Skip to content

Archive for


Why Android malware scares are almost never as bad as they seem


Headlines shout about hundreds of millions being vulnerable. But they ignore a vital part of Android’s security which stops app-based malware dead in its tracks.

Whether it’s QuadRooter earlier in 2016, or Gooligan more recently, the news is full of reports of terrifying Android security vulnerabilities. Often they’re brought to light by security companies with a product to sell, and blown out of all proportion by the mainstream press.

Research like this is important work done by very smart people. But make no mistake, the goal is to drum up publicity and (eventually) sell you security software. That’s why new Android vulns come with catchy nicknames and sometimes even logos — particularly around the time of the big hacker conferences like Defcon and Black Hat. It’s a neat pre-packaged story sure to attract attention, easily turned into headlines like “Android users beware: Over 900 MILLION smartphones are vulnerable to this crippling hack.” (That was British tabloid The Mirror on QuadRooter, by the way.)

That sounds scary, but it’s in the interest of those doing the disclosing (and, let’s be honest, the clickthirsty online media) to wave their arms around and make it appear as bad as possible.

There are many types of software vulnerabilities, and it’s almost impossible to guarantee any piece software is completely flawless — especially in something as complex as a smartphone. But let’s focus on app-based malware, since that’s the most common attack vector. The simplest way for the bad guys to do bad things to your phone or your data is to have you install a malicious app. The app might then make use of vulnerabilities in the OS to take over your device, steal your data, cost you money or whatever else.

When a security vulnerability crops up on iOS, Apple issues a software update and it’s fixed. Because of the complete control Apple has over the iPhone, that means devices are patched pretty quickly, and all is well.

On the iPhone, everything that matters lives inside the OS. On Android, it’s split between the OS and Play Services.

On Android, it’s not so simple. Google doesn’t directly update the firmware on the billion or so Android phones out there, and because of this only a small handful are running the latest OS version. But that doesn’t mean they have to miss out on new features, APIs and malware protection.

Google Play Services is a system-level app, which is updated in the background by Google on every Android phone going back to 2010’s Gingerbread release. As well as providing APIs that let developers interact with Google services, and porting many features back to older versions of Android, Play Services has an important role in Android security.

The “Verify Apps” feature of Play Services is Google’s firewall against app-based malware. It was introduced in 2012, and first enabled by default in Android 4.2 Jelly Bean. (Older versions can manually enable it in the Google Settings app.) Verify Apps works similarly to a traditional PC virus scanner: Whenever the user installs an app, Verify Apps looks for malicious code and known exploits. If they’re there, the app are blocked outright — a message is displayed saying “Installation has been blocked.” (In other, less suspicious cases, a warning message may be displayed instead, with the option to install anyway.)

While the underlying exploit may still be there, this makes it impossible for the bad guys to take advantage vulnerabilities after they’ve come to light. With Play Services updating constantly in the background across basically the entire Google Android userbase, as soon as a major vulnerability is reported to Google (often before the public hears about it), it’s patched through Verify Apps.


Verify Apps is a last line of defense, but it’s a highly effective one.

While the method is different compared to iOS, the result is the same. The platform holder updates its security — Apple through an OS update, Google through Play Services — and users are protected. You can argue all day about which one is better or more robust, but the fact that we’ve yet to see the predicted Android malwarepocalypse indicates that Google’s method is working pretty well. That’s not to say other steps like Google’s monthly security patches aren’t important. While Verify Apps is a last line of defense, it’s a very effective one.

Let’s take a step back even further — to even get to the point of installing a malicious app, the user would’ve had to disable the “unknown sources” checkbox to allow installation of apps from outside the Google Play Store. For most of people, that’s not something they ever do. Apps come from the Play Store, and that’s that. Google controls and curates apps on the Play Store, and continually scans for nefarious apps. If you only install apps from there, generally, you’re fine.

Breathless reports mentioning hundreds of millions of vulnerable Android devices don’t mention any of this, of course. In the case of the QuadRooter vulnerabilities, for example, assuming you’re on an affected version of Android, you’d first have to disable the “unknown sources” checkbox, then go to Google Settings > Security and disable app scanning. Then, if you decided to download and install an infected app from a nefarious corner of the Internet, you’d be affected. These are not steps that most people take, nor are they things that will happen of their own accord.

It’s the digital equivalent of propping open your door, throwing your keys on the driveway and erecting a big sign on your lawn saying “Free stuff inside, come on in.”

That’s not to say there haven’t been one or two genuinely menacing Android security issues over the past few years. The worst to date has been Stagefright, which led to Google establishing its regimen of monthly security patches. Stagefright was particularly bad because it could affect phones just by playing media files. There’s a big difference between that and malware in the form of an app that needs to be installed.

When it comes to anything in the form of an APK, Android’s existing security safeguards already protect the vast majority of folks, even if they’re not on the most up-to-date version.

So those reports about hundreds of millions of Android devices being “vulnerable” to this or that? In theory, if you go out of your way to disable all of Android’s built-in safeguards, sure. In the real world, not so much.


‘Marvel vs Capcom: Infinite’ hits the PS4 in 2017

Marvel vs Capcom: Infinite pits classic video game characters from franchises like Street Fighter and Mega Man against everyone’s favorite superheroes from the Marvel universe. The debut trailer showed an epic battle among Ryu, Mega Man X, Captain Marvel and Iron Man. Infinite lands in late 2017 and fans will get the first look at its gameplay tonight at the Capcom Cup, which is being held at PlayStation Experience in Anaheim, California.

Infinite features single-player and online multiplayer modes, plus Infinity Stones to give players unique boosts based on the elements of power, space, time, reality, soul and mind.

“Heroes and villains battle for supremacy in a timeless struggle set in the Marvel and Capcom universes,” the PS Blog says. “The original storyline answers the questions regarding the new clash and lets players step into the shoes of classic characters from both sides as they wage war against powerful forces in an attempt to defeat a new villain.”

It’s official: Marvel vs Capcom: Infinite! Gameplay reveal coming at Capcom Cup tonight.

— PlayStation (@PlayStation) December 3, 2016

In the meantime, fans at home can download Ultimate Marvel vs Capcom 3 today on the PS4.


‘Wipeout’ comes to the PS4 through the ‘Omega Collection’

Have you been suffering from Wipeout withdrawal symptoms since getting a PS4? You can relax. Sony has revealed that Wipeout Omega Collection is coming to the PS4 with remastered versions of three games (or two, depending on your point of view): Wipeout HD, Wipeout HD Fury and Wipeout 2048. It’s not saying a whole lot about what’s new, but it’s safe to say that a graphical upgrade is on order — especially for 2048, which was meant for the PS Vita. They’re all getting 4K support, high dynamic range graphics and a “targeted” performance of 60 frames per second. You should see an “all-new” soundtrack, too. It’s not a true sequel, and you’ll have to wait until summer 2017 to get it, but it should at least end a years-long drought for people who have fond memories of racing hoverships to a thumping beat.

The crowd goes wild! Wipeout Omega Collection is coming to PS4, includes three classic games. #PSX16

— PlayStation (@PlayStation) December 3, 2016

Source: PlayStation (Twitter), PlayStation Blog


‘Uncharted’ is back on PS4 with ‘The Lost Legacy’

There’s a new Uncharted. Well, a new story chapter at least. Uncharted: The Lost Legacy, from the looks of it, is a lot like The Last of Us: Left Behind. Meaning, it’s a standalone story that fleshes out characters from the main game in a new way. The video that debuted on the PlayStation Experience stage showed a robed woman walking through a middle Eastern street, following instructions for a meet up by text message — only to be double crossed on a rooftop.

That’s when the big reveal happens: the robed woman was Chloe Frazer (who made her debut in Uncharted 2) and Nadine Ross, one of the antagonists from Uncharted 4. Given that Ross’ character was pretty flimsy in A Thief’s End hopefully that changes here. Once Sony uploads the trailer, we’ll be sure to embed it. for now, though, you’re going to have to hold tight.

We have a new #Uncharted game! Uncharted: The Lost Legacy is a new standalone story chapter. Chloe Frazer and Nadine Ross are back! #PSX16

— Naughty Dog (@Naughty_Dog) December 3, 2016


Be a time buff: How to choose from Fitbit’s family of fitness trackers

Fitbit – chances are you’ve seen athletes and plain joggers wear them, tons of commercials advertise them, and internet ads and reviews (like this one) focusing on what makes fitness wristbands like Fitbit great for those who want an easy to wear, simple to use gym or lifestyle gadgets.

With prices ranging from $59.99 right up to $249.95, Fitbit caters for everyone looking to get their hands (wrists actually) to their first fitness tracker. For many people, however, wearing tech seems a bit scary, even extravagant. Thankfully, Fitbit managed to remove everyone’s anxiety, even if you’re just trying to move more.

Now we go the types of Fitbit that’ll fit your preferences. Whether you prefer a Charge 2, Flex 2, Surge, Blaze or Alta, we’ll help you decide. Here’s a quick rundown of the hot Fitbits right now.

Fitbit Charge 2. The updated Charge has a wealth of new and awesome features, which include guided breathing, a larger screen, new data tracking with VO2 Max, and yes, interchangeable bands. There’s a basic step and sleep tracking feature for standard users, but if you want to make use of all its features, that’s up to you.

There’s a cardio fitness level here, a new ecosystem for Fitbit that’s sure to improve over time. It sits arguably better in the hand than Surge. The overall design is pleasing, allowing for more information without being too big.

Fitbit Flex 2. You just want the basic? Here it is. Flex 2 covers the bases; monitoring steps, calories, hourly sleep and activity, and active minutes. You also benefit from Fitbit’s SmartTrack tech to quickly recognize and track your workouts, including cycling, walking, running and aerobic exercises.

It is 30 percent smaller than the original, while still being waterproof. With its water-resistant design, you can make use of its swim tracking features, letting you track pool sessions and delivering metric on laps, calories burned and duration.

Fitbit Blaze. A hybrid of fitness tracker and smartwatch, the Blaze features heart rate data and built-in workouts all on the wrist. This fitness band is designed with customization in mind, plus you can switch the screen element with different style bands.

It has automatic exercise detection and biometrics, but it might disappoint you if you are a runner or cyclist since it relies on GPS data of smartphones. It has a striking design but doesn’t offer anything ground-breaking if compared to other members of the Fitbit family.

Fitbit Surge. This is the priciest Fitbit your money can buy; the Surge was designed to be the ultimate sports watch. The Surge is worth a look if you like GPS for running routes as well as everyday activity monitoring/tracking.  It has a 5 ATM water resistance rating, but Fitbit advises against wearing it in the pool. There’s music control, text notifications, and even caller ID.

Fitbit Alta. Hailed as Fitbit’s sleekest tracker, which keeps everything simple in many ways, owing to the original Flex’ design, albeit with a modern twist. Standard sleep and activity tracker is there, with steps, distances, and calories displayed on the enhanced screen, which also displays SMS notifications, calls, and calendar updates.

It boasts a big visual update from the older Flex and Charge, and there’s a ton of customization options to give it a personalized look. However, it’s not a game-changing fitness tool.

End Note

So, what Fitbit fitness tracker do you think best suits your preferences? Whatever you choose, you’re in for an even better work and life balance. Good luck!


Recommended Reading: Should Facebook start fact-checking news?

Facebook Shouldn’t

Jessica Lessin,
The New York Times

How should Facebook combat fake news? The company isn’t sure yet, but one tech journalist argues fact-checking isn’t the answer. The Information’s editor-in-chief Jessica Lessin penned an op-ed for The New York Times this week explaining why Facebook shouldn’t take on the task of fact-checking news links that its users share on the site. From censorship to truth not always being black and white, this piece lays out why the social network allowing editors to decide what’s newsworthy could impact privacy and journalism as a whole.

Reddit Is Tearing Itself Apart
Bryan Menegus, Gizmodo

The_Donald, a community of Trump supporters, is posting coded hate speech, going after other Redditors and breaking the site’s basic rules of use while the folks running Reddit aren’t helping combat the problem.

Is VR Technology About to Revolutionize the Way We Experience Music?
Chris Kelly, FACT

The combination of VR music videos and affordable headsets that run off of your phone could mean big changes for how artists get their music to fans.

The Fault in Stars Hollow
Megan Garber, The Atlantic

There were multiple noteworthy Gilmore Girls pieces over at The Atlantic this week, including an analysis of why Rory never made it as a journalist. This one addresses the town’s biggest flaw: It’s unwelcoming to outsiders.

Go Ahead, Get Sweaty. Microparticles Can Cool You Down
Tim Newcomb, Wired

A company is using microscopic particles from coconut shells and volcanic sands in clothing to evaporate sweat more efficiently and keep you cooler during a workout.


Watch the PlayStation Experience keynote right here!

PlayStation Experience kicks off today in Anaheim, California, offering a weekend of gaming, Capcom and Call of Duty eSports tournaments, and plenty of news for fans of Sony’s wares. The keynote starts at 10AM PT / 1PM ET and it’s poised to feature a handful of game announcements and information about the PlayStation 4, PS4 Pro and PS VR as we head into 2017. Catch it all live right here, regardless of your proximity to Anaheim. Sometimes, the internet truly is incredible.

We’re live at PlayStation Experience this weekend, so stay tuned for developer interviews and hands-on impressions of some of the coolest games at the show. Plus, follow us on Facebook and Instagram to see pictures and videos straight from the Anaheim Convention Center.


Google Chrome Browser 55 Fixes Security Holes and Defaults to HTML5

Google this week began rolling out the latest update to its desktop Chrome web browser ahead of schedule, with Chrome 55 fixing multiple security vulnerabilities and defaulting to HTML5 on the majority of websites.

Google Chrome has been phasing out Flash support since September, when version 53 of the browser started blocking Flash-based page analytics and background elements. Version 54 brought a YouTube code rewrite that forced YouTube Flash players to switch to HTML5.

Chrome 55 brings the most visible move away from Flash by defaulting to HTML5 across the board. Users are now prompted to enable Flash when they visit sites that still use it, exempting 10 of the most popular sites on the web, including Facebook and Amazon.

Chrome 55.0.2883.75 for Mac contains a number of other fixes and improvements, including 26 patches identified by external researchers as part of Google’s bug bounty program, and another 10 security fixes implemented by Google itself. The addition of CSS automatic hyphenation means Chrome can now hyphenate words when line-wrapping, which improves the visual appearance of text blocks.

Chrome 55 should be available to download for most Mac users now. Existing users can update by selecting Chrome -> Preferences via the menu bar and clicking the About section. Users downloading Chrome for the first time will automatically receive the updated version from the Chrome download page. An update for the iOS browser app is expected soon.

Tag: Chrome
Discuss this article in our forums

MacRumors-All?d=6W8y8wAjSf4 MacRumors-All?d=qj6IDK7rITs


MacBook Pro Users Express Concerns About Limited Battery Life

A subset of users who purchased a new MacBook Pro with Touch Bar claim to be experiencing shorter than expected battery life.

In particular, some users claim to be getting as little as 3 to 6 hours of battery life on a single charge, or between 30% and 60% of the up to 10 hours advertised.

MacRumors forum member SRTM said:

Currently I’m powering a 1080p external monitor and casually browsing with Chrome. At full charge, I’m getting an estimate of 3 hours battery life. With gaming it’s even less.

MacRumors forum member Aioriya said:

I bought a maxed out 13-inch Touch Bar model and I’ve been using it for about a week. With light use, I’ve been consistently getting around 5-6.5 hours when mainly browsing. Apple claims 10 hours wireless web but my battery has never lasted this long.

Reddit user Azr-79 yesterday claimed his new base model 15-inch MacBook Pro with Touch Bar received only 3 hours and 45 minutes of battery life on a single charge, despite what he described as “normal usage” in the form of web browsing, watching YouTube videos, and software development.

MacRumors forum member Scott claimed he experienced a 5 percentage point drop in battery life, from 10% to 5%, in just 12 minutes. Google Chrome, a known battery hog, was listed as the only app drawing significant power. The discussion topic he posted in and others are littered with similar claims of sizeable percentage drops in mere minutes.

Other claims on Reddit include anywhere from 3 hours to 5 hours to 6 hours — sometimes more, and sometimes less.

Conversely, some users report battery life exactly in line with Apple’s advertised figures. Reddit user Andrew J., for example, said he was working on non-intensive tasks on his new MacBook Pro for 90 straight minutes, and still had 92% battery life with an estimated 10 hours and 35 minutes of usage remaining.

I’ve been working non-stop for the past 1.5 hours, back and forth between emails, Safari, Calendar, Messages, organizing files, editing some PDFs in Adobe Acrobat DC, and building a financial model in Excel. I started at 100% and am now at 92% battery, with an estimated 10 hours 35 minutes remaining. If you’re not getting this kind of battery life on your MBP you should definitely get it checked out.

Estimates unsurprisingly vary widely based on screen brightness, background processes, and other factors, so user reports are only anecdotal evidence and your mileage may vary. It is also important to note battery life could be initially reduced until Spotlight finishes indexing your new MacBook Pro.

Battery life complaints are nothing new following the launch of a new Apple product. However, some users speculate battery life could be impacted by the new MacBook Pro switching from more efficient integrated Intel graphics to the power-hungrier dedicated AMD Radeon Pro GPU for unnecessary tasks.

Once again, however, there are always claims to suggest otherwise. Reddit user Lebron Hubbard claims he received 5 hours and 48 minutes of battery life on his high-end built-to-order 15-inch MacBook Pro with Touch Bar when forcing only the dedicated AMD Radeon Pro 460 graphics to run using gfxCardStatus:

Even though the dGPU rarely kicks in for day to day stuff, the Radeon Pro 460 seems really efficient for small tasks. 5:48 is nothing to scoff at for dGPU only, and it runs very cool and quiet.

Apple’s built-in Activity Monitor and third-party app coconutBattery are useful tools for tracking system processes and detailed battery information.

Apple officially says the new MacBook Pro is rated for up to 10 hours of battery life. Specifically, its tech specs page says all new 13-inch and 15-inch models are capable of up to 10 hours of wireless web browsing, up to 10 hours of iTunes movie playback, and up to 30 days of standby time on a single charge.

TechCrunch placed battery life at 9 hours and 35 minutes for the 13-inch model. Mashable said 10 hours is a fair estimate overall. The Wall Street Journal got 9.5 hours on the 13-inch model. Engadget gauged between 9 and 10 hours of video playback on the 15-inch model. Nilay Patel got 5.5 hours on the 13″ in real-world use.

Apple explains how it performs its battery tests on its website:

The wireless web test measures battery life by wirelessly browsing 25 popular websites with display brightness set to 12 clicks from bottom or 75%. The iTunes movie playback test measures battery life by playing back HD 1080p content with display brightness set to 12 clicks from bottom or 75%. The standby test measures battery life by allowing a system, connected to a wireless network and signed in to an iCloud account, to enter standby mode with Safari and Mail applications launched and all system settings left at default.

Apple’s website also provides tips for maximizing battery life on the MacBook Pro, including updating to the latest version of macOS, optimizing Energy Saver settings in System Preferences, dimming the screen’s brightness to the lowest comfortable level, and turning off Wi-Fi while not connected to a network.

Additional battery optimization advice provided by users includes performing a fresh install of macOS Sierra and resetting the SMC.

Related Roundup: MacBook Pro
Tag: battery life
Buyer’s Guide: MacBook Pro (Buy Now)
Discuss this article in our forums

MacRumors-All?d=6W8y8wAjSf4 MacRumors-All?d=qj6IDK7rITs


Origin PC Evo 15-S review – CNET

The Good This slim, modern-looking laptop has VR-ready graphics, and enough ports to plug in all the accessories PC gaming often requires. Origin PC has a great rep for service and support.

The Bad The minimalist laptop body lacks personality, and its power button is poorly placed. You can find other laptops with the same Nvidia graphics card for less. The display is non-touch, and limited to standard full-HD resolution.

The Bottom Line The Origin PC Evo 15-S shows a premium gaming laptop, even a VR-ready one, doesn’t have to be a backbreaker.

Configure at Origin PC.

For a long time, gaming laptops have been too big, too heavy and too ugly. At least over the past few years, the gaming power in these semiportable rigs has closed the gap with gaming desktops, but for the most part these laptops were were still back-breaking monsters. The big change over the last two years is that PC makers have finally decided it was time to work on the look and feel of these systems, and that’s put us much closer to achieving my dream gaming laptop.

The Origin PC Evo 15-S is one of this new generation of gaming laptops that slim down, while running graphics cards powerful enough to work with virtual reality hardware, such as the Oculus Rift or HTC Vive. Razer was a trailblazer in this category, and mainstream brands like Alienware are catching up. Now even Origin PC, a boutique PC builder known for massive no-compromise systems, has a slim 15-inch gaming laptop with one of Nvidia’s new GeForce 1060 GPUs inside.

origin-pc-evo-15-s-17.jpgView full gallery Sarah Tew/CNET

It’s a break from the traditional look of the many Origin PC laptops we’ve tested or reviewed previously, even if the overall look of this matte black laptop chassis is a bit generic. That’s because boutique PC builders like Origin PC, Falcon Northwest and others typically don’t design and produce laptop bodies — which is a very expensive endeavor only a handful of big PC makers can take on. Instead they take off-the-shelf bodies from component suppliers such as MSI (which also sells its own systems direct to the public), and tweaks and fine-tunes the components and software to create a custom gaming masterpiece. (Interestingly, Origin PC has designed a couple of custom desktop PC designs, the Chronos and Millennium, and both are excellent.)

By choosing this slim body for the basis of the Evo 15-S, Origin PC sets itself up nicely to provide excellent gaming power, reasonable design and portability, and very importantly, enough connectivity. The Achilles’ heel of many slimmer laptops aimed at power users is the lack of ports. Especially when hooking up VR gear, in addition to a mouse and/or gamepad, you’re going to need a lot of ports, and not just a couple of USB-C ones, as offered by the latest MacBook Pro.

View full gallery

The Evo 15-S, compared to larger gaming laptops from Origin PC and Asus.

Sarah Tew/CNET

Pay to play

Of course, you’re going to pay a premium for packing this kind of power into a slim, well-built laptop. The Evo 15-S is offered in a single basic configuration, with a Intel Core i7-6700HQ processor, 16GB of RAM, a fast 256GB PCIe SSD combined with a big 2TB hard drive (but note it’s a 5,400 rpm drive), and the new Nvidia GeForce GTX 1060 graphic card, which is essentially the same part whether you get it in a laptop or desktop. That very capable combination of parts runs $2,099, which is more than some other laptops with that new Nvidia 1060 cost. For the UK or Australia, the company can provide a custom quote, and the US price converts to about £1,659 or AU$2,816, but there may be a hefty shipping fee and additional taxes.

Origin PC Evo 15-S

15-inch, 1,920 x 1,080 display
2.6GHz Intel Core i7-6700HQ
16GB DDR4 SDRAM 2,400MHz
Nvidia GeForce GTX 1060
802.11ac wireless, Bluetooth 4.0
Micorsoft Windows 10 Home (64-bit)

The newly redesigned Alienware 15 or even a stock version of this from MSI can cost a few hundred less, but the Origin PC version doubles the storage to 2TB compared to those other two. Other interesting options include the Alienware 13, which has the same CPU and GPU, but adds a higher-res OLED touchscreen for the same $2,099. That’s a really fun system, but suffers from a lack of ports. You could also go whole-hog and get a big 17-inch Eon-17X from Origin PC, it’s flagship gaming laptop. We’ve tested one of these impressive beasts recently and it’s very powerful, but has a more old-school design.

View full gallery
Sarah Tew/CNET

The Evo 15-S shares a design sensibility with the classic 15-inch MacBook Pro, although it’s closer in size to the recently retired version than the new slimmer Touch Bar model. It has a minimalist interior, with an expansive wrist rest and large touch pad, but also has a grille for airflow above the keyboard. Cooling is clearly important here, there are also vents on either side and a slightly raised felt-like cover on the bottom, giving the bottom fan vents a little more room to breath.

It’s also surprisingly light, just about 4.3 pounds, versus 4.0 pounds for the new 15-inch MacBook Pro.

%d bloggers like this: