Google Chatback Gadget

The Google Talk team has been working their arses off these past weeks and has come up with two new features that will make heavy duty chatters’ lives a lot better. First, there was the option to choose not to be seen by your contacts when you are online, the much talked about invisibility that would slow down a lot of
chat if everybody starts using it. That happened on Friday and people voiced their concerns about having
three platforms to use Google Talk and each had different features.

On Monday, the dev team came back with the Chatback Badge, that "will let visitors to your web page chat with you. They’ll be able to chat with you whenever you’re signed in to Google Talk." Their official description is not inaccurate, but it isn’t really complete either. In order to chat with somebody using the gadget, you first have to approve the chat request before the person will be allowed to talk with you.

It’s pretty easy to use, more like a series of clicks: the visitor on your site clicks on the link to chat with you if he/she sees you online. A Google Talk Gadget will open for the person and, at the same time, you will be notified and asked whether you’d like to join the chat, providing a link to the Google Talk Gadget that will open in the browser. Next comes the typing, no more clicking, sadly.

One problem is that the visitor can remain completely anonymous and nobody has only fans or people that like them. Avoiding an embarrassing conversation can only take you as far as the Chatback badge, from that point on you’re on your own.

Apparently, the chats are off the record, thus not being stored in Gmail, according to Luka from Zorgloob. Checking the option to keep them will not help.

Gmail Cracked!

The spam-free Gmail is about to become spam-full and on an accelerated rate from now on. When the email
service from Google first came to be, it prided itself with its filters that would redirect spam directly to the
folder specially created for it. Slowly but surely, hackers managed to evolve methods of fooling the rigid filters and some unwanted messages started finding their way into users’ inboxes.

The next step was to create as many Gmail accounts as possible but Captchas (Completely Automated Public Turing test to tell Computers and Humans Apart) stopped this attempt fairly well. Until now. After successfully hacking their way into fooling the Windows Live captcha used by Hotmail, cyber criminals took a poke at Google’s mail service and it turned to be a poke in the eye. Internet security firm Websense reports that the captchas used by Gmail have been defeated by the bots created with just that purpose.

Ever growing in number, the methods of fooling the captchas have crowned king the record breaking HotLan Trojan, which managed to create some 500,000 spam email accounts with Hotmail, Yahoo! and Gmail in just little over 6 months of ‘activity.’ The latest hack that is able to go through the captcha defense is by far the most promising, it manages to create a spam account for every five attempts it makes. Not a very impressing percentage, but it is sophisticated enough, using two zombies (compromised hosts) for the job, and each of those uses a different technique to analyze the captcha.

Gmail is the holy land for spammers because it grants many advantages. Apart from gaining access to all of the Google services, it also has the advantage of not being in danger of having the domain blacklisted, and it’s free, let’s not forget about that.

A new age is upon us, spam-wise. The Gmail team should be on the lookout now, and slowly eliminate the proven spam addresses as well as working some more on their captcha system, if it is the one they will be sticking to in the future,

Google Accused of Grabbing Clients’ Money

AdWords clients were announced about a beta version of a new feature, dubbed Automatic Matching. Google might have wanted to keep working on it or to never have come up with it at all, by the waves it stirred. The feature will redirect the remaining sum of daily budget, if any, into what the Mountain View-based company thinks it might be a relevant search area.


The example given by Google referred to a site selling Adidas shoes and pointed out that, alongside the
natural queries such as ‘shoes,’ ‘adidas’ and ‘athletic’, it would also connect to ‘slippers,’ somehow similar. Once again, it’s the Internet giant to the rescue in case human mind fails (irony). "Automatic Matching automatically extends your campaign’s reach by using surplus budget to serve your ads on relevant search queries which are not already triggered by your keyword lists through analyzing the structure and content of your website and AdWords campaigns," according to Google. The beta run of the feature starts on the 28th of February and some customers have been sent invitations and have been asked to participate.

SEO expert Dan Thies is quoted by Silicon Republic as saying that Google is essentially "offering you the exciting opportunity to bleed every penny of your budget every day, advertising against keywords that you didn’t want to bid on." He also claimed that Automatic Matching would waste the budget surplus on relatively irrelevant keywords that would probably not lead to a click-through at all, but it is in Google’s financial benefit and interest to spend it all.

However, there’s no way the Mountain View-based company would exceed the budget, so even the most worried customers should be at ease. If you don’t care about the surplus and believe that Google might strike rich with one of the adjacent queries to the keywords you selected, there shouldn’t be any problem.

iTunes Copying, a Hacker’s Work

Apple’s iPod is no longer the sole beneficiary of music downloaded via iTunes. Jon Lech Johansen, also known
as DVD Jon, has created software that converts the restricted format into others, making it available for non-
Apple devices. The famed Norwegian hacker was formerly involved with breaking copy-protection for DVDs (hence the nickname).

His company has released the doubleTwist software because the media landscape has "become a tower of Babel, alienating and frustrating consumers," as Web User reports. Truth be told, the Apple only restriction can become very infuriating at times, especially when, say, you have a song that you’d want your girlfriend to listen to but she’s got something other than an iPod.

DVD Jon’s company is also called double Twist, and its co-founder told the cited source that "When you receive an email, you can read it on your BlackBerry, webmail, or Outlook. Email just works. With digital media such as video from a friend's cell phone or your own iTunes playlists, it's a jungle out there." The man is preaching! I’m a big iPod fan myself ,but it’s obvious he has a point there.

"It can be an hour-long exercise in futility to convert files to the correct format and transfer them to your Sony PSP or your phone. Our goal is to provide a simple and well-integrated solution that the average consumer can use to eliminate the headaches associated with their expanding digital universe," he continued.

Obviously, the removal of the protection and the conversion will start a spree of piracy, so to say. There’ll be nothing left to keep average iPod Joe from sending all of his friends the entire slew of tracks bought on iTunes, and from there on it’s going to be like an upside down pyramid game, only that instead of money there’ll be songs and video.

Rich for Google, Poor for Yahoo!

The differences in audience for the two largest Internet companies fighting for online search supremacy came
as a shocker. Hiwise released some data that proved that Yahoo! draws the younger audience, while Google
is most visited by older and more wealthy people, no discrimination intended.

Although some might consider this to be highly disturbing, please take note that Yahoo! is still the number one online traffic destination, due to its portal, clearly overpowering the search engine only Google homepage. The graph on the left, provided by Hitwise, explains how much money the social categories are spending online: "Visits by MOSAIC Group to Search.Yahoo.com are plotted on the y-axis and to Google.com on the x-axis. For example, the top left hand box indicates unique strengths for Yahoo! Search, in that they are groups that are over-indexed relative to the online population on Yahoo! Search but under-indexed on Google.com. The bigger the bubble the higher the propensity to have spent $500 online (based on offline data collected by Experian)," Heather Hopkins, VP Research, explains it.

The rough bottom line of the whole graph is that based on precedents, the groups over-indexed on Google.com are most likely to be big online spenders. While Yahoo! settles for the Struggling Societies, Google is pretty contemptuous with the Affluent Suburbia, that’s the big difference. Microsoft knows this and it wants Yahoo! more than ever just because it wants a destination that would link to it, sort of a ‘while you’re here’. The Redmond based company wants the young, Google just wants ads being clicked and successful advertising campaigns. While it’s not difficult to see why, the very purpose of this research cannot but have some discriminatory feel about it.

There’s no spin off it, it’s clear as crystal: Google is emerging to be a more professional tool while Yahoo! is just a destination for everybody. And surprisingly, ‘everybody’ means less than ‘some’ in this case.

The Best Antivirus in 2008

A new year... A new beginning... And the inevitable security solution smackdown. In this context, AV-Test has thrown together in the same arena no less than 24 antivirus products from the heavyweights of the security market. The security solutions were tested against in excess of 1 million malware samples from the last six months. According to Av-Test's Andreas Marx, the test involved only the top of the line, "'best' available Security Suite edition" from each vendor, last updated on January 7, 2008, and running on Windows XP SP2. And yes Microsoft's Windows Live OneCare 2.0 was tested, but no, it's not the best antivirus of 2008. Well, of the beginning of 2008, anyway...

"First, we checked the signature-based on-demand detection of all products against more than 1 Mio. samples
we've found spreading or which were distributed during the last six months (this means, we have not used any 'historic'
samples.) We included all malware categories in the test: Trojan Horses, backdoors, bots, worm and viruses. Instead of just presenting the results, we have ranked the product this time, from 'very good' (++) if the scanner detected more than 98% of the samples to 'poor' (--) when less than 85% of the malware was detected," Marx revealed.

In terms of signature-based on-demand detection, Windows Live OneCare 2.0 held its own. Microsoft's security solution ended up detecting a total of 992,880 out of all the malware samples thrown against it, and accounting for a "Signature Detection" rate of 96.9%. This is nothing short of an excellent score for Windows Live OneCare, an antivirus that at the beginning of 2007 managed to occupy positions only towards the bottom of the security solution pack in early 2007. In the latest AV-Test "Signature Detection" test OneCare 2.0 came on top of F-Prot (986,961 – 96.3%), Panda (979,409 – 95.6%), McAfee (959,919 – 93.7%) and Nod32 (953,936 – 93.1%).

However, OneCare 2.0 was bested by the likes of AVK 2008 (1,022,418 – 99.8%); AntiVir (1,020,627 – 99.6%); Avast! (1,018,204 – 99.4%); Trend Micro (1,009,662 – 98.6%); Symantec (1,006,849 – 98.3%); AVG (1,005,006 – 98.1%); BitDefender (1,003,902 – 98.0%); Kaspersky (1,003,470 – 98.0%);
Sophos (1,001,655 – 97.8%) and F-Secure (999,806 – 97.6%). The complete results of the "Signature Detection" test from AV-Test can be accessed here, courtesy of Sunbelt Software.

"Secondly, we checked the number of false positives of the products have generated during a scan of 65,000 known clean files. Only products with no false positives received a 'very good' (++) rating. In case of the proactive detection category, we have not only focussed on signature- and heuristic-based proactive detection only (based on a retrospective test approach with a one week old scanner). Instead of this, we also checked the quality of the included behavior based guard (e.g. Deepguard in case of F-Secure and TruPrevent in case of Panda). We used 3,500 samples for the retrospective test as well as 20 active samples for the test of the 'Dynamic Detection' (and blocking) of malware," Marx added.

Windows Live OneCare 2.0 is among the few security solutions that have scored a ++ in the test for False Positives. This means that OneCare 2.0 has generated no false positives, a task also completed by the security solutions from Symantec, Nod32, and Fortinet. However, OneCare 2.0 was ranked as having only a poor proactive detection, and a very poor response time to new malware being issued (more than 8 hours). But at the same time, out of all the malicious code it had to go through, OneCare 2,0 only missed two rootkits. The Anti-virus comparison test of current anti-malware products, Q1/2008 can be accessed here.

"Furthermore, we checked how long AV companies usually need to react in case of new, widespread malware (read: outbreaks), based on 55 different samples from the entire year 2007. 'Very good' (++) AV product developers should be able to react within less than two hours. Another interesting test was the detection of active rootkit samples. While it's trivial for a scanner to detect inactive rootkits using a signature, it can be really tricky to detect this nasty malware when they are active and hidden. We checked the scanner's detection against 12 active rootkits," Marx said.

Windows 7 M1 Lost the Leaks Race to XP SP3 Refresh 2 and Vista SP1 RTM

 The first signs of Windows 7 M1 were delivered in mid-January 2008. With the Redmond company not breathing a single word on any specific details related to the next version of Windows, speculations at that point in time were distributed between either dismissing or confirming Windows 7 Milestone 1. Microsoft has
yet to come out and officially talk Windows 7, but bits and pieces, details, screenshots and video
demonstrations are indeed available to put together the bigger picture of the next iteration of Windows.

A single thing is missing, although it appeared at a certain point that Windows 7 M1 had been completely leaked. But the fact of the matter is that from torrent trackers to peer-to-peer file sharing networks, to warez sites, there is absolutely no trace of Windows 7 bits. Sure there are the leaked details, delivering a taste of Windows 7 Milestone 1. But nothing palpable at this point in time. Despite the fact that Microsoft's key partners have been rather generous in letting information slip through their fingers, the same was not valid for the Windows 7 M1 bits.

In this context, the first development milestone of Windows 7, the one that is still designed to be implemented on top of Windows Vista Service Pack 1, has lost the leaks race to all the other Windows platforms under development at Microsoft, client and server.

Torrent websites are serving Windows XP Service Pack 3 Release Candidate Refresh 2 from January, and even Windows Vista Service Pack 1 RTM and Windows Server 2008 RTM. But no Windows 7 M1.And it's not that Microsoft has been trying to put the Windows 7 genie back in the bottle, going instead for a different strategy, one in which it all but ignores M1 of the operating system. It's simply that, for once, Microsoft's select pool of testers have managed not to produce a leak...

A New Functionality for Google Navigation Toolbar

Firefox browser provides you many useful add-ons that extend its browsing capabilities, making your online
experience more productive. There are many possibilities in which you can create Firefox add-ons, using
standalone software or other Firefox extensions that are able to create .xpi files automatically based on Javascript source code.

For example Chickenfoot is a Firefox add-on that allows you to execute code from the browser sidebar.

This add-on also allows you to package a certain script as a Firefox add-on automatically with only a touch of a button. iGoogleBar provides you the opportunity to improve the default Google navigation bar by adding Google applications favorites icons that play the role of triggers. For example, you can preview and manage in a drop-down box the unread emails from Gmail inbox or you can read the latest RSS feeds by using Google reader directly from inside Google Docs corresponding browser window.

iGoogleBar could be implemented in your browser as a Firefox extension or, if you have installed Chickenfoot add-on, iGoogleBar Javascript source code can run as the trigger corresponding to the Google Docs URL address. The applications that will be displayed in the Google navigation bar can be customized, as well as the Javascript code, because you can add or remove iGoogle gadgets or applications by editing the corresponding script section.

You must navigate to the page about:config in a Firefox browser tab and then create a new string named bolinfest.igooglebar with the next list as content: Gmail,Calendar,Documents,Photos,Groups,Reader,Notebook. If you remove one of the words from the list, the corresponding application or iGoogle gadget will no longer be displayed. From the sidebar (when Chickenfoot extension is loaded) select add new trigger for the web page corresponding to Google Docs. You should be able to have the Google navigation bar supplementary functionality available, as it was described earlier.

Kaspersky Warns Against Dial-Up Trojans

This one goes out to all the remaining dial-up users all over the world. Be warned! Some cyber criminals will single you just because of it and you don’t want to have to fix the damage they’ll do. Right now you have a bull's-eye on your balls, because they’ll hit you where it hurts most.

The latest attack aimed at old school dial-up users and that topped last year’s charts is with a Trojan dialer. It
will attempt to stealthily disconnect the infected PC from the ISP in use and then reconnect it to another and much more expensive phone number, said Web User. Now, do you understand why I said it will hurt?

Kaspersky Labs, the same company that made the statistics mentioned above, said that as long as there’ll be dial-up, its users will be targets. "Dial-up is still relied upon for internet access and cybercriminals are continuing to target those who are vulnerable to attack," David Emm said.

Take the United Kingdom, for example, where 11.6 percent of the total Internet users are subscribed to a dial-up service, and calculate the impact a massive attack of these Trojans would have in a single country. And then, consider the 9.6 million subscribers that AOL still has and think about the effect of somebody bringing the little bugger to one of the servers, from where it can send itself to all the users. I’m not ahead of my time, if it can disconnect and then reconnect somewhere else, a little code and it’ll email itself to anyone.

"Internet users, whether dial-up or broadband, should ensure they have an internet security regime including regular scheduled malware updates, heuristic analysis and real-time behaviour blocking, to ensure detection and protection against known and unknown threats," Kaspersky Labs’ Emm warned.

Oh, and let’s not forget what Trojans are really good at, namely opening your computer to other malware auto-installing itself. If your protection is not up-to-date, you’re one dial away from being a part of the Storm botnet without knowing it.