More Examples of Why AV Software Can Be Bad

Subject: General Tech | July 5, 2016 - 02:13 AM |
Tagged: symantec, security

I know that I've mention this in the past, and I'm not advocating running no antivirus software, but it's good to remember that you're using high-privileged software to load untrusted data. While mistakes can happen in any reasonably complex software, some companies are more complacent than others, and some design choices fail to respect the trust you have in them. Symantec, as far as I know, has one of the better reputations of security companies, but this flaw is terrible.

fry-not-sure-if.jpg

Basically, to detect malware that has been obfuscated by executable compression, antivirus software unpacks it themselves and looks. Symantec's solution runs in the kernel, allowing any malware that targets it to have kernel permissions. They were also using “at least” seven-year-old forks of open source libraries. Well... crap.

The bugs have been privately disclosed to Symantec, and fixed before Google went public. If you have any Symantec, or their consumer brand, Norton, software, then make sure it's up to date. Consumer software will have the fix pushed through LiveUpdate, but some some products, like Symantec Endpoint Protection and Symantec Protection for SharePoint Servers might require administrator action.

Source: Google

Your encrypted Android phone's Keymaster will settle for anyone, not just Sigourney

Subject: General Tech | July 4, 2016 - 01:08 PM |
Tagged: andriod, keymaster, qualcomm, snapdragon, encryption

The only good news about this particular decryption hack requires physical access to your phone and as you should be aware once someone has your device in their hands all bets about security are off.  The vulnerability exists on ARM-compatible Snapdragon system-on-chips and the TrustZone, a secure part of the chip which runs outside of the operating system and passes information pertaining to the encryption on your phone via the Qualcomm Secure Execution Environment.

It is possible to to exploit an Android kernel security vulnerability to load your own QSEE application which can then query the TrustZone for your unencrypted blob and RSA key.  From there it is simply a matter of brute forcing the phones PIN or password which then allows you access to all the encrypted data on the device.  The Register explains not only the vulnerability but also how TrustZone and KeyMaster work on your devices in this article.

index.jpg

"Essentially, if someone seizes your Qualcomm Snapdragon-powered phone, they can potentially decrypt its file system's contents with a friendly Python script without knowing your password or PIN."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Microsoft Will Still Be More Polite... But First...

Subject: General Tech | July 2, 2016 - 10:38 PM |
Tagged: microsoft, windows 10

So, despite announcing that they will reskin the Get Windows 10 notification four days ago, Microsoft will release another annoying Get Windows 10 campaign. Based on what looks like a Windows 8.x modern, full-screen prompt, Microsoft will post “Sorry to interrupt, but this is important. Windows 10 free upgrade offer ends July 29th.” It then has two buttons, Upgrade now and Remind me later, and two links, Notify me three more times and Do not notify me again.

microsoft-2016-windows10finalpromptallegedly.png

It's interesting to see that this prompt looks like Windows 8.x, but will also appear on Windows 7 machines. It will probably be very jarring to a Windows 7 user to see the entire screen turn a slightly purple-ish blue in a UI style that you've never seen before, asking you to essentially flip your PC upside down. I would expect them to customize it for each platform, but meh.

Interestingly, Microsoft also lists the conditions that will prevent this prompt from occurring. If you have already tried Windows 10 on the machine, it will not ask you to upgrade back. This is what I would have expected all of Get Windows 10 to do, but, from experience, previous prompts didn't care if you already tried (and even activated) Windows 10. No, it would ask you again to go back. It will also honor all the other ways that you can disable Get Windows 10. They also say it will not appear if “You have a recent version of the Get Windows 10 app installed.” This confuses me, but I'll leave it here regardless.

Anywho, prepare to be annoyed one last time... or not. I don't know.

Source: Microsoft

HTC Vive Currently Dominating Oculus Sales

Subject: General Tech | July 2, 2016 - 09:21 PM |
Tagged: valve, htc, steam, steamvr, vive, Oculus, oculus rift

Thanks to Keith of WCCFTech for tweeting this out.

According to the Steam Hardware Survey, the HTC Vive is dominating the Oculus Rift by more than a factor of two (0.15% to 0.06%). More-so, its rate of change is also double that of Oculus (0.06% to 0.03%). If these numbers are accurate, this means that the SteamVR is massively overtaking Oculus SDK in terms of both amount and rate of change.

htc-valve-2016-viveset.png

Now the questions are “why?” and “what does that mean?”

The most obvious reason, to me, is that HTC has much better availability than Oculus. For the last month, they announced that the Vive ships within two-to-three business days. If you look at Oculus? The website tells you to expect it in August. It is currently the second day of July. While a month is not too long of a time to wait, it would make sense that a consumer would look at the two options and say “Yeah, the this week one, please.”

If that's the case, then the platform battle could be decided simply by retail availability. It wouldn't be decided by a Valve-developed first-party game. It wouldn't be decided by DRM locking games into an exclusive deal. It would simply be decided by “you can buy this one”. That is, unless Oculus ramps up production soon. At that point, we'll need to look back at hardware surveys (not just Steam's) and see what the split is. They could catch up. They could be left behind. Who knows? It could be another factor altogether.

For now, the Vive seems like it's the crowd favorite.

Steam Hardware Survey Shows Drop for Linux

Subject: General Tech | July 2, 2016 - 02:21 AM |
Tagged: valve, steam, linux

The current split of Steam users, according to the Steam Hardware Survey, is 95.5% for Windows, 3.6% for Mac OSX, and 0.8% for Linux. Phoronix reports that this does not count SteamOS, and there might be other “inaccuracies” with the survey, but the Linux figures are 0.04% less than they were before (a relative drop of about 4.8%).

7-TuxGpu.png

Windows users are up, and Mac OSX is flat.

A 4.8% drop in a month isn't promising, but it's also not too concerning. If you were intending to target a platform with 0.8% marketshare, then you can benefit from the long shelf life that Linux provides. It's not like a publisher is counting on that platform to reach two-week launch window sales figures. We'll see if the pendulum will swing back in the future, especially if Valve creates compelling, new, first-party content for Linux. They seem to be waiting to put their full weight behind it.

Mozilla Publishes Servo Nightly (for Mac and Linux)

Subject: General Tech | July 1, 2016 - 07:12 PM |
Tagged: web browser, gecko, servo, Rust, mozilla, Samsung

No love for Windows at the moment, but Mozilla is showing previews of their new browser rendering engine, Servo. This one is developed in Rust, which is a highly parallel yet very memory safe language, which are two great features for a web browser, especially on mobile and multi-core desktops. You are currently able to pick it up on Mac and Linux, although it is not ready to be your primary browser yet. Windows and Android builds “should be available soon”.

Basically, Mozilla has been spending the last few years re-thinking how to design a web browser. Most Web standards are based on assumptions that the browser is going through a main loop, and that these items will occur in sequence. Back in 2013, most of the research was to see far a browser could travel into parallelization before compatibility just stops following. Samsung, who is obviously interested in smartphone technology, partnered with them, because it's easier to add more cores onto a mobile SoC than it is to make existing ones faster.

mozilla-architecture.jpg

At the time, they weren't sure whether this research would be used to improve Gecko, the current rendering engine that has been around since Netscape 6, or create a suitable replacement for it. As far as I know, that decision has still not been made, but they also haven't bailed on it yet.

Perhaps we'll see a new wave of Web technology coming soon? Maybe even break up the Webkit monopoly that seems to be forming, led by iOS and Android devices?

Source: Mozilla

Summer Games Done Quick 2016 Starts This Sunday!

Subject: General Tech | July 1, 2016 - 06:56 PM |
Tagged: pc gaming

Awesome Games Done Quick is an organization that runs week-long, non-stop speedrun marathons for charity. This one benefits Doctors Without Borders, like the last three summer events. The last five Games Done Quick have raised a little under six million dollars, so this is a serious charity event.

gdq-2016-sgdq logo.png

The event starts this Sunday at 12:30pm EDT with a half-hour pre-show followed by an Any % run of Super Mario Sunshine for about an hour and a third, and that is followed by Zelda: A Link Between Worlds for about an hour and a half. Lots of PC games are included on their schedule too, including classics like Final Doom, Hexen, System Shock, and Serious Sam. It is scheduled to go, around the clock, until Saturday at just before midnight, plus or minus a few hours.

Do you want faster WiFi? This is how you get faster WiFi!

Subject: General Tech | June 30, 2016 - 04:53 PM |
Tagged: 802.11ac Wave 2

Router firmware upgrades should be arriving soon to upgrade you to 802.11ac Wave 2.  You may get support for MU-MIMO after upgrading and the new version could well double your bandwidth.  It should also have less interference as it will make more use of the 5GHz channel and it will also include a new 160MHz channel.  Keep an eye on your router manufacturers website and pop by The Inquirer for more information on the new standard.

wifi-80211-ac-wave-2-update-3.jpg

"YOUR WIFI could be about to get a whole bunch faster as a new improved version of the current 802.11ac standard is coming to a router near you."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Podcast #406 - AMD RX 480 Review, Huawei MateBook, Steam Summer Sale, GTX 1060 and more!

Subject: General Tech | June 30, 2016 - 10:35 AM |
Tagged: video, summer sale, steam, RX 490, rx 480, radeon, Polaris, podcast, matebook, Huawei, gtx 1060, amd

PC Perspective Podcast #406 - 06/30/2016

Join us this week as we discuss our AMD RX 480 review, the new Huawei MateBook, GTX 1060 and RX 490 leaks and more!

You can subscribe to us through iTunes and you can still access it directly through the RSS page HERE.

The URL for the podcast is: http://pcper.com/podcast - Share with your friends!

This episode of the PC Perspective Podcast is sponsored by Lenovo!

Hosts:  Ryan Shrout, Allyn Malventano, Jeremy Hellstrom, and Josh Walrath

Program length: 1:28:40
  1. Week in Review:
      1. Power Concerns?
  2. News items of interest:
  3. Hardware/Software Picks of the Week
  4. Closing/outro

Dolphin 5.0 Released

Subject: General Tech | June 30, 2016 - 02:02 AM |
Tagged: pc gaming, Nintendo

Okay, so I'm a week late on this, but what the heck. Dolphin 5.0 was released on their website. The project is a Wii and GameCube emulator that is available for Windows, Mac, and Linux. This version focuses on compatibility. They claim that about 85% of titles, including WiiWare and virtual-console games, can be played from start to finish, with about 14% of all titles doing so flawlessly.

That said, it also adds several performance features. They improved the JIT compiler, added texture pooling to prevent reloading the same texture over and over, and even added DirectX 12 support, although they don't elaborate on why that would be useful for this workload. While they have not extended support to Vulkan, they do use the “Approaching Zero Driver Overhead (AZDO)” features of OpenGL and its extensions to raise performance on other platforms.

The emulator is available at their website.

Source: Dolphin