According to a Starhub FAQ list, the service does not track individual Internet usage patterns. The service “simply redirects queries to non-existing domain names to a useful search results page instead of a cryptic error message page or browser-defined page”. Users can also choose to opt out of the service at a preferences page.

What Starhub is effectively doing is DNS hijacking, a controversial practice that has led to security breaches by hackers. Some ISPs in the United States have had their users open to cross-site scripting attacks due to lax Web programming techniques by some search partners.

In 2003, Verisign also directed users to paid search results, a move which led to an investigation by the Internet Corporation for Assigned Names and Numbers (ICANN).

Among its findings, ICANN noted that DNS redirection “disturbed a set of existing services that had been functioning satisfactorily. Names that were mistyped, had lapsed, had been registered but not delegated, or had never been registered in DNS were resolved as if they existed.

“As a consequence, certain e-mail systems, spam filters and other services failed resulting in direct and indirect costs to third parties, either in the form of increased network charges for some classes of users, a reduction in performance, or the creation of work required to compensate for the consequent failure”.

Take a look at a current one involving free iPads for beta testing :

The difficulty lies in telling whether a freebie giveaway is a scam sometimes. Some are scams, and some are supposedly real contests giving out free iPads, like the one here at freeipadgear.

When in doubt, it’s probably wise to reconsider: If it’s too good to be true, it probably is.

The anti-virus (AV) market is increasingly getting to be a difficult business for market incumbents.

The top players in this space — notably Symantec’s Norton and McAffee, followed by Trend Micro — have seen their market shares taken on by a slew of smaller competitors in the market, including Kaspersky Labs, ESET, Panda, AVAST and AVG, amongst others.

What’s more interesting is that some of these AV solutions from these smaller firms are good, and might even be better than the incumbents, if you can believe the latest anti-virus comparisons released by Anti-Malware Test Labs just about a week ago. Anti-Malware Test Labs is a Russian independent security research firm that is not affiliated to any software vendor, and has shared AV comparison tests with the public since 2007.

According to them, both DrWeb and Kaspersky, both Russia-based AV solutions, topped the list of the 17 AV software vendors. More than half the vendors flunked the comparison test as they didn’t defend against enough virus attacks in the testing.

The results, especially if you delve into the methodology, seem quite vigorous. Although to an observer like me far away it’s interesting to see that two Russian anti-virus firms topped the list.

Another interesting tidbit I spotted: Microsoft Security Essentials clocked in at second place (tied with Czech-based AVAST), which isn’t bad in terms of performance. Now, with Microsoft throwing their weight into this area and offering their security solutions for free, this is really going to put the squeeze on the AV space. No wonder the old guard software security firms are fleeing this area, and are looking at new pastures.

In any case, if you’re looking to purchase an anti-virus solution it makes sense to check out Anti-Malware Test Lab, AV-Comparatives.org, VB100 or ISCA Labs, which are some independent AV and security testing research firms in this space.

What’s an anti-virus security software company like Trend Micro got to do with clouds?

Well, they believe that the next big IT disruption will be cloud computing. Moving into security for clouds is thus a necessary evolution path for the 21-year old software security company.

After their Asia Pacific media day conference in Macau today this point was made really clear. Let me explain.

Customers rightly expect the software they’ve bought to just work. Security should be baked into the product rather than bolted on as an additional cost. The good news is that we’re moving towards this trend, e.g. operating systems bundled with anti-virus and firewalls, etc.

Thus, security companies are getting bought up left and right by telcos, networking companies, software giants and middleware players (e.g. Microsoft, Oracle, Google) and incorporated into the IT infrastructure.

However, as a mid-sized IT software MNC in the security space, what are your plans? Hope to get bought out, ride the market on existing products, or try to carve up new territories to play in?

Trend Micro chose the later. With the anti-virus software business becoming an evolutionary dead-end in the future that will not provide much growth, why not use this time to bridge out into new markets?

Cloudy with a chance of striking the jackpot

For Trend Micro, they believe it lies in security for clouds (both private and public).

In April last year, Trend Micro acquired Third Brigade, one of the pioneers that looked at providing security for the nascent cloud industry. According to CEO Eva Chen, they had been reselling Third Brigade’s solutions for about eighteen months before deciding to acquire the company. Third Brigade does a lot of work with VMWare to provide security solutions to their virtualization platforms, and this seems like a sound business model (virtualization is a no-brainer, as I’ve said before).

I talked to Oscar Chang, the Chief Development Officer and R&D head honcho at Trend, about the recent acquisitions in the last two years their competitors were making, like Symantec buying MessageLabs and McAffee buying MXLogic, both email SaaS security players.

His comment was simply “We looked into it, but do we really want to do just email?” His fervant belief is that as we move into a world where more apps get virtualized into clouds, companies will start to outsource their apps elsewhere. Including things like email, which is just one example of an app. So rather than concentrate on one app, look at the broader underlying trends — virtualization and clouds.

I buy the vision, and I think Trend Micro has a good read on the long term trends. Kudos to them for also trying to stake a thought leadership position (hence the media day!) in this area.

However, short term, it won’t be that smooth of course. The market is not yet ready, and needs time to mature. Trend Micro’s anti-virus business and the cloud security business doesn’t seem to have any synergy, and probably needs to be run separately (with different channel partners, etc.)

Another interesting point: CEO Eva Chen believes that a lot of cloud infrastructure will be driven by government investment. In particular, by Asian countries like China, because a national cloud infrastructure will be immensely useful to tech start-ups and SMBs.

And being an Asian MNC that is headquartered in Tokyo, she believes that Trend Micro has a good understanding of the geography and culture of the region. Food for thought.

ETW is the second game I have reviewed this month that also needs a Steam log-in, and therefore Internet access, to activate and play the game, even if you are just up against the computer AI.

This is a big problem for users who do not have regular broadband access as it can take several hours just to update the first round of patches, and that’s on my 100 Mbps line. After you activate the game for the first time via Steam, you can choose to run the game in “offline” mode which then lets you run the game without Net access but you will still need to have the game updated to the latest patch for this to run. In other words, you cannot quite play a Steam-enabled game without Net access.

The good thing about Steam is that it handles all your game patches automatically so your game is always updated to the latest patches. Steam is also a form of anti-piracy tool since you always have to log-in before you start the game. The really cool thing about Steam however is that you all the games you have purchased, whether as a direct download or from retail shops, can be downloaded into any other PC although you can only play on one at a time.                

However, that is exactly the case with the just-released Dawn Of War 2 (DOW2).

As I was tearing the shrinkwrap off the box of this THQ-published title, I was surprised to see these words in red: Internet Connection Required.

Initially, I thought it just needed me to activate the game over the Internet, which is common for games and business software today to combat piracy.

It turns out that I could not even launch the game without logging on to Steam, a games download and online multiplayer game-matching service. It is also used as an authentication system to fight piracy.

Which brings us to the real reason why you are being asked to log in to Steam before you run the game: THQ wants to protect its game from the unbridled world of piracy.

In the past, only games released by Valve – Steam’s owner – would make use of Steam. Titles included Half Life 2 and the recent Left 4 Dead. And now, DOW2, of course.

THQ is certainly not the first to take this anti-piracy path. Electronics Arts wanted to limit each copy of Spore to three installations and later increased it to five after the gaming community complained.

At first sight, these moves seem to make sense because the PC games business, like the music CD business, is being torn asunder by illegitimate copying. Scores of games publishers now will only fund “cross-platform” games which can be released on PC, Xbox 360 and the PlayStation 3.

Console games are growing because they are harder to pirate and users do not have to keep upgrading their graphics cards and processors and download the latest drivers to make sure their new PC game will run on their old machine.

According to a Pricewaterhouse Coopers report titled Entertainment And Media Outlook 2008-2012, consumers worldwide spent

US$24.9 billion (S$38.15 billion) on console games in 2007. However, the figure was only US$3.8 billion on PC games.

There is a legitimate workaround – you need to log-in to Steam and then keep it running in your computer in offline mode. However, you would still need to log in first for the very first time. Plus, it is not apparent that you can do this so I had to trawl the Internet to find the solution.

It is also hard to pass the game to my friend because my Steam account is locked to the unique activation code in my copy of the game. Therefore, I would have to share my personal user ID and password with my friend for him to be able to play my copy of the game. And when the game servers are full on Steam, I can’t log-in.

The irony is that these games will get hacked anyway and the hacked versions will run without all the copy-protection inconveniences.

Why is THQ making it so inconvenient for legitimate buyers who are forking out good money instead of downloading it illegally? Won’t this just alienate the real supporters of the PC games industry and tip the fence-sitters to the side of the pirates?

Or, they could do what I did: Forget about Steam and the constant need to upgrade my graphics card and processors. I content myself with playing more console games these days.

Either way, the PC game makers end up the losers.

http://www.rednano.sg/sfe/pastnews.action?&querystring=Oo%20Gin%20Lee&pubid=ST&sort=D

It’s quite obvious what these guys are trying to do – they are trying to fight piracy. But they end up alienating the users. I have played RTS since the first Dune 2, and I have never had to go online to fight against the computer. In fact, I have never played a PC game that requires me to do this, unless it is an MMOG like World Of Warcraft.

I understand that piracy is really killing the PC business, but in an environment where console games are outselling PC games (revenues for console games are about 8x more than PC games worldwide) and beating the shit out of them, you don’t want to make you legitimate PC gamers angry.

And what about selling to the countries without much of a Net penetration? Or have they given up on these countries altogether?

Update: Some forumers are asking if this will work if Steam is running in offline mode. I will try that tonight. Another issue is whether you need to have a Windows Live account logged-in to play. Will also test that tonight. But having played this game for about 6 hours, I do like it a lot.

You’ve probably seen those Apple ads that proclaim that there are no/few viruses for Macs.

Well, it doesn’t matter that virus writers don’t bother with Macs because they only take up less than 5 per cent of the world’s personal computer market.

But guess what, now that Apple’s iPhone is hyped up to be the best thing that happened, security holes are appearing. According to a report in Computerworld, there are vulnerabilities in the software that can lead to users being “phished”.

The problems, it says, are to do with the Safari browser and Mail applications.

CW quoted security expert Aviv Raff, who reported the three loopholes, as saying: “By creating a specially crafted URL and sending it via an e-mail, an attacker can convince the user that the spoofed URL, showed in the Mail application, is from a trusted domain such as a bank, PayPal or social networks.”

If you are already dying to buy an iPhone, this won’t change your mind, of course. Just don’t buy into the hype that viruses are only for PCs and PC users.

Speaking of hype, older geeks wll remember how Apple used to make fun of Intel chips when it used Motorola ones, in ads that parodied Intel’s bunny-suited geeks. Guess what, today, it’s Intel inside for Apple, who now sings the tune that Intel’s the best thing ever!

Don’t want to clunk up the page, so first watch this (says Intel is crap):
http://www.youtube.com/watch?v=e6PoLiXCA40

then this (says Intel is cool),
http://www.youtube.com/watch?v=dkL0mAApgkg&feature=related

At the opening of the yearly trade show today, the Singapore Government said it was looking into stronger, two-factor authentication for gov’t e-services, as part of what it calls the National Authentication Framework.

This means all those far-from-secure transactions that you have been performing on government websites will be a thing of the past. With the security provided by two-factor authentication, like what you use on online banking now, the Government intends to put in more “sensitive” apps in future.

In future, you’d likely have to not just key in a password, but also to key in a second password shown on a cellphone SMS or perhaps on a security token. Maybe, who knows, a fingerprint scan might not be out of order if prices for these scanners drop in future.

In any case, the IDA is to call for tenders in the next six months. But right now, the details are a little sketchy.

The date is not set for rolling out yet. Plus, what transactions can you do on it, for example (IDA said at a press conference today that perhaps you can even transfer CPF funds to pay for your flat – but will CPF allow it!)?

But who knows, when this more secure method for logging in is up, you might just not be feeling that scary feeling when logging in with that SingPass (which someone can sniff or easily guess) any more.