Google plans to use Chrome as a tool to reform the Web by encouraging use of a technology the company says will reduce data-transfer delays.
The technology, called False Start, has the potential to reduce one round of back-and-forth communications between a browser and a Web server when establishing an encrypted connection. That's a significant time savings--about 7 hundredths of a second for communication across the United States and 1.5 tenths of a second from California to Europe.
Even better, unlike many protocol improvements that could improve communications, it doesn't even require changes on both sides of the network connection. Only the browser needs to be changed, according to False Start co-author Adam Langley. Naturally, Google has begun building False Start into its Chrome browser, judging by a Chrome command-line switch that lets Chrome users disable it.
Great, right? Free speed for everyone! Well, actually, there's a catch.
"We are aware that this change will cause issues with about 0.05 percent of Web sites on the Internet," Langley said in a blog post.
That may not sound like a lot, but according to NetCraft's measurements, there were 227 million Web sites in September. Proportionally, the problem is small, but in absolute terms False Start wouldn't work with about 114,000 sites by NetCraft's tally.
Google, undeterred, sees this as an opportunity to fix what it sees as wrong with the Web.
"Chrome still carries an idealism that means that we're going to try to make low-level changes and try to make them work," not just try to gloss over them with higher-level interfaces, he said.
Accordingly, Chrome will be endowed with a blacklist to disable the False Start acceleration feature for sites where it wouldn't work, and Google will try to reach those sites to encourage upgrades, he said.
Google can use the approach to discourage new Web sites from following predecessors' footsteps that lead to the problem, Langley said:
Blacklisting gives us two advantages. Firstly, it limits the accumulation of new problematic websites. Sites which have never worked are a very different case from sites which used to work.
Secondly, we can contact the problematic sites in question. We already have a good idea of where the problem lies with many of them and we're in contact with the stakeholders to plan a way forward.
It's possible Google's plan might ruffle some feathers, but the company is only trying to get Web sites to catch up with browser communication encryption technology that was standardized nearly 12 years ago, he said.
Specifically, the problem stems from the transition from an encryption technology called Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL). This is the technology that's used to curtail snooping of communications with banks and e-commerce sites
During the transition to TLS 1.0, Web browsers were set up to fall back to the earlier SSL 3.0 standard for Web sites that weren't upgraded. But it turns out that old technology lingers on, and the fallback is what causes problems with False Start TLS.
"It was assumed that the problematic Web servers could be fixed in a few years and the fallback could be removed," Langley said. "Twelve years later, the fallback is in robust health and still adding complexity. A security update to TLS earlier this year was made much more complex by the need to account for SSLv3 fallback. The operators of the problematic Web servers are largely unaware of the problems that they are causing and have no incentive to change in any case."
Being blacklisted by Chrome could be that very incentive.
"Blacklists require effort to maintain, and we'll have to be responsive to make it work," but the fast-moving Chrome team is up to the challenge, said Langley. "With our near-weekly dev channel and even more frequently updated Canary channel, we think that we can do it."
Monday, October 04, 2010
Ten Things IT Professionals Should Know About Windows 7
Every year, we get hit with a long drumbeat of “top 10 lists”—whether it’s the 10 worst-dressed celebrities at the Academy Awards, the 10 best ways to get in shape before spring, the 10 best ways to annoy the person in the office next to you.
At the Springboard Series, we pretty much have a one-track mind—what is in store for IT professionals responsible for desktop administration. While we might be tempted to share a couple of those weight-loss tips, it’s probably best we stick to what we know best—the top 10 things you need to know about the Windows 7 operating system.
With the Release Candidate of Windows 7 now available, we encourage you to download a version to your lab machine and begin testing your applications and devices to get to know what’s in it for you. As you begin testing, we offer this guide to the key features and capabilities in this new desktop operating system.
Here are the top 10 things to know about Windows 7:
1 - Application compatibility
The Windows Vista operating system introduced architectural changes down to the kernel level that made the OS inherently more secure than Windows XP. However, this came at a cost; many applications needed modification to function properly in a Windows Vista environment. While at this point in the lifecycle of Windows Vista (post Service Pack 1) most applications are now compatible, deploying Windows Vista into the desktop environment early on required some “heavy lifting” and creative shimming—not to mention a few late nights.
Windows 7 is built on the same basic architecture as Windows Vista, so most applications will retain their compatibility between these operating systems. This alone will make adopting Windows 7 much less challenging than migrating from Windows XP to Windows Vista. If your organization is like many that are still standardized on Windows XP, you will need to transition to updated versions of your key applications, but the availability of Windows Vista–compatible versions and well-proven shims will make this task more manageable.
2 - Hardware compatibility and requirements
Much like the application compatibility issues, adopting Windows Vista early-on was a challenge because of the higher system requirements—such as RAM and graphics. On the flip side, Windows Vista provides manageability and security that just isn’t available on Windows XP, and with more capable hardware, Windows Vista is able to perform a number of useful functions that improve productivity (such as Windows Search 4 and the Windows Aero desktop experience) and increase PC responsiveness (the ReadyBoost technology launches applications more quickly by maintaining a portion of frequently used applications in memory).
Windows 7 was designed to perform well on the same hardware that runs Windows Vista well, while delivering additional performance and reliability improvements. The design team for Windows 7 had a specific focus on the fundamentals—as well as maintaining compatibility with existing applications and hardware. In operation, you will find that Windows 7 boots faster and has a smaller memory footprint than Windows Vista.
3 - Better Together with Windows Server 2008
One of the key benefits of the modern operating system is that Windows 7 and the Windows Server 2008 operating system share a common code base, and are maintained with a single servicing model. This servicing model means updates and security updates are shared across both client PCs and servers, simplifying the process of maintaining an up-to-date infrastructure.
In addition, environments with both Windows Server 2008 and Windows 7 unlock capabilities that extend functionality and help ensure a more secure environment. One example is DirectAccess, which allows management and updating of remote mobile PCs that are connected to the Internet, even when they are not connected to the corporate network. This capability helps ensure that remote users receive security patches on a timely basis, and allows IT to update configuration setting via Group Policy. For the end user, DirectAccess allows access to locations on the corporate network without using a virtual private network (VPN) connection. (In addition to Windows Server 2008 R2, DirectAccess requires IPSec and IPv6 implementation.)
4 - Extend data encryption to removable media
News reports are rife with stories about companies losing control over sensitive information. In some industries, this is an issue with grave legal implications, while in other situations the issue is inconvenience. Regardless, smart compliance policy dictates that sensitive information be safeguarded in the event of a lost or stolen laptop. Further, preventing sensitive information from being removed from corporate resources is a pillar of effective compliance management.
Windows 7 includes BitLocker technology, first implemented in Windows Vista, which now provides full encryption of all boot volumes on a PC; along with introducing BitLocker To Go that offers data protection on portable storage, such as USB flash drives. In addition, BitLocker Drive Encryption and BitLocker To Go can be managed via Group Policy, placing more control over sensitive information in the hands of the professionals.
5 - Control the application portfolio available to end users
Windows 7 features AppLocker, a new capability that allows IT administrators to specify which applications are permitted to run on a laptop or desktop PC. This capability helps you manage license compliance and control access to sensitive programs, but also importantly, it helps reduce the opportunity for malware to run on client PCs. AppLocker provides a powerful rule-based structure for specifying which applications can run, and includes “publisher rules” that keeps the rules intact though version updates.
To see how AppLocker is set up and managed, click here for a screencast demonstration.
6 - Automate routine tasks with powerful scripting
To help IT administrators better maintain a consistent environment and improve personal productivity, Windows 7 includes an updated graphical scripting editor, Windows PowerShell 2.0—a powerful, complete scripting language that supports branching, looping, functions, debugging, exception handling, and internationalization.
• PowerShell 2.0 has an intuitive, graphical user interface that helps make script generation easier, especially for administrators who are not comfortable in command-line environments.
• PowerShell 2.0 supports two types of remoting—fan-out, which delivers management scripts on a one-to-many basis, and one-to-one interactive remoting to support troubleshooting of a specific machine. You can also use the PowerShell Restricted Shell to limit commands and command parameters to system administrators, and to restrict scripts to those who have been granted rights.
• PowerShell 2.0, with the Group Policy Management Console (available as a separate download), allows IT professionals to use scripting to manage Group Policy Objects and to create or edit registry-based group policy settings in Windows 7. Similarly, you can use PowerShell to configure PCs more efficiently, using richer logon, logoff, startup, and shutdown scripts that are executed through Group Policy.
Click here to take a quick tour of PowerShell 2.0.
7 - Troubleshoot faster and more effectively
Windows 7 provides rich tools to identify and resolve technical issues, often by the end users themselves. If a help desk call is unavoidable, Windows 7 includes several features and troubleshooting tools to help speed resolution.
• The Problem Steps Recorder allows end users to reproduce and record their experience with an application failure, with each step recorded as a screen shot along with accompanying logs and software configuration data. A compressed file is then created that can be forwarded to support staff to help troubleshoot the problem.
• Windows 7 includes a suite of troubleshooting packs, collections of PowerShell scripts, and related information that can be executed remotely by IT professionals from the command line, and controlled on the enterprise basis through Group Policy Settings.
• Windows 7 also includes Unified Tracing to help identify and resolve network connectivity issues in a single tool. Unified Tracing collects event logs and captures packets across all layers of the networking stack, providing an integrated view into what’s happening in the Windows 7 networking stack and aiding analysis and problem resolution.
8 - Create, deploy, and manage images more efficiently
Windows 7 includes several tools to streamline the creation and servicing of the deployment image, and to get users up and running as quickly as possible.
The Deployment Image Servicing and Management (DISM) tool in Windows 7 provides a central place to build and service Windows images offline. With DISM, you can perform many functions with one tool: mount and unmount system images; add, remove, and enumerate packages and drivers; enable or disable Windows features; configure international settings, and maintain an inventory of offline images that contain drivers, packages features, and software updates. Windows 7 also enables the same processes and tools to be used when managing virtual machine (VHD) and native file-based (WIM) image files.
Windows 7 also includes Dynamic Driver Provisioning, where device drivers are stored independent of the deployed image and can be injected dynamically based on the Plug and Play ID of the hardware, or as predetermined sets based on information contained in the basic input/output system (BIOS). Reducing the number of drivers on individual machines reduces the number of potential conflicts, ultimately minimizing setup time and improving the reliability of the PC.
When you are ready to deploy Windows 7, Multicast Multiple Stream Transfer enables servers to “broadcast” image data to multiple clients simultaneously, and to group clients with similar bandwidth capabilities into network streams to permit the fastest possible overall transfer rate while optimizing bandwidth utilization.
Watch a screen cast demonstration of the deployment tools for Windows 7 here.
9 - Easier migration of user data and profiles
Windows 7 includes enhancements to the User State Migration Tool (USMT), a command-line tool that you use to migrate operating system settings, files, and other user profile data from one PC to another. In Windows 7, USMT adds a hardlink migration feature for computer refresh scenarios, a capability that stores user data and settings in a common place on a drive, eliminating the need to “physically” move the files during a clean install.
10 - Improve user productivity in branch offices
Windows 7 introduces BranchCache, a technology that caches frequently accessed content from remote file and Web servers in the branch location, so users can access this information more quickly. The cache can be hosted centrally on a server in the branch location, or can be distributed across user PCs. One caveat: to take advantage of BranchCache, you will need to deploy Windows Server 2008 R2 on the related servers.
And, as a bonus:
Better support for client virtualization
Windows 7 delivers a richer experience when users are connected to a virtual desktop—much closer to the experience provides by a native Windows desktop. For example, Windows 7 provides multi-monitor support, bi-directional audio to enable Voice over Internet Protocol (VoIP) and speech recognition applications, and access to local devices, such as printers.
So there you have it—the top 10 things you need to know about Windows 7 (okay, we couldn’t stop until we hit “11”)—and if you have ideas for how to best annoy your office mates, it’s probably best to keep those to yourself!
----------------------------------------------------------------------------------------------
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, this document should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
At the Springboard Series, we pretty much have a one-track mind—what is in store for IT professionals responsible for desktop administration. While we might be tempted to share a couple of those weight-loss tips, it’s probably best we stick to what we know best—the top 10 things you need to know about the Windows 7 operating system.
With the Release Candidate of Windows 7 now available, we encourage you to download a version to your lab machine and begin testing your applications and devices to get to know what’s in it for you. As you begin testing, we offer this guide to the key features and capabilities in this new desktop operating system.
Here are the top 10 things to know about Windows 7:
1 - Application compatibility
The Windows Vista operating system introduced architectural changes down to the kernel level that made the OS inherently more secure than Windows XP. However, this came at a cost; many applications needed modification to function properly in a Windows Vista environment. While at this point in the lifecycle of Windows Vista (post Service Pack 1) most applications are now compatible, deploying Windows Vista into the desktop environment early on required some “heavy lifting” and creative shimming—not to mention a few late nights.
Windows 7 is built on the same basic architecture as Windows Vista, so most applications will retain their compatibility between these operating systems. This alone will make adopting Windows 7 much less challenging than migrating from Windows XP to Windows Vista. If your organization is like many that are still standardized on Windows XP, you will need to transition to updated versions of your key applications, but the availability of Windows Vista–compatible versions and well-proven shims will make this task more manageable.
2 - Hardware compatibility and requirements
Much like the application compatibility issues, adopting Windows Vista early-on was a challenge because of the higher system requirements—such as RAM and graphics. On the flip side, Windows Vista provides manageability and security that just isn’t available on Windows XP, and with more capable hardware, Windows Vista is able to perform a number of useful functions that improve productivity (such as Windows Search 4 and the Windows Aero desktop experience) and increase PC responsiveness (the ReadyBoost technology launches applications more quickly by maintaining a portion of frequently used applications in memory).
Windows 7 was designed to perform well on the same hardware that runs Windows Vista well, while delivering additional performance and reliability improvements. The design team for Windows 7 had a specific focus on the fundamentals—as well as maintaining compatibility with existing applications and hardware. In operation, you will find that Windows 7 boots faster and has a smaller memory footprint than Windows Vista.
3 - Better Together with Windows Server 2008
One of the key benefits of the modern operating system is that Windows 7 and the Windows Server 2008 operating system share a common code base, and are maintained with a single servicing model. This servicing model means updates and security updates are shared across both client PCs and servers, simplifying the process of maintaining an up-to-date infrastructure.
In addition, environments with both Windows Server 2008 and Windows 7 unlock capabilities that extend functionality and help ensure a more secure environment. One example is DirectAccess, which allows management and updating of remote mobile PCs that are connected to the Internet, even when they are not connected to the corporate network. This capability helps ensure that remote users receive security patches on a timely basis, and allows IT to update configuration setting via Group Policy. For the end user, DirectAccess allows access to locations on the corporate network without using a virtual private network (VPN) connection. (In addition to Windows Server 2008 R2, DirectAccess requires IPSec and IPv6 implementation.)
4 - Extend data encryption to removable media
News reports are rife with stories about companies losing control over sensitive information. In some industries, this is an issue with grave legal implications, while in other situations the issue is inconvenience. Regardless, smart compliance policy dictates that sensitive information be safeguarded in the event of a lost or stolen laptop. Further, preventing sensitive information from being removed from corporate resources is a pillar of effective compliance management.
Windows 7 includes BitLocker technology, first implemented in Windows Vista, which now provides full encryption of all boot volumes on a PC; along with introducing BitLocker To Go that offers data protection on portable storage, such as USB flash drives. In addition, BitLocker Drive Encryption and BitLocker To Go can be managed via Group Policy, placing more control over sensitive information in the hands of the professionals.
5 - Control the application portfolio available to end users
Windows 7 features AppLocker, a new capability that allows IT administrators to specify which applications are permitted to run on a laptop or desktop PC. This capability helps you manage license compliance and control access to sensitive programs, but also importantly, it helps reduce the opportunity for malware to run on client PCs. AppLocker provides a powerful rule-based structure for specifying which applications can run, and includes “publisher rules” that keeps the rules intact though version updates.
To see how AppLocker is set up and managed, click here for a screencast demonstration.
6 - Automate routine tasks with powerful scripting
To help IT administrators better maintain a consistent environment and improve personal productivity, Windows 7 includes an updated graphical scripting editor, Windows PowerShell 2.0—a powerful, complete scripting language that supports branching, looping, functions, debugging, exception handling, and internationalization.
• PowerShell 2.0 has an intuitive, graphical user interface that helps make script generation easier, especially for administrators who are not comfortable in command-line environments.
• PowerShell 2.0 supports two types of remoting—fan-out, which delivers management scripts on a one-to-many basis, and one-to-one interactive remoting to support troubleshooting of a specific machine. You can also use the PowerShell Restricted Shell to limit commands and command parameters to system administrators, and to restrict scripts to those who have been granted rights.
• PowerShell 2.0, with the Group Policy Management Console (available as a separate download), allows IT professionals to use scripting to manage Group Policy Objects and to create or edit registry-based group policy settings in Windows 7. Similarly, you can use PowerShell to configure PCs more efficiently, using richer logon, logoff, startup, and shutdown scripts that are executed through Group Policy.
Click here to take a quick tour of PowerShell 2.0.
7 - Troubleshoot faster and more effectively
Windows 7 provides rich tools to identify and resolve technical issues, often by the end users themselves. If a help desk call is unavoidable, Windows 7 includes several features and troubleshooting tools to help speed resolution.
• The Problem Steps Recorder allows end users to reproduce and record their experience with an application failure, with each step recorded as a screen shot along with accompanying logs and software configuration data. A compressed file is then created that can be forwarded to support staff to help troubleshoot the problem.
• Windows 7 includes a suite of troubleshooting packs, collections of PowerShell scripts, and related information that can be executed remotely by IT professionals from the command line, and controlled on the enterprise basis through Group Policy Settings.
• Windows 7 also includes Unified Tracing to help identify and resolve network connectivity issues in a single tool. Unified Tracing collects event logs and captures packets across all layers of the networking stack, providing an integrated view into what’s happening in the Windows 7 networking stack and aiding analysis and problem resolution.
8 - Create, deploy, and manage images more efficiently
Windows 7 includes several tools to streamline the creation and servicing of the deployment image, and to get users up and running as quickly as possible.
The Deployment Image Servicing and Management (DISM) tool in Windows 7 provides a central place to build and service Windows images offline. With DISM, you can perform many functions with one tool: mount and unmount system images; add, remove, and enumerate packages and drivers; enable or disable Windows features; configure international settings, and maintain an inventory of offline images that contain drivers, packages features, and software updates. Windows 7 also enables the same processes and tools to be used when managing virtual machine (VHD) and native file-based (WIM) image files.
Windows 7 also includes Dynamic Driver Provisioning, where device drivers are stored independent of the deployed image and can be injected dynamically based on the Plug and Play ID of the hardware, or as predetermined sets based on information contained in the basic input/output system (BIOS). Reducing the number of drivers on individual machines reduces the number of potential conflicts, ultimately minimizing setup time and improving the reliability of the PC.
When you are ready to deploy Windows 7, Multicast Multiple Stream Transfer enables servers to “broadcast” image data to multiple clients simultaneously, and to group clients with similar bandwidth capabilities into network streams to permit the fastest possible overall transfer rate while optimizing bandwidth utilization.
Watch a screen cast demonstration of the deployment tools for Windows 7 here.
9 - Easier migration of user data and profiles
Windows 7 includes enhancements to the User State Migration Tool (USMT), a command-line tool that you use to migrate operating system settings, files, and other user profile data from one PC to another. In Windows 7, USMT adds a hardlink migration feature for computer refresh scenarios, a capability that stores user data and settings in a common place on a drive, eliminating the need to “physically” move the files during a clean install.
10 - Improve user productivity in branch offices
Windows 7 introduces BranchCache, a technology that caches frequently accessed content from remote file and Web servers in the branch location, so users can access this information more quickly. The cache can be hosted centrally on a server in the branch location, or can be distributed across user PCs. One caveat: to take advantage of BranchCache, you will need to deploy Windows Server 2008 R2 on the related servers.
And, as a bonus:
Better support for client virtualization
Windows 7 delivers a richer experience when users are connected to a virtual desktop—much closer to the experience provides by a native Windows desktop. For example, Windows 7 provides multi-monitor support, bi-directional audio to enable Voice over Internet Protocol (VoIP) and speech recognition applications, and access to local devices, such as printers.
So there you have it—the top 10 things you need to know about Windows 7 (okay, we couldn’t stop until we hit “11”)—and if you have ideas for how to best annoy your office mates, it’s probably best to keep those to yourself!
----------------------------------------------------------------------------------------------
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, this document should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
Tuesday, July 01, 2008
Windows XP Service Pack 3 FAQ
It's time to say goodbye to an old friend. Windows XP Service Pack 3 (SP3), due in the second quarter of 2008, will be the final XP service pack , according to Microsoft. It can't come a moment too soon: XP SP2 (see my review) shipped over three years ago at this writing, and the company has since shipped hundreds of hot-fixes for the OS, giving users a painful updating experience, with multiple reboots. XP SP3 will consolidate all of these fixes into a single package and, surprisingly, add a few new features, including some that--go figure--debuted first in XP's successor, Windows Vista. Here's what I know about Windows XP Service Pack 3.
Q: What is Service Pack 3?
A: Windows XP Service Pack 3 (SP3) is the final Windows XP service pack, a collection of previously-released fixes and product enhancements, as well as a few new features that are unique to this release.
Q: Does SP3 include everything from SP1 and SP2 or do I need to install those first?
A: Though XP SP3 aggregates all of the previously-released XP fixes, Microsoft now says that you will need to install at least SP1 on XP before installing SP3. The company recommends installing SP2 first as well, though that is not required.
Q: What versions of Windows XP will work with SP3?
A: You can apply Service Pack 3 to Windows XP Home Edition, Professional Edition, Tablet PC Edition (any version), or Media Center Edition (any version).
Q: What about Windows XP Professional x64 Edition?
A: SP3 does not apply to the x64 version of Windows XP. Instead, that operating system is updated via service packs aimed at Windows Server 2003. The latest Windows 2003 service pack is SP2.
Q: Windows XP SP2 was released over three years ago. Why the delay on SP3?
A: While Microsoft is an enormous company with over 77,000 employees worldwide and over $50 billion in annual revenues, its organizational structure actually constrains which products are actively developed in some cases. For example, while a large team of developers, product managers, and program managers are involved during the ramp-up to any major OS release, Microsoft then pushes the product into its support organization for follow-up development in the form of hot-fixes, service packs, and so on. Other teams work on out-of-band updates that are typically shipped via the Web and, eventually, a new or existing team is constituted to work on the next major release and the entire process begins anew.
With Windows XP, however, Microsoft was forced to temporarily halt development on XP's successor, Windows Vista, in order to complete XP SP2. That's because this release, though provided to customers for free as a typical service pack, was in fact a major OS upgrade and was developed outside of the company's support structure, a first for any service pack release. After XP SP2 was completed, the people involved with that project moved onto other things, typically Vista or Windows Server 2008.
In the case of Windows XP SP3, Microsoft simply dedicated every available employee it could to completing Windows Vista, which by that time was years behind schedule. So it's only been since the beginning of this year that anyone turned their attention back to XP's next and neglected service pack.
Q: What are these new features I keep hearing about?
A: Windows XP Service Pack 3 will not include any major new features, but it will include four minor new features that improve the system's reliability and security. Contrary to reports, Microsoft has been very up-front about these functional additions for quite some time now.
These new features include:
Network Access Protection compatibility. Announced years ago, this feature allows Windows XP machines to interact with the NAP feature in Windows Server 2008. This functionality is built into the RTM version of Windows Vista as well.
Product Key-less install option. As with Windows Vista, new XP with SP3 installs can proceed without entering a product key during Setup.
Kernel Mode Cryptographics Module. A new kernel module that "encapsulates several different cryptographic algorithms," according to Microsoft.
"Black hole" router detection algorithm. XP gains the ability to ignore network routers that incorrectly drop certain kinds of network packets. This, too, is a feature of Windows Vista.
And that's about it. Nothing dramatic, as promised.
Q: That's it? Is there anything else?
Nothing major. Some features have actually been removed, like the taskbar-based Address Bar option.
Q: Why is Microsoft even bothering to release this update? Isn't everyone moving to Windows Vista?
A: Given the relative security, stability, and reliability of XP with SP2, and the subsequent release of Vista, XP SP3 may seem like a pointless update, but nothing could be further from the truth. Many businesses will roll out new XP-based PCs in the coming years, and as anyone who's had to update an XP SP2 system can tell you, the 100+ updates that Microsoft has shipped since SP2 can be a nightmare to deploy. If you're already running XP and have been regularly updating your systems all along, the release of XP SP3 will be a minor event. But if you have planned XP deployments in the future, look very carefully at this release and consider it the baseline for your next generation of PCs. Or, you could always consider Vista, which will of course be updated with genuine new features far longer than will XP.
Q: When will Microsoft ship XP SP3?
A: Microsoft finalized Windows XP Service Pack 3 on April 21, 2008 and released it publicly to the Web on April 29, 2008.
Here's the complete Windows XP SP3 release schedule:
RTM (release to manufacturing): April 21 Windows Update (optional update): April 29 Microsoft Download Center: April 29 MSDN/TechNet download: May 2
Q: Is it possible to slipstream or integrate SP3 with Windows XP?
A: Yes! My complete Windows XP Service Pack 3 Slipstreaming Guide is now available.
Q: What is Service Pack 3?
A: Windows XP Service Pack 3 (SP3) is the final Windows XP service pack, a collection of previously-released fixes and product enhancements, as well as a few new features that are unique to this release.
Q: Does SP3 include everything from SP1 and SP2 or do I need to install those first?
A: Though XP SP3 aggregates all of the previously-released XP fixes, Microsoft now says that you will need to install at least SP1 on XP before installing SP3. The company recommends installing SP2 first as well, though that is not required.
Q: What versions of Windows XP will work with SP3?
A: You can apply Service Pack 3 to Windows XP Home Edition, Professional Edition, Tablet PC Edition (any version), or Media Center Edition (any version).
Q: What about Windows XP Professional x64 Edition?
A: SP3 does not apply to the x64 version of Windows XP. Instead, that operating system is updated via service packs aimed at Windows Server 2003. The latest Windows 2003 service pack is SP2.
Q: Windows XP SP2 was released over three years ago. Why the delay on SP3?
A: While Microsoft is an enormous company with over 77,000 employees worldwide and over $50 billion in annual revenues, its organizational structure actually constrains which products are actively developed in some cases. For example, while a large team of developers, product managers, and program managers are involved during the ramp-up to any major OS release, Microsoft then pushes the product into its support organization for follow-up development in the form of hot-fixes, service packs, and so on. Other teams work on out-of-band updates that are typically shipped via the Web and, eventually, a new or existing team is constituted to work on the next major release and the entire process begins anew.
With Windows XP, however, Microsoft was forced to temporarily halt development on XP's successor, Windows Vista, in order to complete XP SP2. That's because this release, though provided to customers for free as a typical service pack, was in fact a major OS upgrade and was developed outside of the company's support structure, a first for any service pack release. After XP SP2 was completed, the people involved with that project moved onto other things, typically Vista or Windows Server 2008.
In the case of Windows XP SP3, Microsoft simply dedicated every available employee it could to completing Windows Vista, which by that time was years behind schedule. So it's only been since the beginning of this year that anyone turned their attention back to XP's next and neglected service pack.
Q: What are these new features I keep hearing about?
A: Windows XP Service Pack 3 will not include any major new features, but it will include four minor new features that improve the system's reliability and security. Contrary to reports, Microsoft has been very up-front about these functional additions for quite some time now.
These new features include:
Network Access Protection compatibility. Announced years ago, this feature allows Windows XP machines to interact with the NAP feature in Windows Server 2008. This functionality is built into the RTM version of Windows Vista as well.
Product Key-less install option. As with Windows Vista, new XP with SP3 installs can proceed without entering a product key during Setup.
Kernel Mode Cryptographics Module. A new kernel module that "encapsulates several different cryptographic algorithms," according to Microsoft.
"Black hole" router detection algorithm. XP gains the ability to ignore network routers that incorrectly drop certain kinds of network packets. This, too, is a feature of Windows Vista.
And that's about it. Nothing dramatic, as promised.
Q: That's it? Is there anything else?
Nothing major. Some features have actually been removed, like the taskbar-based Address Bar option.
Q: Why is Microsoft even bothering to release this update? Isn't everyone moving to Windows Vista?
A: Given the relative security, stability, and reliability of XP with SP2, and the subsequent release of Vista, XP SP3 may seem like a pointless update, but nothing could be further from the truth. Many businesses will roll out new XP-based PCs in the coming years, and as anyone who's had to update an XP SP2 system can tell you, the 100+ updates that Microsoft has shipped since SP2 can be a nightmare to deploy. If you're already running XP and have been regularly updating your systems all along, the release of XP SP3 will be a minor event. But if you have planned XP deployments in the future, look very carefully at this release and consider it the baseline for your next generation of PCs. Or, you could always consider Vista, which will of course be updated with genuine new features far longer than will XP.
Q: When will Microsoft ship XP SP3?
A: Microsoft finalized Windows XP Service Pack 3 on April 21, 2008 and released it publicly to the Web on April 29, 2008.
Here's the complete Windows XP SP3 release schedule:
RTM (release to manufacturing): April 21 Windows Update (optional update): April 29 Microsoft Download Center: April 29 MSDN/TechNet download: May 2
Q: Is it possible to slipstream or integrate SP3 with Windows XP?
A: Yes! My complete Windows XP Service Pack 3 Slipstreaming Guide is now available.
AirPort Utility and Firmware updated
In addition to releasing Mac OS X 10.5.4, Apple updated its AirPort Utility software and Firmware for the AirPort wireless base stations.
AirPort Utility 5.3.2 includes “general fixes and compatibility updates,” according to notes provided with the update. The Firmware is compatible with Time Capsule, AirPort Extreme and AirPort Express with 802.11n.
Firmware 7.3.2 includes “bug fixes” according to Apple.
There are three updates available – one for Leopard, another for Tiger and a third for Windows.
AirPort Utility 5.3.2 includes “general fixes and compatibility updates,” according to notes provided with the update. The Firmware is compatible with Time Capsule, AirPort Extreme and AirPort Express with 802.11n.
Firmware 7.3.2 includes “bug fixes” according to Apple.
There are three updates available – one for Leopard, another for Tiger and a third for Windows.
Sorting through the Mac OS X 10.5.3 update
Editor’s Note: Due to an error, the original article analyzed the wrong bom file. The original article below has been corrected to reflect the correct file, and an explanation for the mistake can be found elsewhere on the site.
Eight months into the Leopard era, Apple unleashed the third update to Leopard, with Wednesday’s release of OS X 10.5.3. By way of comparison, the 10.3.3 and 10.4.3 updates both came within five months of the release dates for Panther and Tiger, respectively.
As with most of Apple’s recent OS X updates, the 10.5.3 version just screams for a broadband connection, weighing in at more than 400MB, depending on which Mac you have and which version your machine deems you to require. So what do you get in exchange for your download time investment? Apple details many—but not all—of the changes in this Knowledge Base document. I won’t bother repeating everything listed there, but here are a few of the more important highlights:
Spotlight searching on mounted AFP volumes has been improved.
Wireless connectivity has been improved, both for AirPort in general and when using Time Capsule.
A number of Automator bugs have been fixed, which is great news for many people, myself included. One in particular—a bug wherein a Finder plug-in wouldn’t work if the first step was “Get Selected Finder Items”—had affected a number of plug-ins that I use regularly. These now all work in 10.5.3.
Some bugs with Spaces have been fixed, including one where switching to another application via the Dock takes you to another Space, even if that program had an active window in the current space.
A number of Time Machine bugs have been fixed, and Time Machine backups can now be run when your Mac is running on its battery. Previously, you had to connect to a power supply before Time Machine would run.
There are fixes in other programs as well, covering programs such as iCal, iChat, Parental Controls, Voice Over, and the Finder, all of which are detailed in the linked Knowledge Base document.
But what else has changed in OS X 10.5 that Apple hasn’t told us about? I’ve been digging through the new release, looking for any areas that have received updates beyond what’s been disclosed. The only substantive visible change I found is in iCal, where there’s a new setting in the General section of the calendar app’s preferences for controlling how scrolling works in Week View mode. You can now choose between scrolling by weeks (the way OS X 10.5.2 worked) or by days.
It would’ve been nice if Apple gave us a hidden key override to toggle the settings in real time while scrolling (i.e. holding Option would scroll by weeks if you had the pref set to days), but if the update offers that, I can’t find it.
Beyond that visible change, there are many behind-the-scenes changes in 10.5.3, including both major and minor alterations. Here’s what I’ve discovered—and this is by no means a comprehensive list, so feel free to add your own observations as you use this latest update.
Something that’s not mentioned at all in Apple’s note, but is clearly quite important, are the revised graphics drivers for ATI and Nvidia graphics cards. The 10.5.3 update supposedly delivers improved graphics performance—something that was hinted at in this week’s news on Delicious Library 2.0, which shipped with a warning that those not running 10.5.3 will experience graphics slowdowns. Digging through the installer file, I can see that there are updated extensions for a large number of ATI and Nvidia cards (including on-board video in the mini and MacBooks) in the 10.5.3 update.
Other system extensions have also received updates—everything from AirPort to the keyboard backlight to fan management to power management to RAID to storage management. The Multitouch gesture capabilities get an update, as do USB, FireWire, and Bluetooth.
There are a ton of modified files in the CoreServices folder, where many critical features of OS X reside. Changes here include the Dock, the Finder, file synchronization, the installer, various menu extras, and the process that manages Time Machine, among others.
A number of Dashboard Widgets have been updated—the iCal widget, Unit Converter, and Weather. The Web Clip widget received updates to its non-English language files.
iSync received an update.
A number of other applications received updates of some kind, but the changes were either minor (noted in parentheses below), or I can’t find any detail on what’s changed. Items on this list include Dictionary (something to do with Wikipedia support), Exposè, Photo Booth, Preview, Safari (some language changes on preference panels; help files), Bluetooth File Exchange, Directory, Disk Utility (changes in many plug-ins, including those that handle disk first aid, info windows, partitioning, and RAID), Migration Assistant (lots of changes and a new version number, 1.2.1), RAID Utility (changes in the main window and menu), Remote Install OS X, and X11.
Whew. That’s a heck of a lot of stuff to update, and it’s nowhere near complete—these are only the things that seemed worthy of highlighting, out of more than 21,000 changed files in this update.
As an aside, if you’re curious as to how you can see what’s been installed by the 10.5.3 update yourself, the key is reading the “bom” file that’s created when you run the installer. You’ll have to use Terminal to read the file, but here’s how you can dump its contents to a text file in one command. Open Terminal and type the following, then press Return:lsbom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.3.bom > ~/Desktop/1053changes.txt
You can then open the 1053changes.txt file (which will be on your Desktop) in any text editor, and see each and every file that was modified by the installer. Keep in mind that just because a given file was changed, that doesn’t mean you’ll see new features in that program—the changes could have been behind-the-scene bug fixes, or minor changes in language that only appear on certain screens. Still, scanning this file gives you a good sense of the breadth of this update.
In my limited time with 10.5.3, I haven’t found any new bugs that this update has introduced. That doesn’t mean Apple has fixed all the bugs in Leopard, of course—I’m still waiting for the ability to view more than three columns in Spotlight’s search results, as but one example. But Apple’s focus on continual improvements in OS X 10.5 is good news for all of us consumers.
Eight months into the Leopard era, Apple unleashed the third update to Leopard, with Wednesday’s release of OS X 10.5.3. By way of comparison, the 10.3.3 and 10.4.3 updates both came within five months of the release dates for Panther and Tiger, respectively.
As with most of Apple’s recent OS X updates, the 10.5.3 version just screams for a broadband connection, weighing in at more than 400MB, depending on which Mac you have and which version your machine deems you to require. So what do you get in exchange for your download time investment? Apple details many—but not all—of the changes in this Knowledge Base document. I won’t bother repeating everything listed there, but here are a few of the more important highlights:
Spotlight searching on mounted AFP volumes has been improved.
Wireless connectivity has been improved, both for AirPort in general and when using Time Capsule.
A number of Automator bugs have been fixed, which is great news for many people, myself included. One in particular—a bug wherein a Finder plug-in wouldn’t work if the first step was “Get Selected Finder Items”—had affected a number of plug-ins that I use regularly. These now all work in 10.5.3.
Some bugs with Spaces have been fixed, including one where switching to another application via the Dock takes you to another Space, even if that program had an active window in the current space.
A number of Time Machine bugs have been fixed, and Time Machine backups can now be run when your Mac is running on its battery. Previously, you had to connect to a power supply before Time Machine would run.
There are fixes in other programs as well, covering programs such as iCal, iChat, Parental Controls, Voice Over, and the Finder, all of which are detailed in the linked Knowledge Base document.
But what else has changed in OS X 10.5 that Apple hasn’t told us about? I’ve been digging through the new release, looking for any areas that have received updates beyond what’s been disclosed. The only substantive visible change I found is in iCal, where there’s a new setting in the General section of the calendar app’s preferences for controlling how scrolling works in Week View mode. You can now choose between scrolling by weeks (the way OS X 10.5.2 worked) or by days.
It would’ve been nice if Apple gave us a hidden key override to toggle the settings in real time while scrolling (i.e. holding Option would scroll by weeks if you had the pref set to days), but if the update offers that, I can’t find it.
Beyond that visible change, there are many behind-the-scenes changes in 10.5.3, including both major and minor alterations. Here’s what I’ve discovered—and this is by no means a comprehensive list, so feel free to add your own observations as you use this latest update.
Something that’s not mentioned at all in Apple’s note, but is clearly quite important, are the revised graphics drivers for ATI and Nvidia graphics cards. The 10.5.3 update supposedly delivers improved graphics performance—something that was hinted at in this week’s news on Delicious Library 2.0, which shipped with a warning that those not running 10.5.3 will experience graphics slowdowns. Digging through the installer file, I can see that there are updated extensions for a large number of ATI and Nvidia cards (including on-board video in the mini and MacBooks) in the 10.5.3 update.
Other system extensions have also received updates—everything from AirPort to the keyboard backlight to fan management to power management to RAID to storage management. The Multitouch gesture capabilities get an update, as do USB, FireWire, and Bluetooth.
There are a ton of modified files in the CoreServices folder, where many critical features of OS X reside. Changes here include the Dock, the Finder, file synchronization, the installer, various menu extras, and the process that manages Time Machine, among others.
A number of Dashboard Widgets have been updated—the iCal widget, Unit Converter, and Weather. The Web Clip widget received updates to its non-English language files.
iSync received an update.
A number of other applications received updates of some kind, but the changes were either minor (noted in parentheses below), or I can’t find any detail on what’s changed. Items on this list include Dictionary (something to do with Wikipedia support), Exposè, Photo Booth, Preview, Safari (some language changes on preference panels; help files), Bluetooth File Exchange, Directory, Disk Utility (changes in many plug-ins, including those that handle disk first aid, info windows, partitioning, and RAID), Migration Assistant (lots of changes and a new version number, 1.2.1), RAID Utility (changes in the main window and menu), Remote Install OS X, and X11.
Whew. That’s a heck of a lot of stuff to update, and it’s nowhere near complete—these are only the things that seemed worthy of highlighting, out of more than 21,000 changed files in this update.
As an aside, if you’re curious as to how you can see what’s been installed by the 10.5.3 update yourself, the key is reading the “bom” file that’s created when you run the installer. You’ll have to use Terminal to read the file, but here’s how you can dump its contents to a text file in one command. Open Terminal and type the following, then press Return:lsbom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.3.bom > ~/Desktop/1053changes.txt
You can then open the 1053changes.txt file (which will be on your Desktop) in any text editor, and see each and every file that was modified by the installer. Keep in mind that just because a given file was changed, that doesn’t mean you’ll see new features in that program—the changes could have been behind-the-scene bug fixes, or minor changes in language that only appear on certain screens. Still, scanning this file gives you a good sense of the breadth of this update.
In my limited time with 10.5.3, I haven’t found any new bugs that this update has introduced. That doesn’t mean Apple has fixed all the bugs in Leopard, of course—I’m still waiting for the ability to view more than three columns in Spotlight’s search results, as but one example. But Apple’s focus on continual improvements in OS X 10.5 is good news for all of us consumers.
Inside the OS X 10.5.4 update
The most significant thing about what’s changed in OS X 10.5.4 may be what hasn’t changed with Monday’s release of the OS X update. The ARDAgent security hole—discovered just a few weeks ago—remains unplugged. This actually isn’t all that surprising—if the chatter around the Internet is to be believed, Apple has been working on the 10.5.4 update for quite a while, predating the discovery of the ARDAgent issue. System updates are complex things with many inter-related parts, and adding in a fix for the ARDAgent issue would have required more testing, and perhaps delayed the release of 10.5.4.
So what will happen with the ARDAGent hole? Only Apple knows, of course, but I think we’ll see a standalone security update released in the near future to address that issue (as well as any other security issues that haven’t been patched with the 10.5.4 release).
As for new things introduced in OS X 10.5.4, I dug around a bit in the bom files, as I did with May’s 10.5.3 release. This latest update is much smaller than 10.5.3, and I didn’t find anything nearly as interesting as I did last month, other than the non-fix for ARDAgent. There are a slew of extension updates, though it’s tough to figure out exactly what changes those may entail.
There were a number of updates to PDF-related utilities, including the Mail PDF, Save as PDF-X, and Save PDF to Web Receipts Folder workflows, as well as changes to many PDF-related Automator actions. Non-English language files in many programs were updated, and there was some sort of change to Mail’s preferences, though I couldn’t see any obvious change when compared with Mail on a 10.5.3 machine. iChat received updates to the balloons, boxes, and compact styles, as well as some (also not obvious) changes in its preferences.
The Apple-provided dictionary in Dictionary was also updated, adding (at a minimum) the definition of MobileMe, Apple’s soon-to-launch online service:
An Internet service from Apple Inc. for Macintosh computers, iPhone, iPod touch, and PCs. A MobileMe subscription provides push email, push contacts, and push calendar to keep your data automatically up-to-date on all your devices.
Given the size of the updated file, I expect there are more new definitions, but MobileMe was the only one I could think to check.
There are also changes on the Unix side of OS X. Some Perl and Ruby related bits were updated, as were snmp-related Unix programs, and various other Unix components, such as the pasteboard server.
I’ve been running 10.5.4 on two machines now for a few hours, and haven’t experienced any issues—though as with any update, I strongly recommend having a current backup before proceeding.
So what will happen with the ARDAGent hole? Only Apple knows, of course, but I think we’ll see a standalone security update released in the near future to address that issue (as well as any other security issues that haven’t been patched with the 10.5.4 release).
As for new things introduced in OS X 10.5.4, I dug around a bit in the bom files, as I did with May’s 10.5.3 release. This latest update is much smaller than 10.5.3, and I didn’t find anything nearly as interesting as I did last month, other than the non-fix for ARDAgent. There are a slew of extension updates, though it’s tough to figure out exactly what changes those may entail.
There were a number of updates to PDF-related utilities, including the Mail PDF, Save as PDF-X, and Save PDF to Web Receipts Folder workflows, as well as changes to many PDF-related Automator actions. Non-English language files in many programs were updated, and there was some sort of change to Mail’s preferences, though I couldn’t see any obvious change when compared with Mail on a 10.5.3 machine. iChat received updates to the balloons, boxes, and compact styles, as well as some (also not obvious) changes in its preferences.
The Apple-provided dictionary in Dictionary was also updated, adding (at a minimum) the definition of MobileMe, Apple’s soon-to-launch online service:
An Internet service from Apple Inc. for Macintosh computers, iPhone, iPod touch, and PCs. A MobileMe subscription provides push email, push contacts, and push calendar to keep your data automatically up-to-date on all your devices.
Given the size of the updated file, I expect there are more new definitions, but MobileMe was the only one I could think to check.
There are also changes on the Unix side of OS X. Some Perl and Ruby related bits were updated, as were snmp-related Unix programs, and various other Unix components, such as the pasteboard server.
I’ve been running 10.5.4 on two machines now for a few hours, and haven’t experienced any issues—though as with any update, I strongly recommend having a current backup before proceeding.
Setting up file Sharing on APPLE PC's
In order to use a synchronization utility to sync two Macs, one computer must be able to access the other's hard drive.
On a Local Network The easiest way to set up file sharing is with OS X's built-in file-sharing feature. To turn it on, open the Sharing preference pane and select the File Sharing option (see "Sharing Preference Pane"). Click on the plus-sign (+) button under Shared Folders, and select a folder or volume to share; note that you'll be able to synchronize only items within this folder or volume, so you'll likely want to choose your user folder. Your name should appear in the Users list with read and write access, so you can use your own user name and password to log in to this computer from another Mac. To enable another user to connect with a password different from yours, click on the plus-sign button under Users, select an existing name or click on New Person, and enter a user name and password.
Now, on another Leopard-running Mac, look in the sidebar of any Finder window; the computer you just activated file sharing on should appear under Shared. Select that computer's icon, click on Connect As, and enter the user name and password you set up for that computer. Once you're connected, double-click on the name of the shared folder or volume to mount it-the other computer's files should now be visible to any synchronization utility.
By adding your user folder (or another folder) to the Sharing pane, you can make it available to other Macs on your network.
Over the Internet-Back to My Mac Accessing another Mac is trickier when the two computers are not on the same local network. If you're a .Mac member running Leopard and you've activated Back to My Mac (via the the .Mac preference pane's Back To My Mac tab) on each computer, you should be able to see your other computers even when you're on different networks (say, one computer at home and the other at work), though you may have to configure your router or firewall to enable outside access. (Apple provides detailed usage and troubleshooting information; check it out if the feature doesn't work as expected).
Over the Internet-Other Options If you're not a .Mac member or you're not running Leopard, accessing a Mac remotely requires more effort. One approach is to use a VPN (virtual private network). For example, if you have file sharing turned on at work and you connect to your corporate network from home via a VPN, your work Mac's volume should be accessible as with a local Mac.
Going in the other direction (accessing your home computer from work) without a VPN requires that you know your home Mac's public IP address. (To find this out, open a Web browser on your home Mac and go to whatismyip.com. If you don't have a static IP address, try a Dynamic DNS service such as DynDNS (basic service is free) to assign a domain name to your home Mac; then the included software informs the company's name servers whenever your Mac's IP address changes, so you can always connect using the domain name regardless of the current IP address.
In addition to knowing your home Mac's IP address or domain name, you may need to set up your router to use port forwarding, in which all requests from outside your home network directed to a particular port (such as 548, the one used by AFP for file sharing) go to a specific computer on your network. You can learn more about setting up port forwarding at PortForward.com.
Once you have port forwarding configured at home, go to your work Mac and choose Go: Connect To Server in the Finder. In the Server Address field, enter afp:// followed by your home computer's IP address or domain name, and click on Connect. If everything goes well, your home Mac's drive will mount in the Finder.
If All Else Fails If you lack the geek mojo to work through all those details but you still need to sync, say, a home computer and a work computer, consider a slightly lower-tech alternative: an external hard drive that you shuttle between locations. You can either use the drive to store all the files you need to access in both places, or synchronize your work Mac with the drive before and after switching locations.
On a Local Network The easiest way to set up file sharing is with OS X's built-in file-sharing feature. To turn it on, open the Sharing preference pane and select the File Sharing option (see "Sharing Preference Pane"). Click on the plus-sign (+) button under Shared Folders, and select a folder or volume to share; note that you'll be able to synchronize only items within this folder or volume, so you'll likely want to choose your user folder. Your name should appear in the Users list with read and write access, so you can use your own user name and password to log in to this computer from another Mac. To enable another user to connect with a password different from yours, click on the plus-sign button under Users, select an existing name or click on New Person, and enter a user name and password.
Now, on another Leopard-running Mac, look in the sidebar of any Finder window; the computer you just activated file sharing on should appear under Shared. Select that computer's icon, click on Connect As, and enter the user name and password you set up for that computer. Once you're connected, double-click on the name of the shared folder or volume to mount it-the other computer's files should now be visible to any synchronization utility.
By adding your user folder (or another folder) to the Sharing pane, you can make it available to other Macs on your network.
Over the Internet-Back to My Mac Accessing another Mac is trickier when the two computers are not on the same local network. If you're a .Mac member running Leopard and you've activated Back to My Mac (via the the .Mac preference pane's Back To My Mac tab) on each computer, you should be able to see your other computers even when you're on different networks (say, one computer at home and the other at work), though you may have to configure your router or firewall to enable outside access. (Apple provides detailed usage and troubleshooting information; check it out if the feature doesn't work as expected).
Over the Internet-Other Options If you're not a .Mac member or you're not running Leopard, accessing a Mac remotely requires more effort. One approach is to use a VPN (virtual private network). For example, if you have file sharing turned on at work and you connect to your corporate network from home via a VPN, your work Mac's volume should be accessible as with a local Mac.
Going in the other direction (accessing your home computer from work) without a VPN requires that you know your home Mac's public IP address. (To find this out, open a Web browser on your home Mac and go to whatismyip.com. If you don't have a static IP address, try a Dynamic DNS service such as DynDNS (basic service is free) to assign a domain name to your home Mac; then the included software informs the company's name servers whenever your Mac's IP address changes, so you can always connect using the domain name regardless of the current IP address.
In addition to knowing your home Mac's IP address or domain name, you may need to set up your router to use port forwarding, in which all requests from outside your home network directed to a particular port (such as 548, the one used by AFP for file sharing) go to a specific computer on your network. You can learn more about setting up port forwarding at PortForward.com.
Once you have port forwarding configured at home, go to your work Mac and choose Go: Connect To Server in the Finder. In the Server Address field, enter afp:// followed by your home computer's IP address or domain name, and click on Connect. If everything goes well, your home Mac's drive will mount in the Finder.
If All Else Fails If you lack the geek mojo to work through all those details but you still need to sync, say, a home computer and a work computer, consider a slightly lower-tech alternative: an external hard drive that you shuttle between locations. You can either use the drive to store all the files you need to access in both places, or synchronize your work Mac with the drive before and after switching locations.
Wednesday, June 25, 2008
Microsoft Extends Support for Windows XP To 13 Years
With many business and individual PC users rejecting Windows Vista, Microsoft took an unprecedented step this week by promising support for Windows XP for a full 13 years. That is three years longer than it has allowed for previous Windows operating systems.
In a letter sent to customers this week, Bill Veghte, a Microsoft vice president, also seemed to confirm that Windows 7 will be released in 2010. That OS, Veghte wrote, will ship "approximately three years" after Vista became available in January 2007.
Avoiding Vista
Meantime, security patches and updates to Windows XP will be provided until April 2014, Veghte promised. In what could be considered an understatement, he wrote, "Our ongoing support for Windows XP is the result of our recognition that people keep their Windows-based PCs for many years."
Many large businesses have avoided upgrading to Windows Vista, which has been plagued with widely publicized problems, including incompatibilities with drivers for legacy hardware and applications. Upgrading to Vista could also be very expensive for enterprises that would need to upgrade older hardware. Many businesses and individuals have opted to buy Windows XP on new PCs.
While June 30 remains the cutoff date for selling Windows XP, retailers such as Dell are still selling preconfigured PCs with XP. And enterprises with volume licensing contracts will still be able to install XP even on new machines.
Downgrade Option
In addition, Microsoft has promoted a licensing loophole that allows new hardware buyers to purchase Windows Vista and then downgrade it to a previous version of Windows. Microsoft has cited such purchases as evidence of support for Vista, but many Web postings have disputed that.
"It's true that we will stop selling Windows XP as a retail packaged product and stop licensing it directly to major PC manufacturers," Veghte's letter says. "But customers who still need Windows XP will be able to get it."
Microsoft will also continue to sell a version of Windows XP to makers of low-cost computers through June 2010. Such machines as the Asus Eee PC are incapable of running Vista and the alternative would be for the makers to install open-source Linux as the operating system.
Friday, May 30, 2008
Symantec Admits Fault in Windows XP SP3 Registry Corruption
You may recall my earlier story on registry corruption for certain users upgrading to Windows XP SP3. The cases of registry corruption seemed to have a common thread: Symantec security products. Originally Symantec blamed Microsoft, but in a post on a Symantec support forum, a senior manager with Symantec indicated the fault may indeed lie with Symantec's products.
Reese Anschultz said users of Norton Internet Security, Norton AntiVirus and Norton 360 should switch off the "SymProtect" feature before trying to install XP SP3.
After a lot of testing, we’ve reproduced a number of different cases where applying the XP SP3 upgrade adds additional registry keys within already existing Symantec registry keys. The Symantec keys affected vary from machine to machine and the effects of these added keys vary as well. We are still trying to understand why the upgrade is adding these keys. We have determined that the SymProtect feature is involved, though this issue is not exclusive to Symantec customers. We’ve seen reports from various users who are not running Symantec products.
To help prevent this issue from occurring, you should disable SymProtect prior to installing the Windows XP SP3 upgrade. This setting, in Norton Internet Security 2008 and Norton AntiVirus 2008, can be found within the Options page as “Turn on protection for Norton products.” In this case you should uncheck the box prior to the upgrade. After the upgrade is complete, please remember to re-enable this feature.
It should be noted, however, that this workaround only addresses issues with Symantec products. You may still run into similar problems with other products affected by this XP SP3 upgrade issue. For Norton SystemWorks 2008 you have to go to the Advanced Options UI that is under Settings. Next, click on "Norton SystemWorks Options" and select the General tab. Lastly, uncheck the box that says, "Turn on protection for my Symantec product”.
For Norton SystemWorks 2008 Premier you can use either the previous instructions or the Norton AntiVirus instructions.
For Norton 360, disable the "SymProtect Tamper Protection" quick control within the settings page.
For those who have already applied the upgrade and are running into problems, we’re working on a stand-alone tool that would delete the extraneous registry keys. We’ll post that on this forum as soon as it’s available.
No post of a tool yet. Additionally, a later post on the same thread seemed to indicate a similar issue with the installation of Vista SP1, although that same Symantec manager noted they hadn't noted such reports previously.
Last week, Symantec blamed a Microsoft file named fixccs.exe, part of the XP SP3 upgrade package, for the extra registry entries. Now, however, it seems that it was a combination of fixccs.exe and SymProtect which caused the issue. SymProtect is technology designed to protect Symantec security software from being hacked by malware.
"Fixccs.exe adds registry keys during the SP3 update process and then attempts to delete them," said a Symantec spokeswoman. "SymProtect prevents changes to the registry keys. Thus, it prevents the deletion of the keys added by fixccs.exe."
Makes sense, right? Of course, as noted in the forum post, Symantec continues to contend that the registry problems are not exclusive to Symantec products.
Source: By Tech Ex http://technologyexpert.blogspot.com/
Reese Anschultz said users of Norton Internet Security, Norton AntiVirus and Norton 360 should switch off the "SymProtect" feature before trying to install XP SP3.
After a lot of testing, we’ve reproduced a number of different cases where applying the XP SP3 upgrade adds additional registry keys within already existing Symantec registry keys. The Symantec keys affected vary from machine to machine and the effects of these added keys vary as well. We are still trying to understand why the upgrade is adding these keys. We have determined that the SymProtect feature is involved, though this issue is not exclusive to Symantec customers. We’ve seen reports from various users who are not running Symantec products.
To help prevent this issue from occurring, you should disable SymProtect prior to installing the Windows XP SP3 upgrade. This setting, in Norton Internet Security 2008 and Norton AntiVirus 2008, can be found within the Options page as “Turn on protection for Norton products.” In this case you should uncheck the box prior to the upgrade. After the upgrade is complete, please remember to re-enable this feature.
It should be noted, however, that this workaround only addresses issues with Symantec products. You may still run into similar problems with other products affected by this XP SP3 upgrade issue. For Norton SystemWorks 2008 you have to go to the Advanced Options UI that is under Settings. Next, click on "Norton SystemWorks Options" and select the General tab. Lastly, uncheck the box that says, "Turn on protection for my Symantec product”.
For Norton SystemWorks 2008 Premier you can use either the previous instructions or the Norton AntiVirus instructions.
For Norton 360, disable the "SymProtect Tamper Protection" quick control within the settings page.
For those who have already applied the upgrade and are running into problems, we’re working on a stand-alone tool that would delete the extraneous registry keys. We’ll post that on this forum as soon as it’s available.
No post of a tool yet. Additionally, a later post on the same thread seemed to indicate a similar issue with the installation of Vista SP1, although that same Symantec manager noted they hadn't noted such reports previously.
Last week, Symantec blamed a Microsoft file named fixccs.exe, part of the XP SP3 upgrade package, for the extra registry entries. Now, however, it seems that it was a combination of fixccs.exe and SymProtect which caused the issue. SymProtect is technology designed to protect Symantec security software from being hacked by malware.
"Fixccs.exe adds registry keys during the SP3 update process and then attempts to delete them," said a Symantec spokeswoman. "SymProtect prevents changes to the registry keys. Thus, it prevents the deletion of the keys added by fixccs.exe."
Makes sense, right? Of course, as noted in the forum post, Symantec continues to contend that the registry problems are not exclusive to Symantec products.
Source: By Tech Ex http://technologyexpert.blogspot.com/
Windows XP Service Pack 3 Issues
The latest service pack for Windows XP continues to cause problems for users. According to an online user forum, the latest glitch in Windows XP Service Pack 3 (SP3) causes problems with the remote desktop access feature of Windows Home Server.
On the We Got Served U.K.-based Windows user forum, Windows XP users running Windows Home Server, Microsoft's home storage and local networking server, report that SP3 is cutting off their access to the server from their PCs. The remote desktop access feature would ask users to add their home server's Web site address in order to access it even after they already had, users reported.
According to a user on Microsoft's Windows Home Server forum, the problem arose because Windows XP SP3 by default disables Terminal Services Active X control as part of its security model. The user, ColinWH, posted a fix for the problem that outlines how to enable the Terminal Services ActiveX control in Internet Explorer.
The Windows Home Server problem is not the first that users -- or Microsoft -- have had with the latest XP service pack. Scheduled for release on April 29, Windows XP SP3 was held up for a week by Microsoft because of incompatibilities between the service pack and one of Microsoft's own applications, retail chain management software called Microsoft Dynamics RMS. The problem even affected the Windows Vista Service Pack 1 set of updates.
Then, after the service pack's release on May 6, users reported that XP SP3 put some AMD-based PCs into endless reboots. Eventually, the problem was identified as affecting certain Hewlett-Packard PCs, and Microsoft posted information for fixing it on the Web.
Microsoft could not be immediately reached for comment on Monday.
On the We Got Served U.K.-based Windows user forum, Windows XP users running Windows Home Server, Microsoft's home storage and local networking server, report that SP3 is cutting off their access to the server from their PCs. The remote desktop access feature would ask users to add their home server's Web site address in order to access it even after they already had, users reported.
According to a user on Microsoft's Windows Home Server forum, the problem arose because Windows XP SP3 by default disables Terminal Services Active X control as part of its security model. The user, ColinWH, posted a fix for the problem that outlines how to enable the Terminal Services ActiveX control in Internet Explorer.
The Windows Home Server problem is not the first that users -- or Microsoft -- have had with the latest XP service pack. Scheduled for release on April 29, Windows XP SP3 was held up for a week by Microsoft because of incompatibilities between the service pack and one of Microsoft's own applications, retail chain management software called Microsoft Dynamics RMS. The problem even affected the Windows Vista Service Pack 1 set of updates.
Then, after the service pack's release on May 6, users reported that XP SP3 put some AMD-based PCs into endless reboots. Eventually, the problem was identified as affecting certain Hewlett-Packard PCs, and Microsoft posted information for fixing it on the Web.
Microsoft could not be immediately reached for comment on Monday.
Friday, May 16, 2008
Windows XP Outlook Express Headaches: When I try to download mail, I sometimes get a server timeout message.
Cause Outlook Express provides a timeout message
after a certain period of time when there is no activity with the mail server. If you are getting this message, you can increase the timeout value.
The Pain Killer To increase the timeout value, follow these steps:
In Outlook Express, click Tools Accounts.
1. Click the Mail tab. Select your account, and click the Properties button.
2. Click the Advanced tab, shown here. In the Server Timeouts section, increase the value by moving the slider bar to the right. Click OK when you are done.
How Do They Crack Your Password?
Reader Rich Brozenec writes: I read your story about passwords. I have a question. Almost all my internet accounts (banks, Amazon, credit cards, etc.) have a limit on the number of password tries they allow [before timing out additional attempts]. Your story implies an infinite number of attempts using various combinations of letters and numbers, but is that really the case, or is there a way around these limits?
A little backstory on how passwords are cracked is in order. As some emailers and commenters have noted, "brute force" password cracking is probably not the most popular method by which passwords are broken. Social engineering, phishing, and other nefarious methods are actually much easier: All of these involve you willingly giving up your password to a malicious hacker through some form of misdirection and deceit. You may get a call from "your bank" with a problem on your account. Or you may get an email from "eBay" with a question about your listing... which takes you to a phony website.
The most secure password in the world won't protect you against hacking attempts like these. If you actually tell someone your password, you're out of luck.
The kind of password attacks I'm talking about when I write stories about password security and strength involve brute force attacks of various sorts. These attacks typically involve the theft of password records by various means. You read about them every day: Hackers compromise networks and abscond with user data. Or, more commonly, someone steals a laptop loaded with user records for some company or another. (User IDs are usually not encrypted and are linked directly to the hashed password.)
Most of the time, though, just having this user data doesn't mean your password is now in the hands of hackers (though if you read that a company you deal with has been victimized, you should always change your password as a matter of precaution). That's because most companies store passwords in encrypted formats called hashes. A hash is created by taking your password, applying a mathematical function to it, then storing the result of that function in the database instead of the actual password. When you log in to a website, the site runs that same math function against your password, then checks the database to see if the hashes match. If they do, you're in.
The reason hashes are secure is that they are not reversible. Say your password is daisy123; its hash may be 1b3c2c45d0a977b508f637097a94cbfb. (And in fact, it really is in one of the most common hash systems.) It's easy to go from daisy123 to the hash. Not so easy to go the other way. Thus, it's much safer to store the hash. Make sense so far?
So, what happens if a hacker knows the hash of your password? He tries out likely passwords to see if he can get a match. Again, it's easy to hash several hundred passwords per second, and eventually he'll get to daisy123, since it is, as noted in a prior article, a quite insecure password. But if your password is appropriately complex, he'll probably never be able to crack it: Having the hash will be as useless as having no information about your password.
There are copious other methods for cracking passwords (and there are even online databases of hashes that make looking up common passwords child's play), but this is the most common way, especially when cracking passwords in bulk (when you have thousands or millions of hashes to look through). It shakes out pretty much the same way every time: If a thief absconds with 100,000 user records, a relatively simple brute force attack against those hashes using common cracking software will probably net 20,000 passwords he can use.
In other words: Be safe out there.
A little backstory on how passwords are cracked is in order. As some emailers and commenters have noted, "brute force" password cracking is probably not the most popular method by which passwords are broken. Social engineering, phishing, and other nefarious methods are actually much easier: All of these involve you willingly giving up your password to a malicious hacker through some form of misdirection and deceit. You may get a call from "your bank" with a problem on your account. Or you may get an email from "eBay" with a question about your listing... which takes you to a phony website.
The most secure password in the world won't protect you against hacking attempts like these. If you actually tell someone your password, you're out of luck.
The kind of password attacks I'm talking about when I write stories about password security and strength involve brute force attacks of various sorts. These attacks typically involve the theft of password records by various means. You read about them every day: Hackers compromise networks and abscond with user data. Or, more commonly, someone steals a laptop loaded with user records for some company or another. (User IDs are usually not encrypted and are linked directly to the hashed password.)
Most of the time, though, just having this user data doesn't mean your password is now in the hands of hackers (though if you read that a company you deal with has been victimized, you should always change your password as a matter of precaution). That's because most companies store passwords in encrypted formats called hashes. A hash is created by taking your password, applying a mathematical function to it, then storing the result of that function in the database instead of the actual password. When you log in to a website, the site runs that same math function against your password, then checks the database to see if the hashes match. If they do, you're in.
The reason hashes are secure is that they are not reversible. Say your password is daisy123; its hash may be 1b3c2c45d0a977b508f637097a94cbfb. (And in fact, it really is in one of the most common hash systems.) It's easy to go from daisy123 to the hash. Not so easy to go the other way. Thus, it's much safer to store the hash. Make sense so far?
So, what happens if a hacker knows the hash of your password? He tries out likely passwords to see if he can get a match. Again, it's easy to hash several hundred passwords per second, and eventually he'll get to daisy123, since it is, as noted in a prior article, a quite insecure password. But if your password is appropriately complex, he'll probably never be able to crack it: Having the hash will be as useless as having no information about your password.
There are copious other methods for cracking passwords (and there are even online databases of hashes that make looking up common passwords child's play), but this is the most common way, especially when cracking passwords in bulk (when you have thousands or millions of hashes to look through). It shakes out pretty much the same way every time: If a thief absconds with 100,000 user records, a relatively simple brute force attack against those hashes using common cracking software will probably net 20,000 passwords he can use.
In other words: Be safe out there.
Thursday, August 30, 2007
Will update drive Vista use?
The first Vista service pack may serve dual purposes for Microsoft: fixing the operating system's rough edges while simultaneously indicating that it's ready for mass adoption.
Microsoft initially downplayed the importance of service packs in an era where patches are easily available online. Also, the company urged businesses not to wait for a service pack to start testing and rolling out Vista.
Nonetheless, in announcing its plans to release Service Pack 1 early next year, Microsoft is noting that the milestone remains an important signal for some businesses that the operating system has reached a level of maturity.
Many analysts have consistently advised companies to hold off on Vista deployments until the first service pack's arrival.
"There's always a portion of the market that has that M.O. (modus operandi)," said Shanen Boettcher, a general manager in the Windows unit.
By talking about SP1, Microsoft hopes to sway some businesses that have yet to move forward in any fashion to start at least testing the OS.
"I would expect that we will see a little bit of an increase," Boettcher said.
Microsoft has said it expects businesses to move to Vista at twice the rate that they did with XP over its first 12 months. However, Al Gillen, an analyst at IDC, said that businesses seem to be moving at generally the same pace as with previous releases. "From what we can see, the adoption curve is running much like past releases," he said.
In part, that's because so much goes into upgrading the OS, Gillen said. Companies have to test it against their custom and packaged software, do security reviews, make sure they have enough machines capable of running the new operating system, and then budget for the hardware, software training and support costs.
"Customers drag their feet," Gillen said.
A few exceptionsWhile most businesses have yet to start deploying Vista in significant numbers, Microsoft is touting a few large companies that have started putting the operating system onto a sizable number of desktops. Infosys, for example, has 4,000 PCs running Vista now, with plans for 20,000 by year's end. Citigroup, Charter Communications and Continental Airlines all have more than 2,000 machines on Vista and plan to have 10,000 machines running the operating system by year's end.
"Yeah, there are some early adopters and Microsoft always parades them forward," Gillen said. "They are really the exception and not the norm."
Boettcher said that the adoption rate so far among businesses "is about how we expected it to be."
As for the company's goal of doubling adoption, he said, "It's still early to declare victory...All the signs are we are doing well versus our goal."
Gillen said that the timing of the service pack probably hasn't made a huge impact on when businesses move to Vista.
"If they had brought SP1 out in the first three to six months after the release, I don't think that would have dramatically changed the adoption," he said.
What's unclear is whether Service Pack 1 will help to dispel the notion that the operating system still has too many glitches and hitches to justify the effort of migration. Even some who were initially bullish on the OS, have lately criticized its trouble spots.
Microsoft says it now has better driver support and compatibility with existing software than it did at Vista's launch, which could help businesses justify making the move.
The company openly admits that the stars didn't align for a big-bang Vista launch--reminiscent of Windows 95's debut--that it clearly hoped for. "Frankly, the world wasn't 100 percent ready for Windows Vista," Corporate Vice President Mike Sievert said in an interview at Microsoft's recent partner conference in Denver. "That has changed in a very material way in the past six months."
Gillen said it was good to see Microsoft also commit to a timetable for Windows XP Service Pack 3, which is due out in the first half of next year. "It's a nice indication that they are not trying to subtly coerce customers to move forward onto Windows Vista."
Written by: By Ina Fried Staff Writer, CNET News.com -->
Published: August 30, 2007, 4:00 AM PDT
Microsoft initially downplayed the importance of service packs in an era where patches are easily available online. Also, the company urged businesses not to wait for a service pack to start testing and rolling out Vista.
Nonetheless, in announcing its plans to release Service Pack 1 early next year, Microsoft is noting that the milestone remains an important signal for some businesses that the operating system has reached a level of maturity.
Many analysts have consistently advised companies to hold off on Vista deployments until the first service pack's arrival.
"There's always a portion of the market that has that M.O. (modus operandi)," said Shanen Boettcher, a general manager in the Windows unit.
By talking about SP1, Microsoft hopes to sway some businesses that have yet to move forward in any fashion to start at least testing the OS.
"I would expect that we will see a little bit of an increase," Boettcher said.
Microsoft has said it expects businesses to move to Vista at twice the rate that they did with XP over its first 12 months. However, Al Gillen, an analyst at IDC, said that businesses seem to be moving at generally the same pace as with previous releases. "From what we can see, the adoption curve is running much like past releases," he said.
In part, that's because so much goes into upgrading the OS, Gillen said. Companies have to test it against their custom and packaged software, do security reviews, make sure they have enough machines capable of running the new operating system, and then budget for the hardware, software training and support costs.
"Customers drag their feet," Gillen said.
A few exceptionsWhile most businesses have yet to start deploying Vista in significant numbers, Microsoft is touting a few large companies that have started putting the operating system onto a sizable number of desktops. Infosys, for example, has 4,000 PCs running Vista now, with plans for 20,000 by year's end. Citigroup, Charter Communications and Continental Airlines all have more than 2,000 machines on Vista and plan to have 10,000 machines running the operating system by year's end.
"Yeah, there are some early adopters and Microsoft always parades them forward," Gillen said. "They are really the exception and not the norm."
Boettcher said that the adoption rate so far among businesses "is about how we expected it to be."
As for the company's goal of doubling adoption, he said, "It's still early to declare victory...All the signs are we are doing well versus our goal."
Gillen said that the timing of the service pack probably hasn't made a huge impact on when businesses move to Vista.
"If they had brought SP1 out in the first three to six months after the release, I don't think that would have dramatically changed the adoption," he said.
What's unclear is whether Service Pack 1 will help to dispel the notion that the operating system still has too many glitches and hitches to justify the effort of migration. Even some who were initially bullish on the OS, have lately criticized its trouble spots.
Microsoft says it now has better driver support and compatibility with existing software than it did at Vista's launch, which could help businesses justify making the move.
The company openly admits that the stars didn't align for a big-bang Vista launch--reminiscent of Windows 95's debut--that it clearly hoped for. "Frankly, the world wasn't 100 percent ready for Windows Vista," Corporate Vice President Mike Sievert said in an interview at Microsoft's recent partner conference in Denver. "That has changed in a very material way in the past six months."
Gillen said it was good to see Microsoft also commit to a timetable for Windows XP Service Pack 3, which is due out in the first half of next year. "It's a nice indication that they are not trying to subtly coerce customers to move forward onto Windows Vista."
Written by: By Ina Fried Staff Writer, CNET News.com -->
Published: August 30, 2007, 4:00 AM PDT
Tuesday, July 31, 2007
Vista opens new dawn for security
Hi-tech criminals are looking forward to the consumer release of Windows Vista, say security experts.
Vista will be the big event in computer security in 2007, say experts and add that it will have a profound effect on both sides of the security world.
Many organised crime gangs are already tearing the new version of Windows apart looking for ways to exploit its weaknesses, say some.
Others are expecting to see Vista attacked soon after it debuts.
Fresh target
While Microsoft's business customers have been able to buy Vista since 30 November, consumers are being forced to wait until late January 2007 to get their hands on the next version of the Windows operating system.
Microsoft has said that the whole development process of the operating system has been run with better security in mind.
Within Vista are several technologies that could stop many people falling victim to the most common sorts of malicious attack, said Kevin Hogan, director of security operations at Symantec.
In particular, he said, the way Vista handles user accounts will limit the freedom malicious programs have to run and install themselves surreptitiously.
Increasingly, said Mr Hogan, hi-tech criminals were booby-trapping benign looking webpages with code that slips through vulnerabilities in the various versions of Windows. It should also help stop people being caught out by malicious attachments on e-mail messages.
"That'll deal with a lot of the current threats we are seeing," said Mr Hogan.
Mikko Hypponen, chief research officer at security firm F-Secure, said the warnings that these account controls display when malicious code tries to install itself will prove useful.
"It'll become much more obvious when they get infected," he said.
But, said Mr Hypponen, as well as stopping some of the threats hitting users, Vista is also likely to spur many hi-tech criminals to step up their research efforts and translate their old malicious wares to the new software.
"None of the existing bots, backdoors, trojans in general run on Vista," said Mr Hypponen.
Already security experts are seeing exploits for Vista vulnerabilities being sold on underground websites and proof-of-concept code appearing on discussion boards.
Gerhard Eschelbeck, chief technology officer at security firm Webroot, said he expected the hi-tech criminals to start exploiting the many ways that Vista tries to warn people about security threats.
He said it was only a matter of time before cyber criminals find a way to mimic the security warnings that Vista uses to try to trick people into installing a malicious program.
"They are thinking how to attack the user directly rather than try to penetrate the applications," he said.
Old iron
While Vista might help many users stay safer online, many criminals would be happy targeting the tens of millions of people who own older versions of Windows, said Mr Eschelbeck.
In 2007 he said he expected to see malicious code turning up on many different types of sites - many of which looked completely benign.
Those behind malicious programs were also more interested in having their creations hang around longer, said Mr Eschelbeck.
"The goal is to stay undetected for a long time," he said. "It's being driven by people looking for financial gain."
The diversity of the hi-tech underground was also shown by the new targets many were going after, said Paul Davie, chief executive of security firm Secerno.
He said many hi-tech criminals were now targeting web shops that use a database to handle orders in a bid to steal valuable information they can sell or use.
Many attackers, he said, were using sophisticated techniques to squeeze information out of databases.
"These attacks - examples of which include hackers exposing hundreds of thousands of credit card numbers worldwide - certainly will increase sharply in 2007," he said.
"The security sector is coming to terms with the fact that it is dealing with highly financially motivated, technologically advanced and professional database infiltrators," he said.
Written by Mark Ward Technology Correspondent, BBC News website
Vista will be the big event in computer security in 2007, say experts and add that it will have a profound effect on both sides of the security world.
Many organised crime gangs are already tearing the new version of Windows apart looking for ways to exploit its weaknesses, say some.
Others are expecting to see Vista attacked soon after it debuts.
Fresh target
While Microsoft's business customers have been able to buy Vista since 30 November, consumers are being forced to wait until late January 2007 to get their hands on the next version of the Windows operating system.
Microsoft has said that the whole development process of the operating system has been run with better security in mind.
Within Vista are several technologies that could stop many people falling victim to the most common sorts of malicious attack, said Kevin Hogan, director of security operations at Symantec.
In particular, he said, the way Vista handles user accounts will limit the freedom malicious programs have to run and install themselves surreptitiously.
Increasingly, said Mr Hogan, hi-tech criminals were booby-trapping benign looking webpages with code that slips through vulnerabilities in the various versions of Windows. It should also help stop people being caught out by malicious attachments on e-mail messages.
"That'll deal with a lot of the current threats we are seeing," said Mr Hogan.
Mikko Hypponen, chief research officer at security firm F-Secure, said the warnings that these account controls display when malicious code tries to install itself will prove useful.
"It'll become much more obvious when they get infected," he said.
But, said Mr Hypponen, as well as stopping some of the threats hitting users, Vista is also likely to spur many hi-tech criminals to step up their research efforts and translate their old malicious wares to the new software.
"None of the existing bots, backdoors, trojans in general run on Vista," said Mr Hypponen.
Already security experts are seeing exploits for Vista vulnerabilities being sold on underground websites and proof-of-concept code appearing on discussion boards.
Gerhard Eschelbeck, chief technology officer at security firm Webroot, said he expected the hi-tech criminals to start exploiting the many ways that Vista tries to warn people about security threats.
He said it was only a matter of time before cyber criminals find a way to mimic the security warnings that Vista uses to try to trick people into installing a malicious program.
"They are thinking how to attack the user directly rather than try to penetrate the applications," he said.
Old iron
While Vista might help many users stay safer online, many criminals would be happy targeting the tens of millions of people who own older versions of Windows, said Mr Eschelbeck.
In 2007 he said he expected to see malicious code turning up on many different types of sites - many of which looked completely benign.
Those behind malicious programs were also more interested in having their creations hang around longer, said Mr Eschelbeck.
"The goal is to stay undetected for a long time," he said. "It's being driven by people looking for financial gain."
The diversity of the hi-tech underground was also shown by the new targets many were going after, said Paul Davie, chief executive of security firm Secerno.
He said many hi-tech criminals were now targeting web shops that use a database to handle orders in a bid to steal valuable information they can sell or use.
Many attackers, he said, were using sophisticated techniques to squeeze information out of databases.
"These attacks - examples of which include hackers exposing hundreds of thousands of credit card numbers worldwide - certainly will increase sharply in 2007," he said.
"The security sector is coming to terms with the fact that it is dealing with highly financially motivated, technologically advanced and professional database infiltrators," he said.
Written by Mark Ward Technology Correspondent, BBC News website
SF Municipal Wi-Fi Wait Grows
The next crucial votes on San Francisco's municipal Wi-Fi proposal will be delayed until next month while chosen contractor EarthLink Inc. becomes increasingly skittish about building wireless networks for cities.
After a request by EarthLink, Board of Supervisors President Aaron Peskin plans to push back votes currently scheduled for this week until well into September. Peskin has proposed amendments to EarthLink's proposed contract with the city that could help move it through the board, which has final approval on the network plan and has been sharply divided.
Peskin said late Monday he plans to move a vote by the board's Budget and Finance Committee to Sept. 12. That committee vote, on whether to send the plan on to the full board, had been set for Wednesday after several earlier delays. Meanwhile, the full board had been set to vote Tuesday on whether the project should continue to be exempt from an environmental impact report. Its vote, also postponed several times, would be pushed back to Sept. 11.
San Francisco's municipal Wi-Fi project, originally proposed in 2004, is one of the most closely watched in the U.S. It would include a paid service provided by EarthLink and a slower, free service from Google Inc. The plan has run into a thicket of objections concerning privacy, health, quality of service, help for disadvantaged residents, the city's role, and the process of conceiving and approving the project. Plans elsewhere in the country, including in Philadelphia and Sacramento, California, also have run into problems and delays.
Meanwhile, EarthLink has scaled back its nationwide plans for municipal Wi-Fi networks as it grapples with the vagaries of this new type of business and with its own financial problems. Last week, EarthLink's recently appointed president and CEO, Rolla Huff, said the company's municipal network business as currently conceived can't make enough money. The business is now under review.
"Until we're confident that we can build new networks and get an acceptable return, we will delay any further new buildouts," Huff said on a conference call following EarthLink's second-quarter earnings report. The company lost US$16.3 million in the quarter, which ended June 30.
EarthLink now plans to ask cities that want municipal networks to sign up as anchor tenants, committing themselves to buying service for their own operations, Huff said.
San Francisco isn't ready to become such a tenant, according to Peskin, who said EarthLink raised the issue with him several weeks ago and he ran it by city IT officials. The government doesn't have enough Wi-Fi equipment to make use of the services it would be buying, he said.
"We still have people filling out paper in the police department," Peskin said. "Someday we'll get there, and the city could be a user, but it's not, at this point, the best use of our money."
Written by: Stephen Lawson, IDG News Service
After a request by EarthLink, Board of Supervisors President Aaron Peskin plans to push back votes currently scheduled for this week until well into September. Peskin has proposed amendments to EarthLink's proposed contract with the city that could help move it through the board, which has final approval on the network plan and has been sharply divided.
Peskin said late Monday he plans to move a vote by the board's Budget and Finance Committee to Sept. 12. That committee vote, on whether to send the plan on to the full board, had been set for Wednesday after several earlier delays. Meanwhile, the full board had been set to vote Tuesday on whether the project should continue to be exempt from an environmental impact report. Its vote, also postponed several times, would be pushed back to Sept. 11.
San Francisco's municipal Wi-Fi project, originally proposed in 2004, is one of the most closely watched in the U.S. It would include a paid service provided by EarthLink and a slower, free service from Google Inc. The plan has run into a thicket of objections concerning privacy, health, quality of service, help for disadvantaged residents, the city's role, and the process of conceiving and approving the project. Plans elsewhere in the country, including in Philadelphia and Sacramento, California, also have run into problems and delays.
Meanwhile, EarthLink has scaled back its nationwide plans for municipal Wi-Fi networks as it grapples with the vagaries of this new type of business and with its own financial problems. Last week, EarthLink's recently appointed president and CEO, Rolla Huff, said the company's municipal network business as currently conceived can't make enough money. The business is now under review.
"Until we're confident that we can build new networks and get an acceptable return, we will delay any further new buildouts," Huff said on a conference call following EarthLink's second-quarter earnings report. The company lost US$16.3 million in the quarter, which ended June 30.
EarthLink now plans to ask cities that want municipal networks to sign up as anchor tenants, committing themselves to buying service for their own operations, Huff said.
San Francisco isn't ready to become such a tenant, according to Peskin, who said EarthLink raised the issue with him several weeks ago and he ran it by city IT officials. The government doesn't have enough Wi-Fi equipment to make use of the services it would be buying, he said.
"We still have people filling out paper in the police department," Peskin said. "Someday we'll get there, and the city could be a user, but it's not, at this point, the best use of our money."
Written by: Stephen Lawson, IDG News Service
Subscribe to:
Posts (Atom)
