Monthly Archives: October 2012

Malware production is a lucrative industry for both the malware writers who sell their work and security companies who sell us, the end users, protection. In order for the malware writers to get paid they need to develop malware that evades detection by the security companies, and in order to do that they’ve come up with some clever, yet quite simple techniques.

Security vendors have to analyze and detect millions of potential threats every year. In so doing they can regularly update the anti-malware software running on our machines and provide up-to-date protection. However, you can’t analyze all potential threats by hand, so automated threat analysis systems are employed. These typically look at suspicious files in a virtual machine and test each one quickly to see if it poses a threat.

The malware developers know such systems exist and have therefore employed countermeasures to try and avoid detection. These measures center around detecting whether they are being run in a virtual environment by checking registry entries, drivers, system services, which ports are available, and what processes are being run. If anything points to a virtual environment being present the malware shuts down and effectively hides from the automated system.

In the never ending cat and mouse game these two parties play, the security vendors can also try and hide the fact code is being run in a virtual environment, which in turn leads malware writers to develop new ways of detecting one. The latest of these quite simply uses the mouse or goes to sleep before kicking into action.

Symantec has discovered that some malware won’t start running unless it detects activity from the mouse. Why would malware writers do this? Mouse activity is done by a user, and in an automated threat analysis system a user isn’t present and therefore no mouse activity is required.

Malware checking for mouse activity (upper code segment) and deciding to sleep and then wait to execute (lower code segment)

Some malware has also been found to go to sleep for several minutes and then wait several more minutes once active before infiltrating a system. The reason for this is a typical automated threat analysis system looks at individual files very quickly, so waiting to execute helps ensure the malware is on a real system and not a virtual test environment.

The checks are clever because they are so simple. That simplicity also makes them relatively easy to fool. All Symantec needs do is add some simulated mouse movement to their testing system to fool the mouse check. As for the malware that waits before exectuing, it may just be a case of tweaking the system time in order to jolt any sleeping malware into action so it can be detected.

More at Symantec, via The H Security

“Apple Inc. said mobile software head Scott Forstall and retail chief John Browett are departing as Chief Executive Officer Tim Cook embarks on a sweeping management overhaul at the world’s most valuable company,” Adam Satariano and Peter Burrows report for Bloomberg.

“Forstall will leave next year and serve as an adviser to Cook until then, Cupertino, California-based Apple said yesterday in a statement. Executives Jony Ive, Eddy Cue, Bob Mansfield and Craig Federighi will take on added management responsibilities, the company said. Forstall was pushed out, according to a person with knowledge of the dismissal who asked not to be identified because the matter is private,” Satariano and Burrows report. “Forstall oversaw products such as mapping software and the Siri voice-recognition tool, which met with criticism. He also frequently clashed with other managers, people with knowledge of the matter have said.”

Satariano and Burrows report, “Forstall was responsible for the mapping software introduced last month that was widely faulted for bad directions and missing features, marring the debut of the iPhone 5. Forstall had extolled the maps’ features before its release at a software developer conference in June. Cook dismissed Forstall after he refused to sign a public letter to Apple customers apologizing for the mapping software’s flaws, according to a person briefed on the matter. Cook signed the letter instead… ‘It’s a very big move and one that was necessary to tighten up the management decision-making process,’ said Tim Bajarin, president of Creative Strategies, a technology consulting firm. ‘Apple needs to work much faster as the competition heats up.’”

“‘This change makes Jony the creative integration point for both hardware and software, which was one of the most important roles that Steve played,’ said Bob Borchers, a former marketing executive at Apple who’s now a venture capitalist at Opus Capital,” Satariano and Burrows report. Forstall’s “management style also led a several senior executives to leave Apple because they found working with Forstall difficult, several former Apple employees said. The mapping missteps were a final straw, people said. ‘Forstall was effectively a component of friction in Apple’s otherwise very collaborative senior management structure,’ said Charlie Wolf, an analyst at Needham & Co.”

Read more in the full article here.

Om Malik reports for GigaOM, “Here is what my sources deep within Apple are telling me… Forstall’s firing was met with a sense of quiet jubilation, especially among people who worked in the engineering groups. Or as one of my sources quipped: there are a lot of people going for celebratory drinks, even if there is a little bit of doubt about their roles in the future.”

“While the now-rescinded resignation of Bob Mansfield was masterfully planned, my sources say that Forstall’s exit was fairly last minute and not something he initiated,” Malik reports. “There is a sense of excitement around Jony Ive taking over as head of the newly created human interface group. The reason for the excitement: hope for a new design direction for many software products. Most think Eddy Cue taking over Siri and Maps is a smart and natural thing to do.”

Malik reports, “Forstall had less-than-pleasant relationships with many senior executives, including Cue and Mansfield. My sources confirm what the Times reported earlier – Ive and Forstall had a rocky relationship.”

Read more in the full article, including why Cook will have to rethink a new, non-Jobsian “culture of schedule-driven releases” at Apple, here.

MacDailyNews Take: Tim Cook. Go, baby, go (but don’t ship anything until is worthy of the Apple brand, regardless of your preferred timeline)!

Ryan Block writes for gdgt that Forstall’s ouster “is actually probably going to be a very good thing… a very good, very healthy move on Apple’s part.”

“After Steve’s death, Forstall was known to be consolidating power among the ranks at Apple. This kind of thing never bodes well — for anyone. Blatant power grabs lead to infighting and dysfunction as senior management all of a sudden have to start watching their backs instead of collaborating on product and direction. It’s simply never healthy, and definitely never sustainable. Something has to give, and it looks like we know what,” Block reports. “Although iOS has proven to be an incredibly successful platform that started with a huge lead in the modern smartphone era, it’s been criticized as evolving far too slowly in the face of the competition.”

“Relevant, but perhaps not directly Forstall’s fault: he was supposedly the guy who convinced Steve to let some iPhone 4 units run around in the wild during late testing. And we all know what happened there,” Block reports. “Scott was the man in charge of Siri. I’m pretty sure I don’t need to say much more on that matter. Scott was also in charge of the new Maps product, one of Apple’s most visible (if not monumental) failures of a flagship product in quite some time. SOMEONE’s head was going to roll, it was just a matter of whose. (The last time Apple had something blow up this badly in its face — iPhone 4′s Antennagate — iPhone hardware executive Mark Papermaster was unceremoniously fired.)”

Read more in the full article here.

Related articles:
Apple CEO Tim Cook executes major management shake-up at world’s most valuable company – October 30, 2012
Tim Cook takes full control of Apple: John Browett and Scott Forstall out; Jony Ive, Bob Mansfield, Eddy Cue and Craig Federighi get expanded responsibilities – October 29, 2012
Apple software designers sick of doing things Scott Forstall’s way; ‘civil war’ said breaking out – October 10, 2012
Tim Cook open letter: We fell short with new Maps app; we are extremely sorry – September 28, 2012
Apple newbie John Browett brings Dixons to Apple Retail Stores – August 17, 2012

An Apple CEO-in-waiting, Scott Forstall, sells 95% of his company shares – May 2, 2012

Europe divided over German proposals for a ‘super commissioner’ who could punish nations with large deficits

Fresh tensions emerged between Germany and southern Europe as Spain and Italy criticised Berlin’s proposals for a European Union “super commissioner” with powers to police national budgets and punish those with large deficits.

“This is an idea, that considered on its own, I personally don’t like,” said Spanish prime minister Mariano Rajoy after meeting his Italian counterpart Mario Monti in Madrid.Monti claimed not to have read a Der Spiegel interview in which European Central Bank (ECB) president Mario Draghi threw his weight behind the super-commissioner idea, but nevertheless recalled that, in 2003, Germany has been one of the first countries to break EU deficit rules. “It doesn’t sound very good,” he added. “Markets could take this as a sign that current instruments do not work.”

Both prime ministers claimed their recession-hit countries did not currently need a soft bailout that would allow the ECB to start buying bonds to bring down borrowing rates, though Rajoy was prepared to admit a request might come eventually. “The instrument is there and any country can ask for it if it finds it necessary. And I will do just that,” he said. “When I believe that it is in the interests of Spain to ask for it, I will ask for it,” he said.

Monti said Italy did not need the bailout, but said it was important that at least one country use the eurozone’s new soft bailout mechanism in order to prove to markets that the ECB was serious about defending the euro.

“It is of paramount importance that the instrument is put to work, that it does not remain theoretical,” Monti said, in what seemed to be a reference to Spain.

The plan relates to the ECB purchasing a government’s bonds, which results in a lowering of that country’s borrowing rates in the bond markets.

The size of Spain’s economic downturn was underscored by the prices at which a new “bad bank”, to be set up as part of a eurozone rescue of Spanish banks, will forcibly buy toxic real estate assets from bailed-out banks.

The “bad bank”, known as Sareb, will take between 45bn and 90bn of real estate with discounts on book value varying from 80% to 32%, according to the Bank of Spain.

The minimum discount will still be above the market fall in Spanish real estate prices, which have so far dropped 25% from their peak.

But Italy also appeared to be running into fresh difficulties after former prime minister Silvio Berlusconi, sentenced to prison for tax fraud last week, threatened to withdraw support for Monti’s government over the weekend.

As Italy’s bond yields began to rise yesterday, Monti refused to speculate on whether this was a sign of market fear that Berlusconi would carry out his threat.

“You can ask that question to the political parties, and to the markets, but not to me,” he said, claiming his duty was merely to keep governing Italy until the spring.

Microsoft’s new Surface tablet recently launched, and the guys from iFixit had their screwdrivers ready to tear down the Surface to find out what was inside this new Windows RT tablet.

According to the iFixit team, the Surface wasn’t that easy to open and it ended up with a repair ability score of just 4 out of 10, which means it will be harder to repair than some other tablets.

Microsoft Surface

Back in February file storage service RapidShare angered a lot of users by introducing a severe speed cap for free account holders. Downloading a file became painfully slow as the transfer rate never went above 30kb/s. Even worse was the fact RapidShare was adding pauses to the download, which could easily be interpreted as the download failing.

The only fix for this problem was to upgrade to a premium RapidPro account, which cost $12.90 for 30 days, or the best deal was $130 for two years. Even so, that’s a lot to pay out for your file transfers.

RapidShare introduced the speed cap not long after the MegaUpload raid occurred, and has since admitted the cap was a reaction to that. Megaupload users were streaming on to RapidShare as an alternative and the company was worried about piracy. The speed cap was meant to act as a major deterrent to that.

Any RapidShare free account users who stuck with the service and endured the 30kb/s speeds will be glad to hear that the speed cap was a temporary measure and is being removed. In fact, your account may already be benefiting from much higher transfer rates.

RapidShare’s CEO Alexandra Zwingli has stated the speed cap removal isn’t because the threat of piracy has disappeared, but because the service now has a range of other measures in place to deal with it.

I’d be surprised if RapidShare hadn’t seen a lot of users go elsewhere for their file storage and sharing needs since the cap was introduced. 30kb/s is very low and would make downloading even relatively small files a painful process. With it removed the service is sure to gain in popularity again, but does need to keep a lid on piracy.

More at TorrentFreak

“Pre-orders for the iPad mini began at Apple’s online store Friday at 3 a.m. Eastern (12 a.m. Pacific),” Philip Elmer-DeWitt reports for Fortune.

In 20 minutes the Wi-Fi-only white models sold out in all three memory configurations (16GB, 32GB, 64GB)
In 35 hours the black 16GB models were gone
By 3 a.m. Monday — 3 days after they went on sale — the rest were gone as well

P.E.D. reports, “If you order one now, it will be available to ship in two weeks.”

Read more in the full article here.

Like wine, beer has become a popular drink with specialist brewers developing new and exciting beers for the discerning beer drinker. The Moleskine Passions Beer Journal helps the beer connoisseur to keep a record of all the beers tasted making it easy to remember the good brews from the not so good.

Here are the features for the useful Moleskine Passions Beer Journal;

The Moleskine Passions Beer Journal is an indispensable companion for the casual beer drinker and the beer connoisseur. This 240-page (120 leave) journal not only has a glossary, pouring tips and glass types, it has tasting notes, a home brewing log, space for your recipes, your cellar, and your favourite beer addresses. Easily organize your passion with 5 themed sections, 5 blank tabbed sections, and 202 adhesive labels to personalize the journal.

This Beer Journal is priced at 13 in the UK and $20 in the US

Source [Uncrate]