Free Firewalls Outclass Paid-for Ones, Test Reveals

Free firewalls are better than their paid-for cousins. That is the surprising conclusion of a test of desktop firewalls by security researchers.

Researchers at David Matousec’s matousec.com carried out tests on 21 leading products using 26 assessment programs known as “leak” testers. These simulated a total of 77 test attacks on firewalls, configured using both out-of-the-box and optimal security settings. Each firewall was then awarded points based on its ability to pass each leak test in both modes.

The only two products to achieve a rating of “excellent” turned out to be free-to-use software, the Comodo Personal Firewall v2.3, and the Jetico Personal Firewall v2.0 beta. They scored, respectively, 9,350 and 9,125 points out of a possible total of 9,625, leaving the nearest rivals some way behind.

Surprisingly, paying for a product did not seem to make any difference to its ability to stop attacks — the rest of the results spread the two categories fairly evenly about the scoring. Some paid-for products turned in awful scores.

In third and fourth place were ZoneAlarm Pro 6.5, Trend Micro PC-cillin Internet Security 2007, and both of which are charged for and achieved a “very good” rating. Moving down the scoring, only three other products emerged as “good”, with the remaining 14 scoring as “poor”, “very poor” or as having no ability to resist the tests whatsoever. This included prominent products from Kaspersky, Symantec, McAfee, and CA.

At the very bottom of the list in 21st place scoring a resounding zero, came Microsoft’s own firewall which has been part of PC protection since the company shipped its SP2 security update.

The researchers also hit the products with a “fake protection revealer” (FPR) designed to catch out software that had been optimized to pass some security tests without necessarily offering real-world protection. Only one product fell seriously foul of this test, Outpost Firewall Pro 4.0, which otherwise scored well. A number of the products that come with anti-virus engines incorrectly identified the leak tests themselves as malware.

The obvious conclusion is that many desktop firewalls aren’t very good, at least if the tests are taken to be indicative of their ability. Furthermore, even the good ones don’t always offer good protection settings by default, and require tweaking to improve security to meaningful levels.

“Nine of the tested firewalls were marked with ‘very poor’ or ‘no’ anti-leak protection. This result is quite worrying because it shows that even today, when the malware programs are very sophisticated, still a lot of vendors simply do not care about the outbound connection control seriously,” the test commentary suggests.

Most of the leak tests used are widely available, but the team also created a number specially for the assessment. The testers also published responses (scroll down) from a number of the vendors on their good or bad showing.

Sensibly configured, a desktop firewall can be an worthwhile layer of defense. Many vendors who don’t choose to charge for them see them as brand marketing tools for other security products, so the latest test is likely to attract a degree of hostility from vendors who scored poorly.

A separate test of desktop firewalls from earlier this year, based on a similar leak test methodology, is available for comparison.

Instant Messaging Goes Intelligent

“Is it possible to train machines to understand the way humans write and speak naturally, and to be able to then visualise people’s ideas?” asks Sydney start-up Morf Interactive Communications when designing its artificial intelligence technology.

The company answers its own question with the MOJI Intelligent Messenger (MOJI IM), a three dimensional instant messaging application with intelligent virtual pets to enhance users’ communication online.

Built from artificial intelligence technology initially developed by researchers at the University of New South Wales, MOJI IM uses an interactive heuristic engine to extract meaning, emotional nuances and syntax from what users type or say.

“We felt that to have a good commercial product as a start up, we probably need to have a low-cost, high-volume model; that’s where we started getting interested in the instant messaging space,” said Robert Fong, CEO of Morf Interactive Communications.

“Here was a platform where there was hundreds of thousands of conversations floating across the Internet each day, and no one was actually listening in, and harnessing meaning in that dialog for greater interactivity, and to create that unique experience in an instant messenger.”

Understanding human speech allows a pet to learn about its owner and react to what is said during conversation, by generating images of what a user describes, or changing its appearance to suit a user’s mood.

The intelligent messenger also acts as a cyber watchdog, by flagging threatening topics of conversation such as bullying, racism, sexism, and drugs, and notifying parents of any dangers via e-mail.

Aimed at the child and teenage market, MOJI IM will be delivered via a free download or CD. In the virtual world, called MOJIKAN, users can interact with their pets and with one another, blog, share information, photos and videos, play games, and shop for items using MOJI’s own virtual currency.

While anyone can create a pet for free, pets begin requiring “food” after a three month trial period. Pet food and games are purchased in-game with virtual currency, which users younger than 14 years old can buy at a fixed rate using real world dollars.

For over 14s, MOJIKAN has a stock exchange system where the exchange rate between virtual and real world dollars varies according to supply and demand. The system works in a similar fashion to that of Linden Labs’ virtual economy, Second Life, which has already proved successful, with real world spending of more than US$600,000 per day.

Fong expects the upkeep of each pet to cost users no more than $3 per month. While this does not seem like much money for the business, he expects that the amount will encourage a large volume of users to maintain their pets.

“The reason why we kept it this low is because we spin off the Korean model where it’s really [about] micro payments, but lots of it,” he said. “The main intention for the business model to succeed is that the user needs to have some sort of emotional attachment to the pet that then compels them to spend x amount of dollars to save that pet at the end of the free period.”

MOJI IM is expected to be made available in to users in Australia and the South East Asia in May 2007.

Consider This Before Upgrading To Vista

By: Steve Bass
PC World.com (US) (21 Dec 2006)
I hate upgrades. Sure, I used to look forward to the latest and greatest, but there are so many downsides: new equipment requirements, hassles getting all the old apps to work correctly, and getting up to speed on all the new features. (Don’t laugh, but I still have a copy of Wordstar and FoxPro on my PC for, well, I don’t know what for. Maybe it’s just in case someone needs a copy.)

Nonetheless, Vista has launched and Microsoft made a big splash with it in New York. Read ” Vista Lands in the U.S. ” — and don’t miss the reader comments at the bottom of the article. If you’re bound and determined to make the upgrade, I have a couple things for you to consider.

First, take a look at the cost : The new version will set you back anywhere from an unreasonable US$100 to a mind-boggling $400. That’s for an operating system, folks.

Like me, you may be struggling with some of the new terms Microsoft has pulled out of the Vista hat. (What, you don’t know what a BitLocker is?) Don’t worry, Microsoft has it all mapped out for you, as Senior Editor Denny Arar explains in ” Get Ready for VistaSpeak .”

Second, the chances are good you’ll also need new hardware, and likely more RAM. Start by downloading the Windows Vista Readiness Hands-on Lab to see if your PC is ripe for Vista, then get a second opinion from PC Pitstop’s Vista Readiness Test .

I know that you’re still curious and want more hands-on Vista details, so here are a couple more resources: ” Windows Vista FAQ ” and ” Vista: The Upgrade .”

Quick aside: I bumped into two stories about hacking Vista that I thought you might want to read. The first, ” Pirates Hack Vista’s Registration Features ,” talks about a way for corporate users to bypass the activation process. Sounds good, right? But The Register is reporting there’s another hack floating around the Web that purports to let anyone install an illegal copy of Vista. Be careful — the hack’s actually camouflage for a nasty Trojan horse.

Dig this: Google’s little red markers are sometimes just too small to see. Here’s one rather smart solution to the problem. For details, go to the artist’s Web site .

How bout a new Vista PC?

Some of you are contemplating buying a new system before too long and wondering if it’ll come with Vista or if you’ll need to upgrade. Most new PCs will include a Vista coupon, but PC World’s Rex Farrance isn’t convinced it’s such a deal. It’s worth your while to read his ” Hidden Costs of Vista Upgrade Coupon ” blog.

If you’re looking for a new system and willing to stick with “Vista capable” (which means it can only run the Home version that lacks many bells and whistles), check out our ” The Best PC Deals Under $1,000 .” The story includes charts, reviews, and specs for 14 budget machines. What’s up after you upgrade to Vista? Harry McCracken has a couple of thoughts in his ” Techlog: What Next After Windows Vista ?”

Dig this:Whitney’s Music box is an interesting musical experiment that should keep you away from a project for at least 20 minutes. (Warning: sound.)

The Windows Shutdown Kvetch

The upcoming Vista upgrade may be a big deal for lots of people. For Moishe Lettvin, it works out to about 200 lines of code.

According to his blog , he worked for the Redmond behemoth for roughly seven years, with the last bout from 2002 to 2006. In his blog, he writes about the hassle of developing one feature in Vista: the shutdown button. Here’s a taste of what he says:
I spent a full year working on a feature which should’ve been designed, implemented and tested in a week.

But here’s how the design process worked: approximately every 4 weeks, at our weekly meeting, our PM would say, “the shell team disagrees with how this looks/feels/works” and/or “the kernel team has decided to include/not include some functionality which lets us/prevents us from doing this particular thing.”

And then in our weekly meeting we’d spend approximately 90 minutes discussing how our feature — er, menu — should look based on this ‘new’ information. Then at our next weekly meeting we’d spend another 90 minutes arguing about the design, then at the next weekly meeting we’d do the same, and at the next weekly meeting we’d agree on something… just in time to get some other missing piece of information from the shell or kernel team, and start the whole process again.

That sounds a little like what happens when I write a column.

It’s worth the read, just to get some insight into the compartmentalization craziness of developing an application as big as Vista — and have a better sense why chances are good that Vista will have bugs.

NASA to deliver space imagery through Google search engine

US space agency NASA is expanding their collaboration with search engine giant Google. NASA Ames Research Center has said in a statement that they would now deliver more of the space agency’s imagery and information through the web’s most popular search engine service.

This announcement comes after Google unveiled plans to build a 1 million-square-foot campus at the NASA center. This campus is to be located a few miles south of their Mountain View headquarters.

With this expanded deal, Ames will feed Google with its weather forecasting information, three-dimensional maps of the moon and Mars, and real-time tracking of the International Space Station and space shuttle flights.

NASA Administrator Michael Griffin said in a statement on this arrangement: “This agreement between NASA and Google will soon allow every American to experience a virtual flight over the surface of the moon or through the canyons of Mars.”

Opera launches Opera 9.1 with phishing filter

Opera Software ASA has launched the latest version of their web browser application Opera Browser.

Opera is now in version 9.1 and it features a phishing filter. Mozilla Firefox and Internet Explorer both have some kind of phishing protection in their latest versions.

Like these browsers, Opera users also get a warning when they visit a website that may trick them into revealing passwords and other sensitive information.

Opera is using the databases provided by PhishTank project which accepts entries from regular web users.

They have a tiny market share when it comes to desktop browser application but are a dominating force in the mobile segment.

Download: Opera 9.1

Intel to help digitize Islam’s holy book Quran

Microprocessor company Intel is collaborating with two Saudi Arabian software companies to develop an electronic version of Quran.

They would also work on a training computer for teachers packed with the government-approved curriculum for schoolchildren.

The company said that these two projects are part of their push to bring low-cost computing and Internet access to emerging markets.

Intel said that the E-Quran is a small computer with wireless Internet access that contains the text of the Islamic holy book, audio recitations in 40 different languages and interactive interpretations of the material.

They have no current plans to commercialize or brand these devices which would be powered by low-power Intel processors.

Toshiba launches HD-E1 DVD system in Europe

Japanese tech giant Toshiba has launched their latest HD DVD player in the European market.

The company now wants the European customer to use their HD-E1 DVD system rather than the rival Blu-Ray format.

Toshiba further said that they are aiming at 500,000 worldwide sales of its HD-DVD player by March 2007.

Their new player being launched in Europe will retail for about £450. This is almost half the price of competing Blu-ray players in the market.

They are also planning to introduce an enhanced model HD-XE1 sometime next month at a price of £649.

Samsung launches SCH-V960 mobile phone with Optical Joystick

Samsung has launched a new mobile phone named SCH-V960. The company claims that this is the first mobile of its kind to feature an optical joystick for easy navigation.

Users can utilize this function by placing their finger and moving a cursor to navigate through the menu.

This is similar to how they work around on a computer’s desktop using a mouse.

Samsung claims that this feature enables the user to get 360 degrees of freedom and it result in quick and hassle-free menu navigation.

The phone also features a ‘Smart Lighting’ feature which automatically controls the brightness of the LCD screen and keypad. It comes loaded with a 2 megapixel camera and features GPS, Bluetooth, and microSD external memory support.

Specification of the phone:
- Standard – CDMA 2000 1X EVDO;
- Camera – 2 Megapixel Camera;
- Display – 2.12″ 240×320 262K Color TFT;
- Features: Optical Joystick; MP3 / VOD / MOD; Illumination sensor; Bluetooth / USB; Document Viewer;
- Memory – microSD external memory;
- Size – 97 x 47.5 x 18.6 mm;
- Weight – 102g.

Adobe warn users of security bugs in Acrobat

Software Company Adobe has warned the users of their Acrobat and Acrobat Reader applications about critical un-patched bugs.

These bugs are serious enough to let hackers take control of computers using Windows Operating System running Internet Explorer web browser.

These security bugs have been labeled critical by the software company. Adobe said that the problem exists in the AcroPDF ActiveX control, which is a component present in both Adobe Acrobat and Adobe Reader applications.

This control enables the user to view PDF files within the Internet Explorer browser. However, users who prefer to use alternative browsers like Opera and Firefox are safe from this bug. Adobe further said that they are working on a patch, which would be included in Acrobat and Reader updates in the coming days.

Microsoft showcases Expression Studio suite

Software giant Microsoft has showcased its latest software product named Expression Studio suite. It is an integrated suite of tools for designers and places Microsoft in direct competition with Adobe.

The company announced the Expression Studio suite yesterday, which consists of four tools. Three of these tools had already been revealed and the company added another one yesterday.

In addition, Microsoft also showcased a new Community Technology Preview of its Windows Presentation Foundation/Everywhere technology, which aims to take on Adobe’s Flash technology.

The Microsoft Expression Studio consists of applications including Expression Web, Expression Blend, Expression Design and Expression Graphic Designer in addition to a newly added tool Expression Media.

Microsoft said that this application suite would ship in the retail market by the mid of next year. Chris Howard, an analyst with Burton Group spoke about this product: “Now, a graphic designer using Expression Design hands off XAML-based assets to an interaction designer. The interaction designer combines those assets into a user experience, using Expression Blend, where the structure of the solution is created. That solution is opened by a software engineer in Visual Studio and complex application logic is added. No more Photoshop-to-Visio-to-Visual Studio reinterpretations. The result: final product that is truer to original design and less time wasted redoing work because of incompatible tools and asset formats.”