Archive for the ‘Tech News’ Category

Update: Superfish and Maxthon

Friday, February 27th, 2015

Dear Friend of Maxthon,

 This note is an update on Superfish, how it works, its relationship to Maxthon browsers and what we are doing to mitigate any issues related to it.  Our engineering team has spent a good bit of time examining Superifsh and  how it interacts with Maxthon.

Here is what we learned.

Superfish is malvertising software that Lenovo pro-actively pre-installed on several consumer PC product lines in 2013 and 2014. Its purpose is to control part of your web browsing and serve you advertising. It is designed to intercept all encrypted connections, things it shouldn’t be able to see. Superfish accomplishes this in an insecure way that leaves the system open to hackers or NSA-style spies. For example, it can spy on your private bank connections.

 The function that intercepts and replaces encrypted connections within Superfish is known as a “SSL hijacker,” Specifically the Komodia Redirector with SSL Digestor.  This SSL hijacker was created by an Israeli company called Komodia. An SSL hijacker opens up a HUGE security hole — effectively creating a ‘man in the middle’ attack on your machine. Superfish uses this hole to install its own root CA certificate in your Windows system. From that point on Superfish intercepts each SSL site certificate and swaps it out with a copy of its own that allows access to serve ads. SuperFish’s advertising works by injecting JavaScript code into web-pages. This can wreak havoc with websites, breaking them.

Even if you don’t have a Lenovo consumer PC your PC might have this vulnerability because Komodia sold this technology to other malware companies including:

  • Atom Security
  • Infoweise
  • Komodia (KeepMyFamilySecure)
  • Kurupira (Webfilter)
  • Lavasoft (Ad-Aware Web Companion)
  • Qustodia and Websecure LTD (Easy Hide IP Classic)

Now, Only the traffic from the browser to the SuperFish internal proxy uses the website’s certificate. The traffic on the Internet still uses the normal website’s certificate, so we can’t tell if a machine is infected by SuperFish by looking at this traffic.

However, SuperFish makes queries to additional webpages to download JavaScript. 

And this is where Maxthon enters the picture.  

Due to the way we handle javascript requests in our browser, Maxthon’s PC browser unintentionally triggers a false positive on the Superfish test. In most cases running the test on other browsers on your system will not. If you find yourself in a position where Maxthon is said to be insecure  and Chrome (on the same machine) is not, do not worry.  If you get positives from all browsers, you likely have Superfish.

To repeat: the way Maxthon browsers retrieve javascript can trigger a false positive during a Superfish detection test saying your system is at risk.  Even though our browsers remain as secure as the best in the industry, we recognize the severity of this bug and have elevated it to the top of the line – P1 importance.

We are working on a fix for it as we speak and will update all affected browsers via a required browser update when complete.

In the meantime, if you have not already, please take a couple of minutes to test your Windows PC for the presence of Superfish.  Use the link for a simple and fast test.

If you do determine you have Superfish, you will need to both uninstall the .exe AND manually remove the bogus CA certificate.  This link will show you how remove it completely.

Thank-you for your continued support of Maxthon.  We’ll keep you informed of any changes.

-Team Maxthon

Surprise! Microsoft jumps to Windows 10

Tuesday, September 30th, 2014


Forget Windows 9. In an unexpected twist, Microsoft will be going straight to double digits from Windows 8 as it faces a challenging future for its operating system.

SAN FRANCISCO — Microsoft just said no to 9. The follow-on to the current Windows 8 operating system will be known as Windows 10.

Originally codenamed Windows Threshold, the new operating system essentially does away with the decency on the tiled “Metro” user interface that Microsoft had attempted to implement across its entire device line, from desktop PCs to Surface tablets and Widows Phone devices. In its place is a combination of the so-called live tiles, present in areas like the new Start Menu, and a more classic Windows experience that aims to please both touch and keyboard-and-mouse users.

Windows 10 is such a substantial leap, according to Microsoft’s executive VP of operating systems, Terry Myerson, that the company decided it would be best to skip over Windows 9, the widely expected name for the next version.

“Windows 10 will run on the broadest amount of devices. A tailored experience for each device,” Myerson said at a press event here Tuesday. “There will be one way to write a universal application, one store, one way for apps to be discovered purchased and updated across all of these devices.”

Those changes found many critics and detractors.

Windows 8.1, released last year, attempted to address those complaints with the revival of core Windows design and usage properties, such as the Start button. Now, with Windows 10, Microsoft is not quite hitting the reset button on touch, but wants to make sure it does not repeat history in its attempt to take Windows forward.

“We believe that, together with the feedback you provide us, we can build a product that all of our customers will love,” Myerson said. “It will be our most open collaborative OS projects ever.”

Taking the stage after Myerson’s introduction was Microsoft’s Joe Belfiore, corporate vice president of operating systems and the current public face of Windows and Windows Phone design and development. He gave attendees a live demo of an early build of Windows 10. Belfiore, too, put the emphasis on a great leap forward.

“We want all these Windows 7 users to have the sentiment that yesterday they were driving a first-generation Prius,” he said, “and now with Windows 10 it’s like we got them a Tesla.”

Windows 10 combines elements of Windows 8′s forward-thinking design and the familiarity and functionality of Windows 7, still the most popular Microsoft OS. According to Web traffic-tracking firm Net Applications, Windows 7 could be found on 51 percent of desktop PCs in August, compared with just over 13 percent for versions 8 and 8.1 combined.

“It’s easy to say, ‘Oh it’s Microsoft giving up on touch,’” Belfiore said, pointing out the most obvious criticism of the scaled-back Metro interface. “We’re absolutely not giving up on touch. We have a massive number of users who know Windows 7 well and a massive, but smaller, number of people who know Windows 8 well.”

Never Offline? How Apple Is Invading Our Bodies

Saturday, September 20th, 2014

Interesting thought piece about Apple’s latest devices from

Apple Watch Time Magazine Cover 140922

The Silicon Valley giant has redrawn the line that separates our technology and ourselves. That may not be a good thing

The Apple Watch is very personal—“personal” and “intimate” were words that Apple CEO Tim Cook and his colleagues used over and over again when presenting it to the public for the first time. That’s where the watch is likely to change things, because it does something computers aren’t generally supposed to: it lives on your body. It perches on your wrist, like one of Cinderella’s helpful bluebirds. It gets closer than we’re used technology getting. It gets inside your personal bubble. We’re used to technology being safely Other, but the Apple Watch wants to snuggle up and become part of your Self.

This is new, and slightly unnerving. When technologies get adopted as fast as we tend to adopt Apple’s products, there are always unintended consequences. When the iPhone came out it was praised to the skies as a design and engineering marvel, because it is one, but no one really understood what it would be like to have it in our lives. Nobody anticipated the way iPhones exert a constant gravitational tug on our attention. Do I have e-mail? What’s happening on Twitter? Could I get away with playing Tiny Wings at this meeting? When you’re carrying a smartphone, your attention is never entirely undivided.

The reality of living with an iPhone, or any smart, connected device, is that it makes reality feel just that little bit less real. One gets over-connected, to the point where the thoughts and opinions of distant anonymous strangers start to feel more urgent than those of your loved ones who are in the same room as you. One forgets how to be alone and undistracted. Ironically enough experiences don’t feel fully real till you’ve used your phone to make them virtual—tweeted them or tumbled them or Instagrammed them or YouTubed them, and the world has congratulated you for doing so. Smartphones create needs we never had before, and were probably better off without.

The great thing about the Apple Watch is that it’s always there—you don’t even have to take it out of your bag to look at it, the way you would with an iPhone. But unlike an iPhone you can’t put the Apple Watch away either. It’s always with you. During the company’s press event the artist Banksy posted a drawing to his Twitter feed of an iPhone growing roots that strangle and sink into the wrist of the hand holding it. You can see where he was coming from. This is technology establishing a new beachhead. To wear a device as powerful as the Apple Watch makes you ever so slightly post-human.

What might post-humanity be like? The paradox of a wearable device is that it both gives you control and takes it away at the same time. Consider the watch’s fitness applications. They capture all data that your body generates, your heart and activity and so on, gathers it up and stores and returns it to you in a form you can use. Once the development community gets through apping it, there’s no telling what else it might gather. This will change your experience of your body. The wristwatch made the idea of not knowing what time it was seem bizarre; in five years it might seem bizarre not to know how many calories you’ve eaten today, or what your resting heart rate is.

But wearables also ask you to give up control. Your phone will start telling you what you should and shouldn’t eat and how far you should run. It’s going to get in between you and your body and mediate that relationship. Wearables will make your physical self visible to the virtual world in the form of information, an indelible digital body-print, and that information is going to behave like any other information behaves these days. It will be copied and circulated. It will go places you don’t expect. People will use that information to track you and market to you. It will be bought and sold and leaked—imagine a data-spill comparable to the recent iCloud leak, only with Apple Watch data instead of naked selfies.

The Apple Watch represents a redrawing of the map that locates technology in one place and our bodies in another. The line between the two will never be as easy to find again. Once you’re OK with wearing technology, the only way forward is inward: the next product launch after the Apple Watch would logically be the iMplant. If Apple succeeds in legitimizing wearables as a category, it will have successfully established the founding node in a network that could spread throughout our bodies, with Apple setting the standards. Then we’ll really have to decide how much control we want—and what we’re prepared to give up for it.

Apple iPhone 6 Plus vs. Samsung Galaxy Note 4: Big-Screen Showdown

Friday, September 19th, 2014

Posted via PCMag

Apple iPhone 6 Plus vs. Samsung Galaxy Note 4: Big-Screen Showdown


Samsung may have fired the first shot with the category-defining Galaxy Note, but Apple appears poised with a volley of its own. Now big-screen fans will have an even tougher choice ahead of them—the Galaxy Note 4 and iPhone 6 Plus go on sale this week, though Samsung’s only opening up pre-orders at the moment. The stage is set for showdown of epic proportions. Is bigger better? Can Apple beat Samsung at its own game? Read on for a side-by-side comparison.

Let’s start with the most obvious comparison: size. Though it sports a larger 5.7-inch display, the Galaxy Note 4 isn’t proportionately bigger than the iPhone 6 Plus. The Note 4 is shorter at 5.95 inches to the iPhone’s 6.22 inches, which could factor into pocket friendliness. The iPhone 6 Plus is slightly narrower at 3.06 inches to the Note 4′s 3.09 inches, and generally speaking, the narrower the phone, the more comfortable it is in the hand, but this difference is pretty marginal.

Samsung steps up its build quality game with this generation, framing the Note 4 in a sturdy metal band that should help quiet the plastic haters out there. Still, Apple’s unibody design looks as impressive as ever and continues Apple’s dominance on this front. To Samsung’s credit, the Note 4 retains the removable battery and microSD card expansion that fans have come to expect from the Galaxy line.

Name Apple iPhone 6 Plus Samsung Galaxy Note 4
Editor Rating
Lowest Price
Operating System as Tested iOS 8 Android 4.4
CPU Apple A8 Qualcomm Snapdragon 805 Quad-Core
Dimensions 6.22 by 3.06 by 0.28 inches inches 6.04 by 3.09 by 0.33 inches
Weight 6.07 oz 6.21 oz
Screen Size 5.5 inches 5.7 inches
Screen Type Retina Super AMOLED HD
Screen Resolution 1,920 by 1,080 pixels 2560 by 1440 pixels
Screen Pixels Per Inch 401 ppi 515 ppi
Camera Resolution 8 MP Rear; 1.2 MP Front-Facing 16 MP Rear; 3.7 MP Front-Facing
Video Camera Resolution 1080p 4K, 1080p
NFC Yes Yes
microSD Slot No Yes
Read the Review Read the Review

Apple finally steps into the world of full-HD displays, though it still calls it Retina HD, while Samsung appears one step ahead with its quad-HD panel. That makes for 401ppi for the iPhone 6 Plus and 515ppi for the Note 4. Will you actually notice a difference? Maybe if you have above-average vision, but even that’s a stretch in most situations. The big differentiator here is the screen tech—Samsung’s Super AMOLED panels have been drawing rave reviews since the Galaxy S5, and DisplayMate has already crowned the Note 4′s display as the best yet.

I won’t dive into sheer performance or software—both phones have top-of-the-line processors and run the latest versions of Android and iOS. Some other key differences to keep in mind are stylus support and camera performance. Samsung’s best stylus gets even better with the Note 4, while Apple’s camera prowess is well documented.

This might be the most hotly contested smartphone battle of the year, but we’re reserving final judgment until we can get both supersized handsets into our labs for thorough testing. That shouldn’t stop you readers from chiming in, though, so let us know which phone you’ll be clamoring to grab this fall. I’d say keep it civil, but, well, you know how these things go.

For more, check out PCMag’s hands on with the iPhone 6 Plus and the Galaxy Note 4, as well as our other spec comparisons:

Lifehacker: Ask an Expert: All About Online Privacy and Security

Monday, June 9th, 2014

When it comes to security, the internet can sometimes feel like the wild west. Large commercial sites are routinely hacked and our private data feels like it’s behind a leaky sieve. How secure are we and what can we do?P

While some of us fire up Tor just to check email, other folks happily use public coffee shop Wi-Fi to manage their bank account without a care in the world. Where do you draw the line? Here to discuss online privacy and security is Karl Mattson, VP of International at Maxthon. Karl deals with security concerns every day at Maxthon, which has pioneered many areas of secure cloud-based web browsing. Have a question about your privacy and security concerns? Karl will be here for the next hour, so ask away!P

The Q&A is now over, but thanks for your great questions!

Have an expert you’d like to see participate? Email us.

IAmJared to Andy Orin
What’s the easiest and most consistent way to stay private on the internet?

Karl Mattson to IAmJared
First one needs to think about levels of privacy. If you want to surf the web completely anonymously, you’ll need to use a network like ‘Tor’ — that essentially covers your tracks — passing your requests through a sticky web of IP addresses. That, plus a ‘belt and suspenders’ approach to password management will keep you very safe. That’s the ultimate, a high standard. Unfortunately there is no easy way — but rather one needs to think of this in terms of using a set of best practices and tools. Password protectors to avoid identity theft. Avoid posting pictures of oneself to public networks. Manage your Facebook and LinkedIN profile settings actively. Reduce or refuse 3rd party cookies. There are many things one can do. Whatever you do — be wary of open WiFi networks.

iamazebra to Andy Orin
How do you draw the line between “keeping your privacy” and “being the product”?
For instance, if you had to sign up for an email service, how would you go about deciding between a service like Gmail or Yahoo mail and a paid service that guarantees your privacy like Hushmail or MyKolab?

Karl Mattson to iamazebra
Making that choice requires taking an end-to-end approach to your privacy. A service like Hushmail or MyKolab is only as secure as its internal data access and management practices are. Meaning, take the time to verify that MyKolab restricts and limits access from employeers to the servers it uses. To some degree, when looking at a service like Gmail or Yahoo — there is strength in size. Established publicly-traded companies like them tend to be much more thorough with their practices. But then again, their size also makes them a target of agency-level snooping a la ‘Prism’

charles lee to Andy Orin
is it worth having a personal vpn on a home server like logmein hamachi as well as a paid vpn to protect data until it reaches the paid server’s?

Karl Mattson to charles lee
That depends on your willingness to maintain such a system. Personal VPNs are getting easier every day, though. Personally, I do not. Rather, I segregate data locally on separate drives that are NOT wifi-enabled.

USER23 to Andy Orin
Hi Karl – I hear a lot about online identity theft. Where and when am I most vulnerable to this? Are there measures I can take to protect my personal information?

Karl Mattson to USER23
Identity theft is, more often than ever, the combination of both an online and an offline actions. For example, ‘Target.’ There the vulnerability was the physical Point of Service registers in the stores. Not much you can do about that. But, when you’re surfing the web you have options that empower your own security. First, recognize that the back door into more people’s operating systems — and their personal data — is usually through web mail viewed via web browser. Make sure the browser itself is secure — that it sandboxes processes and isn’t vulnerable to cross-scripting holes. Then, be smart about clicking on links, images and downloads in email —> EVEN if you believe that email is from a personal friend. And, definitely use a good anti-virus/security application with anti-phishing and malware protection.

velascomike to Andy Orin
What is your opinion on password managers like LastPass? Is it a secure option if used properly (like using two factor authentication)?

Karl Mattson to velascomike
Password managers like LastPass are worth the effort. Just know that you are then collecting and centralizing your passwords. I think two-factor authentication is necessary. I would like to see every website or app that uses even mildly sensitive data to adopt it.

JasonMTracy to Andy Orin
“other folks happily use public coffee shop Wi-Fi to manage their bank account without a care in the world.”
Why wouldn’t I? If I verify the certificate (I do), then what does it matter if I’m on public wifi?
In other words: Don’t trust a hardwired connection to your personal ISP any more than a coffee shop wifi.

Karl Mattson to JasonMTracy
Jason, you raise a good point. If you verify the certificate you can be reasonably sure you’re safe. Someone could still be logging your session — eg the MAC address of your machine and every IP address you went to and when. Taken alone you may think that doesn’t leave you very vulnerable. But, now more than ever before, that kind of seemingly useless session data is easily combined with other dis-aggregated data about yourself which allows for increasingly more complex and detailed profiles of who you are: what you do, where you go, how you shop, what you like/dislike. The aggregation of dis-aggregated personal data in the cloud is pretty creepy to me.

Karl Mattson to Karl Mattson
For most, the horse is out of the barn on that privacy issue. All of us have all lmany, many ‘identity breadcrumbs’ on the open web. And a slew of private and governmental agencies are mining it and creating behavioral profiles from it.

Casey to Andy Orin
How can I make my Android phone the most secure. If I download apps certified only by the play store, how can I add additional security? Recommendations?

Karl Mattson to Casey
Casey — that is a great question. When you talk to security professionals they’ll all tell you the same thing — Android is GROUND ZERO for identity theft threat. It’s open by design — and that means the bad guys have many holes to exploit. I use whole-device security apps on my Android devices — products like AVG Mobile, for example.

IMHO, privacy and security on the web require personal responsibility and a regimen. In the same way you have to take the time to learn the rules of the road and drively safely, so should you take the time to learn what and where about major web threats and how to protect itself. Privacy hygiene. You gotta’ practice it… 

thinktechdude to Andy Orin
What are your thoughts about the death of Truecrypt? Is it still safe to use?

Karl Mattson to thinktechdude
I use encryption tools but have no illusions about the level of protection they offer. There is the very real unknown of undiscovered backdoors. And, the math behind cracking encrypted information is straightforward. It’s a function of computational power and randomness. Again — there is no magic bullet.

How can I stop companies from following me? For example I browse something on Newegg and for the following 7 days all I get is newegg ads, same with amazon or any store I browse. I know there is adblock plus and edge, but how can I completely stop these companies from getting my browsing information?

Karl Mattson to Lolobond
Use Adblock plus. Use a browser that supports ‘Do Not Track’ (and be sure it is enabled). Then, either don’t allow 3rd party cookies (look in your browser options menus) OR — and pardon the plug — use Maxthon’s browsers. Maxthon web browsers split how we manage 3rd party cookies — preventing the tracking kind from working while allowing the kind that, for example, remember your username, to work. So, you get convenience along with protection.

Andy Orin, Host to Andy Orin
Hi Karl, glad you could be with us today. What do you think’s the most common mistake that average people make that can compromise their online security?

Karl Mattson to Andy Orin
This will sound retro and remedial, but poor password management is the most common (and wholly avoidable mistake.) Before you do anything else re: security, find and use a password management app like ‘LastPass.’ It is fool proof? No — human error is at play, but they definitely make a difference.

Karl Mattson to Karl Mattson
On a more abstract level, the biggest problems we see in your user mail and focus groups arise from consumers not knowing when the security of one application or device ends and another begins. By that I mean, consumers needs to think about online privacy from at least two major areas — what happens on the device and what happens on the open web.

Andy Orin, Host to Andy Orin
I’m sure a lot people are also paranoid about their ISPs watching their traffic, not to mention some certain government agencies. Do you think normal folks would benefit from VPNs?

Karl Mattson to Andy Orin
VPNs will go a long way but if the concern is an ISP watching your traffic in an ‘NSA’ Prism – type dynamic, a VPN adds a level of protection but is not magic bullet. As long as traceroute exists agencies and governments will be able to extrapolate increasingly more accurate information about where you go online – -and can then make pretty accurate inferences from that.

Karl Mattson to Karl Mattson
Everyone needs to do a little personal soul-searching to examine what is *most* important them regarding privacy. On the web anonymity is a not binary. It’s a matter of degrees — from total anonymity on one end to ‘my life is an open book’ on the other. Each person needs to determine for him or herself where they sit on that scale.

Christina DiRusso to Andy Orin
Having an online presence in some cases is so important for building a career. How does an individual, especially within a job hunting scenario, strike a balance between building a public, online brand and privacy?

Andy Orin, Host to Christina DiRusso
We’ve talked about this a bit before, I think it’s really up to you to decide the line between personal and private—you could have a clean LinkedIn profile and maybe a totally private Facebook page, for example. Twitter is obviously another issue since it can be used for both work and to talk with your friends, but you could always make a separate, private account too.

Karl Mattson to Christina DiRusso
That is an interesting question — and from my experience the correct answer tends to vary along generational lines. The younger the professional, the looser he/she usually is regarding what they believe to be acceptable. For me, I recommend that people hold themselves to the ‘New York Times’ standard. Which is to say, never put anything online that you *wouldn’t* want to see on the front page of the NYT. Online presence is a critical part of one’s professional identity. You have to concede, from the get go, that you are trading a bit of privacy for the benefit that comes from putting your ‘brand’ on the web to your advantage. Yes, I said it. Like it or not, you have to approach from a brand management point of view. As in, ‘I’m the CEO of and this is my message. This is how I want to be known.’ Level of detail varies based on profession — certainly. But in general, stick to the professional and leave the personal for your private FB lists.

Bradlee Kuhn to Andy Orin
I know Lifehacker’s viewpoint on this but is it worth paying for internet security software for a normal household (non-business) user?

Karl Mattson to Bradlee Kuhn
I use it on all of my machines. I know it’s not foolproof — but the ways in which the McAfees and AVGs of the world work together to identity and stop new threats — and then share information between them is one of the more admirable examples of companies working together to protect users.

Andy Orin, Host to Bradlee Kuhn
That article is a little out of date, as you probably noticed— our pic for free anti-virus software is Avast. For most people, the paid options are probably not necessary.

LukeMeowingtons to Bradlee Kuhn
Passive scanning anti-virus is almost useless, you really want something that is multiple layers of protection. Most viruses are obfuscated and encrypted via a site that will do multiple passes of tests against all AV vendors products until none of them detect it, so you want something that can can for threats in a variety of different ways.

Karl Mattson to LukeMeowingtons
You’re right, Luke. Though I wouldn’t classify it as ‘almost useless.’ Rather — it’s not bullet proof. Just like in every other corner of the web, the level of sophistication from one virus to the next varies. So, using an AV product to get the low and middle-hanging threats is, in my view, worth doing.

LukeMeowingtons to Karl Mattson
Totally agree! Better something than nothing! I always try to push for Internet Security All-In-One solutions as I feel they are safer.


Click here to see the rest of the Q&A! 

Enabling Do Not Track Is Fast and Easy

Wednesday, June 27th, 2012

More good news about personal privacy. Now we’ve made Do Not Track a cinch to activate. You can do it in mere seconds. Check out this fun video, which shows you how to activate Do Not Track on Maxthon 3.

PCWorld Names Maxthon One of the “100 Best Products of 2011”

Tuesday, November 8th, 2011

Maxthon stands for many things – excellence, innovation and transparency, to name a few – but it most symbolizes the power of community. By uniting people throughout the world, and by inspiring them to share ideas and spread the word about Maxthon, we continue to transform – for the better – the way tens of millions people access the web. And now we can all give ourselves a deserved round of applause, because the editors at PCWorld have named Maxthon as one of the 100 Best Products of 2011.

“Maxthon is for those who want to download a browser and have it include everything you could possibly need out of the box, but still be customizable. Maxthon has that. You can reorganize how it looks, download skins, take away the icons, download add-ons, and so on. No other browser lets you do so much to mess with it. And the fact that it’s got two different rendering engines to choose from doesn’t slow it down at all – it’s a very speedy browser,” says Steve Horton of PCWorld.

Now let’s make 2012 just as exciting and fun!