Austin Technology Law Blog : Texas Technology Lawyers & Attorneys for Copyright, Trademarks & Software Licensing in Houston, Dallas & Austin TX

Normally, we here at ATLB try and bring you legal issues relevant to the Austin tech world, but I recently stumbled across and my first interactive, multi-window HTML5 video, and despite the lack of legal issues, I had an overwhelming desire to share it. Showcased as a "Chrome Experience,"  Google and Chris Milk teamed up with the band Arcade Fire to produce an extremely creative music video to the song, "We used to wait" (a great track). The site, The Wilderness Downtown, provides a look into the future of not just music videos, but a videos across the board. An interactive multi-window experience allows the user to connect with the music, the story of the video, and provides some serious nostalgia for someone who hasn't been home in awhile (my then teary-eyed girlfriend can attest to that). 

I look forward to the next generation of videos and the creative music and film directors that will no doubt utilize this new format. I can already hear myself 6 months from now, "I can't believe I was so amazed by that Arcade Fire video."

• Email This
• Print
• Comments
• Trackbacks

Once upon a time, most schools distributed annuals or pictures, names and some personal information about students so that other students could make connections. Then Mark Zuckerberg hacked into the Harvard computers and obtained private information of students and put that into a Hot or Not knockoff called “Facemash”.
Harvard threatened Zuckerberg with expulsion, charges for breach of security and copyright infringement. Harvard later backed off and the rest is history.
Fast forward to today and the behemoth that has now evolved from Facemash to Facebook is rigorously trying to keep anyone from using either “Face” or “Book” in their name if the entity is remotely associated with social media.
Facebook recently induced a site called Placebook to change its name to TripTrace and has now filed suit against a site called Teachbook, which is not even operable yet but purports to be an online information sharing vehicle for teachers (a large number of whom are prohibited from being on Facebook by school administrators).
Facebook is alleging in the suit against Teachbook that the term “Book” is highly distinctive and that most people associate it with social networking. Facebook throws in a claim of cybersquatting and wants the court to give it the domain name Teachbook. For good measure, they included counts of trademark infringement, unfair competition, and trademark dilution. Teachbook has only a couple of employees. Hello fly, meet cannon.
This indicates that Facebook will be aggressive against any online vehicle containing any variety of “Face” plus something or something plus “Book”.
No word yet on their stance on BookFace (actual trademark application made and abandoned several years before Facebook came around).
 

• Email This
• Print
• Comments
• Trackbacks

OK, now it's serious.  It's one thing to lose credit card information or for your Facebook account to be high jacked, but malware is said to have been instrumental in the cause of death and destruction in the crash of a Spainair flight two years ago.  Investigators have determined that ground computers were infected with malicious code that may have prevented the pilots from being warned that the flaps were in the wrong configuration for takeoff.

This blog has previously discussed the malicious code problem here, here and here.  Experts in virus protection are becoming increasingly pessimistic about the ability of reactive virus protection to be effective.

A video of the crash can be seen here.  Warning, this is unsettling in that it is video of an event where a large number of people lost their lives.

I told you this was serious.

• Email This
• Print
• Comments (1)
• Trackbacks

Consider this abbreviated time line:

November 5, 2007 - Google, T-Mobile, HTC, Qualcomm and Motorola announce the release of Android and announce the creation of The Open Handset Alliance comprised of 34 companies that will free the mobile world of all restrictions (the last part is made up).  Nowhere in the announcement does Java get mentioned.

Same day (almost like they knew it was coming) - The Chairman and CEO of Sun (possessor of Java) heartily congratulates Google et al on the release of Android and hails the salutary effect it will have on the Java community.  The blog entry goes out of its way to call Android a "Java/Linux phone platform" and "a Java based platform".

April 20, 2009 - Oracle buys Sun.  In the press release announcing the sale, Oracle calls Java "the most important software Oracle has every acquired."

 August 12, 2010 - Oracle files suit against Google alleging "In developing Android, Google knowingly, directly and repeatedly infringed Oracle's Java-related intellectual property. This lawsuit seeks appropriate remedies for their infringement."

Now what happens?  Google will claim that they aren't using Java but built their own version of this platform called Dalvik using approved clean room methods and therefore haven't infringed on anything.  Google hasn't filed an answer yet and probably won't for some time.  Then the fun will start.  This has the potential to be a very visible and influential suit with ramifications for years to come.  Google is not likely to be the last company with Defendant after their name in this matter.  There are millions and millions of devices with Android running on them.  Plus it involves some heavyweights.

• Email This
• Print
• Comments (1)
• Trackbacks

South by Southwest Interactive is just around the corner, coming March 11-15, 2011, and now it's time for the selection process to begin. For those of you who aren't familiar with the process check this out to get up to speed. There are three groups that vote on what panels will participate in the 2011 SXSWi: public (30%), SXSWi staff (30%), and advisory board (40%). There is a feeling here at ATLB that it's our duty to assist in crafting this year's event. I mean it's for the public, so why shouldn't we have a loud voice. This bog goes out to several different groups that have interest in a variety of things, so in order to provide a broad range of issues here are a couple that seem relevant to our readers: Bootstrapping, Entrepreneurism and Monetization, Funding, Web Apps, and our personal favorite Licensing, Fair Use and Copyright. Please check out these categories and see if a subject of interest pops up.

Additionally, there are a few individual panels this year that we'd like to suggest:

Apps vs. Mobile Web: Which to reach consumers?

Copyright Criminals

Download Illegally, It's the Right Thing to Do

Social Network Users' Bill of Rights: You Decide

Legal Frontiers In Social Networks, Blogs and Beyond

I.P. Fearlessly: Copyright, Contracts, and Clients

I'm sure there are many more that would do a great job of bring value to next year's event, but these were the ones that caught our eye on first go around. It would be a good idea to get on twitter and find some other good Austin Tech Sources to get a feel for some other good panels.

Enjoy the weekend!

• Email This
• Print
• Comments
• Trackbacks

In talking to our clients, our friends and the public at large, there seems to be a lot of confusion, misinformation, urban myths and lore surrounding the amount and kinds of data and material that is deposited on computer drives and that can be retrieved even though the user thinks that he has deleted it or covered it up. And by computer drives, we mean any electronic storage device including computers, flash drives, cell phones, DVRs, etc.

To attempt to get real live reliable answers to some of these questions, we turned to some local subject matter experts, Flashback Data. Flashback Data’s website is here. They were kind enough to lend us the expertise of Will Ambruzs, an attorney who is charge of the Forensics Division of Flashback Data.

ATLB: Will, please describe the services that Flashback Data can provide, particularly to an attorney involved in litigation.

FBD: Probably the best known aspect of forensics is the storytelling. A man dies mysteriously and the forensic examiners conduct two autopsies – one on the corpse, and one on the home computer. Toxicology confirms the man died of ethylene glycol poisoning (antifreeze). Forensic testing of the computer recovers 76 previously deleted Google searches made by his wife over the course of seven weeks for things like “symptoms of ethylene glycol poisoning,” “ethylene glycol toxicity” and “C2H6O2 ingestion and death.” That’s a compelling story.

Other times our involvement is less about developing evidence and more about logistics. For example, we’re commonly retained by attorneys to help identify all the places relevant information is likely to exist in a complex technical landscape, or to develop evidence collection strategies that minimize the impact on their client’s business.

Candidly, there’s quite an air gap between law and technology. At the end of the day, when it comes to electronic evidence, we’re the guys who fill it. Our case managers are attorneys and our forensic examiners are technologists with deep court room experience. We’re not vendors. We take pride in giving our clients access to the highest caliber forensics testing in the industry, and we’re presently the only private sector laboratory in the world accredited for digital forensics by the American Society of Crime Laboratory Directors under their International standard – same as FBI and DEA.

ATLB: That sounds like a lot more stuff than we can cover in one setting. Let’s discuss some general topics about what kind of data can be recovered and from which devices, and then, hopefully follow up with another session where we delve into some of the more complicated problems of forensic discovery and data retrieval.

FBD: OK

ATLB: I will give you some topics and you tell me how hard it is to recover this data:
• Internet history from a computer
Internet history is one of the most persistent types of data on the computer. It’s not uncommon for us to recover every URL visited on a computer from the time you first took it out of the box.
• Deleted videos from a DVR
It depends. If the DVR entries were manually deleted, the chance of recovery is high if the device can be forensically imaged before the data is overwritten. Many DVRs are set to overwrite data after a period of time, or when the device is near the limit of its full hard drive capacity. Overwritten data is unrecoverable. By anyone.
• Text messages from a cell phone
Candidly, it depends on the make and model of the phone and how the phone is used. That said, we are still seeing a strong trend of users adopting smartphones like the Blackberry or iPhone. One common thing folks do with smartphones is sync them with a computer. This creates backup files on the computer which, depending on when the backup was created, may contain data that is long gone from the phone. Alternatively, smartphones are essentially small computers, and often their data can be recovered in the same way we recover hard drives.
• Instant messages like gmail chat or AIM
These may be recovered from log files saved to the computer. Difficulty is a function of time. Bottom line is if the data you want gets overwritten with new data, it’s gone.
• Facebook messages or postings
One avenue of recovery is to extract these from internet history. Often this gives us multiple clues as to the content and recipients, and we can use the information to go looking for “shadows” of similar activity. Another thing we can do is attempt to recover the confirmation emails Facebook sends when new entries are made on a user’s wall or new messages are received.
• Twitter tweets on a cell phone or computer
This type of data generally fall into the same category as internet history and internet cache. The content itself will be recoverable for some time (until it is overwritten) and we can extract a fair amount of data simply by looking through the internet history.

• Standard files on a computer hard drive
In answering this, assume that the user has used the commonly available delete function available to the standard user.

FBD: Understanding the recovery of deleted files on a hard drive requires some understanding of how files are stored and referenced. A good analogy once provided to me is that of a school library. If we think of the hard drive as the library, then the files are analogous to the books on the library’s shelves. In a library, a book’s location is referenced in the card catalog. In a Windows environment, a file’s location on the hard drive is referenced in the Master File Table. When we delete a file, we’re not destroying the file’s data. Instead, what happens is the file’s location is marked in the Master File Table as being available to use for new data storage. That’s like pulling a card out of the card catalog and throwing it away – the reference to the book is gone, but the book is still sitting on the shelf (at least until someone takes it down and replaces it with a new book).

Having said all that, “recovering” the deleted file is like walking around the library from shelf to shelf and taking inventory of every book. At some point, we’d learn that there is a book sitting on a shelf in a space that’s supposed to be empty. And we’d find and recover the book.

In addition to above, there are multiple other ways to attempt to recover deleted files, such as through backup copies, temporary copies and/or copies embedded in another data file (e.g., a file attached to an email in an Outlook data file). These are all potential recovery routes.

• Email This
• Print
• Comments
• Trackbacks

Cyber security experts are scrambling to assess the past effects and the potential of a recently detected malware that has targeted utility systems primarily in the Middle East (beginning in Iran) and the United States. Microsoft has named the Trojan intruder “Stuxnet”.

On a very basic level, here is what Stuxnet does:
1. So far, it has targeted a Siemens system (SCADA) used primarily in the operation and control of electric power plants;
2. It has been carried on USB sticks that, when attached to a computer, automatically executes without any further action by a user, even if the AutoRun function is disabled;
3. The Trojan then seeks out and copies certain database information, including power plant designs;
4. Stuxnet exploits a flaw in the shortcut links files in Windows.

Microsoft has issued a work around that essentially turns off the shortcut function and changes the shortcut icons appearance on the screen.

So, if this only targets utility companies, unless you are a utility company or have one as a client, why should you care? Experts surmise that this was created to carry out industrial espionage but the same technique can be used for other targets. It could be used to target other trade secrets, personal financial information, medical records, etc.

We talked to a local security expert and there are reports that Stuxnet or variants are “in the wild” and could be delivered by a manner other than USB sticks via networks and remote web servers.

McAfee alleges that it has a defense against Stuxnet as does Symantec. As we noted in earlier posts (see here and here), these are examples of blacklisting. CoreTrace has demonstrated effectiveness against the intruder by using the whitelisting capabilities of its product Bouncer. See the YouTube video here:  http://bit.ly/bFCEdc.

This attack seems to be much more targeted and much more sophisticated that most of the prior threats and may herald a new age of malware menace.

So, it’s a dangerous cyber world out there. Use protection.
 

• Email This
• Print
• Comments
• Trackbacks

Recently, one of our clients received an email from Chinese domain registration company stating a

 foreign company was attempting to obtain their domain name. Our client, for purposes of privacy we’ll call them “CustomerName,” is a start-up in the process of obtaining a trademark of their company name. This email, although suspiciously spam-like, created some concern and

 confusion for CustomerName. Was this spam? What rights would they have if a foreign company was to use this domain name? What is my recourse?

First things first, it’s important to determine whether something like this is just a “Nigerian Prince” scam. A quick search turned up an article on the domain registration email our client received. The article, by Happy Living with Hosea, provides a great analysis of the drafting of the email. Hosea pointed out things a Chinese company would have likely done differently if this was a legitimate operation. First, it was evident something peculiar was up based on the grammar and punctuation of the email. I’ll be the first to admit I send out letters with grammatical and punctuation errors on a daily basis. However, this one bereel bad! So I feel “it is our duty to notice you” (a little example) of how this poor drafting is a good indicator of a scam. Additionally, had this been one carelessly drafted email that would be one thing, but after some research, it becomes clear this is not an isolated case (just read the comments to the Hosea article).

• Email This
• Print
• Comments (8)
• Trackbacks

Yesterday I wrote about the new domain .CO and the likelihood of success. The .Co Internet S.A.S. (cointernet.co), through its new Top Level Domain (TLD) .CO, is attempting to provide a potential answer for the shrinking number of available domain names. With today’s announcement that ICANN has given its initial approval of the .XXX TLD, it is interesting to ponder what effects this might have on the structure of how we view the internet.

It is no surprise there is no doubt an unbelievable amount of porn related traffic on the internet. In fact, according to Bevan Sabo‘s post “Top 4 Ways Porn Has Advanced the Internet,” Porn has played a large role in the advancement of internet technology. With new domain name availability on .XXX, there is a chance the porn industry might begin to gain some traction in creating an extremely visited popular new TLD. As with the .CO marketing and launch plans could play a major factor in how the domain is perceived and visited.

However, if this new .XXX TLD does gain traction, then other TLDs such as .CO could have their place in a newly divided internet. It’s not an easy feat to garner public attention to these TDLs. How many times have you used the .museum for anything? Porn would have to do something the air-transport industry (.aero), the communications companies (.mobi, .tel), and the travel industry (.travel) could not do – get anyone to type something other than .COM.

If the .XXX TLD is successful, the .COM might take on a catchall TLD role, while other domains might help organize … well, everything. If these divisions occur, instead of just blindly typing in .COM after everything, we might start to think twice. Additionally, if the new domains gain popularity there might be a need for a domain specific search engine or other domain limiting technology.

In the alternative, will the .XXX be a vehicle for limiting free speech? This is not the first time the issue of the .XXX TLD has been visited by ICANN. In May of 2006, the Guardian reported that the ICANN board voted down the creation of the proposed .XXX TLD. Arguments from both sides have valid points and bring up great issues. Will “porn” be forced to the .XXX? Will it then be restricted to persons over 18? Who will enforce that? Would it be constitutional? Only time will tell, but it might be something to keep your eye on.  

• Email This
• Print
• Comments
• Trackbacks

Unless you’ve visited Godaddy.com, NetworkSolutions.com., or some other domain registrar, you might not have heard about the new .co domain about to open to the general public on July 20th. .Co Internet S.A.S. (cointernet.co), made up of Neustar, Inc. and Arcelandia S.A., obtained a license from Colombia to distribute their .co domain worldwide. Demand for the new domain is high. Twitter announced a new service that provides short links with t.co, TechCrunch for its Disrupt conference incorporated a Disrupt.co domain name, and the domain name e.co was purchased in an auction for $81,000. Domain Name Wire provides a great history and summary of the .co topic in their post, the .Co domain Is Coming and inWhere to get the best price for .Co Sunrise and Landrush,

• Email This
• Print
• Comments (2)
• Trackbacks

This is actually Chapter 4 in a rambling dissertation on why the "Cloud" is what it is.

In previous posts (see here, here and here), we have chronicled the evolution of the “Cloud”, Software as a Service and various permutations thereof and labels therefor. So, now that we think we know how we got here, what do we do now? If you are considering the procurement of cloud services and if you have the negotiating clout to request changes to the vendor’s standard contract, you need to consider some additional things to request.

In addition to the general considerations such as price, term, etc., the following are additional considerations to be discussed with the vendor and possibly included in the governing agreement:
1. In most cases, the vendor owns or licenses the software and the customer owns the data. The customer should always have the right to access and move its data, even in an alleged default situation. This is particularly true if the customer is in a regulated industry.
2. What happens if the vendor goes out of business, declares bankruptcy or is acquired? What happens if the acquirer is one of your competitors? The customer should have an exit strategy and the agreement should be compatible with such strategy.
3. How much responsibility or liability will the vendor assume if the systems are unavailable or if your data is lost? What are the backup procedures, business continuity plans and disaster recovery arrangements? Most vendors’ heads would explode if you requested that they be responsible for the value of your lost data but what are the procedures to recover the data, to back it up and protect it and who pays for that?
4. What kind of investment will the vendor make in software upgrades, enhancements and development? A company for which I once worked pledged 5% of its outsourcing revenue to software development and maintenance. Most companies won’t commit to a specified amount or percentage but a purchaser should review their plans and should have some input, through user groups or otherwise, into the direction of software development.
5. What will you use to determine if the software is functioning in the manner that you expected? What are the warranties surrounding such? Most software providers will warrant that the software will perform in accordance with its documentation but you should request that the basics of any functionality found in sales proposals, demos, RFPs or other material used to sell you on the software be part of the warranty.
6. A purchaser should consider whether the vendor routinely conducts a SAS 70 audit and makes the results available.
7. Since the purchaser has less control over the software used in a SaaS situation than in any on-site situation, a reputable vendor should be willing to provide an intellectual property indemnification that will pay for a legal defense (usually the biggest exposure for a user) and should provide an alternative if use of the subject system is enjoined or interrupted in any manner.
8. The escrow of source code, executables and other information necessary to carry on the processing if the vendor goes out of business or becomes unavailable should be considered. In most cases, this makes the user feel better but because of the long lead times involved, may be of marginal benefit.
9. Performance metrics, also called service level agreements (SLA) should be negotiated. Matters that are important to the user should be identified and reflected in the SLAs.
10. The foregoing are fairly standard components of most outsourcing contracts (which the delivery of cloud based software is, even if it is referred to as a software agreement). Perhaps the biggest divergence by Cloud based solutions from standard outsourcing situations is the question of security, the location of the data and the compliance of the system with Gramm Leach Bliley, HIPAA, Sarbanes Oxley and international data transfer restrictions. If the user is a financial institution or subject to HIPAA then the problem becomes particularly acute and addressing those issues in a manner that the benefit of Cloud computing can be realized by regulated entities is a difficult process.

Now that we've looked at the Cloud from both sides now, it may be the Cloud's illusions we recall and that we really don't know the Cloud at all.  Or it may be just that we are out of cheesy cloud references.

• Email This
• Print
• Comments
• Trackbacks

The US Copyright Group is a group formed by a lawfirm in Leesburg, Virginia, which according to their website, is designed to "Save Cinema" from the evils of illegal downloading.  We have mentioned them before in relation to their attempts to involve the internet service providers.  They have filed many lawsuits, primarily in the DC Federal District Court, against multiple defendants, mostly described as "John Does" since they have not as yet definitively identified the defendants.  In a couple of the suits involving the movies The Steam Experiment and Far Cry, they have provided for 2,000 and 4,577 defendant Does, respectively.  They propose to obtain the identities of the alleged infringers through discovery in the suits by getting the "infringers' identities through ISP subpoenas", again according to their website.  They advertise that they do all of this on a contingent fee basis.

Although it has not been specifically determined yet, it is unlikely that all of the alleged defendants live in the DC area, so it would be very difficult for each defendant to appear and defend and conversely, it would be very difficult for each defendant to be sued individually in the area where they live.  You can see why the US Copyright Group has tried to join all defendants in a single case. 

The Rules of Civil Procedure for the DC Court states that defendants can be joined in a single suit if the actions giving rise to the suit arose from the "...same transaction, occurrence or series of transactions or occurrences..." and a question of law or fact common to all the defendants will arise in the case...".

The two cases mentioned above have found their way onto the docket of Judge Rosemary Collyer and she has decided to rule on the issue of joinder of all the defendants.  She has given the plaintiffs until June 21 to show cause why all but one defendant in each case should not be dismissed due to misjoinder.  This could result in the dismissal of 1,999 Does in one case and 4,576 Does in the other.  Hence the bad rhyme in the title of this post.

A couple of public interest groups, including the ACLU, have filed amici curiae briefs on the side of the defendants.  The ruling by the judge in this case will have major ramifications on the nature of these types of cases going forward. 

Incidentally, The Steam Experiment's plot line is "A deranged scientist locks 6 people in a steam room and threatens to turn up the heat if the local paper doesn't publish his story about global warming" and Far Cry is based on a video game.  This is not a commentary on the value of the thing allegedly stolen.

• Email This
• Print
• Comments
• Trackbacks

The federal corruption trial of Ex-Governor of Illinois Rod Blagojevich is set to start this week, but the judge first had to order Blagojevich not to use Twitter from inside the courtroom.  The shameless flamboyant Blagojevich had stated earlier that he planned to "live-tweet" the trial during the proceedings, but the judge was having none of it.

The judge told him that he is still free to tweet and talk to the media all he wants outside the courtroom, but with the warning that everything he says can be used against him in the trial.  No word yet on whether Blago will try to update his Facebook status or "check-in" on Foursquare in the courtroom.  Stay tuned. 

• Email This
• Print
• Comments
• Trackbacks

Last week, we posted an article about some of the ways of protecting a computer or computer network from malicious code.  We discussed primarily methods called "blacklisting" (the more widely used approach) and "whitelisting" (an approach receiving increased attention in recent days).

There is an Austin based company called CoreTrace that features the whitelisting approach.  When we asked, they were kind enough to provide us access to one of their subject matter experts. 

We discussed various aspects of this issue with Greg Valentine, CoreTrace's Director of Technical Sales and Services.  

Pertinent portions of that conversation follow:

ATLB:  CoreTrace’s products are designed to protect computers and networks from viruses, spyware, malware and other harmful stuff. How does it do it and how does that compare to the conventional anti-virus software we regularly see?

Greg:  CoreTrace has a product called “Bouncer”. Bouncer works at the operating system level and allows only the programs or executable code that has been whitelisted by the system administrator through Bouncer to run on that computer. Typical antivirus software works by maintaining a huge database library of virus signatures (which you have to keep up to date) and it attempts to eliminate them by searching a computer’s hard drives, comparing the code it finds on the hard drives to the virus library and then if it finds a match, it eliminates the virus code. There are a few challenges with this type of a defense.
1. This is reactive in nature – By definition, a signature does not exist until someone gets infected.
2. Because it is reactive, antivirus is vulnerable to a ‘zero-day’ attack. This simply means that a ‘bad guy’ can create a new piece of malware and as long as the antivirus companies are not aware of his new virus/worm then they will be blind to it.
3. In order to be protected by antivirus, you must deploy the updated signatures as quickly as possible. This can lead to inadequate testing before pushing out the ‘change’. If the antivirus vendor has made a mistake in their signature update then you could be causing more harm.
a. See McAfee’s recent ‘false positive’ signature update fiasco

ATLB:  You used the term “whitelisting”. What does that mean?

Greg:   At the time it is first installed, Bouncer takes an inventory of the executable programs on the hard drives of the computer and approves each of them to run. It puts them on a “whitelist”, i.e. stuff that is allowed to run. It is called whitelist because the antivirus providers say the stuff in their libraries is on the “blacklist”.

ATLB:  So, if a virus or other malware is present on the machine when Bouncer is first installed, then it will be allowed to run?

Greg:  That’s true, unless it is specifically found and eliminated later. That’s the reason that a good antivirus software should be run before Bouncer is installed or it should be installed in new machines before they are attached to the internet or anywhere else that they could become infected. Should you discover that one of your systems was infected prior to deploying Bouncer, you can rest a little easier at least in the knowledge that the infection will not be able to spread (to any other Bouncer protected computers).

ATLB:  Doesn’t having to authorize every piece of code to run on a system require an inordinately large amount of administrator time?

Greg:  The program takes an inventory of all the programs running on the machine at the time of the installation and thereafter the administrator does not have to be involved. The administrator can ‘pre’-authorize all software from a specific company or with a specific signature and software installed later from that company or with that signature will automatically be whitelisted and allowed to run.

ATLB:  How much computer resources does the CoreTrace system utilize and how does this compare to antivirus software?

Greg:  Our software requires a very small amount of hard disk space for our program. Since it merely prevents unauthorized programs from running, it doesn’t regularly use many computer resources. Antivirus software needs to run on a regular basis to see if any identified malware has been added since the last scan. You may have noticed that when your antivirus software is running its scan, which may last an hour or two, your computer is devoting significant resources to the scan and can have an effect on the capabilities of the computer. Bouncer only needs to check the program as it is launched. This check against the whitelist is extremely fast and does not impact the load time for any whitelisted applications.

ATLB:  How often is your software updated?

Greg:  Except for enhancements and upgrades to the program for operational purposes, our software does not need to be regularly updated. Since our method of operation is to keep anything but authorized programs from executing, we don’t have to continually seek out new viruses and add them to our database. Because of this method, we can never be behind when a new virus comes out, because regardless of the sophistication or newness of the virus signature, it can be deposited on the computer’s hard drive but because it is not authorized, it simply can’t harm the computer or its contents. Compare that to antivirus databases that are required to be updated constantly on a real time basis and must necessarily contain millions of virus signatures and sometimes can only catch a virus after it has infected a number of machines, if the virus doesn’t match their database.

ATLB:  Is there a version for single workstations or computers?

Answer:  Not yet. Right now, our program is only deployed on an enterprise basis.
 

• Email This
• Print
• Comments
• Trackbacks

The recent McAfee debacle, which we detailed here, has once again brought into focus the problems inherent with protecting a computer or computer network from code designed to have a non-optimum effect on such computer or network.
Since the early 1970s, when a virus called Creeper was created and introduced into ARPANET, the precursor to the internet, anti-virus software and other means of combating viruses have been created. The code to combat Creeper was called Reaper and so, the dance began.
Viruses are probably better referred to generically as malicious code, which includes a broad range of things including attack scripts, viruses, worms, Trojan horses, backdoors, malicious active content, malware, adware, spyware and many other names.
Malicious code is designed to do a variety of things, including crippling or disrupting computer operations, stealing information, perpetuating pranks and allowing unauthorized intrusions.
As soon as viruses started creating havoc, people started looking for a way to combat them. Shortly thereafter, other people (particularly those who depended on some other people for computer resources or storage) begin to question such people’s response to the virus problem. Then, lawyers got involved (there’s always a silver lining) and suits were brought alleging that not enough was done to protect the computer resources against invasion, whether to steal information, create havoc, generally be a pain in the hard drive or a combination of all.
Although the law is still developing in this area, it is plain that the application of commonly applied negligence principles will require at least a reasonable amount of protection against intrusion and malicious code.
There are two basic approaches to combating such threats and they are generally referred to as “blacklisting” and “whitelisting”. Blacklisting is the most commonly used method and it involves developing a huge database of virus signatures and checking each transmission to and from a computer for such signatures and routinely scanning the storage areas of such computers for evidence of malicious code.  The database needs to be continually updated and entirely new stains of viruses must be recognized and negated after they are released into the wild.
Whitelisting takes the approach of initially scanning drives for their contents and then not allowing anything else to run on that computer unless it is specifically approved. This method does not depend on scanning after the initial scan and does not have to be updated. New virus strains are of no concern as they may reside on the computer but will not be allowed to execute.
You can expect that the issue will arise in some case as to whether one method is better than the other and if the other method is available, was it negligence not to employ such method?
In a subsequent edition, we will post an interview with CoreTrace, a local company that markets the “whitelisting” approach.
 

• Email This
• Print
• Comments (3)
• Trackbacks

Here at ATLB, we have previously discussed Apple restricting the programming tools that could be used to create Apps for the iPhone and the iPad.  Most notably, Flash based programs were restricted which sparked a PR war between Apple and Adobe.  Now it appears that the FTC is seriously considering whether to look into these potentially anti-competitive practices.  

The Federal Trade Commission and the US Justice Department, which enforce US antitrust law, are each looking into Apple’s restrictions. No decision has been made to move forward with an official investigation.

“What they’re [Apple] doing is clearly anticompetitive ... They want one superhighway and they’re the tollkeeper on that superhighway,” said David Balto, a former policy director for the commission.

It should be noted that only an inquiry has been mentioned as opposed to a full-scale investigation.  There will still need to be hearings and further discussion before an investigation is launched.  But at the very least, this will provide Adobe with ammunition in its ever-escalating PR battle against Apple and Steve Jobs. 

• Email This
• Print
• Comments
• Trackbacks

UPDATE:  In an effort to calm the waters, McAfee has offered to be responsible for "reimbursing reasonable expenses" for the cost of repairing the problems caused by the release of their glitch.  They are also proposing free extensions to existing, affected subscriptions.  This comes from a posting on their website and they promise to post details soon.  Whether this will calm the hordes with the torches and pitchforks at Mcafee's doors, only time will tell.

Original Post:

"Primum non nocere" [First do no harm] is attributed loosely to the Hippocratic Oath that doctors are taught.  Antivirus creators should have it embroidered on their pocket protectors.

Yesterday I was heavily into the creative process of preparing another post for this blog, which, ironically (or coincidentally, I can never determine), was to be about an antivirus protection method called "whitelisting".  Theoretically, if I had been using whitelisting, this post would not be pertinent. But that is the subject of the post that I never completed but which will appear at a later time.

Suddenly, upon having to reboot, my task bar disappeared, my computer couldn't recognize my wireless card and all sorts of other mischief ensued.  Constant rebooting and repetitive cursing did not help. OK, I surmised, my trusty old Dell Latitude, circa 2004, had finally given up the ghost after many years of hard use and diligent service.

However, news soon surfaced that this was an inside job.

• Email This
• Print
• Comments
• Trackbacks

Although not strictly a technology related matter, all business and organizations that provide products and services to their customers and then bill them later should be aware that the Federal Trade Commission has a “Red Flag” rule that goes into effect (after several delays) on June 1, 2010.
You should first determine if your business is covered by this rule. If your business is covered, this rule provides that you must implement a written Identity Theft Prevention Program that is designed to detect the warning signs (hence “Red Flags”) of identity theft.
A copy of the rule may be found here. However, a shorter, more user friendly version may be found here.  Businesses that are at low risk for identity theft (e.g. you know your client individually, such as a neighborhood medical practice; you provide services around the home, such as a cleaning or lawn service; or your business has a low incident of identity theft) may implement a do-it-yourself program by following a FTC approved template that can be found here.
There is no private right of action under the rule (i.e. your customers may not sue you under the rule), however, they could complain to the FTC and the FTC can seek civil penalties (up to $3,500 per violation) and injunctive relief.
 

• Email This
• Print
• Comments
• Trackbacks

Apple has recently changed their license agreement to exclude Flash language programs and Flash to iPhone Compilers. This has created a great deal of buzz in the app development world. The i-Phone Developer Program License Agreement set out by Apple was modified to exclude such Flash related programs when the agreement was edited to include:

3.3.1 — Applications may only use Documented APIs in the manner prescribed by Apple and must not use or call any private APIs. Applications must be originally written in Objective-C, C, C++, or JavaScript as executed by the iPhone OS WebKit engine, and only code written in C, C++, and Objective-C may compile and directly link against the Documented APIs (e.g., Applications that link to Documented APIs through an intermediary translation or compatibility layer or tool are prohibited).

This added language has caused an uproar in the app development community. As John Gruber, at Daring Fireball explains,“… cross compilers, such as the Flash to iPhone Compiler in Adobe’s upcoming Flash Professional CS5 release, are prohibited."

• Email This
• Print
• Comments
• Trackbacks

Almost everyone has a Michael Scott or a Dwight Schrute in their office, and if you’re not sure you do, just be glad there aren’t cameras following you around all day because you’re likely that guy. Everyone at one time or another has had a frustrating time with their boss or coworker. However, we’re not all clever enough to make that situation funny enough to watch on a Thursday night. Most of the time, if we want to relieve some of that job-related stress we go to a trusted friend or colleague to vent, but what if we could tell our boss what we think … and do it anonymously?

The folks at Unvarnished are working on giving you just such a venue. Unvarnished has been described as a Yelp for individuals, in that, you can leave comments and rate someone’s work performance. However, when a commenter leaves a remark on your page not only is the commenter anonymous, but good luck trying to get that comment taken down. The review by Mr. Anonymous will stay up on Unvarnished until he or she decides to take it down and because of web archives will be on the internet basically forever.

• Email This
• Print
• Comments
• Trackbacks