Home Tags Cross-platform

Tag: cross-platform

IDG Contributor Network: Install OpenShot 2.3 in Ubuntu 16.10 and Linux...

Install OpenShot video editor in Ubuntu 16.10 and Linux Mint 1 OpenShot is a free and open source video editor.
It is cross-platform and offers many powerful video editing features.Here’s a video preview of OpenShot 2.3’s new features: LinuxG has helpful instructions on how you can install OpenShot 2.3 in Ubuntu 16.10 and Linux Mint 18:To read this article in full or to leave a comment, please click here

React JavaScript library gets an IDE

React, Facebook's JavaScript library for building UIs, is getting a dedicated IDE for web development, called Reactide.Offered by developers calling themselves Team Reactide, the IDE serves as a cross-platform desktop application that provides a cus...

It’s official: Destiny 2 is coming to the PC

Sequel players will have to abandon progress from the first MMO.

Mozilla vies with Apple over future of web graphics

Mozilla has submitted a proposal to the the Khronos Group, the stewards of the OpenGL and the more recent Vulkan graphics APIs, for a next-generation web graphics API it calls Obsidian. This submission comes a month after Apple submitted its proposal for WebGPU, a similar project that it intends to prototype directly into the WebKit browser project.[ Get started with functional programming, including examples in F#. | Keep up with hot topics in programming with InfoWorld’s App Dev Report newsletter. ] If Mozilla’s idea accrues interest, it could set the stage for a clash over the future of web graphics between two standards-setting bodies, one that oversees the web generally and another that governs cross-platform graphics APIs.To read this article in full or to leave a comment, please click here

Office 365 everywhere? Not on these devices

Microsoft seems to want Office 365 to be its new Windows, the universal personal computing platform. Windows sales have declined for years now, as users switched a lot their computing to mobile devices and, to a lesser extent, Macs. Positioning Office 365 as the common platform across the new reality of a multidevice world makes sense. But Microsoft’s execution on—and commitment to—that vision is highly uneven.
Some parts of the company clearly believe in that cross-platform vision.
Some parts see mobile devices as junior adjuncts to computers.
Some parts see mobile as near-equal partners, given Microsoft’s failure to have its own successful mobile platform, but they can’t get behind Mac support because that platform directly competes with Windows.To read this article in full or to leave a comment, please click here

New(ish) Mirai Spreader Poses New Risks

A cross-platform win32-based Mirai spreader and botnet is in the wild and previously discussed publicly. However, there is much information confused together, as if an entirely new IoT bot is spreading to and from Windows devices.

This is not the case.
Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant.

Apple proposes GPU API for 3D graphics on the web

Apple is promoting the development of a standard API that would allow web browsers to access GPU features for 3D graphics.  The team behind Apple's WebKit browser engine proposed a community group at the W3C (World Wide Web Consortium) called the W3C Community Group for GPU on the Web that would be charged with providing an interface between the web browser and modern 3D graphics and computation capabilities in native system platforms.[ Docker, Amazon, TensorFlow, Windows 10, and more: See InfoWorld's 2017 Technology of the Year Award winners. | Cut to the key news in technology trends and IT breakthroughs with the InfoWorld Daily newsletter, our summary of the top tech happenings. ] "The goal is to design a new web API that exposes these modern technologies in a performant, powerful, and safe manner," the community group proposal states. "It should work with existing platform APIs, such as Direct3D 12 from Microsoft, Metal from Apple, and Vulkan from the Khronos Group." Beyond generic computational capabilities being exposed in existing GPUs via the API, Apple also wants to investigate shader languages to produce a cross-platform solution.To read this article in full or to leave a comment, please click here

Microsoft previews coming improvements in .Net

Microsoft's .Net languages are getting improvements ranging from data flow to better tools for C#, Visual Basic, and F#. For C# 7.0, Microsoft reiterated its previously announced plans for tuples and pattern-matching, to streamline the flow of data and control in code.[ The InfoWorld roundup: 5 rock-solid Linux distros for developers. | Stay up on open source with the InfoWorld Linux Report newsletter. ] Visual Basic will target the .Net Standard library to aid cross-platform .Net Core development.
In the upcoming Visual Studio 2017, Visual Basic will support producing and consuming tuples and consuming ref-returning methods defined in referenced libraries.To read this article in full or to leave a comment, please click here

G Data Internet Security 2017

When choosing a security suite, you probably look for familiar company names rather than trusting your security to an unknown. Germany-based G Data may not have huge mindshare in the United States, but it's big in Europe. G Data Internet Security includes all the features you'd expect in a suite, including an antivirus, a firewall, parental controls, and a spam filter. Unfortunately, the quality of the components spans quite a range, from very good to very poor.

Bitdefender, Kaspersky, and ESET Internet Security 10 are among the suites that cost roughly $80 for three licenses. There's another group around $60 that includes Webroot, Trustport, and Avast. G Data falls in between, with a $64.95 subscription price for three licenses. If you need just one installation, you can cut $10 from that price.

This product's main window features the familiar bold G Data color scheme, with a red banner holding a row of icons at top. Some security vendors use precisely the same component layout throughout the product line, showing unavailable features as disabled. Not G Data. The home screen shows a detailed security status, with links to important components, but there are more components displayed in the suites banner than that of the standalone antivirus. To the three top-row icons found in the antivirus, the suite adds icons for its backup, firewall, and parental control features.

Shared with Antivirus

The antivirus protection in this suite is precisely what you get in G Data Antivirus 2017. I'll summarize my findings here, but if you want full details you should read my review of the antivirus.

Four of the five antivirus labs that I follow include G Data in their tests and reports. It earned an above-average rating in the RAP (Reactive and Proactive) test from Virus bulletin, but didn't do quite as well in the three-part testing performed by AV-Test Institute. G Data earned the maximum six points for protection against malware, and six more for low false positives, but a drag on performance dropped its score to 4.5 in that category. A total of 16.5 points is good, but Kaspersky Internet Security took a perfect 18 points in this test. Bitdefender and Trend Micro were close behind, with 17.5 points.

In the real-world attack simulation tests by SE Labs, G Data took AA certification, the second-highest of five possible levels. Emsisoft, Kaspersky, Norton, and Trend Micro managed an AAA rating. Like most tested products, G Data failed the pass/fail banking Trojans test performed by MRG-Effitas. Its aggregate score of 8.7 points is good, but Kaspersky leads with 9.8 of 10 possible points, and Norton got 9.7 points.

Like Webroot, Comodo Antivirus 10, and PC Matic, G Data detected 100 percent of the samples in my malware collection. Not-quite-perfect blocking of a few samples results in an overall score of 9.8 points. That's very good, but the other three I mentioned managed a perfect 10. G Data wasn't fooled at all by my hand-tweaked samples; it blocked them all. Comodo, by contrast, missed 30 percent of the modified versions.

For a different look at malware blocking, I use a feed of recently discovered malware-hosting URLs supplied by MRG-Effitas. G Data blocked 78 percent of the samples in this test, almost all by completely blocking access to the URL. Norton tops this test, with 98 percent protection.

The same Web-based protection component should also serve to steer the hapless user away from fraudulent sites that try to steal login credentials. However, G Data fared poorly in my antiphishing test, with a detection rate 44 percent lower than Norton's. While most products lag Norton in this test, more than half of them did better than G Data. Only Bitdefender, Kaspersky, and Webroot SecureAnywhere Internet Security Plus have eked out a better score than Norton.

Other Shared Features

Exploit protection is usually associated with the firewall component, but G Data offers it in the standalone antivirus. In testing, it didn't block exploits at the network level, but wiped out the executable payload for 50 percent of the samples. That's quite good. Champion in this test is Symantec Norton Security Deluxe, which stopped 63 percent of the attacks at the network level.

My hands-on testing confirmed that G Data's keylogger protection and ransomware protection are effective. For those tests, I had to turn off all other protective layers.

Similar to the SafePay feature in Bitdefender Internet Security 2017, BankGuard protects your browsers from man-in-the-middle attacks and other data-stealing attacks. The AutoStart manager lets you reversibly disable programs from launching at startup, or set them to launch after a delay.

See How We Test Security Software

Basic Firewall

Every firewall needs to at least match the abilities of the built-in Windows Firewall that it replaces. Specifically, it must block outside attacks and put the system's ports in stealth mode, so they're not visible from the Internet. G Data's firewall fended off my port scans and other Web-based attacks, and popped up a notification that it had done so. So far, so good!

The settings page for G Data's firewall is pleasantly simple. A large slider lets you choose one of five preset security levels: Maximum, High, Standard, Low, and Disabled. Three other pages of settings are deliberately unavailable, with their configuration changed automatically as you switch security levels. True firewall experts can choose custom settings, thereby enabling access to those pages. But most should leave the firewall set to its default Standard level.

Most firewall components also keep track of how programs are using your network connection. Advanced firewalls like Norton's automatically define permissions for millions of known programs and carefully watch how unknowns behave, smacking them down if they show signs of misusing the network. Less advanced firewalls rely on the user to determine whether unknown programs should be allowed to access the network, which sometimes results in a deluge of popup queries.

G Data's firewall runs by default in autopilot mode, meaning you won't see any queries. It's not entirely clear just what it does in this mode, but as far as I can tell, it allows all outbound connections and rejects unsolicited inbound connections. That's not doing a lot.

To see the program control component in action, I turned off autopilot. Cleverly, the program offers to temporarily turn autopilot back on if it detects you're launching a full-screen application.

When I tried launching a guaranteed-unknown program (a small browser I coded myself), G Data popped up asking whether to allow or block access, once or always. That's exactly what should have happened. I tried a few leak test utilities, programs that try to gain access to the Internet without triggering the firewall's program control. G Data caught some, but not all, of these.

Unfortunately, it also popped up repeatedly for some Windows internal components. Note, too, that firewall popups appear for any user account, including non-Administrator accounts. While your toddler is playing games online, she may accidentally tell G Data to always block access by some Windows component. In that case, you'll need to open the Application Radar window from the Firewall status screen to unblock that application.

A firewall isn't much use if a malicious program can reach in and flip the off switch. I couldn't find a way to disable G Data by manipulating the Registry, though it didn't protect its Registry data against change the way Bitdefender, McAfee Internet Security, and others do. The last time I tested G Data, I found that I could terminate some of its processes using Task Manager. This time around, all 11 processes received protection.

Alas, G Data's essential Windows services are still vulnerable to a simple attack that could be carried out programmatically. I set the Startup Type for each of six services to disabled and then rebooted the computer. That effectively eliminated G Data's protection. In a similar situation, Comodo Firewall 10 Firewall seemed to succumb, but recovered on reboot.

This firewall component handles the basic tasks of protecting against outside attack and preventing programs from misusing your Internet connection, but that's about all. And the vast majority of competing products manage to harden their Windows services against tampering more thoroughly than G Data does.

Cloud Storage Backup

When you first click the backup icon, you just get a big, empty page. A bit of investigation reveals the New Task button. Clicking it brings up a disclaimer pointing out that the subscription you have offers online backup only. If you want advanced features like making local backups or burning backups to optical media, you must upgrade to G Data Total Security. You can check a box to suppress this disclaimer in the future.

To start designing a backup job, you select files and folders for backup. You do this using a folder/file tree. Checking or unchecking a folder selects or deselects all its contained folders and files. If you simply check the tree item with your username, representing all your user data, that may be enough.

The selection tree exhibits a strange redundancy that might cause trouble. For example, after the entry with your name is an entry called Libraries. If you check your username entry, the corresponding entries under Libraries (Music, Videos, Documents, and Pictures) do not get checked. But if after that you check Libraries and then uncheck it, those four entries under your username lose their checkmarks. This is just one of several redundancies in the tree, so you should carefully review your selections before proceeding.

The next step is target selection, but your only choice is cloud backup. Well, there's also an option to copy the archived data to an FTP server, but not many users are equipped to perform the necessary configuration. When I tried to continue at this point, the program admonished me, "Cloud has been selected as target, but no login has been entered." Guessing at this point, I clicked a button for network login—no joy. I finally thought to click the cloud icon. This triggered a menu titled New Account, which in turn asked me to select Dropbox or Google Drive. That could be clearer.

Kaspersky Total Security also offers to store backups on Dropbox, but this is just one of its many options. With Kaspersky, you can also back up your files to any local, removable, or network drive, or to an FTP server.

You can optionally create a schedule, separately for a full backup of all data and for a partial backup containing only changed data. Do you know what the difference between a differential backup and an incremental backup is? If not, just leave it set at the default. For each type of backup you can choose one-off, daily, weekly, or monthly backup, or just run the backup manually when you think of it.

Now you can review the dozens of options on the final page of settings. Some are disabled, most are set to the best configuration, but there's one you might want to tweak. By default, G Data opts for fast compression, making the backup process as speedy as possible. If you're short on cloud space, consider setting it to emphasize good compression, instead.

You can create as many backup jobs as you like. You might choose redundancy, backing up to both Dropbox and Google Drive. These jobs appear in the previously blank main backup window.

As for restoring backed-up files, it's a snap. Choose the backup, choose to restore all files or just some of them, and choose whether to restore to the original location or a new location.

Norton gives you 25GB of hosted online backup storage, and makes setting up a backup job very easy. Webroot completes also offers 25GB of storage, and serves as a full file-syncing tool. The backup system in G Data does the job, but it requires that you use third-party cloud storage, and it could be much, much simpler for users.

Porous Parental Control

This suite's parental control system is minimal, consisting of content filtering and time scheduling for Internet or computer use.

The content filter can block websites matching five categories: Drugs, Hackers, Violence, Extremist, and Pornography. There's also an option to block all HTTPS sites, but it's a ridiculous option. Yes, it would prevent access to secure anonymizing proxies, but it would also block any site that sensibly uses a secure connect, including Google, Unicef, and Wikipedia.

Parents can limit time on the computer, the Internet, or both. When enabled, the default in each case is 1.5 hours per day, 10.5 hours per week, and 45 hours per month. These times line up nicely. For example, 1.5 hours on each of seven days equals 10.5 hours. You can also define a weekly schedule, in one-hour increments, for when the child can use the Internet, or the computer. This feature uses a handy grid that makes it easy to set allowed and blocked times.

When I put G Data's scheduler to the test, I found that time-scheduler relies on the system clock. Resetting the clock to an allowed time defeats it. Admittedly, I couldn't find a similar way to defeat the daily cap.

Content filtering is keyword based, and it's both too lax and too strict. Photo-based pornographic sites with no banned words in the URL or page text flew right past the filter, while perfectly innocent sites triggered the over-zealous filter. For example, it blocks any page on blogspot.com because the filter found "pot" in the URL. Pages on the American Kennel Club site that used the word bitch (perfectly valid in this context) got the axe. And so on.

You'd think the Hackers category would block secure anonymizing proxy websites, but it doesn't. By connecting to one, I completely eluded the filter—don't think your teenager won't figure this out.

G Data does report which websites it blocked for each user, along with a date/time stamp and explanation. The explanation helped me confirm that, for example the app did indeed block a blogspot.com page due to the embedded word pot.

This is just not a useful system. If you need parental control in your security suite, look elsewhere. The parental control component in Norton is an Editors' Choice as a standalone. ZoneAlarm's is based on ContentWatch Net Nanny 7, another Editors' Choice. And Kaspersky Total comes with the excellent Kaspersky Safe Kids.

Simple Spam Filter

The need for local spam filtering gets smaller and smaller as more people use services that filter spam at the server level. If you're one of the few who don't get spam skimmed out of your email feed before it arrives, it's nice to have spam filtering handled by your security suite.

G Data analyzes incoming POP3 and IMAP email messages, flagging suspected spam messages, messages with a high spam probability, and messages with a very high spam probability. It prefixes [suspected spam] to the subject line for the first category, [spam] for the other two. You can change these tags, if you like, but most users will surely leave them at their default values.

This spam filter integrates with Microsoft Outlook, automatically diverting marked messages into the spam folder. Those using a different email client must create email rules based on the subject tags, not a terribly challenging task.

G Data uses quite a few different criteria to develop a spam score for each message. It checks the message text for certain keywords, and the message subject for a different set of keywords. You can edit either keyword list. It also includes a self-learning content filter system that's meant to improve accuracy over time.

The spam filter can also check spam messages against real-time blacklists. This process tends to slow the email download, so by default it only uses those blacklists for suspicious messages. Digging deeper, you can configure the spam filter to reject messages written in languages you don't speak. But really, most users can just leave the spam filter settings alone.

You can put specific addresses or domains on the whitelist, to ensure that the spam filter never blocks them. Conversely, you can blacklist addresses or domains to ensure they always get filtered. There's no option to import the content of your address book, or automatically whitelist addresses to which you send mail, like you get with ESET, Trend Micro Internet Security, and others.

If you do need local spam filtering, and want your security suite to handle it, G Data is as good as any. It doesn't offer the comprehensive feature collection that Check Point ZoneAlarm Extreme Security 2017 does, but on the flip side, it doesn't require any attention from you.

File Shredder

On a seriously icon-infested desktop, you not notice the appearance of a new icon titled G Data Shredder. This is a secure deletion utility, for use when you want to delete a file beyond the possibility of forensic recovery. Many encryption utilities come with a shredder, for thoroughly wiping out the originals of files that have been encrypted.

Simply deleting a file sends it to the Recycle Bin, and bypassing the Recycle Bin leaves the file's data still on disk, just marked as space that can be reused. Overwriting that data just once is enough to defeat software-based recovery. Recovery experts use hardware systems to peel back the layers and find previously stored data, but those techniques run into the limitations of physics at about seven overwrites. Why G Data lets you choose up to 99 overwrites I do not know. Three should be plenty for normal use.

Once you've configured the shredder, you drag files and folders onto its icon for secure deletion. You'll also find a Shred choice on the right-click menu.

Minor Performance Impact

While testing G Data, I occasionally felt the system might be running a little slow, but then, my virtual machines necessarily don't have a lot of resources. Running my hands-on performance tests revealed only minor impacts on system performance.

The biggest hit (not big, but biggest) came in my boot time test. Averaging many runs before installation of the suite and many more after, I found that the boot process took 26 percent longer with G Data loading at boot time. Given that most people reboot only when forced to, that's not a big deal.

To check whether a security suite affects everyday file manipulation activities, I time a script that moves and copies an eclectic collection of files between drives. Averaging multiple runs with no suite and with G Data installed, I found the script took 18 percent longer. That's not bad; the average for this test among current products is 23 percent. And there was no measurable slowdown for my zip/unzip test, which compresses and decompresses that same file collection repeatedly.

While G Data didn't put much of a drag on performance, some competing products had even less impact. Webroot, in particular, didn't show measurable impact in any of the three tests.

Component Quality Varies

G Data Internet Security 2017 includes all of the expected security suite components and even offers a backup system. The antivirus performed well in testing, but the parental control system is both limited and ineffective, and the basic firewall could be disabled by a determined hacker. You're better off with a suite in which all of the components do a good job.

For the purpose of defining Editors' Choice products, I distinguish basic suites like G Data, feature-packed mega-suites, and cross-platform multi-device suites. In the basic suites arena, Bitdefender Internet Security and Kaspersky Internet Security are my Editors' Choice products. Both cost a bit more than G Data, but they also offer much better security.

Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.
Parental Control:

Back to top

PCMag may earn affiliate commissions from the shopping links included on this page. These commissions do not affect how we test, rate or review products. To find out more, read our complete terms of use.

Open source server simplifies HTTPS, security certificates

For administrators seeking an easier method to turn on HTTPS for their websites, there is Caddy, an open source web server that automatically sets up security certificates and serves sites over HTTPS by default. Built on Go 1.7.4, Caddy is a lightweight web server that supports HTTP/2 out of the box and automatically integrates with any ACME-enabled certificate authority such as Let’s Encrypt. HTTP/2 is enabled by default when the site is served over HTTPS, and administrators using Caddy will never have to deal with expired TLS certificates for their websites, as Caddy handles the process of obtaining and deploying certificates. “Caddy exists to make the whole experience better for the people who create the Web,” Matt Holt, the project’s maintainer, wrote shortly after its launch. Securing all web content over HTTPS is now a necessary step to keep all online communications and transactions secure and private from malware, targeted attacks, and surveillance. Obtaining security certificates and setting up the certificates have been traditionally difficult, but that is beginning to change due to several new tools and services designed to improve certificate management. For example, cloud security company CloudFlare issues security certificates to all websites using its service.

Free certificate authority Let’s Encrypt provides security certificates and deployment tools so that anyone can set up their websites to use HTTPS.

The hard part left is setting up the web server and configuring it correctly to work with the certificate—Let’s Encrypt has taken care of that, too.

Caddy further simplifies the task as it automatically configures HTTPS via free Let’s Encrypt certificates. Caddy redirects non-HTTPS traffic to HTTPS by default.

The administrator doesn't have to use Let’s Encrypt certificates to get the same benefits. The web server also takes care of periodically rotating TLS session keys, which helps preserve perfect forward secrecy; even if keys are inadvertently exposed, they cannot be used to decrypt older encrypted sessions. While intended to be a static file web server, Caddy can serve up dynamic PHP through FastCGI.
It can also be used inside a Docker container.
It can also be extended with new features, with add-ons for Prometheus metrics, IP filtering, search, Cross Origin Resource Sharing, and JSONP, to name a few. Because Caddy is written in Go, it's cross-platform and works the same across operating systems, including Windows, Mac, Linux, BSD, and Solaris.

Caddy’s developers avoided using certain libraries that aren’t always available on Windows systems, ensuring that critical Caddy features don’t get locked into specific operating systems.  Don’t make the mistake of thinking Caddy will dislodge Nginx or Apache from enterprise networks anytime soon—the project is suitable for quick prototyping, test environments, and internal applications. Caddy has been around for more than a year, and its latest version, 0.9.4, added new features such as support for statically compressed .gz or .br files and the ability to specify multiple back ends to a single FastCGI proxy for basic load balancing.

The new version also picked up the option to customize TLS curve preferences and support Must-Staple on managed certificates. When it comes to security, enterprises often shy away from open source projects because of the trust factor.

There is always the question of support, whether the project will continue to be actively maintained and supported, but the more pressing question is whether the security components can be trusted.
Security projects, in particular, benefit from an independent security audit since it identifies potential issues and confirms that the underlying security foundation is sound.

Caddy could benefit from having an audit—but those assessments can get expensive. Caddy is still in its infancy compared to enterprise favorites such as Apache, IIS, and Nginx, but the project is already getting big-name support from Mozilla.

Caddy was one of the nine open source projects supported by Mozilla Open Source Support (MOSS), which provides funding for “open source projects that contribute to our work and the health of the Web.” Of the $545,000 Mozilla set aside for MOSS, Caddy received $50,000.

The award was earmarked for adding a REST API, improving the Web UI, and developing new documentation to make it easier to deploy more services with TLS.

How Microsoft will drive enterprise IT in 2017

Microsoft had a fascinating and positive 2016, with new hardware and software launches, as well as some surprising acquisitions. With CEO Satya Nadella’s transformation of Redmond nearly complete, we can expect more changes in 2017 as Microsoft’s enterprise reach stretches beyond Windows into the wider world of cross-platform computing and the cloud. Here’s my guide as to what enterprise IT should expect from Microsoft in the new year in each core Microsoft domain. Azure and the cloud transition For the IT administrator and the datacenter, 2017 is likely to be a transitional year. We’ve had a new Windows Server 2016 release, and it’s going to take some time to roll out across businesses of all sizes. With a strong focus on the datacenter (in particular, on running virtualized workloads), it’s clear Microsoft is positioning Windows Server as a tool for the ongoing cloud transition. How does Microsoft see this transition? Most likely: You start with an on-premises Windows Server deployment, moving existing applications and workloads to virtual server instances. New applications and rewrites can then start taking advantage of the extremely lightweight nature of Windows Nano Server and of the cross-platform development model that comes with the open source .Net Core. Once you’ve moved to a containerized delivery model, it doesn’t matter where that code runs—in the cloud or on your servers. One of Microsoft’s big deliverables for 2017 will be its Azure Stack “cloud in a box” combination of software and third-party server hardware.

Both Dell and HP have announced that they’ll ship Azure Stack racks midyear; Microsoft has recently delivered a second preview build for proof-of-concept deployments. Although it’s not a tool for every datacenter, Azure Stack can help deliver hybrid cloud solutions where the same code runs on Azure and on-premises, with the same control and deployment models but with highly regulated data staying in your datacenter. Azure and the rest of Microsoft’s cloud will become increasingly important as part of any IT management policy, with key features in the upcoming Creators Update for Windows 10 relying on cloud services to handle security reports and for software delivery. Much of this will depend on light-touch cloud-based management tools delivered with Intune and initially exposed in Windows 8. Windows 10’s upcoming support for Qualcomm-based ARM PC/smartphone hybrids running Win32 code will likely need to take advantage of this approach, because the resulting budget devices will be used by home workers and contract staff for a mix of personal and work tasks. Cross-platform development The cloud will be a big part of Microsoft’s 2017, especially for anyone writing code.
If you tuned into its 2016 Connect event, you’d have seen that cloud services are a key part of Microsoft’s cross-platform development strategy.

As Xamarin continues to be folded into Visual Studio, the resulting tools (along with the open source Visual Studio Code programmer’s editor) will let you quickly build and deliver application endpoints that run on Windows, Android, iOS, MacOS, and even Unix, thanks to Windows 10’s Bash shell and its Linux support.

Those endpoints will take advantage of Azure services; whether via Service Fabric or serverless compute in Azure Functions. 2017 should see Microsoft continue to improve its Azure services, with updates to DocumentDB and the associated big data tools, as well as the range of IoT services and data analysis services wrapped in the Cortana Analytics Services platform. Similarly, more machine learning functionality should transition from research groups to the wider world as part of the ever-growing Cognitive Services set of APIs, which have turned what would have been complex image recognition and natural language interpretation tools into plug-and-play APIs. Developers should also pay close attention to recent moves by Oracle to monetize its Java licenses, which may make .Net Core a more attractive platform for building the middle tier of applications.

Combined with the release of SQL Server, .Net Core, and PowerShell all on Linux mean that Microsoft’s developer and management platforms can now compete directly with Java, with licensing terms that may well be a lot more attractive.

That’s not something I’d have expected to say about .Net at the beginning of 2016! Devices and collaboration Microsoft’s enterprise device strategy appears to be going well, with significant sales for the collaborative Surface Hub, including some very large deployments. Collaboration is going to be an important theme in 2017, building on the tools in Office 365 and Skype, and with strong competition from Google’s G Suite platform and third-party tools like Slack. People need to work together, and Microsoft is quickly moving to supporting these scenarios. With its new rapid delivery schedule, I expect to see quick changes in Microsoft Teams, opening up to users outside corporate Office 365 installs. The launch of Microsoft’s Teams collaboration platform also sets the scene for another year of incremental improvements to Office 365.

The launch of the Office Insiders program has meant that new features can be rolled out to users and tested in the wild, making it easier to see what new features are coming and when they’re likely to be released. Office 365 and Dynamics should also benefit from the acquisition of LinkedIn, adding an external relationship graph to Microsoft’s existing machine learning tools. Security LinkedIn should also help power a new generation of security tools, using individual relationships to help map the context of, for example, email messages.
Identity has long been a big problem facing enterprises, and by bringing together LinkedIn and Azure Active Directory, Microsoft now has an opportunity to expand its security model away from devices to people—a model that makes more sense in a world where people use multiple devices and multiple operating systems. That model also allows Microsoft to expand its intelligence-based security used by Windows Defender and Office 365 Advanced Threat Protection and other tools, bringing in more ways of understanding how malware flows and providing better tools for identifying phishing messages—especially targeted spear-phishing attacks. There’s already basic support for the FIDO (Fast Identity Online) security tools in Windows 10 and Edge browser. 2017 should see improved support for password-less security, as FIDO 2.0 gains wider acceptance. We’ll see support for Windows Hello biometrics in applications as an alternative sign-in method, as well as support for device-to-device authentication. Although 2017 won’t see the death of the password, it’ll be one of the bigger steps on the road to better ways of authenticating and securing all our devices.

Nmap security scanner gets new scripts, performance boosts

The Nmap Project just released the Holiday Edition of its open source cross-platform security scanner and network mapper, with several important improvements and bug fixes. New features in Nmap 7.40 include Npcap 0.78r5, for adding driver signing updates to work with Windows 10 Anniversary Update; faster brute-force authentication cracking; and new scripts for Nmap Script Engine, the project’s maintainer Fyodor wrote on the Nmap mailing list. The de facto standard network mapping and port scanning tool, Nmap (Network Mapper) Security Scanner is widely used by IT and security administrators for network mapping, port-scanning, and network vulnerability testing. Administrators can run Nmap against the network to find open ports, determine what hosts are available on the network, identify what services those hosts are offering, and detect any network information leaked, such as the type of packet filters and firewalls in use. With a network map, administrators can spot unauthorized devices, ports that shouldn’t be open, or users running unauthorized services. The Nmap Scripting Engine (NSE) built into Nmap runs scripts to scan for well-known vulnerabilities in the network infrastructure. Nmap 7.40 includes 12 new NSE scripts, bringing the total to 552 scripts, and makes several changes to existing scripts and libraries. The ssl-google-cert-catalog script has also been removed from NSE, since Google is no longer supporting the service. Known Diffie-Hellman parameters for haproxy, postfix, and IronPort have been added to ssl-dh-params script in NSE. A bug in mysql.lua that caused authentication failures in mysql-brute and other scripts (affecting Nmap 7.52Beta2 and later) have been fixed, along with a crash issue in smb.lua when using smb-ls. The http.lua script now allows processing HTTP responses with malformed header names. The script http-default-accounts, which tests default credentials used by a variety of web applications and devices against a target, adds 21 new fingerprints and changes the way output is displayed. The script http-form-brute adds content management system Drupal to the set of web applications it can brute force. The brute.lua script has been improved to use resources more efficiently. New scripts added to NSE include fingerprint-strings, to print the ASCII strings found in service fingerprints for unidentified services; ssl-cert-intaddr, to search for private addresses in TLS certificate fields and extensions; tso-enum, to enumerate usernames for TN3270 Telnet emulators; and tso-brute, which brute-forces passwords for TN3270 Telnet services. Nmap 7.40 adds 149 IPv4 operating system fingerprints, bringing the current total to 5,336 OS fingerprints. These fingerprints let Nmap identify the operating system installed on the machine being scanned, and the list includes a wide range of hardware from various vendors. The latest additions are Linux 4.6, macOS 10.12 Sierra, and NetBSD 7.0. The Amazon Fire OS was removed from the list of OS fingerprints because “it was basically indistinguishable from Android.” Nmap also maintains a list of service fingerprints so that it can easily detect different types of services running on the machine. Nmap now detects 1,161 protocols, including airserv-ng, domaintime, rhpp, and usher. The fingerprints help speed up overall scan times. Nmap 7.40 also adds service probe and UDP payload for Quick UDP Internet Connection, a secure transport developed by Google that is used with HTTP/2. A common issue when running a network scan is the time it takes to complete when some of the ports are unresponsive. A new option—defeat-icmp-ratelimit—will label unresponsive ports as “closed|filtered” in order to reduce overall UDP scan times. Those unresponsive ports may be open, but by marking the port this way, administrators know those ports require additional investigation. Source code and binary packages for Linux, Windows, and MacOS are available from the Nmap Project page.