In its search for new markets and revenue, Google seems to be taking a bite out of Apple.

For months the two companies have competed in the mobile-phone market thanks to Google’s Android operating system, and that competition is fiercer now that Google has stamped its logo on the back of the Nexus One (designed by Google and manufactured by HTC). Despite some differences, the new Google smartphone looks a lot like an iPhone.

There’s competition on other fronts as well, including the operating system business.

In its initial blog post in July, Google positioned Chrome OS as “an open source, lightweight operating system that will initially be targeted at netbooks.” That alone could harm Apple if Chrome-powered netbooks take sales away from Mac laptops. But now there’s talk about both Chrome and Android being used on tablet devices that could compete with Apple’s just announced iPad.

Concept of what a Google tablet might look like (source: Google)

There have been no product announcements, but Google’s Chrome Web site is displaying “visual explorations of how a Chrome OS tablet UI (user interface) might look in hardware.” The illustrations provide only a vague idea of what such a tablet might be like, but their very existence indicates that Google may be eyeing the market that Apple hopes to bust open.

Just in case one tablet operating system isn’t enough of a threat to Apple, Google is potentially going after the iPad with two operating systems at once. Android, in addition to Chrome, could also be used to create a potential iPad killer.

At last month’s Consumer Electronics Show, MSI displayed a 10-inch tablet running Google’s Android operating system.

It’s important to emphasize that neither the Google concept drawings nor the MSI prototype represents a real product. But what they do represent is the possibility, and perhaps the intention, of Google to quickly enter the tablet marketplace.

To be sure, there are important differences between Apple and Google. Apple is more focused and disciplined — it works long and hard on a very small number of products and keeps quiet about them until they’re almost ready for prime time. Then, with great fanfare, Steve Jobs announces them to the world and puts them on sale shortly thereafter.

Google throws lots of things against the wall to see what sticks. The company’s experimental culture is so strong that employees are allowed to devote 20 percent of their time to any project that strikes their fancy, some of which actually see the light of day as products or services.

Apple’s formula — at least with the iPhone — worked like a charm. The hype was followed by a product that delighted most early reviewers and customers. And although I questioned in last week’s column whether the iPad can live up to its hype, I acknowledge that it is an innovative product that might do well when it hits the market.

Google’s approach is usually to pre-announce months in advance and rely on partners like HTC (and now Motorola) to build devices around its open source software. Unlike the first iPhone, the initial Android phone — the HTC G1 — got tepid reviews. But with the release of the Motorola Droid and Google’s Nexus One, Android is starting to win fans and respect.

Google’s initial foray into the browser market was also a bit disappointing but that, too, is starting to change. When the Chrome browser came out, it was a bit faster than market leaders Internet Explorer and Firefox but not nearly as versatile because it lacked support for extensions that allow third parties to add functionality. However, Google recently released a beta version of Chrome that fixes that problem.

Last month Chrome overtook Apple’s Safari as the third-place browser behind Internet Explorer and Firefox, according to Net Applications. As more extensions become available and more people download the newer version, I’m confident its market share will continue to grow.

The biggest difference between Apple and Google has to do with control. Apps for both the iPhone and iPad will be distributed through Apple and be vetted and approved by Apple before being made available to users. Google has a more open approach, allowing anyone to create an app for their phone or their computer operating system.

The democrat (small d) in me sides with Google. But the part of me that’s concerned about safety and security understands the advantages of having a company like Apple examine the applications for its devices.

Mostly I’m just glad to see these two talented and resourceful companies compete with each other and, of course, Microsoft, which was once thought to be a monopoly but is now struggling to compete with both Google and Apple.

This post is adapted from a column by Larry Magid that appeared in the San Jose Mercury News

Youtube video on how configure Facebook’s new privacy settings

How to hide your Facebook friends list

by Larry Magid

Sec. Clinton speaks at Newseam in DC

I have mostly positive feelings about Secretary of State Hillary Clinton’s speech on Internet freedoms that she delivered Thursday at the Newseum in Washington DC.

Although the speech was reportedly in the works for weeks, she addressed the alleged attacks on Google’s servers in China designed to spy on Chinese dissidents. She also alluded to Google’s announcement that it would no longer censor results of searches in China by suggesting that American businesses should resist censorship: “Censorship should not be in any way accepted by any company from anywhere. And in America, American companies need to make a principled stand. This needs to be part of our national brand. I’m confident that consumers worldwide will reward companies that follow those principles.”

Committing U.S. Resources

She also committed U.S. resources to the cause of Internet freedom. “Today I’m announcing that over the next year, we will work with partners in industry, academia, and nongovernmental organizations to establish a standing effort that will harness the power of connection technologies and apply them to our diplomatic goals.”

And she sort of announced a product, or at least an idea for one. “Let’s say I want to create a mobile phone application that would allow people to rate government ministries, including ours, on their responsiveness and efficiency and also to ferret out and report corruption. The hardware required to make this idea work (mobile phones) is already in the hands of billions of potential users. And the software involved would be relatively inexpensive to develop and deploy.

Note to Sec. Clinton: Even bad guys deserve free speech

While most of her comments encouraged freedom of speech, she did hedge her bet in one respect. She said “we do not tolerate those who incite others to violence, such as the agents of al-Qaida who are, at this moment, using the internet to promote the mass murder of innocent people across the world And hate speech that targets individuals on the basis of their race, religion, ethnicity, gender, or sexual orientation is reprehensible.” While I agree with her on both counts, it’s important that our government and our allies realize that the suppression of any form of speech — even speech we despise — is a step down a slippery slope towards censorship. That doesn’t mean we shouldn’t condemn speech that promotes terrorism and hate but it does mean that we need to be extremely thoughtful about any attempts to supress it with anytng other than more speech to counter lies, hate and extremist proportional.

Lessons for American families and schools

Anne Collier of NetFamilyNews (who is my co-director at ConnectSafely.org analyzed the speech from her perspective as an advocate of young people’s use of technology, saying that she “couldn’t help but think about how much we need to respect, teach, and model good citizenship at home and school (here and in every country) – using the media kids use and love – in order to realize Secretary Clinton’s vision for Internet freedom.” In response to Sec. Clinton’s suggestion that we need to “create norms of behavior among states and encourage respect for the global networked commons,” Collier added that ” we need to start here at home, promoting and modeling norms of good behavior online and in homes and classrooms using the social (behavioral) media and technologies where so much kid behavior occurs now.”

A bold line in the ‘cyber-sand’

Adam Theirer, president of the Progress & Freedom Foundation blogged at Technology Liberation Front that Clinton’s remarks “will go down as a historic speech in the field of Internet policy since she drew a bold line in the cyber-sand regarding exactly where the United States stands on global online freedom.”

He reminded his readers that “less than 15 years ago in this country we had a heated debate over whether American citizens should even be allowed to use encryption technology, or if the government should “hold the keys” to such technologies.” That was during Mrs. Clinton’s husbands’ administration. At the risk of name dropping I was on Air Force 2 with Al Gore when the vice president admitted — perhaps for the first time — that the administration was thinking of abandoning its policy of supporting what now seems like an archaic policy.

Watch speech, listen to 8 minutes of excerpts or read the transcript

If you have an hour to watch Sec. Clinton’s speech you can do so here. If you have 8 minutes to spare, you can listen to my podcast with excerpts and brief comments. Here is a complete transcript.

By Larry Magid

Like other tech journalists, I got my invitation for an Apple press event on January 27th inviting us to “Come see our latest creation.”  Apple didn’t offer any details but the speculation is that the company will announce some type of tablet device, probably optimized for watching video and reading books.

Colorful invitation to Apple press event on Jan 27th

Not the first tablet

If Steve Jobs does announce a tablet device when he takes the stage at San Francisco’s Yerba Buena Center next week, he won’t be the first famous tech executive to do so.

I was at the Comdex computer trade show in November 2001 when Bill Gates announced Windows software for the tablet PC.  Gates, at the time, predicted that the Tablet would become the most popular form of PC within 5 years.  That was 9 more than years ago and even though a number of PC vendors have come out with tablet PCs, they remain one of the least popular forms of PCs.

The PCs that Gates showed off were running a version of Windows XP designed to allow users to write on the screen instead of type on a keyboard.

A Microsoft press release at the time quoted Ted Clark, vice president of Tablet PC at Compaq, as saying “We see the Tablet PC as a business tool that lets you work the way you want to work, bringing the power of the PC anywhere you want to work. He added, “This will be your primary computer — it’s not a ‘companion’ device to anything else, except a companion to you.”

Ted Clark, Bill Gates and everyone else who predicted the domination of the tablet PC were wrong.  Despite some inroads in medical, government, military and vertical markets like delivery personnel, tablets have largely been ignored by consumers.  But the reason might be because Microsoft positioned them as work machines instead of as media players.

The reason I never bought into the tablet craze is because they replaced the keyboard with a stylus, encouraging people to write rather than type.  If I preferred writing to typing, I never would have taken that junior high school typing class so many years ago.  Not only does typing produce more legible copy, it’s also faster.  A good typist can type as many as 70 words per minute but it’s hard to handwrite at more than 20 words per minute.  What’s more, hand writing is more tiring than typing. Why would anyone want to use a stylus instead of a keyboard if the stylus is harder to use, slower and less accurate?

But the rumored Apple tablet – and it’s important to remember that it’s still just a rumor – is said to be optimized not so much for productivity but for entertainment and reading. If that’s the case, it could change the ballgame.  While a tablet might be terrible for productivity, it’s actually a good form factor for reading and watching video.  And, depending on its features and software, it might also be pretty good for web surfing and light email use.

My wish list

Of course, if Apple were to launch a tablet and if that tablet had a USB port, then it might be possible to plug in a keyboard and a mouse to use the device for productivity applications.  I’m not sure that will be the neither case, nor do I know what operating system and software the device will use. But my guess is as good as anyone’s so I’m going to lay out what I think the device should be.

I would like to see an Apple tablet that runs a custom version of the same OS X operating system that Apple uses for the Mac (and also the iPhone).  I’d like to see the default user interface look pretty much like the iPhone does, but I’d also like to see a way for it to more closely resemble the Macintosh desktop for those people who might want to use it for productivity purposes.  When it’s emulating the iPhone it could be used to run all iPhone applications including, of course, the iPod software for watching video and listening to music. There would also be plenty of book reading apps, including perhaps a version for reading Amazon Kindle books as well as software from competing book sellers and software for an open e-book format that could be used by any publisher.  The device will almost certainly support the read electronic newspapers and magazines.

But if someone wanted to use it for productivity, I’d like to see the device transform itself into a Macintosh with the ability to run all Mac applications, including Microsoft Office.  I’m not convinced that people would buy it for this purpose, but I do think that people who had the device might be interested in using it for productivity when necessary. For example, someone might use the tablet to read a book or watch a movie on a plane but – after landing – they might plug in a small external keyboard to (or use an onscreen virtual keyboard) to use it for email, web research or report writing from their hotel room.

Of course, Apple didn’t consult me on what the tablet should be and I admit I have no idea what they will announce. I’m not even 100% certain they will announce a tablet but, whatever it is, it’s fun to speculate.

Social-networking sites like Facebook and Twitter can expect more attention from cybercriminals in 2010, according to a new report (PDF) released Tuesday by McAfee Labs. Also at risk are users of Adobe Systems products including Acrobat Reader and Flash. And move over Microsoft; the security firm predicts that Google’s Chrome OS will “create another opportunity for malware writers to prey on users.”

The company also anticipates smarter and more dangerous Trojans that “follow the money,” as well as a “significant trend toward a more distributed and resilient botnet infrastructure that relies much more on peer-to-peer technologies.”

In a recorded interview (scroll down for audio) David Marcus, McAfee Labs’ director of security research and communications, said that he expects “an explosion of Facebook and other services targeted by cybercriminals.” In addition to malware like Koobface that spreads among Facebook users’ friends list, Marcus expects an increase in rogue Facebook applications.

“When you click yes to ‘do you want to allow this application to access your Facebook account,’ you’re giving that application access to all the data in your Facebook account,” he said. Facebook vets the third-party applications that it distributes, but rouge developers are finding other ways to get people to install unauthorized apps.

“A lot of the spammers and scammers will send fake Facebook application requests to users’ inboxes,” he said. Marcus recommends that you only install apps from within Facebook by clicking “browse more applications” in the Facebook application installer.”

Twitter vulnerabilities
According to McAfee, Twitter is vulnerable mostly because of URL-shortening services like bit.ly and tinyurl.com. There’s nothing wrong with Twitter or these services, but when you click on a shortened URL you have no idea where you’re going until after you get there. I would like to see a URL-shortening service that vets each URL for security and rejects those that are potentially dangerous. Twitter, according to the McAfee report is “also serving as a control vehicle for botnets.”

Criminals are now being more surgical in their attacks, singling out individuals and corporations as targets. The report points to the 10-month investigation of “GhostNet,” which McAfee Labs describes as a “network of at least 1,295 compromised computers in 103 countries” that “primarily belonged to government, aid groups, and activists.” The malicious code was delivered by e-mail with subject headings related to the Dali Lama and Tibet, according to the report.

The report also sites “a very targeted wave of attacks against the management of major companies,” as well as attacks carried out against “journalists from various media organizations, including Agence France Press, Dow Jose and Reuters based in China.”

Adobe products and Google Chrome vulnerable
Adobe products, especially its Acrobat Reader and Flash, are likely to replace Microsoft Office as the No. 1 software target, according to McAfee. It’s nothing they’ve (Adobe) done wrong,” Marcus said. “The bad guys go where the masses go” and because of the increasingly widespread use of Adobe products, “that tends to be what the bad buys will start looking to exploit. It really is nothing more sophisticated than that.”

Criminals are infecting PDF files and leveraging exploits in the opening of PDF documents, according to Marcus.

“Instead of viewing a PDF you’re actually taken to a website that downloads some type of malware to your machine.” Adobe plans to patch a critical hole in Reader and Acrobat on January 12.

There is also concern about Google’s Chrome operating system, which is expected to be officially released in 2010. Chrome, which will run Web-based applications, is likely to be vulnerable to attacks in HTML 5–the newest version of the hyper-text markup language that, says the report, “holds all the promises that today’s Web community seeks–primarily blurring and removing the lines between a Web application and a desktop application.”

McAfee also warned of banking Trojans with “new tactics that went well beyond the rather simple keylogging-with-screenshots” that were used earlier. Trojans now use rootkit techniques to hide on a victim’s system to disable antivirus software.

“Often the victim’s computer becomes part of a botnet and receives malware configuration updates,” the report said.

For more on the threats on Facebook and Twitter read “Using Facebook and Twitter safely” on CNET.

Cause for optimism
The report did end with some optimism, calling 2009 a good year for law enforcement. In November 2009, the U.S. Department of Justice indicted nine individuals “from Russia, Moldova, and Estonia who were allegedly responsible for $9 million in customer payroll data compromises at RBS WorldPay.”

The year also “saw the conviction of the infamous “Godfather of Spam,” Alan Ralsky of Michigan, and his criminal syndicate, which was responsible for generating a significant portion of the world’s unsolicited e-mail,” McAfee said.

“You started to see that not a lot of resiliency was built into some of those botnets, they were taken down, and poof they disappeared for very long periods of time,” Marcus said. He said he thinks “the bad guys will learn from that and build in some redundancy,” but he remains optimistic. “The good guys and regular users are getting tired of getting exploited and we’re finally starting to see more offensive and aggressive take downs of botnets…we’re starting to see people wanting to take back the Internet.”

Security companies are warning consumers and Web site operators to be wary of iPad-related search scams.

“This is just the kind of opportunity fraudsters like to exploit by poisoning search terms,” said Symantec’s Candid Wueest. Wueest also warned about “iPad-related spam and phishing attacks hitting consumers hard over the coming weeks.”

Don Debolt, CA’s director of threat research, warned about “black hat search optimization”–a scam whereby hackers take advantage of security flaws in blogs and other sites that use PHP scripting language to embed popular search terms like iPad to trick search engines into directing people to compromised legitimate sites that may have nothing to with the subject matter at hand. If people click on the link to a page on that infected site, they are then redirected to a malicious site that can implant malware on their machine or tempt them to install a rogue security product.

It has nothing to do with the iPad itself. Similar techniques have exploited other popular searches such as the Haitian earthquake and the death of Michael Jackson. Google has a trends page that shows hot topics and hot searches. On Thursday afternoon, the iPad was represented four times on the Top 10 list. “Obama State of the Union” led the list.

The entire process is automated, said Debolt. “We found that it’s a very systematic and programmatic process right now.” The attackers, he said, are using software to query search engines to find out the popular search topics and then “feeding that information into compromised Web sites so that those compromised sites and the content they put on those sites get indexed by the search engine bots.” To the end user it looks as if those sites have relevant content, but when you click on those pages, you are immediately taken to another site that has the malware.

Debolt warns people to be careful if a search engine points to a site where “the root domain of the URL doesn’t have any type of affiliation to the topic or is not an information portal you’re familiar with.” He warns site operators, especially those with a content management system that uses PHP, including Joomla, WordPress, and Droopa, to be sure they are using the latest version of their Web software.

I have a bit of experience with injected code. I operate a number of WordPress blogs including SafeKids.com which, a few years ago started serving up Google ads for Viagra and other male enhancement products. These were far from appropriate context-sensitive ads for an Internet safety site and when I took a look at my site’s code, I discovered that there were hundreds of links and terms that had been injected to my site as a result of a security flaw in my WordPress template. I replaced the template and updated the WordPress software and the problem went away. Now I’m careful to make sure I’m always running the latest version of WordPress.

As usual, people are cautioned to make sure they are using up-to-date security software and that both their operating system and browser are up to date.

This column originally appeared on CNET News.com

Last week, Microsoft dropped a bombshell on the PC security industry by announcing that it would eliminate its $50-a-year Windows Live OneCare service and instead offer a free anti-malware program called Morro.

The software, which will be available for download in the second half of 2009, will provide protection against viruses, spyware, rootkits, trojans “and other emerging threats.”

I have no doubt this will cause consternation for companies like Symantec, Trend Micro and Check Point that sell anti-malware software, but I’m hopeful it won’t destroy the market for third-party security applications. It’s in the interest of consumers for there to be a vibrant, competitive PC security marketplace.

My sources at security companies told me that they’re not particularly worried.  Laura Yecies, Vice President of Check Point software’s ZoneAlarm division said that she “doesn’t see Microsoft’s recent announcement about free security as being significant for ZoneAlarm.”  Referring to Microsoft’s One Care, she added ” the fact that a product that has not shown even mainstream efficacy levels has gone free should not matter.  This is not the first free product – those customers who have been willing to only get a free AV have already had choices for that.”

At first glance the Microsoft announcement is great news because people who are now paying $50 or more a year for protection can get what they need for free. While Microsoft OneCare has never been the highest-rated security suite, it has been a credible defense against malware. And I have no doubt Microsoft’s new product will be adequate for many PC users. I also think it makes sense for the company that makes the world’s most popular operating system to offer free security software, just as it makes sense for automakers to bundle air bags and seat belts.

But the comparisons between car safety and PC security can take us just so far. Unlike dangers behind the wheel, PC threats are constantly evolving as the bad guys find new and innovative ways to steal our information and invade our privacy. Indeed, even the types of threats have changed from viruses written by hackers out for a bit of ill-gotten fame to malicious programs designed by criminals looking for ill-gotten wealth. Keeping up with these criminals is a full-time job for thousands of security experts working for a number of companies around the world.

This competitive marketplace benefits consumers and businesses and, ironically, even helps out the security companies. People I know in the PC security industry tell me there is a great deal of cooperation and information-sharing about threats and best practices, even while they try to one-up each other on features, performance and other issues.

There is a risk associated with Microsoft’s decision to give away security software if it were to wind up destroying the market for other security companies.

For one thing, the competition keeps everyone — including Microsoft — on their toes, and fewer players could cause the remaining companies to be a bit more complacent. And if Microsoft were to drive other companies out of business, or simply dominate PC security, I would worry about its software’s effectiveness. Having multiple players in this field helps keep the bad guys at bay because they may be clever enough to defeat one product but are less likely to get past the defenses of all of them.

Microsoft’s software will not be bundled with Windows but must be downloaded separately.  I was told on background by a Microsoft employee that the company takes antitrust issues very seriously as it develops new products.

While this could have some impact on the revenue of PC security companies, it doesn’t completely eliminate their market. For one thing, the Microsoft solution is not likely to appeal to large businesses that have come to expect a level of service that Microsoft is unlikely to offer at no charge.

Also, there are added features in many of the fee-based services like phishing protection, anti-spam and warnings before you click on a potentially dangerous Web link. And there are other product categories besides Windows PC security. All of the major security companies have or are working on solutions for mobile phones, including smart-phones like the BlackBerry and iPhone. There are also security products for Linux and Macintosh.

It’s not as if Microsoft were the first company to give away security software. AVG offers a pretty good suite of security programs for free while other vendors, including Check Point and Trend Micro, give away pieces of their products, such as Trend’s HouseCall virus and spyware scanner.

Still, I worry. Free is good but competition is also good. Let’s hope that they can coexist in the world of PC security.