Rockbridge Global Village, Inc.
RGV HOME
   

N E W S

 

Legislation
 
House Continues Anti-Spyware Push 

March 9, 2005  
By Roy Mark

The U.S. House Energy and Commerce Committee unanimously approved its fast-track anti-spyware legislation today, pushing the bill out for a full House vote. But not before amending its language. Again.

At a January hearing on the legislation, several lawmakers, who otherwise strongly supported H.R. 29, the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT), raised concerns that the bill would unintentionally target third-party cookies.

During a subcommittee vote last month, the House amended the SPY ACT in an attempt to exempt all types of cookies.

And before voting on the legislation on Wednesday, the committee further amended it to exempt HTML and Web beacons (define), which facilitate normal Web page construction. In addition, the bill exempts embedded advertising from the proscribed list of practices requiring notice and consent.

Although he voted for the bill, Commerce Committee ranking member John Dingell (D-Mich.) acknowledged that there are still issues with it.

"This [amendment] makes clear that cookies are not covered. But not all cookies are benign, and we may be creating dangerous loopholes."

Chairman Joe Barton (R-Tex.) said he hopes to have the legislation on President Bush's desk by the end of the year.

"By acting quickly, we will put considerable pressure on the Senate to act this year," Barton said.

The SPY ACT prohibits unfair or deceptive practices related to spyware, and it requires an opt-in notice and consent regime for legal software that collects personally identifiable information from consumers.

The spyware practices specifically targeted by the legislation include phishing, keystroke logging, homepage hijacking and ads that can't be closed except by shutting down a computer. Violators could face civil penalties of up to $3 million.

First-party cookies are placed from the same domain the user clicks on and are solely used to allow the user to access a Web site, most typically by allowing the site to remember a user name and password. Advertisers, publishers and their service providers use third-party cookies to serve, rotate, target, cap, measure and report on online advertising.

In the 108th Congress that concluded in November, the House passed two anti-spyware measures, but the legislation died when the Senate declined to consider the bills.

Originally introduced by Rep. Mary Bono (R-Calif.), the bill also exempts network monitoring from the provisions of the notice and consent requirements to the extent that the monitoring is for network or security purposes, diagnostics, technical support or repair, or the detection or prevention of fraudulent activities.

The Business Software Alliance, Dell (Quote, Chart), eBay , Microsoft (Quote, Chart), Time Warner (Quote, Chart), Yahoo (Quote, Chart) and EarthLink have all endorsed the legislation.

 

 

  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
 
R G V  N E W S L E T T E R


MARCH 2005

Welcome to the Rockbridge Global Village, Inc. Newsletter. We have selectively found information and articles that may be of interest to our customers.  We hope that you find information and topics within this newsletter interesting and useful.

Topics in this newsletter:

House Continues Anti-Spyware Push
McAfee Enhances Anti-Virus Protection for SMBs
A Higher Google Standard?
Sony, Apple Seek Fame With a Little Flash
Ebay Launches International 'Village'

McAfee Enhances Anti-Virus Protection for SMBs
March 8, 2005  By Tim Gray

The battle for the rights to protect small businesses from computer viruses continued to heat up this week, as McAfee (Quote, Chart) released an enhanced version of its Managed VirusScan.

The Web-based solution is geared toward small businesses that may lack the expertise and personnel to implement and manage an anti-virus solution for their desktops and servers, the company said.

"The No. 1 priority of small business is protection," Lillian Wai, senior marketing product manager with McAfee, said. "McAfee provides a solution that automates as much as possible so end-users don't have to worry about it."

Wai said Managed VirusScan provides "transparent protection" against malicious threats like viruses, worms and Trojans, as well as unwanted programs, such as spyware and adware applications.

Although it is the first time the product has been upgraded since 2003 (it was developed in 2000 as VirusScan ASaP), the Santa-Clara-based vendor's play could be as much strategic maneuvering to remain a prime contender in the anti-virus game as a technology push.

As previously reported by internetnews.com, the competitive pressure for anti-virus vendors to keep pace in a growing field magnified last month when Microsoft (Quote, Chart) agreed to buy New York-based Sybari Software.

The acquisition was seen at the time as a positive step in helping enterprises protect their networks at the server level, especially among collaboration server systems. However, it also put pressure squarely on anti-virus vendors, such as Symantec (Quote, Chart) and McAfee, whose AV products are already in wide use across enterprise networks.

Later that week Bill Gates reaffirmed Redmond's commitment to security and promised a new version of Internet Explorer with enhanced security options. He even suggested the company could provide anti-spyware protection from the recently acquired Giant Software Company to Windows licensees at no extra cost.

"We understand Symantec and Microsoft are part of the competitive landscapes," Wai said. "And certainly McAfee is on the lookout for new threats, but we are comfortable with our technological lead."

That technology also includes the recent enhancements to VirusScan as part of the McAfee Managed Services portfolio, which has been integrated into the functionality of its previous brand, according to McAfee.

The company has also re-established its Partner Security Service to include Web-based administration and reporting, spyware detection and rapid-response technical support through McAfee's Avert division, said Wai.

The new solution provides a flexible contract under which to work and offers expanded upselling opportunities, Wai said.

According to AMI Partners, a New York-based firm that specializes in SMB markets, more than two-thirds of North American small to medium sized businesses don't have a full-time dedicated resource to manage security, which reduces their ability to identify and react to security incidents.

Among the other upgrades to VirusScan include proactive blocking of exploits and attacks without requiring an update, as well as an outbreak response that provides anti-virus updates to the client within one hour of an update being posted for a medium- or higher-rated outbreak targeting specific software vulnerabilities, the company said.

Sony, Apple Seek Fame With a Little Flash
March 9, 2005  By Michael Singer

Once a business storage tool, Flash drives are becoming the profit-maker of choice for digital music player manufacturers like Sony (Quote, Chart) and Apple (Quote, Chart). And they have the enterprise reeling over their storage ability.

One only has to look as far as the latest generations of the Walkman and iPod shuffle to see the phenomenon in action. Both devices are smaller and lighter than a pack of gum and hold as much as 1GB of music and/or data.

Sony's latest line of digital music players includes a song display and has approximately 70 hours of battery power. The entry-level Walkman comes with 256MB of Flash memory (define) and retails for about $130. The high-end version supports 1GB of storage and sells for more than $300.

Apple released the iPod shuffle, its Flash drive music player, in January. The device comes in two versions: a 512MB model that holds up to 120 songs for $99 and its 1GB cousin that costs $149. The devices come without a screen but are compatible with either Windows or Mac computers.

USB Flash drives are touted by manufacturers as being easy-to-use, as they are small enough to be carried in a pocket and can plug into any computer with a USB drive. They have less storage capacity than an external hard drive, but they are smaller and more durable because they do not contain any internal moving parts.

Market research firm Web-Feet Research forecasts that the worldwide market for USB Flash drives will reach $4.5 billion in 2006 and $5.5 billion in 2007.

The company that revolutionized the way consumers carry their music has been looking for ways to upset Apple's iPod cart. Apple holds about 60 percent of the portable music player market, according to Nielsen SoundScan.

The company says a revitalized Walkman could catapult the Japanese company into a strong second place in front of similar Flash drive music players from SanDisk, Philips or Samsung.

"The digital player market is still in its early stages," Gregory Kukolj, a general manager for Sony told Reuters. "In the European Union alone the personal audio market is 20 to 22 million devices a year. More than 10 million of those are CD portable players ... there is a huge opportunity."

And even though these bulked-up USB Flash drives are being touted as music players, Enderle Group founder and industry analyst Rob Enderle noted that there is a fear of them in the enterprise.

"Companies are scared to death that employees are downloading files into their iPods and taking them home," Enderle said. "It's enough of a security risk that some government accounts are turning their USB ports off. They want to get rid of their pin-attached PS/2 keyboards, but they can't because of security concerns with iPods and other USB-attached storage.

"There are settings in the operating system that you can make to make it difficult to download files from a USB device, but it's not completely effective."

 

Ebay Launches International 'Village'
March 9, 2005  By Tim Gray

Online auctioneer eBay (Quote, Chart) has launched an international network of free classified-ad Web sites in six countries, after acquiring a number of similar sites over the course of the past year.

The latest brand from the San Jose-based company, launched in Canada, China, France, Germany, Italy and Japan, will operate under the name Kijiji, which means "village" in Swahili.

Alex Kazim, senior vice president of new ventures at eBay, said the Web sites, which are currently available in more than 50 cities, will provide a convenient and free way to meet, share ideas, trade goods or find information.

"Kijiji builds local communities online, giving neighbors a way to come together around local needs and interests," Kazim said in a statement.

The move comes less than a year after eBay scooped up a 25 percent stake in San Francisco-based Craigslist.org, a classified site that operates in 100 cities around the world.

Craigslist charges employers for help-wanted listings, as well as real estate broker listings in three major cities. That particular service, as reported by internetnews.com, is siphoning tens of millions of dollars in revenue from traditional classified sources in the Bay Area, especially newspapers.

The San Jose-based company has also purchased several classified advertising-related companies in other countries, including Mobile.de in Germany and Marktplaats.nl in the Netherlands.

The Craigslist activity has been fueling speculation that eBay would attempt its own move into the seemingly complementary classified business. Classified ads are considered an adjacent market for the online auctioneer, because consumers often use the Web site locally due to the nature and size of some of the items they purchase.

eBay has also been looking to expand into burgeoning online markets, especially China. After ending 2004 with record revenues, the company announced plans to invest $100 million to increase its online presence in China.

Kazim said the company would ideally like to replicate the Craigslist model in other countries around the world.

And like Craiglslist the Kijiji sites will also provide a place where people can meet, trade ideas and goods, Kazim said. Individuals can list and find items on Kijiji free of charge.

EBay said the launch of Kijiji will not have a material impact on 2005 revenues.

 

Rockbridge Global Village, Inc.
312 S. Main Street
Lexington, VA 24450
540-463-4451
www.rockbridge.net

 


Copyright © 2005. Rockbridge Global Village, Inc. All rights reserved.
RGV NEWS
 
Something you would like to see more of in our newsletter?  Topics you want more information about? 

Just email us at info@rockbridge.net

 

 
 
Google
 


A Higher Google Standard?
February 24, 2005
By Susan Kuchinskas

As blogs go mainstream, Internet ills will follow.

Some of Blogspot bloggers have become unwitting vectors for spyware, an Internet expert charged this week. And he thinks Google should take a stand.

Blogspot is the blog hosting service associated with Blogger, the Web log authoring and publishing business Google (Quote, Chart) acquired in 2003. Ben Edelman, a Harvard Ph.D. candidate and spyware expert, charged that Google has done nothing to fix a flaw in Blogger coding that has made its blogs a haven for spyware and adware.

According to Edelman, while Google prohibits JavaScript in blog posts, it allows it in headers and navigation bars -- enabling Elite Toolbar and Crazywinnings, two pernicious adware installers, to do their dirty deeds. He said he reported the problem to Google last week, while Blogspot bloggers have complained since last September.

A Google spokeswoman confirmed that the company was aware of the issue and still looking into it, but had no further information to share.

Edelman said the problem stems from one particular company, iWebTunes, which offers bloggers the ability to have music play when people access their blogs. But those who opt in become spyware delivery systems, as iWebTunes hits unwary visitors with warnings to upgrade their browsers to prevent spyware. But clicking "yes" installs adware and spyware, including Elite Toolbar and CrazyWinnings.

According to the iWebTunes Web site, the free service lets registered users choose a music file from its server to be played on the user's Web page. The company provides no contact information on its site, nor is there information at whois.net.

"These guys are dirty," said James Manning, spyware research director for Aluria Software. He said iWebTunes sends users a snippet of JavaScript code to add to their own sites' code. But it includes not only links for SearchMiracle, purveyor of the Elite Toolbar and Crazywinnings, but also update links. Every time someone hits a site containing iWebTunes JavaScript, he's hit with more stealthy installs.

Manning said that while most adware distributors bury notifications somewhere in their user license agreement, iWebTunes provides no notification at all. "These people have no idea what they're putting in their Web sites," he said.

It gets worse: Even cautious visitors who click on iWebTunes' privacy policy via Internet Explorer get hit with the nefarious pop-ups, which exploit flaws in IE.

While iWebTunes may be bad news, it's not a Google-specific problem, nor one especially related to blogs. Spyware is a parasite on all Web infrastructure.

But Edelman said he holds Google to a higher standard, because of its highfalutin corporate messaging about "doing no evil," as well as the kind of blogger it attracts.

"Google has aspired to create a safer version of the Web on Blogspot," he said. "There's no official statement from Google certifying they have no porn or spyware, but because it's Google, you feel like you can trust it at least a little bit."

At the same time, because Blogger offers dirt-simple blogging tools, it attracts unsophisticated users, Edelman said, and Google should work harder to protect them. "People who may not be able to tell the difference between spyware and legitimate free music to publish on their Web pages are in the position to make decisions precisely because Google is giving them the tools," he said.

The Blogger Navbar, which contains a search bar, a button to instantly blog a posting, and a "next blog" button, makes things riskier. Clicking on "next blog" takes the user to another random blog also containing the Navbar. That could be a blog the user would never have chosen to visit -- and it could be one running iWebTunes code.

As any technology becomes mainstream, it inevitably will be beset with uglies. A report released earlier this week by the Pew Internet and American Life Project said that spam via instant messaging, or spim, has reached nearly one-third of users.

Meanwhile, security companies and the media continually warn consumers to install spyware and avoid saying "yes" to pop-ups. The anti-spyware market is expected to grow to $305 million by 2008, according to IDC. They've also been advised to switch to Firefox, the open-source browser that has not -- so far -- been as prone to exploits, although it has its own problems.

But Edelman doesn't blame naive users who click "OK" on the pop-ups for their spyware woes, or those who continue to browse with IE. "It's a mess that Google has at least created on Google servers," he said. "And it's a problem that Google is uniquely in position to control. Google could flip a switch and make this stop tomorrow."