless it can be defragmented,” said Rege.

Black Hat USA Las Vegas, the premiere conference on information security, features four days of deep technical training followed by two days of presentations from speakers discussing their latest research around a broad range of security topics. At Caesars Palace in Las Vegas, July 21-26. Register today.

Article source: http://www.informationweek.com/news/security/vulnerabilities/240001803

Tags: , , , , ,

03 Jun 12 Google Chrome Tabs Let Malware Sneak Into Businesses


Google Drive: 10 Alternatives To See
(click image for larger view and for slideshow)

Google Chrome users: Watch your sync habits. The browser’s ability to synchronize tabs across different computers could be used by a malicious attacker to eavesdrop on personal or corporate communications.

The tab-synchronization capability appeared last month in the latest version of the Google Chrome browser, and allows users to synchronize their open browser tabs across devices. As a result, users can log into any version of the Google Chrome browser–on home PCs, work PCs, or mobile devices–and access their saved tabs.

Unfortunately, the same would go for malware. “Consider the following scenario: The user is signed in to Chrome on both work and home computer. … The home computer gets infected by a malware. Now all of the work synced data (such as work-related passwords) is owned by the malware,” said Rob Rachwald, director of security strategy at Imperva, in a blog post.

“We name this kind of threats BYOB for ‘Bring Your Own Browser,’” he said. “While BYOD creates challenges of mixing work data and personal end points, BYOB does exactly the same–but it’s more elusive as there’s no physical device involved.”

Furthermore, IT departments could have difficulty successfully spotting and blocking malware that infiltrates the enterprise in this manner, especially given the number of attacks that could be launched from an infected home PC. “Even if the malware gets disinfected on work computer, the malware is able to infect over and over again–as the root cause of the infection–the home computer–is outside of the reach of the IT department,” Rachwald said.

Two Ways In

Google didn’t immediately respond to a request for comment about the feasibility of this attack, or steps that users could take to mitigate this type of threat. To be sure, this is a theoretical attack; no such Chrome-targeting malware campaign has been seen in the wild. But malware could potentially piggyback into a corporate environment, using Chrome tabs, in two ways.

The first exploit technique would be if “the malware changes the homepage or some bookmark to point to a malware-infection site on the home computer,” said Rachwald. “Settings are synced to your work environment. When you open your browser at work, you get infected with some zero-day drive-by download.” In this scenario, attackers could instruct the malware to keep attacking the corporate network, and even vary the attack being used, in an attempt to evade defenses. This would be difficult for a business to stop with complete reliability.

“Even if the malware gets disinfected on work computer, the malware is able to infect over and over again, as the root cause of the infection–the home computer–is outside of the reach of the IT department,” he said.

Another potential attack vector would be if the malware installed a rogue Chrome extension, and such extensions have appeared on the official Chrome Web Store in the past. As Google notes, “anyone can upload items to the Chrome Web Store, so you should only install items created by people you trust,” and by reviewing the ratings and reviews for an extension to help deduce whether it’s reliable. Google quickly removes any malicious Chrome extensions, once they’re spotted. But until that happens, any malicious extension is able to operate with impunity.

“Chrome extensions are evil,” noted Felix “FX” Lindner, head of Recurity Labs in Berlin. That comment came during a talk he delivered at Black Hat Europe earlier this year, in which he highlighted how Chrome extensions can be used by an attacker to inject JavaScript directly into the browser. What’s more, any users who sign into Chrome on a different workstation will have their extensions automatically installed on the current PC. As a result, a malicious extension installed at home could easily appear on a workplace PC, creating a vulnerability similar to the one that Rachwald highlighted.

Why are malicious Chrome extensions so dangerous? “If you have an extension installed, it has … pretty much omnipotent control over your Chrome browser,” said Lindner, speaking by phone. “Google tries to prevent the extension from accessing your extension manager, but we’ve found ways to do it. Google fixed them, but I’m pretty confident that there are other ways.”

Preventing users from installing Chrome extensions is nearly impossible. For starters, while the IT department can issue its own Chrome build, and set it to block extensions, you can install and run your own installation of the browser on any PC for which you have permission to write to the home directory–no administrator rights required.

Security defenses also won’t spot malicious extensions. “This all being JavaScript and HTML, the corporate antivirus is not going to catch it–on top of the fact that you’re downloading the extension via SSL from Google’s Web store,” said Lindner. “Unless corporate [IT] breaks SSL for you, they’re not going to see it anyway.

Since the browser’s preferences are handled with JavaScript, a malicious extension could automatically–and without a user being aware–install and run arbitrary code in the browser. For example, the extension might unleash a Trojan application that recorded everything the user did, or open a malicious website in the browser. Furthermore, if this extension was first installed at home, it would automatically get pushed to work when the user logged in there.

Attackers aren’t the only concern for Chrome users, as the Google tab synchronization feature could also be used during digital forensic investigations. “Imagine there’s a case against you at work, and they do forensics, and they get all of your accounts at home,” said Lindner.

But the bigger picture, he said, is that users should consider the security implications of synchronizing information between Chrome tabs or even between Google services. “I’m really not sure who would want to: a) give all this information to Google, and then, b) actually sync it onto every single machine they’re using,” Lindner said. “So much for defense. But maybe I’m the wrong person to ask–I don’t even have a Google account. Wrong religion.”

Employees and their browsers might be the weak link in your security plan. The new, all-digital Endpoint Insecurity Dark Reading supplement shows how to strengthen them. (Free registration required.)

Article source: http://www.informationweek.com/news/security/attacks/240001345

Tags: , , , , ,

03 Jun 12 'Father of Google Apps': Chrome OS Is Still the Future


Rajen Sheth, the father of Google Apps – and more. Photo: Jim Merithew/Wired

It was the most Googley of propositions. The most successful company in the history of the internet said it would reinvent corporate computing by selling subscriptions to streamlined machines that moved all data and applications inside a web browser.

A year later, Google has adjusted this audacious pitch, bowing to the reality that the rest of the world hasn’t quite caught up to its vision of a future where desktop and notebook computers are merely ways of getting you onto the internet. With its latest Chrome OS machines, the company has introduced a new user interface that mimics a traditional operating system, taking the user outside the confines of the browser. And it’s no longer selling software-like subscriptions to these machines, moving to flat fees for hardware and technical support.

In some ways, this seems like a comedown. But it also shows that Google is intent on building a business around these machines — something that many pundits have questioned over the last year. When you also consider that Google has introduced a Chrome OS desktop machine, the Chromebox, alongside its Chromebook laptops, the proposition makes far more sense than it did 12 months ago.

Rajen Sheth, the man who oversees Google’s effort to push Chrome OS into schools and businesses, agrees that the second generation of machines show the company’s intent. But he also says that the overall vision for the operating system hasn’t changed.

“We very deeply believe in this vision,” he says, “and we’re doing a tremendous amount to make it happen.” The idea is to create a world where you can pick up any machine — old or new, yours or someone else’s — and instantly tap into all your existing data and applications. But Google also wants to simplify these machines — for the people who use them and for the companies that manage and support them.

In many ways, the new devices live up to the pitch. Equipped with solid-state drives, Chrome OS machines boot in seconds, and since you needn’t install local software, schools and businesses can certainly get them out to users quickly, and then update them with relative ease. But there are still ways that the device can make things more complicated.

After all, you can’t install software on a Chrome machine. And if you lose your internet connection, you still lose the ability to use most applications. Gmail now works offline. And Google Docs, the company’s document and spreadsheet app, lets you view files offline. But you can’t edit files offline. What’s more, even when you have a connection on a Chrome OS, your ability to move files from application to application is still quite limited.

That said, with the Chromebox, a machine designed to plug permanently into a network, the need for applications that operate offline is less of an issue. And according to Sheth, Google will soon introduce a version of Google Docs that lets you not only view documents when offline, but edit them as well.

The offline Google Docs will fill a big hole in the platform, and it’s a long time coming. It hasn’t arrived sooner, Sheth says, because, well, it’s not an easy problem to solve.

“It’s a complex problem because you tend to have multiple people collaborating on the same files,” he says. “What if I make a bunch of edits on an airplane [while offline] and then connect to the internet when I get to my hotel — especially if others have edited the document in the meantime? How do you merge in those changes?”

What’s more, Google must move some of the processing code from the web to the client machine. “We use the cloud for a lot of the processing, particularly on spreadsheets. We not only have to move this to the client side, but do this in a way that the application is still lightweight.”

Sheth says the company is already using its offline editor within the company, and intends to roll it out to the world at large over the next “several weeks.”

As Google’s Sundar Pichai told us last month, the company is also working to integrate Google Drive — its online file storage service — with Chrome OS. And according to Sheth, this will make it easier to move files between the device and web applications.

Google still isn’t saying how many businesses are using Chrome OS. But it does say that “hundreds” of schools across the U.S. and Europe are using the devices. Rajen Sheth is also the man who turned Gmail into a corporate services — he’s known as “the father of Google Apps” — and he says that Chrome OS is taking much the same path as his first baby.

“As with Google Apps, we’ve seen the best initial traction in education, especially with elementary schools,” Sheth says. “So many schools want to give computers to all of their students, but traditionally, the IT costs of doing that are high. Chromebooks let them buy devices for students without increasing their IT costs.”

How else will the platform evolve? Sheth does acknowledge that Google is reshaping the OS for use on devices with touch screens, but he says the company has no intention of putting it on tablets. Chrome OS may show up on touch-screen notebooks, but Google believes that touch-screen tablets — as well as smartphones — are best served by the company’s Android operating system.

In other words, there are still cases where local applications make more sense. The world may be moving to the web. But it’s not quite there yet.

Sheth acknowledges that it’s difficult for some people to wrap their head around a machine when all applications reside on the web. That’s why the company has added a traditional desktop interface to Chrome OS. “Web applications are actually more powerful than client applications that are typically on a desktop, but the mental lap has been a challenge for a lot of people,” he says. “[The new interface] helps them make that leap.”

Google’s aim hasn’t changed. But it’s still looking for the best way to get there.

Article source: http://feeds.wired.com/~r/wired/techbiz/~3/N-5NgMGlB64/

Tags: , , , , ,