Apple granted patent on capacitive multitouch displays

It's not the mythical pinch-to-zoom patent, but the USPTO just granted a fairly broad Apple patent on capacitive multitouch displays. US Patent #7,663,607 describes a "transparent capacitive sensing medium configured to detect multiple touches" by way of two sandwiched layers of conductive lines hooked up to an appropriate circuit, and also covers a specific type of multitouch display with a similar two-layer capacitive sensor made of glass. Now, there are certainly other types of capacitive sensors out there, so this isn't a total lockdown, but it's certainly one more arrow in Apple's patent quiver, and at the very least it should spur some interesting developments as competitors try to design around it. We'll see how it shakes down.

War With Apple Will Push Google to $300

Google (GOOG) is in trouble. One can forecast that the next 24 months will take this stock back to its first year IPO levels of $300 a share. They’ve ruffled the wrong feathers. When I hear Apple (AAPL) CEO Steve Jobs mention that he feels betrayed by Google CEO Eric Schmidt and when I see Apple go out and buy their own mobile advertising firm I begin to question Google’s future growth prospects. Apple’s Quattro is coming, it’s going to be revolutionary, and it’s going to be the most important contributor to Google’s demise. But it won’t be the only contributor. With Google it’s a matter of picking their poison:

1- Leadership. This company is running like a chicken with its head cut off. CEO Eric Schmidt is flying solo without the help of founders Larry Page and Sergey Brin who are actually selling shares themselves. Not exactly a ringing endorsement from the innovators.

2 - Profitable Innovation. In a rapidly changing landscape of mobile innovation, Google is having difficulty making money on anything other than its core desktop search business. Desktop search advertising was a great business to be in during decade 2000 but its growth now looks limited because of the shift towards mobile computing. Schmidt knows they are vulnerable which explains why we hear about yet another Google experiment on a weekly basis. Last week it was Google broadband. This week it’s Google TV. It’s all a big joke. Even Android is a joke. The recent market share gains from Android are misleading because it suggests Google is making money when all they’ve really done is give it away for free. Investors are ready to see profits beyond desktop advertising. 24 months from now, desktop Internet surfing will be in dramatic decline.

3 - Mobile Search Competition. Mobile versions of Twitter, Facebook, and Bing will give Google a run for their money. And I would not bet against Steve Jobs and Quattro. The problem for Google is that the mobile Internet relies on applications rather than websites. Apple controls more than half of the mobile Web market share and Google is one Steve Jobs decision away from being left out of the Apple ecosystem. This makes Google extremely vulnerable. Sources from BusinessWeek revealed that Steve Jobs hopes to ‘overhaul mobile advertising in the same way they had revolutionized music players and phones.’ Appleinsider reported that


Specifics at the moment are not known, but a number of potential approaches were offered: Apple could rely on user data collected through iTunes and the App Store, along with geo-location technology due to GPS in the iPhone, to create targeted, local advertisements that would be more relevant to consumers. The company could also utilize gimmicks, such as having users shake their iPhone to win a prize. “Some developers have profited by embedding ads in their apps, but the payments tend to be insignificant since the ads are usually smaller, less effective versions of their Web banner forms," the report said. "According to a source familiar with his thinking, Jobs has recognized that 'mobile ads suck' and that improving that situation will make Apple even harder to beat."


4 - Brand Trust. Nexus One was a disaster on so many levels. Google rushed the product to market without customer service. Google rushed the product to market and the trademark application was subsequently denied by the United States Patent and Trademark office. Google rushed the product to market and caught all of their Android partners off guard who never thought Google would come out with their own phone to compete. Now do you understand why I compare this company to a chicken running with its head cut off? While Apple spent years securing patents to protect the intellectual property of the iPhone, Google is late to the game and is running scared. How much money will consumers invest in Android apps when they know Google offers no Tablet and might not continue with the Nexus One? Whereas you go with Apple and you know that your apps and iTunes library will work on your iPod, iPhone, iPad, and next year they’ll probably work on the iTV as well.

5 - China. This China thing has been catastrophic for Google. After struggling to gain any share from Baidu (BIDU), Google is out of a country that has more Internet users than the U.S. has people. Not good. Especially if they had any aspirations of growing their Chinese Android platform.

Desktop search advertising is Google’s bread and butter. Two years from now the landscape will be completely different. Investors will look at Google as a declining search market share story. That’s not a good thing when your stock is priced near $600 a share. Google reminds me of Research in Motion (RIMM) two years ago. Back then everyone assumed RIMM was untouchable as well. The problem is, when you go to war against Apple you better be more than a one trick pony.

Google is scrambling to come up with a family of products similar to Apple but it simply is not in their company DNA. They do search, that’s it. Their software is profitless and their hardware is copycat. I’m not saying that Google is going to disappear but I am saying that their days of high growth are over and that means the stock is doomed over the next 24 months. Investors might make more on Google puts than on Apple calls.

Disclosure: Long aapl, short goog

IE8 outperforms competing browsers in malware protection

A recently released study by NSS Labs is once again claiming that based on their internal tests, Microsoft’s Internet Explorer 8 outperforms competing browsers like Google’s Chrome, Mozilla’s Firefox, Opera and Apple’s Safari in terms of protecting their users against “socially engineered malware” and phishing attacks.


Not only did IE8 top the chart, but also, the rest of the browsers have in fact degraded their “socially engineered malware” and phishing block rate in comparison to the results released by the company in the March’s edition of the study.

How objective is the study? For starters, it’s Microsoft-sponsored one. Here’s how it ranks the browsers:

Socially engineered malware block rate:

Microsoft Internet Explorer v8 - 81% block rate
Mozilla Firefox v3 - 27% block rate
Apple Safari v4 - 21% block rate
Google Chrome 2 - 7% block rate
Google Chrome 2 - 7% block rate
Phishing attacks block rate:

Microsoft Internet Explorer v8 - 83% block rate
Mozilla Firefox v3 - 80% block rate
Opera 10 Beta - 54% block rate
Google Chrome 2 - 26% block rate
Apple Safari v4 - 2% block rate

What is “socially engineered malware” anyway?

Basically, it’s the direct download dialog box that appears on a, for instance, scareware or Koobface video page spoofing Facebook’s layout, like the one attached. using “socially engineered malware” as a benchmark for malware block rate isn’t exactly the most realistic choice in today’s threatscape.

And even if it is, some pretty realistic conclusions can be drawn by using some internal traffic statistics from Koobface worm’s ongoing malware campaigns. The Koobface worm, one of the most efficient social engineering driven malware, is a perfect example of how security measures become obsolete when they’re not implemented on a large scale.
The stats themselves:

- MSIE 7 - 255,891 visitors - 43.33%
- MSIE 8 - 189,380 visitors - 32.07%
- MSIE 6 - 76,797 visitors - 13.01%
- Javascript Enabled - 585,374 visitors - 99.13%
- Java Enabled - 576,782 visitors - 97.68%

What does this mean? It means that with or without the supposedly working “socially engineered malware” block filter using a modest sample of several hundred URLs, the Koobface botnet is largely driven by MSIE 7 users. The previous edition of the study dubbed IE7 a browser which “practically offers no protection against malware” with the lowest block rate achieved back than - 4%.

Just like the previous edition of the study, this one also excludes the notion that client-side vulnerabilities continue contributing to the “rise and rise” of web malware exploitation kits. By excluding client-side vulnerabilities, the study isn’t assessing IE8’s DEP/NX memory protection, as well as omitting ClickJacking defenses and IE8’s XSS filter, once pointed out as a less sophisticated alternative to the Firefox-friendly NoScript.

Socially engineered malware is not the benchmark for a comprehensive assessment of a browser’s malware block rate. It’s a realistic assessment of the current and emerging threatscape combined with comprehensive testing of all of the browser’s currently available security mechanisms, a testing methodology which I think is not present in the study.

About-face: Apple patches Safari ‘carpet bombing’ bug

In what amounts to a major about-face, Apple has patched the Safari “carpet bombing” vulnerability that led to a Safari-to-Internet Explorer remote code execution combo threat.

After insisting for weeks that the issue is more of an irritant than a security risk, Apple today released Safari v3.1.2 for Windows with a patch warning that saving untrusted files to the Windows desktop may lead to the “execution of arbitrary code.”

From Apple’s advisory:

An issue exists in how the Windows desktop handles executables. Saving an untrusted file to the Windows desktop may trigger the issue, and lead to the execution of arbitrary code. Web browsers are a means by which files may be saved to the desktop. To help mitigate this issue, the Safari browser has been updated to prompt the user prior to saving a download file. Also, the default download location is changed to the user’s Downloads folder on Windows Vista, and to the user’s Documents folder on Windows XP. This issue does not exist on systems running Mac OS X.

The bulletin cites Microsoft’s security advisory on the combo-threat discovered by researcher Aviv Raff.

Safari v3.1.2 for Windows, available for Windows XP and Vista, also fixes at least three additional vulnerabilities that could lead to information disclosure and code execution attacks.

One of the other three bugs also describes a combo threat that goes the other way – Internet Explorer to Safari:

Visiting a malicious website which is in a trusted Internet Explorer zone may lead to the automatic execution of arbitrary code
Description: If a website is in an Internet Explorer 7 zone with the “Launching applications and unsafe files” setting set to “Enable”, or if a website is in the Internet Explorer 6 “Local intranet” or “Trusted sites” zone, Safari will automatically launch executable files that are downloaded from the site. This update addresses the issue by not automatically launching downloaded executable files, and by prompting the user before downloading a file if the “always prompt” setting is enabled.

The IE-to-Safari threat was reported by Will Dormann of CERT/CC .

The browser refresh also plugs a memory corruption issue in WebKit’s handling of JavaScript arrays. “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution,” Apple warned.

The fourth vulnerability is an out-of-bounds memory read that may occur in the handling of BMP and GIF images.