Monthly Archives: January 2015

How to set up Chrome Remote Desktop for iOS

Google has released an iOS app that makes it possible to access your Mac or PC from any iOS device with an Internet connection.

An iPhone 6 Plus controlling a MacBook Air using Chrome Remote Desktop.

Chrome Remote Desktop is hardly a new service from Google. It’s been around for years, allowing users to access a Windows or Mac computer from another computer or an Android device. When it came to this Google service, iOS had been left out.

Then on Monday Google unceremoniously released the iOS Chrome Remote Desktop app into the App Store, making it super-easy to access your computer (or a family member’s computer) from your mobile device wherever you have a connection.

Before we dive into setting up the iOS app — or lack of required setup — you’ll need to make sure you have two things installed on the computer you plan on connecting to.

Chrome Remote Desktop app in the Chrome Web Store.

The first is, naturally, Chrome. Second, you’ll need to install the desktop version of the Chrome Remote Desktop app from the Chrome Web Store.

Once you have those two items installed, launch the app on your desktop and follow the prompts to complete the setup process. A video walking you through it all can be found here. Trust me when I say, you need very little technical expertise to get it installed.

The most important aspect of setting up the service is to remember your PIN. You did write it down, didn’t you? OK, good.

Chrome Remote Desktop on an iOS device.

Now that you have a PIN and the app is installed on your computer, download the iOS app from the App Store here. After its installed on your device, sign into the same Google account you used in Chrome and your computer should show up in the list. Tapping on the computer name will launch a remote session, where you’ll be prompted to enter your PIN. After successfully entering it, you’ll gain complete control over your computer.

Today’s computers face more attacks than ever

More malicious software has been created in the past 2 years than in the previous 10 years combined.



Nestled into a storefront at the top of San Francisco’s tree-lined Valencia Street is one of the city’s top defenses in the war against malicious-software infections: a computer repair shop owned by Del Jaljaa.

People bring their infected computers to Jaljaa’s San Francisco Computer Repair store 5 to 10 times a day, desperate for help restoring their devices to working order. In the past few years malware has grown to be about a third of his business. “It’s our bread and butter,” he said.

Getting computer infections more often? You’re not alone.

Infections from malicious software — harmful code that’s also known as malware and that includes things like computer viruses and worms — are keeping repair specialists like Jaljaa busy, thanks in part to an exponential rise in the types of malware hitting PCs. Malware detections by AV-Test, a company that tests the effectiveness of antivirus software, spiked in 2014 to more than 143 million, up 72 percent from last year, according to a report released Thursday.

To put that in perspective: there was more malware found over the last 2 years than in the previous 10 years combined.

Other malware watchers, such as security-software makers Malwarebytes and Kaspersky, have noticed similar trends.

Kaspersky saw four times more mobile malware attacks in 2014 than the year before, said Patrick Nielsen, a researcher with the company.

For years, antivirus software blocked malware based on the malicious software’s code. But would-be hackers found a way around that: They can buy or freely download malware code; then change just a few pieces of it. Suddenly, the code is invisible to the antivirus programs, and free to wreak havoc.

It’s not unlike plagiarizing grade-school homework, said Timo Hirvonen, a senior researcher at security-software maker F-Secure. “It’s as easy as removing a word or adding a letter to a Microsoft Word document,” he said. As a result, malware is changing so often that it’s getting harder to stop.

The security industry has attempted to find an answer. One of the newest techniques is to keep track of how malware behaves and what it tries to do. Imagine malware that attempts to copy your online-banking password: any file doing this would be tracked by these new security tools.


Data from AV-Test shows malware attack rates spiking.

Even then, however, security researchers say they’re barely keeping their heads above water.

“At the pace we’re going, that’s just not feasible [to defend against] anymore,” said Jérôme Segura, senior security researcher at Malwarebytes.

The escalating game of cat and mouse has even entered the world of cryptography. Hackers are jumbling the code of their malware to avoid getting caught, using the same techniques companies use to protect sensitive files.

Avoiding “shady websites,” as Nielsen put it, isn’t enough in an age when malware can be delivered by ads on legitimate sites like Yahoo News.

So should we just swear off computers forever?

Jaljaa, the computer-repair-shop owner, said there are simple things people can still do to keep themselves safe. Users still need to install antivirus and other security tools, as they’ve been doing for years, he said. But they should also make sure to keep all their software up to date.

And if you do get a malware infection you can’t get rid of? Well, there are always people like Jaljaa to bail you out. But it’ll cost about $130.

Correction, 6:14 p.m. PT: Kaspersky’s Patrick Nielsen clarified the security-software maker’s estimate of the increase in mobile malware attacks from 2013 to 2014. He said the company saw a four times increase from year to year. The story has been changed to reflect this.

The biggest cyberthreat to companies could come from the inside

A recent attack against Morgan Stanley that exposed hundreds of thousands of customer accounts was an inside job, a threat experts say is nearly impossible to stop.

The Morgan Stanley Building in Times Square, New York City. The financial services firm revealed on Monday an employee had stolen data from more than 350,000 accounts. Getty Images

Companies spend billions of dollars each year to protect from determined hackers attacking from across the Internet, but experts warn they shouldn’t ignore a closer threat they aren’t even ready for: Inside jobs.

Morgan Stanley, one of the world’s largest financial services firms, revealed Monday its customer information was breached. But it wasn’t the result of determined hackers or sophisticated email attacks. Instead, Morgan Stanley said it was an employee who stole data from more than 350,000 customer accounts.

The move is a wake-up call to companies, which spent an estimated $71.1 billion in 2014 on cybersecurity, up nearly 8 percent from the year before. And while hackers have successfully attacked large companies like JPMorgan, Target and Home Depot, experts warn employees pose just as much a threat, whether they act intentionally or by accident.

While the cybersecurity industry is devising an ever growing list of technology to protect from intrusions, it turns out there’s relatively little that can be done to stop an insider who already has access to a company’s otherwise highly protected data.

“There’s always going to be a way, just like with hacking, for insider attacks to happen,” said Lucas Zaichkowsky, who used to manage computers at a major credit card processor and is now a security expert at Resolution1.

Attacks by insiders are often characterized in three ways: They’re hard to detect and don’t happen often. But when an attack does come from the inside, it can be devastating. Security researchers at the Ponemon Institute say 88 percent of IT pros surveyed say they struggle to identify insider attacks, and security consultants at SpectorSoft say less than half of companies are even capable of noticing.

Few companies publicly disclose these types of attacks, and when they do they rarely estimate the damage. SpectorSoft said insider attacks — 35 percent of all those committed — cost US companies $40 billion in 2013 alone.

Few ways to protect

Despite the challenges in detecting and blocking insider attacks, there are ways that can help companies reduce the risk of insider attacks.

First, experts recommend companies tighten restrictions on highly sensitive data, locking files behind passcodes and security systems only employees and trusted business partners who must have access actually do. One way to do that is with cryptographic computer code, which jumbles a file’s contents using an algorithm that only those with the proper computer keys have.

If the information does have to be accessible on the company network, “try to come up with a data policy that segregates it,” said Andrew Conway, a site and data breach expert for security company Cloudmark.

Companies also need to monitor the actions of the employees who do have access, to ensure the data isn’t copied or destroyed without approval. Many attacks have been spotted by warning systems, but the alarms went unnoticed.

Other long-standing techniques include preventing files from being copied to USB by physically blocking USB ports with liquid cement, and removing cameras from the screens of laptop and desktop computers. Some companies even use “air-gapped” computers — machines which are neither connected to the Internet nor to other computers.

The US government has gone to some lengths to ensure certain kinds of data are better protected than others. Nuclear facilities, for example, have used air-gapped computers for years. There are also laws governing how medical data is stored and accessed, requiring companies to keep extensive logs every time the files are read.

Another option for companies is to bring on a chief security officer, someone who understands and knows how to balance security with a company’s day-to-day business, and sets rules for how files are stored and accessed. Ponemon backed up this assertion in a 2013 study which found the cost per record exposed in a breach goes down when a company has hired such a person.

Even if companies implement all those measures, experts say they can’t entirely secure their systems from a determined insider.

Consider famous information leakers like Edward Snowden and Chelsea Manning, each of whom accessed and leaked thousands of classified government documents. In both cases, they were able to circumvent some of the US government’s most secure computer systems by virtue of being on the inside.

“If the NSA can’t prevent an insider breach, then how is an enterprise company going to stop one?” Conway said.

4 things to expect from Google in 2015

Google wants very much to be known as more than just a search company, and over the next year many of its biggest moves will be in other areas.

Many of Google’s biggest moves in 2015 will come outside of search. Getty Images

Google is a powerhouse, but it’s a powerhouse in transition.

In 2014, Google’s search engine — the largest in the world — continued to dominate the market. In the US, the company has 67 percent of the search market on desktop computers. Globally, it’s a $50 billion business in revenue annually.

But as Google looks to where future revenue streams will come from, CEO Larry Page hasn’t been shy about saying the company has needed to expand its vision. When Google was founded in 1998, it gave itself the mandate of “organizing the world’s information.” Now that means a lot more than just search.

“I think the mission statement is probably a little bit too narrow and we’re thinking about how to do that a little more broadly,” Page said in December.

So, not surprisingly, much of what’s expected from Google over the coming year has little to do with its juggernaut search business and more to do with its ever-growing enterprises outside of search — from YouTube to its secretive lab Google X to its dominant Android platform. Here are four things to consider when looking at Google in 2015.

1) The consumer launch of Google Glass
Remember Google Glass? The Internet-connected smart eyewear, which captured the attention of geeks and the tech media, launched in a limited program in early 2013 but had gone relatively dark in 2014. Google is expected to release the consumer version of Glass sometime this year.

The device, which Google co-founder Sergey Brin previously intended for a wide release last year, has been met with both fascination and scorn since it was unveiled in 2012. It has particularly touched a nerve with those concerned about piracy and privacy. Glass, which has a built-in camera and recording device, has been banned from movie theaters by the Motion Picture Association of America and has also been banned by some bars.

The launch of the consumer version of Google Glass was previously expected to come this year. CNET


But for all the controversy Glass has stirred up, the device is still technically on a very public test run. Google strategically planned a slow rollout, calling the first people to own the device “explorers.”

It’s unclear what the product will offer once it moves beyond its prototype phase. Some analysts expect a price drop from its original, “explorer” price of $1,500. Paul Saffo, a Stanford professor and Silicon Valley futurist who’s observed the industry for decades, believes the price was deliberately steep to temper expectations. “If it had a consumer price, people would expect consumer functionality,” he said.

Others say the product will be better as a result of the hardship early on. “What we see in version 2, 3 or 4 is going to be significantly better because of the failure of version one,” said Sameet Sinha, an analyst at B. Riley and Co.

2) A push to get TV ad budgets to YouTube
Google has been making big investments in YouTube, its premier online video platform. The company has fought to keep its top creative talent on the service, especially as rivals like Facebook and startups like Victorious aim to crowd YouTube’s turf.

There’s good reason for that investment. YouTube gets more than a billion unique visitors every month and streams about three months’ worth of video to viewers every minute. eMarketer predicted that video ad revenues from YouTube in the US would hit $1.13 billion by the end of 2014.

Google wants to cash in on YouTube even more. In the advertising world, television has traditionally been where brands and agencies spend the most money. But analysts say that’s poised to change. Ad spending on the Web is set to overtake ad spending on television in 2016, according to a study published in November by Forrester (though that includes all types of Web-based ads — not just online video).

Several big tech companies have upped their investments in online video ads over the past couple of years. In November, Yahoo bought the ad-tech company Brightroll for $640 million — the second largest acquisition CEO Marissa Mayer has made since taking Yahoo’s helm in 2012. AOL bought, another video ad-tech company, in 2013.

Sinha said he thinks Google will more aggressively go after making deals with big brands and advertising agencies to bring their ad budgets to YouTube. The company has already started making those pacts. In February, Google struck a deal with Magna Global, one of the world’s largest advertising buyers. Magna Global is a unit of IPG Mediabrand and invests $37 billion a year on behalf of its clients. The deal reportedly committed about $100 million of marketing money to Google websites, including YouTube.

Another hint about Google’s commitment to bringing big ad budgets to YouTube? The company in February put Susan Wojcicki, one of Google’s earliest and most senior executives, in charge of YouTube. Wojcicki previously spent years running Google’s overall advertising business.

“It can’t get much more senior than that,” said Sinha.

3) Android everywhere
Arguably no division inside Google was busier in 2014 than the one in charge of Android, the company’s mobile operating system. The software already powers more than 80 percent of the world’s smartphones, and Google took major steps in 2014 toward expansion.

In September, the company launched Android One, an initiative aimed at bringing affordable, high-quality Android phones to emerging markets. The project, which guides handset makers in what components they should include in their hardware, originally launched in India. In December, Google expanded the program to Bangladesh, Nepal and Sri Lanka. The company originally planned to launch in the Philippines and Indonesia by the end of 2014, but those launches — along with launches in other countries — will likely take place over the coming year.

In November, the company began to roll out Android Lollipop, which Google product czar Sundar Pichai called the company’s “largest, most ambitious” release yet of the OS. The update is a major overhaul of the software’s design and user interface.


Google Android chief Sundar Pichai launched the company’s Android One initiative in India in September. James Martin/CNET

B. Riley and Co’s Sinha thinks those efforts mean Android is poised to make a jump in quality. “What we see [in 2015] is Android coming out with significantly better phones than what we see now,” he said.

Google has also made big bets in wearable devices. Along with Glass, the company has focused on Android Wear, a modified version of Android tailor-made for wearables like smartwatches.

The payoff could be big. By 2018, shipments of wearables will surpass 100 million units, an almost sixfold increase from 2013, according to research firm IDC. Competition in the market will also heat up soon, as Apple gets set to release its own wearable, the Apple Watch, in early 2015.

The chief knock on wearables in the early goings has been that many of them are still too expensive and that there are not many uses for them yet. But Google says it’s committed to helping Android Wear mature at a fast rate. “We want to be able to iterate very, very quickly,” Hiroshi Lockheimer, Android’s top engineer, told CNET in September.

4) Ongoing scrutiny in Europe
Though Google has focused its efforts on several new businesses, search is still the company’s bread and butter. And the company’s dominance there will likely give Google headaches as antitrust probes continue into 2015.

Google has been embroiled for the past four years in an antitrust investigation in Europe. The case delves into allegations that the company prioritizes the results of its own properties — like YouTube or the Google+ social network — over the results of competitors. Google has also been the main target of a European court’s ruling known as the “right to be forgotten,” which lets people request their names be excluded from search results if the content is irrelevant or outdated.

Chris Jackson/Getty Images

The European Parliament has also filed a public motion in favor of splitting up Google’s search business from the rest of the company (though Google wasn’t actually mentioned by name). The motion itself is toothless, but it puts political pressure on the European Commission — which sets the region’s political agenda — as it probes Google. It also underscores an unfriendly political tone toward the company.

“All of it really reflects broad suspicion of Google in Europe,” said Jan Dawson, an analyst at Jackdaw research. Dawson said he expects the European Commission to implement rules around how Google can “cross-promote” its own products on search.

The Commission’s antitrust investigation of Google has been drawn out since it began in 2010. After three previous attempts, Google and European regulators haven’t been about to agree on a settlement. Europe’s new competition chief, Margrethe Vestager, who took the post in November, has indicated she would listen to all complainants before deciding how the investigation would proceed.