Google: Symantec antivirus flaws are ‘as bad as it gets’
Products from Symantec that are supposed to protect users have made them much more open to attack, according to Google. Researcher Tavis Ormandy has spotted numerous vulnerabilities in 25 Norton and Symantec products that are “as bad as it gets,” he says. “Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it — the victim does not need to open the file or interact with it in any way.” Symantec has already published fixes for the exploits, so users would do well to install them immediately.
Google’s Project Zero team searches for “zero-day” code flaws and gives companies 90 days (plus a two week grace period) to fix them. In this case, Ormandy published the blog post shortly after Symantec pushed the fixes, saying the antivirus company did resolve the bugs “quickly.”
However, he excoriated Symantec for the danger of the errors and its incompetence in allowing them. In one case, he found a buffer overflow flaw in the company’s “unpacker,” which searches for hidden trojans and worms. “Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences,” he says. “An attacker could easily compromise an entire enterprise fleet.” He added that the unpackers have kernel access, which is “maybe not the best idea.”
LightRocket via Getty Images
The researcher built and released his own exploit to help Symantec develop an effective fix. He calls it a “100 percent reliable exploit, effective against the default configuration in Norton Antivirus and Symantec Endpoint [and] exploitable just from email or the web.”
He reserved his harshest criticism for Symantec’s vulnerability management, which it’s supposed to use to check for published flaws and ensure it has the latest open-source updates. “Symantec dropped the ball here. A quick look at the decomposer library shipped by Symantec showed that they were using code derived from open source libraries … but hadn’t updated them in at least 7 years.”
Symantec dropped the ball here. A quick look at the decomposer library shipped by Symantec showed that they were using code derived from open source libraries … but hadn’t updated them in at least 7 years
Symantec isn’t the only antivirus company with issues, as the prolific Ormandy has also flagged Trend Micro, McAfee and others. He even questioned the wisdom of using antivirus software in the first place, calling it “a significant tradeoff in terms of increasing [the] attack surface.”
The bugs affect Norton Antivirus on Mac and Windows, Endpoint and numerous other Symantec products. As mentioned, the fixes have already been patched, and in most cases, you’ll get the updates automatically. As noted in the blog, however, “some of these products cannot be automatically updated, and administrators must take immediate action to protect their networks.”
Via: Tavis Ormandy (Twitter)
Source: Google Project Zero, Symantec
Solve an FMV mystery with ‘Her Story’ on Android
It took a year, but Her Story, Sam Barlow’s mystery game, has been ported to Android. Her Story is a full-motion video game where you’re tasked with piecing together a story through watching short excerpts of interviews. The only mechanic you have at your disposal is a search tool, which lets you bring up clips that contain certain words or phrases. There are hundreds of clips to search through, and by the end of the game you’ll have unravelled a fantastic story.
Her Story won many accolades, including the coveted Aaron Souppouris award for Favorite Video Game of 2015. Less prestigious organizations like the BAFTA Game Awards also recognized the game, handing out three prizes for best debut game, best mobile game, and game innovation. It’s available from Google Play for $2.99, which is a couple of dollars less than its price on iOS.
Source: Sam Barlow (Google Play)
Windows 10 Anniversary Update arrives August 2nd
Microsoft hasn’t done the greatest job of keeping its Windows 10 Anniversary Update schedule a secret (it inadvertently spilled the beans on June 28th), but it’s at last official: the upgrade arrives on August 2nd. It’s free for anyone who has already moved to Windows 10, so most people won’t have to pay for Anniversary features like broader biometric security and pen support, a more efficient Edge browser with extensions, smarter Cortana voice commands and the unification of the Windows and Xbox stores. You’ll have to contend with more promoted apps and won’t get previously touted perks like messaging everywhere, but those may be small trade-offs given the overall amount of polish.
Via: The Verge
Source: Windows Experience Blog
AMD’s Radeon RX 480 is the new king of budget video cards
Instead of trying to build the biggest and most powerful video card on the market, AMD aimed at the low end for the Radeon RX 480. But that doesn’t make it any less exciting than NVIDIA’s recent powerhouse GeForce GTX 1080 and 1070 cards. AMD’s pitch for the RX 480 is simple: It’s a $200 card that’s VR-ready. That’s huge, especially since the current batch of GPUs that meet minimum VR specs cost around $350 today. I’ll admit, I was skeptical when AMD announced the RX 480 at Computex last month. But after putting one through its paces over the past few days, I feel like Han Solo in The Force Awakens. It’s true. All of it.
To be fair, AMD did prime the pump a bit by sending me the 8GB version of the RX 480. That version of the card will retail around $239, a bit more than the $200 figure it reached with the 4GB model. There will be some performance differences between the two cards, but they likely won’t be significant with most games today. AMD admits the 8GB version is a better bet if you want to future-proof your system for future titles, though.
Compared to the last AMD card I tested — the mammoth R9 Fury X — the RX 480 is elegant in its simplicity. It’s basically a black box with some classy dimpling on the front and a single fan. It’s based on AMD’s new Polaris architecture, which is built on a 14nm FinFET (a type of 3D transistor) process. That means the chip itself is significantly smaller than the cards using the company’s previous 28nm design, which first debuted back in 2011. Polaris’s tiny size allows it to be more power efficient, and it also lets AMD reach higher clock speeds than ever before (1,120MHz with boost speeds up 1,266Mhz).
Installing the RX 480 was like any other GPU: Plug it in a PCI Express slot and connect additional power (in this case, it’s a single 6-pin PSU cable). I hooked up a 4K monitor into one of the three DisplayPort slots (there’s also an HDMI slot), installed AMD’s latest drivers, and I was off to start gaming. It wasn’t long before I forgot I was testing a $240 video card in my rig (which consists of a 4GHz Core i7-4790K CPU, 16GB of 2400Mz DDR3 RAM and a 512GB Crucial MX100 SSD on a ASUS Z97-A motherboard).
| 3DMark | 3DMark 11 | |
| AMD Radeon RX 480 | Standard 10,279/ Extreme 5,146/ Ultra 2,688 | X4,588 |
| NVIDIA GeForce GTX 1080 | Standard 15,859/ Extreme 9,316/ Ultra 5,021 | X9,423 |
| AMD R9 Fury X | Standard 13,337/ Extreme 7,249/ Ultra 3,899 | X,6457 |
In most of the 3DMark tests, the RX 480 scored around half as well as the GTX 1080. That’s actually quite impressive, considering that the 1080 retails upwards of $600. Notably, the RX 480 was also slightly faster than comparable benchmarks from NVIDIA’s GTX 970, which still costs more than $300 today (and was previously the bare minimum you needed for VR).
4K Benchmarks
| Witcher 3 | Hitman | |
| AMD Radeon RX 480 | 20 | 25 |
| NVIDIA GeForce GTX 1080 | 43 | 48 |
| AMD R9 Fury X | 35 | 38 |
Average FPS performance in 4K with all graphics set to maximum, NVIDIA Hairworks turned off.
I knew from the get-go that this card wouldn’t be much of a 4K contender, and while the results I found weren’t playable, I’m still surprised at how well it did compare to the GTX 1080 and the R9 Fury X. What really impressed me, though, was the RX 480’s 1440p performance with maxed out settings. It managed to reach near 60 frames per second in most titles, which has been my PC gaming goal for the past few years. What you lose out in resolution compared to 4K, you get back in overall smoother performance (and the ability to use more elaborate graphical settings).
1440p Benchmarks
| Witcher 3 | Hitman | Doom | Overwatch | |
| AMD Radeon RX 480 | 43 | 45 | 58 | 60 |
| NVIDIA GeForce GTX 1080 | N/A | N/A | N/A | N/A |
| AMD R9 Fury X | N/A | 70 | N/A | N/A |
Average FPS performance in 1440p with all graphics set to maximum, NVIDIA Hairworks turned off.
The RX 480 also cleaned up well in 1080p gaming, but that’s no surprise. If you’re buying a new video card today though, you’re far better aiming for the 1440p milestone (even if you don’t have a compatible monitor yet).
When it comes to real-world performance, the RX480 felt just as smooth as the GTX 1080 when playing Overwatch in 1440p with all graphical settings at their maximum. It never dipped below 60FPS, even when things got incredibly hectic. These days, that’s all I really ask for in a video card. With the new Doom, it hovered between 55FPS and 60FPS, which is still commendable given how demanding that game can be. It didn’t fare as well with The Witcher 3, getting around 43FPS, but that’s also a game that eats GPUs for breakfast.
As for VR, the RX 480 delivered a solid experience without much slowdown. It didn’t matter if I was dogfighting in Eve Valkyrie; exploring alien worlds in Farlands; or platforming in Lucky’s Tale. I kept a particular eye out for stuttering or anything that could lead to motion sickness, but couldn’t detect any major issues. AMD wasn’t lying: This is a VR-ready card alright. There’s a chance that the 4GB version of the RX 480 could have some issues dealing with VR, but given the speeds I saw with traditional games, even that card should be able to handle basic VR requirements (pumping out a 1200 by 1080 resolution at 90FPS).
Temperature-wise, the RX 480 idled around 35c and reached 69c while benchmarking and gaming. Its fan was normally quiet, but when things heated up it was definitely audible. Since it’s a small fan, it’s whinier and higher pitched than the larger fans you find on most video cards. That might be overly annoying for some, but it never really bugged me in the middle of gaming sessions.
Similar to the GTX 1080 and 1070, there simply isn’t anything else in the budget video card market that can compete with the Radeon RX 480. Last year’s cards all cost more, and offer less performance. The real problem is deciding between the $200 4GB model, or the $239 8GB version. For peace of mind (and for a likely smoother VR experience), I’d recommend splurging for the additional memory. AMD will also offer cheaper Polaris cards, the RX 460 and 470, but those are meant for esports and less demanding systems.
In the end, AMD has successfully delivered on its promise of making a VR-ready card that everyone can afford. And what’s most intriguing is that NVIDIA doesn’t yet have a viable budget competitor. The door is wide open for AMD to redefine what a low-end GPU can do.
ICYMI: Pig poop could make more eco-friendly roadways
Today on In Case You Missed It: The chemical makeup of pig manure is so similar to petroleum that it’s being tested as a more bio-friendly way to make asphalt roads, while the leftover bits can be used as fertilizer. Since pigs already produce 43 billion gallons of manure each year, re-using some for road construction might be the smartest thing we’ve done with bioengineering yet.
You can find our diabetes story from Cambridge here, the first banking chatbot from Kasisto here, and the selfie drone that’s going to be everywhere, here. As always, please share any interesting tech or science videos you find by using the #ICYMI hashtag on Twitter for @mskerryd
Uber Debuts Safety-Focused Update, Citing Positive Impact on Drunk Driving
Ahead of the Fourth of July holiday in the United States, ride hailing app Uber today announced a suite of safety improvements for its driver app, aimed at “predicting, preventing and reducing the number of crashes on the road.” The update comes in partnership with Mothers Against Drunk Driving and the Governor’s Highway Safety Association, and focuses on parsing out more information to the company’s drivers to ensure the safety of its customers.
As part of the update, Uber will send out daily reports to drivers with detailed statistics showing their driving patterns, as well as comparisons to other drivers in the city, “with suggestions on how to provide a smoother, safer ride.” According to a more detailed report in the company’s engineering blog, multiple readings taken from GPS and accelerometer data in the smartphone will fuel these statistics, and also provide a new “speed display” in the driver app to alert them of potentially passing the speed limit.
Other basic features include reminders to take a break and safety messages to inform drivers about regulations from Uber, like mounting their smartphone to the dashboard instead of holding it in their hands while driving. The safety-focused update will begin as a rollout in 11 United States cities (the company left which cities unspecified) in the next couple of weeks, with more planned to be added after that.
In addition to the new features of its driver-focused Partner App, in today’s blog post the company remarked on the overall positive impact that Uber has had on drunk driving accidents, specifically focusing on the city of Atlanta. Using a chart made available by the Atlanta Police Department, which shows every DUI made in the city from 2010-2016, a noticeable down tick in drunk driving arrests can be seen: dropping from 2,243 to 1,535, or a 32 percent decline, in that time period.
Uber used the dataset to correlate that dive in DUI arrests to the implementation of the ride hailing service in Atlanta in 2012, along with a surge in use a few years later in 2015. As the company itself points out, however, “many factors” could be affecting drunk driving trends in Atlanta, so it’s difficult to directly attribute the two statistics to one another.
Still, the company mentioned that “it’s heartening to see that these incidents are declining over time.” It also cited its own survey data, released today, wherein 90 percent of riders said Uber helped generally reduce drinking and driving, and 80 percent said it helped personally on the same issue. No specific ranking was given, but according to Uber the same survey revealed that the app is “riders’ top choice for trips” when inebriated, coming on top of public transportation, taxis, and other ride hailing apps.
Previous Coverage: Uber Update Spotlights ‘Upfront Fares’ While Burying Surge Pricing Notifications
Tag: Uber
Discuss this article in our forums
Porsche Debuts 2017 Panamera Sports Car With CarPlay Support
Porsche has announced that its new 2017 Panamera luxury sedan will be equipped with a 12.3-inch touchscreen that supports CarPlay. The next-generation Porsche Communication Management system also features online navigation, Porsche Connect, and a new voice control system that responds to natural language input.
The all-new 2017 Porsche Panamera will arrive at U.S. dealerships in January 2017, with other markets to follow in early 2017. Pricing for the Panamera 4S starts at $99,900, while the Panamera Turbo starts at $146,900. An additional $1,050 fee applies for delivery, processing, and handling.
Other CarPlay-enabled Porsche models include the 2016 911, 2017 718 Boxster, 2017 Macan, 2017 718 Cayman, and 2017 718 Cayman S.
Related Roundup: CarPlay
Tag: Porsche
Discuss this article in our forums
Tetris Blitz: 2016 Edition falls onto the Play Store for some beastly combos
EA has announced the company has released Tetris Blitz: 2016 Edition to the Play Store. This latest update brings a bunch of improvements and new features. Should you be a fan of the classic title, you’ll really dig EA’s take on the formula with Blitz. The developer has packed in a bunch of extras that bring something new to the table and spice up gameplay.
Here’s what is available in Tetris Blitz: 2016 Edition:
- Unlock exciting Power-Ups and Finishers as you level up
- Play every day to be rewarded with new Daily Challenges
- Make it rain with fresh Golden Minos – the more you clear, the more you earn
- Be showered with Golden Minos in the Gold Rush bonus round after every level up
Grab Tetris Blitz: 2016 from the Play Store for free.
ZTE’s beastly Axon 7 is now up for pre-order in Europe
Unveiled in May, ZTE’s beastly Axon 7 is up for pre-order from third-party sellers on Amazon in France, Germany, Italy, Spain, and the United Kingdom. The phone is priced at £359 in the U.K., and €449.99 in other European markets.
ZTE collaborated with BMW Group’s Designworks on the design of the phone, resulting in an all-metal chassis with a 5.5-inch QHD display and dual front speakers. The handset is powered by a 2.15GHz Snapdragon 820, and offers 6GB of RAM, 128GB storage, 20MP camera, 8MP front camera, NFC, LTE, Wi-Fi ac, AKM HiFi audio chipset, Force Touch, and a 3250mAh battery. The version that’s up for pre-order comes with 4GB of RAM and 64GB storage, and at this stage it doesn’t look like global markets will receive the model with 6GB of RAM and 128GB internal memory.
Interested in what the phone has to offer? Check out our hands-on.
As noted by GSM Arena, the phone is slated to be available online at GrosBill and offline at Media Markt and Phone House in the coming months.
- See at Amazon UK
- See at Amazon Spain
- See at Amazon Germany
- See at Amazon France
- See at Amazon Italy
Where to buy the Wileyfox Spark
Wileyfox’s latest Cyanogen-powered budget phone sells for less than £90, and it’s available to pre-order now.
British firm Wileyfox made a splash recently with the announcement of three new phones in its “Spark” range, and now the first handset in the series is available to pre-order. Right now UK buyers can reserve the base model Wileyfox Spark — which costs just £89.99 SIM-free and unlocked — from Amazon, Clove or Wileyfox itself.
Amazon
Amazon UK has Wileyfox’s new phone up for pre-order in white and black, for the standard price of £89.99. Delivery is free for Amazon Prime members, and the release date is listed as July 12.
See at Amazon
Wileyfox
Wileyfox is selling its own phone directly to consumers, and it’s currently taking pre-orders of the Spark in black and white for £89.99. The firm offers next-day delivery on orders placed before 3 p.m.
See at Wileyfox
Clove
Independent retailer Clove has both colors up for pre-order for £89.99, with the release date listed as July 15.
See at Clove
MORE: Wileyfox Spark series specs
What about Spark+ and Spark X?
The release of Wileyfox’s three new handsets will be staggered, with the regular Spark going on sale first in mid-July. Based on the timings given by Wileyfox at its press conference, that should be followed by the Spark+ in late July/early August, and the Spark X later in August.
MORE: Wileyfox Spark, Spark+ and Spark X hands-on
AIVAnet 