Slashdot

Antivirus has been around for more than 20 years. But do you still need it to protect yourself today? From a report: In general, you probably do. But there are caveats. If you are worried about your iPhone, there’s actually no real antivirus software for it, and iOS is engineered to make it extremely difficult for hackers to attack users, especially at scale. In the case of Apple’s computers, which run MacOS, there are fewer antiviruses, but given that the threat of malware on Mac is increasing ever so slightly, it can’t hurt to run an AV on it. If you have an Android phone, on the other hand, an antivirus does not hurt — especially because there have been several cases of malicious apps available on the Google Play Store. So, on Android, an antivirus will help you, according to Martijn Grooten, the editor of trade magazine Virus Bulletin. When it comes to computers running Windows, Grooten still thinks you should use an AV. “What antivirus is especially good at is making decisions for you,” Grooten told Motherboard, arguing that if you open attachments, click on links, and perhaps you’re not too technically savvy, it’s good to have an antivirus that can prevent the mistakes you may make in those situations. For Grooten and Simon Edwards, the founder of SE Labs, a company that tests and ranks antivirus software, despite the fact that Windows’ own antivirus — called Defender — is a good alternative, it’s still worth getting a third-party one. “Even if [Defender] wasn’t the best and it isn’t the best, it’s is still a lot better than having nothing,” Edwards told Motherboard. Yet, “we do see a benefit in having paid for AV product.”

An anonymous reader quotes a report from Motherboard: This week, U.S. Cyber Command (CYBERCOM), a part of the military tasked with hacking and cybersecurity focused missions, started publicly releasing unclassified samples of adversaries’ malware it has discovered. CYBERCOM says the move is to improve information sharing among the cybersecurity community, but in some ways it could be seen as a signal to those who hack U.S. systems: we may release your tools to the wider world. On Friday, CYBERCOM uploaded multiple files to VirusTotal, a Google-owned search engine and repository for malware. Once uploaded, VirusTotal users can download the malware, see which anti-virus or cybersecurity products likely detect it, and see links to other pieces of malicious code. One of the two samples CYBERCOM distributed on Friday is marked as coming from APT28, a Russian government-linked hacking group, by several different cybersecurity firms, according to VirusTotal. Those include Kaspersky Lab, Symantec, and Crowdstrike, among others. APT28 is also known as Sofacy and Fancy Bear. The malware itself does not appear to still be active.

A new study conducted at the University of Innsbruck in Austria finds that people who drink their coffee black often has psychopathic or sadistic traits. The study surveyed more than 1,000 adults about their taste preferences with foods and drinks that are bitter. They also took four different personality tests that assessed traits like narcissism, psychopathy, sadism, and aggression. From a report: Researchers found a trend that suggested a correlation between preferences for black coffee, and other bitter tastes, and sadistic or psychopathic personality traits. They also found that people who enjoyed milky or sugary coffee, and other sweet flavors, generally tended to have more “agreeable” personality traits like sympathy, cooperation, and kindness. The closest correlation found in the study was between bitter foods, like radishes and tonic water, and “everyday sadism,” or the enjoyment of inflicting moderate levels of pain on others. The researchers went further, suggesting that this association between bitter foods and psychopathic tendencies could "become chronic" and get worse with time.

Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history. “The restitution hinges on federal court approval of a settlement filed late Monday in a 2-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries that occurred in 2013 and 2014, but weren’t disclosed until 2016,” reports ABC News. From the report: Claims for a portion of the $50 million fund can be submitted by any eligible Yahoo accountholder who suffered losses resulting from the security breach. The costs can include such things as identity theft, delayed tax refunds or other problems linked to having had personal information pilfered during the Yahoo break-ins. The fund will compensate Yahoo accountholders at a rate of $25 per hour for time spent dealing with issues triggered by the security breach, according to the preliminary settlement. Those with documented losses can ask for up to 15 hours of lost time, or $375. Those who can’t document losses can file claims seeking up to five hours, or $125, for their time spent dealing with the breach. Yahoo accountholders who paid $20 to $50 annually for a premium email account will be eligible for a 25 percent refund. The free credit monitoring service from AllClear could end up being the most valuable part of the settlement for most accountholders. The lawyers representing the accountholders pegged the retail value of AllClear’s credit-monitoring service at $14.95 per month, or about $359 for two years — but it’s unlikely Yahoo will pay that rate. The settlement didn’t disclose how much Yahoo had agreed to pay AllClear for covering affected accountholders.

A peer-reviewed study [PDF] of almost one million Android apps has revealed how data from smartphones are harvested and shared, with nearly 90 percent of apps set up to transfer information back to Google. From a report: Researchers at Oxford university analysed approximately a third of the apps available in Google’s Play Store in 2017 and found that the median app could transfer data to 10 third parties, with one in five apps able to share data with more than 20. This year has seen unprecedented scrutiny over how websites use the data they collect from their users, but little attention has so far been paid to the sprawling and fast-growing world of smartphone apps. Reuben Binns, the computer scientist who led the project, said that because most apps have now moved to a “freemium” model, where they make revenues from advertising rather than sales, data sharing has spiralled out of control. Users, regulators and sometimes even the app developers and advertisers are unaware of the extent to which data flow from smartphones to digital advertising groups, data brokers and intermediaries that buy, sell and blend information, he said. “This industry was growing already on the web… when smartphones came along, that was a new opportunity,” he said. “It feels like this legitimate business model has gone completely out of control and created a kind of chaotic industry that is not understood by the people who are most affected by it.”

As automotive companies shift their focus to software and services in the pursuit of self-driving cars, the impact to large manufacturing cities like Detroit could be drastic. The Wall Street Journal explores this “transformation without precedent” and poses the question: will tech leave Detroit in the dust? From the report: Auto makers point out that they have one advantage that newcomers to the industry don’t: vehicles. “Ultimately, you can have the best services platform there is, but if you don’t have the vehicles to operate on it, that won’t do you much good,” said Sam Abuelsamid, a senior analyst with Navigant research. “That’s where the manufacturers have an ace in the hole.” Many analysts believe businesses like Uber and Alphabet’s self-driving tech subsidiary Waymo won’t have the appetite to get into the low-margin, capital-intensive business of car manufacturing. Some auto executives say they can hold on to their roles as hardware providers while also tapping into the growth of more-profitable services. Mr. Stackmann said VW can earn millions more customers than it currently has by offering transportation as a service through a network of connected cars. “They talk about scalability, but where is the added value from Uber?” he said. “We have a technical foundation and will build connectivity into our vehicles to connect them and our customers to our ecosystem. In the long term, the question will be: Why do you need Uber?”

Microsoft is including Google’s mitigation for the Spectre Variant 2 speculative execution side-channel attack in the next release of Windows 10, currently codenamed 19H1. ZDNet reports: Google developed a software-based mitigation for Spectre Variant 2 called Retpoline that constrains speculative execution behavior sufficiently to mitigate an attack. Google’s testing found its fix had a negligible effect on performance. Retpoline was implemented by Linux distributions such as Red Hat and SUSE, as well as by Oracle for Oracle Linux 6 and 7. And now, as MSPoweruser spotted, Microsoft’s kernel engineers have confirmed that Retpoline will be part of the next version of Windows 10, 19H1, which is due out next year. Google’s Retpoline plus Microsoft’s own kernel modifications have reduced the performance impact to “noise level”, according to Mehmet Iyigun of Microsoft’s Windows and Azure kernel team. “Yes, we have enabled Retpoline by default in our 19H1 flights along with what we call ‘import optimization’ to further reduce perf impact due to indirect calls in kernel-mode. Combined, these reduce the perf impact of Spectre v2 mitigations to noise-level for most scenarios,” wrote Iyigun. “The bad news is that Microsoft didn’t include the Retpoline fix in the latest Windows 10 October 2018 Update Redstone 5, or RS5, release, even though, according to CrowdStrike researcher Alex Ionescu, it could have,” reports ZDNet.

An anonymous reader quotes a report from Gizmodo: Sensitive information belonging to roughly 75,000 individuals was exposed after a government healthcare sign-up system got hacked, the Centers for Medicare & Medicaid Services (CMS) said on Friday. The agency said that “anomalous system activity” was detected last week in the Direct Enrollment system, which Americans use to enroll in healthcare plans via the insurance exchange established under the Affordable Care Act — also known as Obamacare. A breach was declared on Wednesday. It’s unclear why the agency, which is part of the U.S. Department of Health and Human Services, chose to not announce the incident sooner. Officials said the hacked portal is used by insurance agents and brokers to help Americans sign up for coverage and that no other systems were involved. The affected system has been disabled. CMS said it hoped to restore it before the end of next week. “I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted,” CMS Administrator Seema Verma said in a statement. “We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”

The Wi-Fi Alliance said Wednesday it was rebranding the “802.11” Wi-Fi standards that have long served as a source of potential confusion for users. From now on, said the Wi-Fi Alliance, the current 802.11ac standard will be known as Wi-Fi 5, while its successor 802.11ax will be known as Wi-Fi 6. From a report: In the past, Wi-Fi versions were identified by a letter or a pair of letters that referred to a wireless standard. The current version is 802.11ac, but before that, we had 802.11n, 802.11g, 802.11a, and 802.11b. It was not comprehensible, so the Wi-Fi Alliance — the group that stewards the implementation of Wi-Fi — is changing it. All of those convoluted codenames are being changed. Now, instead of wondering whether “ac” is better than “n” or if the two versions even work together, you’ll just look at the number. Wi-Fi 5 is higher than Wi-Fi 4, so obviously it’s better. And since Wi-Fi networks have always worked together, it’s somewhat clearer that Wi-Fi 5 devices should be able to connect with Wi-Fi 4 devices, too. Now that the retroactive renaming is done, it’s time for the future. If you’ve been closely following router developments over the past year (no judgments here), you’ll know that the next generation of Wi-Fi is on the horizon, with the promise of faster speeds and better performance when handling a multitude of devices. It was supposed to be called 802.11ax, but now it’ll go by a simpler name: Wi-Fi 6. The Wi-Fi Alliance says that it expects companies to adopt this numerical advertising in place of the classic lettered versions.

At its Ignite 2018 conference, Microsoft said that Windows 10 has been installed on over 700 million active devices. Neowin reports of the confusion around this estimate, noting that “the last milestone was 600 million active devices” announced on November 29, 2017, nearly 10 months ago. From the report: If you follow Windows 10 news, this might not even seem like a major development. That’s because the firm’s communication around this has been wildly inconsistent. It started off when Windows and Devices chief Terry Myerson announced that he’s leaving Microsoft, and he wrote in a farewell letter that Windows 10 is installed on nearly 700 million active devices. That was almost six months ago. At the firm’s Build conference in May and at the Insider Dev Tour in July, Microsoft announced that Windows 10 is installed on over 700 million devices, only to retract those statements later on and say they were mistakes. But today after almost six months of “nearly 700 million”, Windows 10 is officially installed on over 700 million devices.