Microsoft: Spreadsheet Compare 2013

If you have access to Excel 2013 through Microsoft Office Professional Plus 2013 or through selected Office 365 subscription plans, you have access to a terrific new feature in Excel that allows you to electronically compare two workbooks and identify any differences in those workbooks. This new feature – Compare Files – is very powerful and, as you will see in this tip, is very easy to use.

To compare two Excel workbooks, begin by opening the workbooks. Then, choose Compare Files from the Inquire tab of the Ribbon and select the two workbooks you want to compare, as follows:

Upon clicking Compare in the lower right corner of the Select Files To Compare dialog box, Excel analyzes the two workbooks and generates a detailed analysis that highlights differences in data, formulas, formatting, and other characteristics. The figure below presents a sample of that analysis.

The Compare Files tool identifies differences between the two workbooks in the following fourteen areas; although for any given analysis, you can choose not to display the results of one or more of these tests.

In summary, Compare Files, a new Excel 2013 feature found on the Inquire tab of the Ribbon, offers a tremendous amount of power to help you identify, quickly and easily, the differences between two Excel workbooks. However, be aware that it is only available in certain editions of Excel 2013, so be sure to consider that when considering which version of Microsoft Office 2013 you choose to license.

IT Security: SandBlast by Check Point

Check Point is upgrading its sandboxing technology so it catches attacks earlier in the process and makes it harder for adversaries to evade detection.

Called SandBlast, the new software monitors CPU activity looking for anomalies that indicate that attackers are using sophisticated methods that would go unnoticed with traditional sandboxing technology, according to Nathan Shuchami, head of threat prevention sales for Check Point.

Traditional sandboxes, including Check Point’s, determine whether files are legitimate by opening them in a virtual environment to see what they do. To get past the sandboxes attackers have devised evasion techniques, such as delaying execution until the sandbox has given up or lying dormant until the machine it’s trying to infect reboots.

SandBlast thwarts the evasion technique called Return Oriented Programming (ROP), which enables running malicious executable code on top of data files despite protection offered by Data Execution Prevention (DEP), a widespread operating system feature whose function is to block executable code from being added to data files.

ROP does this by grabbing legitimate pieces of code called gadgets and running them to force the file to create new memory page where malicious shell code can be uploaded to gain execution privileges. This process has the CPU responding to calls that return to addresses different from where they started.

SandBlast has a CPU-level detection engine that picks up on this anomaly and blocks the activity. The engine is available either on an appliance in customers’ data centers or as a cloud service running out of Check Point’s cloud. The engine relies on features of Intel’s Haswell CPU architecture, Shuchami says.

The appliance and service had already been available for Check Point’s existing sandbox offering called Threat Emulation, and for customers who had it SandBlast is an upgrade at no extra charge. For new customers, the service costs between $3,500 and $30,000 per year per Check Point gateway. The appliances range from $27,000 to $200,000. These are the same prices Check Point charged for Threat Emulation without SandBlast.

Check Point is also introducing a feature called Threat Extraction which makes it safe to open documents quickly before they can be run through the sandbox. It converts Word documents do PDF files, which neutralizes malware they may contain, Shuchami says. It can convert PDF files to PDF files as well to reach the same end.

This makes it safe to view the content of the documents quickly while the sandbox works in the background. If the user need the original, it would be available after the sandbox found it benign, he says.

Alternatively, Threat Extraction could remove macros, Javascript, links and other potentially malicious features, but that doesn’t make files as safe as converting them does, he says.

IT Security: “Certifi-gate” Vulnerability in Android

Hours after Google and smartphone makers promised an imminent patch for the infamous Stagefright vulnerability another critical flaw in Android is being outed.

The “Certifi-gate” vulnerability allows applications to gain illegitimate privileged access rights, typically reserved for remote support applications that are either pre-installed or personally installed on Android devices.

Attackers can exploit Certifi-gate to gain unrestricted device access, allowing them to steal personal data, track device locations, turn on microphones to record conversations, and much more.

The vulnerability allows an attacker to take advantage of insecure apps certified by OEMs and carriers to gain unrestricted access to any device, including screen scraping, key logging, private information exfiltration, and back door app installation.

The root causes of these vulnerabilities include hash collisions, IPC abuse and certificate forging, which allow an attacker to grant their malware complete control of a compromised device.

The flaw affects hundreds of millions of Android devices from vendors including LG, Samsung, HTC and ZTE, according to security researchers at Check Point. The latest mega-flaw isn’t related to Stagefright, but it’s on the same scale in terms of numbers of devices (Android smartphones and tablets) affected.

All affected vendors were notified by Check Point about Certifi-gate and have begun releasing updates. Even so, fixing Certifi-gate may be even trickier than resolving the Stagefright vulnerability1.

For one thing the Certifi-gate vulnerability can only be resolved after a new software build is pushed to the device – a notoriously slow process. Even smartphones and tablets running the latest version of Android (Lollipop) are at risk.

Worse yet, resolving Certifi-gate involves updating multiple components and mobile remote support tool (mRST) plugins, according to Check Point researcher Avi Bashan.

The Certifi-gate patching process is fragmented as it relies on multiple updates from a range of different vendors (Google, OEMs and developers, especially those that make mRSTs) pushing updates.

IT Security: Android Stagefright Vulnerability Puts 950M Devices at Risk

A full 95 percent of all Android devices -- that's about 950 million smartphones, tablets and other mobile gadgets -- are at risk from one of "the worst Android vulnerabilities discovered to date," according to enterprise mobile security firm Zimperium. The security flaw, enabled by the Android operating system's Stagefright media library, could allow hackers to access devices without users ever realizing that they've been compromised.
Because Stagefright is used for time-sensitive media processing on devices, it's implemented using C++ code rather than a more "memory-safe" language such as Java, Zimperium noted today in a blog post on its Web site. However, that code leaves it more vulnerable to memory corruption and can open up devices to potential hack attacks that can gain remote access through media files delivered by MMS (multimedia messaging service) text messages.

Zimperium said it has reported the vulnerability to Google and also submitted patches for the flaw. While Google "acted promptly and applied the patches to internal code branches within 48 hours," many millions of Android device users might not see security updates for months, if at all.

"We thank [Zimperium zLabs researcher] Joshua Drake for his contributions," a Google spokesperson told us today. "The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device."

The spokesperson added, "Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device."

The Stagefright flaw opens vulnerabilities for devices running Android version 2.2 and up, according to Drake's findings. Most at risk are devices using Android Jelly Bean (versions 4.1 through 4.3.1), which covers about 11 percent of all Android devices, due to "inadequate exploit mitigations."

"If 'Heartbleed' from the PC era sends chill down your spine, this is much worse," the Zimperium blog post noted. The targets for this attack can be anyone from prime ministers, ministers, executives of companies, security officers to IT managers and more, with the potential to spread like a virus."

Google said Android's open source foundation ensures strong security by making it possible for anyone to look for and identify potential security risks. The company also encourages researchers to look for vulnerabilities through programs such as its Android Security Rewards Program, launched earlier this year, and its Google Patch Rewards program, kicked off in 2014.

Competitors such as Microsoft, however, have criticized Google for its less-than-completely-hands-on approach to security updates. Android system and security updates are often handled by device manufacturers or network carriers rather than by Google itself.

As of June 1, Google's Android developer dashboard indicated that the majority of device users -- 39.2 percent -- are running KitKat (Android 4.4). Jelly Bean (shown above) is the second-most widely used flavor of Android, with a total of 37.2 percent of Android users.

Updates for Android devices have traditionally taken a long time to reach users, and devices older than 18 months are unlikely to even receive an update, Zimperium noted on its blog, adding that it hoped users "recognize the severity of these issues and take immediate action." End users and enterprises should contact their device manufacturers or mobile carriers, the company said.

VMware: Schedule ESXi to Restart CIM Server (sfcbd-watchdog)

You may schedule the VMware ESXi to restart the CIM Server (sfcbd-watchdog) every half an hour by following the steps below:
1.  Access the ESXi through SSH

2.  Go to /etc/rc.local.d by typing the following commands:
cd /etc/rc.local.d

3.  Edit the local.sh with the following commands:
vi local.sh

4.  Insert the commands below right before exit 0:
echo "chkconfig sfcbd-watchdog off" > /usr/sbin/sfcbd-restart.sh
echo "chkconfig sfcbd off" >> /usr/sbin/sfcbd-restart.sh
echo "/etc/init.d/sfcbd-watchdog stop" >> /usr/sbin/sfcbd-restart.sh
echo "chkconfig sfcbd-watchdog on" >> /usr/sbin/sfcbd-restart.sh
echo "chkconfig sfcbd on" >> /usr/sbin/sfcbd-restart.sh
echo "/etc/init.d/sfcbd-watchdog start" >> /usr/sbin/sfcbd-restart.sh
chmod 755 /usr/sbin/sfcbd-restart.sh

kill $(cat /var/run/crond.pid)
cat /var/spool/cron/crontabs/root > /var/spool/cron/crontabs/rootx
echo "*/30 * * * * /usr/sbin/sfcbd-restart.sh" >> /var/spool/cron/crontabs/rootx
rm /var/spool/cron/crontabs/root
cp /var/spool/cron/crontabs/rootx /var/spool/cron/crontabs/root
chmod 1444 /var/spool/cron/crontabs/root
crond

5.  Press Esc and type the following commands to save and close the local.sh:
:wq!

6.  Locate the PID number of the crond process by typing the commands below:
cat /var/run/crond.pid

7.  Kill the crond process by typing the following commands:
kill -HUP <pid##>

8.  Finally, start the crond process again with the following commands:
ESXi 5.0:  /bin/busybox/crond
ESXi 5.1 and ESXi 5.5:  /usr/lib/vmware/busybox/bin/busybox crond

Apple: Mac OS X 10.11 - El Capitan

You should know the drill by now: every year Apple announces new desktop operating system in June, and by the end of October, it’ll be ready for us all to play with. The latest release takes its name from the iconic Yosemite vertical rockface, El Capitan.

While the changes don’t seem that big on the surface, there’s a lot going on under the hood that could make this incremental upgrade one of the most significant to date. Here’s what Apple is adding to OS X in October.


<< Improved Performance >>
El Capitan is an incremental upgrade rather than a major release (that was Yosemite, with its new flat UI and bold colors). Most features added by Apple are improvements of past technologies, and that should mean a smoother, more pleasant user experience in general.

Apple is throwing some numbers around to back this up, like the fact that apps now apparently launch 1.4 times faster than in Yosemite, that switching apps and displaying messages in Mail are twice as fast as before, and that PDFs now open at four times the speed in Preview.

These may seem like meaningless numbers attached to mundane tasks, but if performance has picked up similarly elsewhere, it’s possible you’ll notice a performance increase this time round. That’s rare because it’s commonly accepted that each upgrade introduces features which generally slow your computer down.

Another area where performance is set to soar is with Apple’s implementation of their console-level core graphics technology, Metal. The company is touting a 40-50 percent increase in system-level graphics rendering, which could seriously improve Yosemite’s occasionally laggy performance. A 10x increase in draw call performance (the time it takes the hardware to draw an object called by the graphics API) should improve gaming performance too.


<< Better Window Management >>
When your desktop becomes cluttered, your workflow becomes inefficient. Apple has taken a leaf straight from Microsoft’s book and finally added an “aero-snap” feature of its own which allows you to pin two windows side-by-side just like iOS 9’s new Split View mode.

In fact, it’s called Split View here too, and it allows you to grab an app, drag it to the top of the screen and then position it alongside another app without creating mess. The division in the center can be altered depending on the app you’re using, so you can set up Safari with a small TextEdit window for notes or check off songs on a Reminders list while you add them to your iPhone in iTunes.

Mission Control itself has also been revamped, with a new view that places each window on a single layer, without any stacking or overlapping. In fact, you don’t even need to head to Mission Control to organise your spaces any more — just grab the window, head to the top of the screen and wait for the desktop organiser interface to pop-up.

Last of all, while it’s not a window management feature it’s bound to be useful — shaking your mouse from side to side will now cause it to swell to giant proportions so you can easily find it, particularly handy if you use lots of monitors.


<< A Better Spotlight >>
Spotlight was overhauled during last year’s major revamp of OS X, and this year it’s getting smarter still with the addition of natural language. That means you can talk to Spotlight as you would Siri, by typing as you would speak. It should allow you to issue commands like: “Pages document I worked on yesterday about iOS 9,” or “emails from Jackson last week.”

Spotlight also adds some new sources of information, including the weather conditions and forecast, stock prices, sports news like scores, fixtures and league tables and web videos from sources like YouTube.


<< Improved Apps >>
Apple hasn’t introduced any brand new apps to El Capitan’s included software, but it has made some large changes to existing apps. Most of these changes are designed to complement the improved window management tools, with the introduction of Split View opening up a world of productivity options to users.

Mail in particular has seen some changes, starting with an improved full-screen mode (which is good because it’s currently a bit useless). Also new are iOS-style prompts that check your incoming mail for phone numbers or calendar invites and offer to add them to your contacts or schedule. Another feature ported from iOS is the ability to swipe horizontally on a mail message to quickly mark an email read or unread (swipe right) or to delete an email quickly (swipe left).

Tying in with the iOS 9 revamp, Notes gets a big overhaul and can now handle to-do checklists and note attachments too. This allows you to pin photos, videos, documents, audio recordings, web addresses and even locations to a note. It’s not quite Evernote, but it’s a big step up and it syncs for free with all your other Apple devices over iCloud.

Apple’s Safari web browser gets a few small tweaks including the ability to pin and mute individual tabs, two features that most other browsers have by now. It’s also possible to use AirPlay with web video now, which means rather than mirroring your entire screen you can choose just to share the embedded video with your Apple TV instead.

In other, less interesting changes, Maps gets mass transit information allowing you to get more accurate walking, subway, train, bus and even ferry directions in cities like London, Berlin and New York (with more set to be added) along with an easier way of sharing the route you just planned on your Mac with your iPhone.

Photos is probably the least interesting app to receive an update, adding third party editing tools (like filters and effects) and a long-awaited “sort by date” feature but probably not fixing the fact that you can’t easily edit your originals with an external editor any more.


<< New Fonts & Better Unicode Support >>
El Capitan comes with a few new fonts, and sees the system-wide font change to San Francisco, developed for use on the Apple Watch to be highly readable at a glance. If you’re bilingual or learning Chinese or Japanese you’ll also see improvements to El Capitan’s handling of these character-based languages.

Chinese users will see the new Ping Fang font and find that whether they use simplified or traditional Chinese the OS will better remember word choice, includes an enhanced prediction engine and provides access to frequently updated vocabulary lists. Inputting characters via the trackpad has also been improved, allowing for multiple characters in a row.

Japanese input has also been dramatically improved, with enhanced vocabulary and language engine that automatically transforms Hiragana into written Japanese as it is typed; and four new fonts.

Google: Google Photos

The search giant’s appealing service for storing pictures and videos in the cloud. It was uncoupled from Google’s widely ignored social network, Google+, where it had been effectively hidden. And it was upgraded with new features.

Not only that, but Google gave Photos users free, unlimited storage for pictures and videos at the highest resolutions used by average smartphone owners. And it issued nearly identical versions of the shiny new standalone app across Android devices and Apple’s iPhones and iPads. There’s also a browser version for the Mac and Windows PCs.

Once you’ve backed up your photo library to the service, all your photos and videos, including any new ones you take, are synced among all of these devices.

Google Photos was always good, but now it’s entirely outside of a social network. Lots of folks choose to share photos on social networks, but few want to share every single one publicly, or even among all their friends and followers. Now you don’t need a Google+ account to use Google Photos, and your pictures and videos remain private unless and until you choose to share them, Google says.

And when you do want to share them, you can totally ignore Google+ and easily and quickly post them to Facebook, Twitter and other networks, on both Android and iOS. You can email a link to a photo to someone, which works whether or not he or she has the Google Photos app.

<< People, Places and Things >>
The coolest aspect of the new Google Photos is that once you click the search button — before you even type anything — the app presents you with groups of pictures organized by three categories: People, Places and Things.

In the People section, Google collects all the photos containing faces it thinks are the same, without any work by you. It doesn’t identify these people, but just collects them for you for quick access. I found its guesses remarkably accurate. It even picked out a tiny image of my wife in the background of a group shot.

In the Places section, Google relies on geo-tagging where available. For older photos taken with cameras that lacked location tracking, it relies on known landmarks. For instance, it correctly identified a photo of the Eiffel Tower at night that I took with a cheap camera in 2002.

But the Things section, while less accurate, is more impressive. Here, the app uses cloud computing power to aggregate shots of, say, flowers or cars or the sky or tall buildings or food or concerts, graduations, birthdays — and yes, cats. And there are many more categories, including screenshots, posters and castles.

I was impressed by most of Google’s choices in the Things section. For instance, a category called Boats correctly included everything from fishing boats off Cape Cod to gondolas in Venice.

But there were some errors. For example, under Screenshots, Google Photos included an original, professionally-taken photo of me interviewing the company’s own top executive, Sundar Pichai — and it wasn’t a screenshot. And under the category Sky it included a graphic for an event by archrival Apple, which wouldn’t qualify as a Sky scene except on a planet where the sky was greenish and the sun was in the shape of the Apple logo.

You can remove such classification errors manually.

<< Photo Effects >>
As before, Google Photos automatically creates collages, animations, photo groups, panoramas and “stories” from photos it detects as being from the same place and time. You can choose whether to keep these in your library. As in the past, I generally found these pleasing and accurate. For instance, for my library, it created a Story — a sort of digital photo book — for a recent trip I took to China and Hong Kong, complete with maps showing my route.

The new version includes an “Assistant” panel that shows how your backup is going and presents these auto-created collections so you can choose whether you want to keep them.

You can also now manually create collages, animations, stories and more. And there are lightweight editing tools, including filters.

<< Search >>
Not surprisingly, search is a central feature in Google Photos, easily accessible from a blue button at the lower right of the screen. When I typed in “Massachusetts,” Google Photos instantly brought up loads of photos of subjects, ranging from my baby granddaughter (who lives there) to Revolutionary War sites I’d visited there to games I had attended at glorious Fenway Park in Boston.

<< Navigation >>
When you want to select multiple pictures — say, for sharing or creating an album — you don’t have to tap on them one by one. You can just select the first one and then slide your finger to add others to the selection.

Also, you can pinch and zoom to switch the view of your photo library from years to months to days.