Monthly Archives: March 2019
Mention Adobe, and the first thing that comes to mind is probably Photoshop, or maybe Acrobat. However, the San Jose-based software company has been extending its reach in recent years, and thanks to recent mergers and acquisitions, it now stands as one of the largest remaining supplier of desktop applications. To this end, Adobe has just announced that it is acquiring Virtual Ubiquity, an 11-person startup "Web 2.0" company that has created a web-based word processor called Buzzword. Terms of the agreement were not disclosed.
Buzzword. Image courtesy Virtual Ubiquity.
The collaboration features are definitely what piqued Adobe's interest. According to a company spokesperson, the reason that the graphics giant acquired Virtual Ubiquity was because the company "believes in the value of high-quality document authoring and the power of working together more efficiently." The plan is to take the online word processor and slowly integrate it into the rest of Adobe's product suite, first by adding support for PDF output—Buzzword currently imports and exports Rich Text Format (.RTF) files, Microsoft Word (.DOC) files, and Word 2003 XML files—and then add support for future releases of Acrobat Connect, Create Adobe PDF Online, and Adobe Document Center. The program is also likely to be integrated with Adobe Share, an online storage locker that offers a gigabyte of storage, Flash preview of saved documents, and PDF output.
Whether or not Buzzword will be attractive enough to get Office users to switch over in great numbers is questionable: the program may end up joining so many other "lite" word processors of the past in the digital dustbin. However, the attractiveness of online document collaboration has not escaped Microsoft, who recently announced its Office Live Workspace as a way of offering online collaboration while still requiring users to hang on to Microsoft Office. By acquiring Virtual Ubiquity, Adobe gets to bolster its own PDF-centered document workflow, as well as promoting its own development frameworks for the next-generation of web-based applications.
Today is the start of National Cyber Security Awareness Month in the US, and to mark the beginning of the month's efforts, security software vendor McAfee and the National Cyber Security Alliance (which has a useful section on Cyber Security Basics) have released a new study meant to draw attention to smart practices in computer security. What the study shows is that many users are at risk from malware without realizing it, due to overestimating the amount of protection they have along with lax updating habits.
The study shows the frustrations of many a helpdesk worker, who all too often find that while security tools are in place on client PCs, they're not well maintained. Or, to put it another way, one of the biggest problems securing the PC happens to be its most important component: the one sitting between the chair and keyboard.
We can take comfort in that fact that a whopping 98 percent of those participating in the study realize that it's important to have up-to-date security software on their PCs. 87 percent of the users contacted said they used antivirus software, while 70 percent use anti-spyware software. Less used were firewalls and anti-phishing tools. Only 64 percent of those surveyed by McAfee and the NCSA reported having their firewalls turned on, and only 27 percent use software designed to stop phishing attempts.
Most important, the study suggests that consumers are generally less safe than they believe, which leads to lackadaisical approaches to maintaining their security software. Given that one of the players involved in the study is a major vendor of PC security software, we have to stop and ask: is this about selling software? Perhaps, but the results can also be read as critical of the PC security software vendors themselves.
A subset of participants in the study allowed the researchers to conduct a remote scan of their PCs and those results were troubling. Of the 70 percent who report having anti-spyware software installed, only 55 percent of the PCs scanned turned up evidence of the software. When it came to protection against phishing, only 12 percent of the PCs scanned showed any evidence of anti-phishing software installed. On the flip side, more users had antivirus and firewall software installed on their PCs than were aware of it.
Data source: McAfee; NCSA
Part of the reason for that may be that a large number of users don't have adequate protection against phishing is that many of them don't even know what phishing is: 25 percent had never even heard of the term, while 46 couldn't correctly define it. Another problem is that many users don't know what cues to look for to determine if a web site is safe. 98 percent of the study participants said that they knew that it's important to determine a site's safety prior to visiting, 64 percent didn't know how to make the determination.
"Out of date" software a problem
The other major issue uncovered in the study is out-of-date software. Despite the vast majority of the survey's respondents saying that it's important to have up-to-date security software, just over half of them actually did. Of the PCs scanned, only 51 percent had recently updated virus and malware definitions.
McAfee believes that people don't bother keeping their security software up to date after the trial period expires. "The fact that the computer scans show so many PCs with out of date protection indicates people do not understand that the security software included with the purchase of their PC is usually a trial version that will expire if the user does not purchase a subscription," said Bari Abdul, McAfee VP of worldwide consumer marketing.
That's only part of the problem, however. We routinely hear from users who are frustrated to learn that anti-virus companies expect them to continue paying subscription fees for updates, even after shelling out for an anti-virus program. The move to subscription based security software doesn't necessarily help with keeping users' anti-virus definitions up to date.
For those of us who have had to play tech support for friends and loved ones who have suffered at the hands of malware writers, the study reinforces a couple of points we already know. First, it's important to stay on top of security. With malware writers constantly adapting their attacks in an attempt to stay a step ahead of security companies, it's crucial to make sure your security software is up to date. Second, it's still important to practice skeptical computing, looking critically at each and every web page, IM, and e-mail they see.
Several brick-and-mortar retailers are redefining the term "bargain basement" when it comes to DVD sales, although some question whether it's the wisest move. Both Target and Circuit City have begun advertising certain DVDs, which come from a variety of movie studios, at a new low price of $3.99 apiece—practically the equivalent to renting a movie. The move is meant to boost sales, but not everyone is happy about it, least of all Hollywood.
The move is unprecedented not only in price, but also timing: DVD sales like that are almost nonexistent outside of the fourth quarter of the year, Warner senior VP Jeff Baker told VideoBusiness. For the low, low price of $3.99, Target customers can pick up such hits as The Nutty Professor and Along Came Polly, while Circuit City customers can grab The Bourne Identity and S.W.A.T. The prices are not reflected on the stores' web sites but can be found at the respective retail stores and sometimes announced in fliers.
The trend is growing, too. VideoBusiness points out that mass retailers are increasingly pricing DVD titles in the $3 to $4 range (0.8 percent of catalog sales were in this range as of 2007, as compared to 0.4 percent in 2005) as well as the even-more-popular $4 to $5 range (a whopping 4.6 percent of catalog sales in 2007, compared to 0.7 in 2005).
But while Matt Damon fans in the audience might be swooning at the chance to spy such a perfectly-crafted butt over and over for only $3.99, the pricing is not necessarily a good thing for the studios or retailers. "It's a negative precedent in the business to do that type of lower budget pricing outside of the fourth quarter," Baker said. "You would need to see some uplift in unit volume velocity to compensate for that lower pricing to maintain profit margins, and I have not uniformly seen at retailers the necessary uplift in volume."
The new low in DVD prices stem from a combination of decisions made by the retailers and the studios. Physical sales of movies continue to drop, with both retailers and studios rushing to come up with solutions that will compete with other forms of distribution, including digital sales. Retailers—particularly those with a brick-and-mortar presence—are willing to do almost anything to try to reverse that trend. Higher physical sales (at any price) means more people in the store, and more people in the store means more sales of other merchandise too (when was the last time you walked into a Target to buy a DVD and walked out only with a DVD?).
The movie studios, on the other hand, are just plain scared to jump headfirst into digital distribution and would rather milk physical sales as long as possible. Only Disney appears to have gone into digital distribution with open arms, which has been a successful venture thus far. But that hasn't stopped others from insisting on strict DRM in an attempt to control the user experience and sell more copies of movies. This strategy has so far failed.
But milking physical sales at any cost isn't exactly helping anyone out either, and may actually hurt everyone in the long term. Virgin Megastores senior product manager Chris Anstey agrees, stating that customers have come to expect heavy discounts and have adjusted their purchasing plans accordingly. "As a result, the new release doesn't blow out and, out of panic, the prices drop. It's a vicious cycle," he told VideoBusiness.
From a bird's-eye view, of course, all of this makes sense. The DVD was born at a time when there was comparatively far fewer entertainment options as there are today (the Internet in general is more widely embraced now than in the mid 90s, then there's YouTube, BitTorrent, forums, video on demand, DVRs, etc.). With more competition for consumers' money and attention, the "traditional" model is suffering, and this puts the squeeze on both Hollywood and the major retailers
New laws going into effect today in the United Kingdom make it a crime to refuse to decrypt almost any encrypted data requested by authorities as part of a criminal or terror investigation. Individuals who are believed to have the cryptographic keys necessary for such decryption will face up to 5 years in prison for failing to comply with police or military orders to hand over either the cryptographic keys, or the data in a decrypted form.
Part 3, Section 49 of the Regulation of Investigatory Powers Act (RIPA) includes provisions for the decryption requirements, which are applied differently based on the kind of investigation underway. As we reported last year, the five-year imprisonment penalty is reserved for cases involving anti-terrorism efforts. All other failures to comply can be met with a maximum two-year sentence.
The law can only be applied to data residing in the UK, hosted on UK servers, or stored on devices located within the UK. The law does not authorize the UK government to intercept encrypted materials in transit on the Internet via the UK and to attempt to have them decrypted under the auspices of the jail time penalty.
The keys to the (United) Kingdom
The law has been criticized for the power its gives investigators, which is seen as dangerously broad. Authorities tracking the movement of terrorist funds could demand the encryption keys used by a financial institution, for instance, thereby laying bare that bank's files on everything from financial transactions to user data.
Cambridge University security expert Richard Clayton said in May of 2006 that such laws would only encourage businesses to house their cryptography operations out of the reach of UK investigators, potentially harming the country's economy. "The controversy here [lies in] seizing keys, not in forcing people to decrypt. The power to seize encryption keys is spooking big business," Clayton said.
"The notion that international bankers would be wary of bringing master keys into UK if they could be seized as part of legitimate police operations, or by a corrupt chief constable, has quite a lot of traction," he added. "With the appropriate paperwork, keys can be seized. If you're an international banker you'll plonk your headquarters in Zurich."
The law also allows authorities to compel individuals targeted in such investigation to keep silent about their role in decrypting data. Though this will be handled on a case-by-case basis, it's another worrisome facet of a law that has been widely criticized for years. While RIPA was originally passed in 2000, the provisions detailing the handover of cryptographic keys and/or the force decryption of protected content has not been tapped by the UK Home Office—the division of the British government which oversees national security, the justice system, immigration, and the police forces of England and Wales. As we reported last year, the Home Office was slowly building its case to activate Part 3, Section 49.
The Home Office has steadfastly proclaimed that the law is aimed at catching terrorists, pedophiles, and hardened criminals—all parties which the UK government contends are rather adept at using encryption to cover up their activities.
Yet the law, in a strange way, almost gives criminals an "out," in that those caught potentially committing serious crimes may opt to refuse to decrypt incriminating data. A pedophile with a 2GB collection of encrypted kiddie porn may find it easier to do two years in the slammer than expose what he's been up to.
Duluth, MN — Since filing the first of over 20,000 file-sharing lawsuits in 2003, the RIAA has seen every one of them either dismissed or settled—almost all in favor of the record industry. That's going to change Tuesday, as a jury trial in Virgin Records America, et al v. Jammie Thomas is set to begin in Duluth, Minnesota.
Throughout their legal campaign, the record labels have done what they can to get judges to decide the case in their favor before trial. Last month, the RIAA asked the judge in this case for summary judgment on three issues: that the record labels own the copyrights, that the copyright registrations are in order, and that Thomas was not authorized to copy or distribute the songs allegedly found by SafeNet on her PC. Judge Michael J. Davis denied the RIAA's motion for summary adjudication, setting the stage for the trial.
In many ways, the case mirrors the other contested file-sharing cases. But Thomas' defense is focusing on what it sees as a key weakness in the RIAA's case, the ownership of the copyrights to the 26 songs allegedly found by SafeNet. The RIAA submitted screenshots of the shared folder SafeNet discovered on KaZaA, stipulating that the plaintiffs owned the copyright to the songs. One problem: the documentation provided by the RIAA doesn't appear to support the claim.
Song Copyright holder according to the RIAACopyright holder according to the certificate of registration"Appetite for Destruction"UMG RecordingsThe David Geffen Company"The Comfort Zone"UMG RecordingsPolygram Records"Control"UMG RecordingsA&M Records, Inc."Frontiers"Sony BMGCBS, Inc."Let it Loose"Sony BMGCBS, Inc."Get a Grip"UMG RecordingsGeffen Records"Hysteria"UMG RecordingsMercury Records"If You See Him"UMG RecordingsMCA Records Nashville
According to Brian Toder, Thomas' attorney, the labels produced no additional evidence to support the claims of copyright ownership during the course of discovery. Two weeks before trial, but several months after they were supposed to be produced in discovery, the labels produced another 784 pages of documentation they say they need to demonstrate copyright ownership. Judge Davis ruled Monday that the RIAA cannot introduce it as evidence.
For the RIAA, the issue is clear-cut. Jammie Thomas, a single mother living in Brainerd, Minnesota, was the Charter subscriber associated with the IP address 184.108.40.206 on February 21, 2005, which is when SafeNet discovered [email protected] logged onto KaZaA with over 1,700 recordings in a shared folder. According to the RIAA, Thomas has used the "tereastarr" nickname online for "many years," leading them to believe that she was indeed responsible for "distributing" the recordings.
Not long after receiving a settlement letter from the labels, Thomas also had the hard drive in her PC replaced by Best Buy, which the RIAA says was done in an attempt to intentionally conceal her infringement. An RIAA spokesperson told Ars on Monday that the group plans to move forward with its claims, and that it tries "to be fair and reasonable" in resolving all of its file-sharing cases "quickly and out of court."
The trial will begin at 9 AM CST Tuesday morning, with much of the first day expected to consist of oral arguments, jury selection, and possibly testimony from a couple of people from the plaintiff's witness list, which includes RIAA president Cary Sherman and expert witness Dr. Doug Jacobson, whose credibility has been called into question in other file-sharing cases. Ars Technica will be on hand for the trial and will be quick to report on the events of each day.