The first Vista service pack may serve dual purposes for Microsoft: fixing the operating system's rough edges while simultaneously indicating that it's ready for mass adoption.
Microsoft initially downplayed the importance of service packs in an era where patches are easily available online. Also, the company urged businesses not to wait for a service pack to start testing and rolling out Vista.
Nonetheless, in announcing its plans to release Service Pack 1 early next year, Microsoft is noting that the milestone remains an important signal for some businesses that the operating system has reached a level of maturity.
Many analysts have consistently advised companies to hold off on Vista deployments until the first service pack's arrival.
"There's always a portion of the market that has that M.O. (modus operandi)," said Shanen Boettcher, a general manager in the Windows unit.
By talking about SP1, Microsoft hopes to sway some businesses that have yet to move forward in any fashion to start at least testing the OS.
"I would expect that we will see a little bit of an increase," Boettcher said.
Microsoft has said it expects businesses to move to Vista at twice the rate that they did with XP over its first 12 months. However, Al Gillen, an analyst at IDC, said that businesses seem to be moving at generally the same pace as with previous releases. "From what we can see, the adoption curve is running much like past releases," he said.
In part, that's because so much goes into upgrading the OS, Gillen said. Companies have to test it against their custom and packaged software, do security reviews, make sure they have enough machines capable of running the new operating system, and then budget for the hardware, software training and support costs.
"Customers drag their feet," Gillen said.
A few exceptionsWhile most businesses have yet to start deploying Vista in significant numbers, Microsoft is touting a few large companies that have started putting the operating system onto a sizable number of desktops. Infosys, for example, has 4,000 PCs running Vista now, with plans for 20,000 by year's end. Citigroup, Charter Communications and Continental Airlines all have more than 2,000 machines on Vista and plan to have 10,000 machines running the operating system by year's end.
"Yeah, there are some early adopters and Microsoft always parades them forward," Gillen said. "They are really the exception and not the norm."
Boettcher said that the adoption rate so far among businesses "is about how we expected it to be."
As for the company's goal of doubling adoption, he said, "It's still early to declare victory...All the signs are we are doing well versus our goal."
Gillen said that the timing of the service pack probably hasn't made a huge impact on when businesses move to Vista.
"If they had brought SP1 out in the first three to six months after the release, I don't think that would have dramatically changed the adoption," he said.
What's unclear is whether Service Pack 1 will help to dispel the notion that the operating system still has too many glitches and hitches to justify the effort of migration. Even some who were initially bullish on the OS, have lately criticized its trouble spots.
Microsoft says it now has better driver support and compatibility with existing software than it did at Vista's launch, which could help businesses justify making the move.
The company openly admits that the stars didn't align for a big-bang Vista launch--reminiscent of Windows 95's debut--that it clearly hoped for. "Frankly, the world wasn't 100 percent ready for Windows Vista," Corporate Vice President Mike Sievert said in an interview at Microsoft's recent partner conference in Denver. "That has changed in a very material way in the past six months."
Gillen said it was good to see Microsoft also commit to a timetable for Windows XP Service Pack 3, which is due out in the first half of next year. "It's a nice indication that they are not trying to subtly coerce customers to move forward onto Windows Vista."
Written by: By Ina Fried Staff Writer, CNET News.com -->
Published: August 30, 2007, 4:00 AM PDT
Thursday, August 30, 2007
Tuesday, July 31, 2007
Vista opens new dawn for security
Hi-tech criminals are looking forward to the consumer release of Windows Vista, say security experts.
Vista will be the big event in computer security in 2007, say experts and add that it will have a profound effect on both sides of the security world.
Many organised crime gangs are already tearing the new version of Windows apart looking for ways to exploit its weaknesses, say some.
Others are expecting to see Vista attacked soon after it debuts.
Fresh target
While Microsoft's business customers have been able to buy Vista since 30 November, consumers are being forced to wait until late January 2007 to get their hands on the next version of the Windows operating system.
Microsoft has said that the whole development process of the operating system has been run with better security in mind.
Within Vista are several technologies that could stop many people falling victim to the most common sorts of malicious attack, said Kevin Hogan, director of security operations at Symantec.
In particular, he said, the way Vista handles user accounts will limit the freedom malicious programs have to run and install themselves surreptitiously.
Increasingly, said Mr Hogan, hi-tech criminals were booby-trapping benign looking webpages with code that slips through vulnerabilities in the various versions of Windows. It should also help stop people being caught out by malicious attachments on e-mail messages.
"That'll deal with a lot of the current threats we are seeing," said Mr Hogan.
Mikko Hypponen, chief research officer at security firm F-Secure, said the warnings that these account controls display when malicious code tries to install itself will prove useful.
"It'll become much more obvious when they get infected," he said.
But, said Mr Hypponen, as well as stopping some of the threats hitting users, Vista is also likely to spur many hi-tech criminals to step up their research efforts and translate their old malicious wares to the new software.
"None of the existing bots, backdoors, trojans in general run on Vista," said Mr Hypponen.
Already security experts are seeing exploits for Vista vulnerabilities being sold on underground websites and proof-of-concept code appearing on discussion boards.
Gerhard Eschelbeck, chief technology officer at security firm Webroot, said he expected the hi-tech criminals to start exploiting the many ways that Vista tries to warn people about security threats.
He said it was only a matter of time before cyber criminals find a way to mimic the security warnings that Vista uses to try to trick people into installing a malicious program.
"They are thinking how to attack the user directly rather than try to penetrate the applications," he said.
Old iron
While Vista might help many users stay safer online, many criminals would be happy targeting the tens of millions of people who own older versions of Windows, said Mr Eschelbeck.
In 2007 he said he expected to see malicious code turning up on many different types of sites - many of which looked completely benign.
Those behind malicious programs were also more interested in having their creations hang around longer, said Mr Eschelbeck.
"The goal is to stay undetected for a long time," he said. "It's being driven by people looking for financial gain."
The diversity of the hi-tech underground was also shown by the new targets many were going after, said Paul Davie, chief executive of security firm Secerno.
He said many hi-tech criminals were now targeting web shops that use a database to handle orders in a bid to steal valuable information they can sell or use.
Many attackers, he said, were using sophisticated techniques to squeeze information out of databases.
"These attacks - examples of which include hackers exposing hundreds of thousands of credit card numbers worldwide - certainly will increase sharply in 2007," he said.
"The security sector is coming to terms with the fact that it is dealing with highly financially motivated, technologically advanced and professional database infiltrators," he said.
Written by Mark Ward Technology Correspondent, BBC News website
Vista will be the big event in computer security in 2007, say experts and add that it will have a profound effect on both sides of the security world.
Many organised crime gangs are already tearing the new version of Windows apart looking for ways to exploit its weaknesses, say some.
Others are expecting to see Vista attacked soon after it debuts.
Fresh target
While Microsoft's business customers have been able to buy Vista since 30 November, consumers are being forced to wait until late January 2007 to get their hands on the next version of the Windows operating system.
Microsoft has said that the whole development process of the operating system has been run with better security in mind.
Within Vista are several technologies that could stop many people falling victim to the most common sorts of malicious attack, said Kevin Hogan, director of security operations at Symantec.
In particular, he said, the way Vista handles user accounts will limit the freedom malicious programs have to run and install themselves surreptitiously.
Increasingly, said Mr Hogan, hi-tech criminals were booby-trapping benign looking webpages with code that slips through vulnerabilities in the various versions of Windows. It should also help stop people being caught out by malicious attachments on e-mail messages.
"That'll deal with a lot of the current threats we are seeing," said Mr Hogan.
Mikko Hypponen, chief research officer at security firm F-Secure, said the warnings that these account controls display when malicious code tries to install itself will prove useful.
"It'll become much more obvious when they get infected," he said.
But, said Mr Hypponen, as well as stopping some of the threats hitting users, Vista is also likely to spur many hi-tech criminals to step up their research efforts and translate their old malicious wares to the new software.
"None of the existing bots, backdoors, trojans in general run on Vista," said Mr Hypponen.
Already security experts are seeing exploits for Vista vulnerabilities being sold on underground websites and proof-of-concept code appearing on discussion boards.
Gerhard Eschelbeck, chief technology officer at security firm Webroot, said he expected the hi-tech criminals to start exploiting the many ways that Vista tries to warn people about security threats.
He said it was only a matter of time before cyber criminals find a way to mimic the security warnings that Vista uses to try to trick people into installing a malicious program.
"They are thinking how to attack the user directly rather than try to penetrate the applications," he said.
Old iron
While Vista might help many users stay safer online, many criminals would be happy targeting the tens of millions of people who own older versions of Windows, said Mr Eschelbeck.
In 2007 he said he expected to see malicious code turning up on many different types of sites - many of which looked completely benign.
Those behind malicious programs were also more interested in having their creations hang around longer, said Mr Eschelbeck.
"The goal is to stay undetected for a long time," he said. "It's being driven by people looking for financial gain."
The diversity of the hi-tech underground was also shown by the new targets many were going after, said Paul Davie, chief executive of security firm Secerno.
He said many hi-tech criminals were now targeting web shops that use a database to handle orders in a bid to steal valuable information they can sell or use.
Many attackers, he said, were using sophisticated techniques to squeeze information out of databases.
"These attacks - examples of which include hackers exposing hundreds of thousands of credit card numbers worldwide - certainly will increase sharply in 2007," he said.
"The security sector is coming to terms with the fact that it is dealing with highly financially motivated, technologically advanced and professional database infiltrators," he said.
Written by Mark Ward Technology Correspondent, BBC News website
SF Municipal Wi-Fi Wait Grows
The next crucial votes on San Francisco's municipal Wi-Fi proposal will be delayed until next month while chosen contractor EarthLink Inc. becomes increasingly skittish about building wireless networks for cities.
After a request by EarthLink, Board of Supervisors President Aaron Peskin plans to push back votes currently scheduled for this week until well into September. Peskin has proposed amendments to EarthLink's proposed contract with the city that could help move it through the board, which has final approval on the network plan and has been sharply divided.
Peskin said late Monday he plans to move a vote by the board's Budget and Finance Committee to Sept. 12. That committee vote, on whether to send the plan on to the full board, had been set for Wednesday after several earlier delays. Meanwhile, the full board had been set to vote Tuesday on whether the project should continue to be exempt from an environmental impact report. Its vote, also postponed several times, would be pushed back to Sept. 11.
San Francisco's municipal Wi-Fi project, originally proposed in 2004, is one of the most closely watched in the U.S. It would include a paid service provided by EarthLink and a slower, free service from Google Inc. The plan has run into a thicket of objections concerning privacy, health, quality of service, help for disadvantaged residents, the city's role, and the process of conceiving and approving the project. Plans elsewhere in the country, including in Philadelphia and Sacramento, California, also have run into problems and delays.
Meanwhile, EarthLink has scaled back its nationwide plans for municipal Wi-Fi networks as it grapples with the vagaries of this new type of business and with its own financial problems. Last week, EarthLink's recently appointed president and CEO, Rolla Huff, said the company's municipal network business as currently conceived can't make enough money. The business is now under review.
"Until we're confident that we can build new networks and get an acceptable return, we will delay any further new buildouts," Huff said on a conference call following EarthLink's second-quarter earnings report. The company lost US$16.3 million in the quarter, which ended June 30.
EarthLink now plans to ask cities that want municipal networks to sign up as anchor tenants, committing themselves to buying service for their own operations, Huff said.
San Francisco isn't ready to become such a tenant, according to Peskin, who said EarthLink raised the issue with him several weeks ago and he ran it by city IT officials. The government doesn't have enough Wi-Fi equipment to make use of the services it would be buying, he said.
"We still have people filling out paper in the police department," Peskin said. "Someday we'll get there, and the city could be a user, but it's not, at this point, the best use of our money."
Written by: Stephen Lawson, IDG News Service
After a request by EarthLink, Board of Supervisors President Aaron Peskin plans to push back votes currently scheduled for this week until well into September. Peskin has proposed amendments to EarthLink's proposed contract with the city that could help move it through the board, which has final approval on the network plan and has been sharply divided.
Peskin said late Monday he plans to move a vote by the board's Budget and Finance Committee to Sept. 12. That committee vote, on whether to send the plan on to the full board, had been set for Wednesday after several earlier delays. Meanwhile, the full board had been set to vote Tuesday on whether the project should continue to be exempt from an environmental impact report. Its vote, also postponed several times, would be pushed back to Sept. 11.
San Francisco's municipal Wi-Fi project, originally proposed in 2004, is one of the most closely watched in the U.S. It would include a paid service provided by EarthLink and a slower, free service from Google Inc. The plan has run into a thicket of objections concerning privacy, health, quality of service, help for disadvantaged residents, the city's role, and the process of conceiving and approving the project. Plans elsewhere in the country, including in Philadelphia and Sacramento, California, also have run into problems and delays.
Meanwhile, EarthLink has scaled back its nationwide plans for municipal Wi-Fi networks as it grapples with the vagaries of this new type of business and with its own financial problems. Last week, EarthLink's recently appointed president and CEO, Rolla Huff, said the company's municipal network business as currently conceived can't make enough money. The business is now under review.
"Until we're confident that we can build new networks and get an acceptable return, we will delay any further new buildouts," Huff said on a conference call following EarthLink's second-quarter earnings report. The company lost US$16.3 million in the quarter, which ended June 30.
EarthLink now plans to ask cities that want municipal networks to sign up as anchor tenants, committing themselves to buying service for their own operations, Huff said.
San Francisco isn't ready to become such a tenant, according to Peskin, who said EarthLink raised the issue with him several weeks ago and he ran it by city IT officials. The government doesn't have enough Wi-Fi equipment to make use of the services it would be buying, he said.
"We still have people filling out paper in the police department," Peskin said. "Someday we'll get there, and the city could be a user, but it's not, at this point, the best use of our money."
Written by: Stephen Lawson, IDG News Service
Wednesday, June 20, 2007
Exploit code for two of Tuesday's patches have been posted to mailing lists by researchers.
Exploits appeared within hours for two of the bugs that Microsoft Corp. fixed Tuesday.
Microsoft's June set of security updates patched 15 separate vulnerabilities, nine of them labeled "critical," the company's most serious threat rating. Exploit code for two of the bugs -- one in Internet Explorer (IE), the other in Windows XP, Windows 2000 and Windows Server 2003 -- have been posted to the Bugtraq and Full-disclosure mailing lists by researchers.
A. Micalizzi went public with a pair of exploits -- one successful against Windows 2000, the other against Windows XP -- that leverage one of the six IE bugs patched Tuesday. A bug -- actually two because both the ActiveListen and ActiveVoice ActiveX controls are flawed -- was tagged "critical" in IE6 on Windows 2000 and Windows XP SP2, and "critical" in IE7 on both XP SP2 and Windows Vista. ActiveListen and ActiveVoice provide speech processing and text-to-speech to the browser.
Microsoft's MS07-033 security update fixed the flaw.
The exploits, co-authored by Micalizzi and Will Dorman, a vulnerability researcher at the Carnegie Mellon Software Engineering Institute's CERT Coordination Center, produce buffer overflows on IE6 and would let attackers run additional malicious code. In other words, a malicious hacker can hijack a PC. "Under XP, with predefined settings, Internet Explorer immediately crashes without warning the user, and it's still possible [to run] arbitrary code," said Micalizzi in the Bugtraq writeup accompanying one of the two exploits.
On Wednesday, another researcher posted proof-of-concept exploit code on Full Disclosure for the critical SChannel (Security Channel) vulnerability patched in MS07-031. Thomas Lim, CEO of Singapore-based COSEINC, said his exploit "may lead to an unrecoverable heap corruption condition, causing the application to terminate," or in some cases, repeatedly crash an application to cause a system reboot. His exploit wasn't able to inject remote code, however.
That limitation jibes with what security professionals said Tuesday about the SChannel bug. Although Microsoft ranked it as "critical," which usually means that the bug allows for remote code execution, David Dewey, research manager at IBM's Internet Security Systems X-Force team, downplayed the threat. "It's not exploitable," said Dewey, although he acknowledged it would be relatively easy to crash an application. "A working remote code exploit would take a new discovery in how exploits are made," he argued.
As proof-of-concept exploits popped up, Symantec Corp. predicted that attackers would quickly incorporate them into their kits. "Expect to see exploits for this added to the currently available browser attack tool kits in the near future," Symantec said of the SChannel flaw.
Symantec currently has its ThreatCon security status indicator set at "Level 2: Elevated," which is normal for the day after Microsoft posts patches.
Microsoft's June set of security updates patched 15 separate vulnerabilities, nine of them labeled "critical," the company's most serious threat rating. Exploit code for two of the bugs -- one in Internet Explorer (IE), the other in Windows XP, Windows 2000 and Windows Server 2003 -- have been posted to the Bugtraq and Full-disclosure mailing lists by researchers.
A. Micalizzi went public with a pair of exploits -- one successful against Windows 2000, the other against Windows XP -- that leverage one of the six IE bugs patched Tuesday. A bug -- actually two because both the ActiveListen and ActiveVoice ActiveX controls are flawed -- was tagged "critical" in IE6 on Windows 2000 and Windows XP SP2, and "critical" in IE7 on both XP SP2 and Windows Vista. ActiveListen and ActiveVoice provide speech processing and text-to-speech to the browser.
Microsoft's MS07-033 security update fixed the flaw.
The exploits, co-authored by Micalizzi and Will Dorman, a vulnerability researcher at the Carnegie Mellon Software Engineering Institute's CERT Coordination Center, produce buffer overflows on IE6 and would let attackers run additional malicious code. In other words, a malicious hacker can hijack a PC. "Under XP, with predefined settings, Internet Explorer immediately crashes without warning the user, and it's still possible [to run] arbitrary code," said Micalizzi in the Bugtraq writeup accompanying one of the two exploits.
On Wednesday, another researcher posted proof-of-concept exploit code on Full Disclosure for the critical SChannel (Security Channel) vulnerability patched in MS07-031. Thomas Lim, CEO of Singapore-based COSEINC, said his exploit "may lead to an unrecoverable heap corruption condition, causing the application to terminate," or in some cases, repeatedly crash an application to cause a system reboot. His exploit wasn't able to inject remote code, however.
That limitation jibes with what security professionals said Tuesday about the SChannel bug. Although Microsoft ranked it as "critical," which usually means that the bug allows for remote code execution, David Dewey, research manager at IBM's Internet Security Systems X-Force team, downplayed the threat. "It's not exploitable," said Dewey, although he acknowledged it would be relatively easy to crash an application. "A working remote code exploit would take a new discovery in how exploits are made," he argued.
As proof-of-concept exploits popped up, Symantec Corp. predicted that attackers would quickly incorporate them into their kits. "Expect to see exploits for this added to the currently available browser attack tool kits in the near future," Symantec said of the SChannel flaw.
Symantec currently has its ThreatCon security status indicator set at "Level 2: Elevated," which is normal for the day after Microsoft posts patches.
Google may find it hard to prove that Vista's desktop search violates Microsoft's antitrust agreement.
Google Inc.'s claims that Microsoft Corp.'s built-in Vista desktop indexing and search tool violates its antitrust agreement could be difficult to prove even if the software does slow down the performance of Google's competitive Google Desktop offering.
As long as a user can run alternative software to Microsoft's Instant Search software, it's unlikely that U.S. federal antitrust officials would consider coming down on the software giant, analysts and users said.
Google's claims are far different than the ones posed by Netscape during the browser wars that led to the Department of Justice's antitrust suit in the 1990s, said Rob Helm, research director at Directions on Microsoft in Kirkland, Washington. "Microsoft beat Netscape in part by leveraging its relationship with PC manufacturers," he said. "This is a lot subtler."
Google seems to be alleging that "if two pieces of software don't play together, then it must be an anticompetitive tactic of Microsoft's," Helm said. "I don't recall any past antitrust cases asserting something so broad," he said.
The presence of Microsoft's Vista desktop search could be slowing down Google's product merely as an accident of product design, not because of any malicious intent by Microsoft, Helm said.
"Even if Microsoft's software was perfectly written, the way Google interacts with it might be bad, and either company might be at fault," he said. "They could have both done the right things in different ways that might conflict with each other."
According to a report in the Wall Street Journal Monday, Google sent a white paper to U.S. federal and state antitrust officials in April to try to convince them that Vista makes it difficult for consumers to use rival desktop search software.
In its white paper, Google claims that Vista's search boxes and bars -- available in several places in the OS, including the Start menu and in the Windows Explorer file manager -- work only with Microsoft's search and indexing tool. The company also said it is nearly impossible to turn off Vista's indexing, which means a competitor must add a second indexer that slows down a PC.
Google spokesman Ricardo Reyes confirmed the company's charge against Microsoft Monday.
Microsoft is disputing Google's charges and said that it has worked closely with federal officials to ensure its Vista OS, released to consumers in January, fosters rather than inhibits competition in the area of desktop search.
Users can disable Vista's desktop search service, but the company has not made it simple for them to do so, acknowledged Jack Evans, a Microsoft spokesman. He said this is because the company designed Vista's desktop search specifically "to not affect performance and back off any other programs running" -- including any third-party desktop search software -- in a way that should resolve any claims of anticompetitive behavior, Evans said.
Andrew Brust, chief, new technology of consulting firm Twentysix New York, said he used Google's desktop search when it first came out, but switched to Microsoft's product when it became available for Windows XP because he preferred it.
"Microsoft chose to integrate into Windows whereas Google decided to be browser-based," he said. "Plus, at least back then, Google installed their own local Web server as part of the product and I really didn't like all that baggage. Microsoft's was just more useful."
Brust, who has used Vista in beta form, said integrating desktop search into Vista is "common sense" and suggested that Google's complaints might be sour grapes over Microsoft's own antitrust charges against the search vendor when it unveiled plans to purchase online advertising and marketing powerhouse DoubleClick Inc.
Samir Bhavnani, research director for analyst firm Current Analysis West, said that Microsoft's integration of desktop search into Vista was a response to Apple Inc.'s inclusion of desktop search in their Mac OS, not a move against Google. He said it wouldn't be fair for Google to accuse Microsoft of being anticompetitive without leveling the same charge at Apple.
However, Helm contradicted this reasoning and said that Apple was not found in a U.S. court to have a monopoly on PC OSes, while Microsoft was in the DoJ case. "I don't have the impression that Google is worried about Apple," he said.
Written by: Elizabeth Montalbano, IDG News Service
Monday, June 11, 2007 4:00 PM PDT
As long as a user can run alternative software to Microsoft's Instant Search software, it's unlikely that U.S. federal antitrust officials would consider coming down on the software giant, analysts and users said.
Google's claims are far different than the ones posed by Netscape during the browser wars that led to the Department of Justice's antitrust suit in the 1990s, said Rob Helm, research director at Directions on Microsoft in Kirkland, Washington. "Microsoft beat Netscape in part by leveraging its relationship with PC manufacturers," he said. "This is a lot subtler."
Google seems to be alleging that "if two pieces of software don't play together, then it must be an anticompetitive tactic of Microsoft's," Helm said. "I don't recall any past antitrust cases asserting something so broad," he said.
The presence of Microsoft's Vista desktop search could be slowing down Google's product merely as an accident of product design, not because of any malicious intent by Microsoft, Helm said.
"Even if Microsoft's software was perfectly written, the way Google interacts with it might be bad, and either company might be at fault," he said. "They could have both done the right things in different ways that might conflict with each other."
According to a report in the Wall Street Journal Monday, Google sent a white paper to U.S. federal and state antitrust officials in April to try to convince them that Vista makes it difficult for consumers to use rival desktop search software.
In its white paper, Google claims that Vista's search boxes and bars -- available in several places in the OS, including the Start menu and in the Windows Explorer file manager -- work only with Microsoft's search and indexing tool. The company also said it is nearly impossible to turn off Vista's indexing, which means a competitor must add a second indexer that slows down a PC.
Google spokesman Ricardo Reyes confirmed the company's charge against Microsoft Monday.
Microsoft is disputing Google's charges and said that it has worked closely with federal officials to ensure its Vista OS, released to consumers in January, fosters rather than inhibits competition in the area of desktop search.
Users can disable Vista's desktop search service, but the company has not made it simple for them to do so, acknowledged Jack Evans, a Microsoft spokesman. He said this is because the company designed Vista's desktop search specifically "to not affect performance and back off any other programs running" -- including any third-party desktop search software -- in a way that should resolve any claims of anticompetitive behavior, Evans said.
Andrew Brust, chief, new technology of consulting firm Twentysix New York, said he used Google's desktop search when it first came out, but switched to Microsoft's product when it became available for Windows XP because he preferred it.
"Microsoft chose to integrate into Windows whereas Google decided to be browser-based," he said. "Plus, at least back then, Google installed their own local Web server as part of the product and I really didn't like all that baggage. Microsoft's was just more useful."
Brust, who has used Vista in beta form, said integrating desktop search into Vista is "common sense" and suggested that Google's complaints might be sour grapes over Microsoft's own antitrust charges against the search vendor when it unveiled plans to purchase online advertising and marketing powerhouse DoubleClick Inc.
Samir Bhavnani, research director for analyst firm Current Analysis West, said that Microsoft's integration of desktop search into Vista was a response to Apple Inc.'s inclusion of desktop search in their Mac OS, not a move against Google. He said it wouldn't be fair for Google to accuse Microsoft of being anticompetitive without leveling the same charge at Apple.
However, Helm contradicted this reasoning and said that Apple was not found in a U.S. court to have a monopoly on PC OSes, while Microsoft was in the DoJ case. "I don't have the impression that Google is worried about Apple," he said.
Written by: Elizabeth Montalbano, IDG News Service
Monday, June 11, 2007 4:00 PM PDT
Tuesday, June 12, 2007
Google complains about Microsoft's Vista
Internet search leader Google Inc. is trying to convince federal and state authorities that Microsoft Corp.'s Vista operating system is stifling competition as the high-tech heavyweights wrestle for the allegiance of personal computer users.
In a 49-page document filed April 18 with the U.S. Justice Department and state attorneys general, Google alleged that the latest version of Microsoft's Windows operating system impairs the performance of "desktop search" programs that find data stored on a computer's hard drive.
The Vista operating system, which became widely available in January, includes a desktop search function that competes with a free program Google introduced in 2004. Several other companies also offer desktop search applications.
Besides bogging down competing programs, Google alleged Microsoft had made it too complicated to turn off the desktop search feature built into Vista.
With its allegations, Google hopes to show that Microsoft isn't complying with a 2002 settlement of an antitrust case that concluded the world's largest software maker had leveraged the Windows operating system to throttle competition.
The consent decree requires Redmond, Wash.-based Microsoft to ensure its rivals can build products that run smoothly on Windows — something that Google says isn't happening.
"The search boxes built throughout Vista are hard-wired to Microsoft's own desktop search product, with no way for users to choose an alternate provider," Google spokesman Ricardo Reyes said in a statement issued Monday.
In its own statement, Microsoft said it already has made more than a dozen changes to address regulators' concerns about Vista and pledged to address any other legitimate problems. "While we don't believe there are any compliance concerns with desktop search, we've also told officials we are committed to going the extra mile to resolve this issue," Microsoft spokesman Jack Evans said. Justice Department spokesman Eric Ablin declined to comment Monday, citing confidentiality concerns.
Although he wouldn't discuss Google's allegations, Connecticut Attorney General Richard Blumenthal confirmed that several states are taking a hard look at whether Vista is affecting the effectiveness of programs that aren't made by Microsoft.
"We really have reached a turning point in the process and expect to make a decision on how to proceed by the end of the week," Blumenthal said in a Monday interview.
Describing the Vista complaints as "troublesome," California Attorney General Jerry Brown said he has been in touch with the Justice Department, other state attorneys general and technology industry representatives in an effort to resolve the issue.
"Our goal is to provide consumers using the Vista operating system easier access to competing features," Brown said in a statement.
In a story Sunday, The New York Times reported that the state attorneys general are more inclined to press Microsoft to revamp Vista than the Justice Department.
A court hearing to review Microsoft's adherence with the consent decree is scheduled June 26.
Google's complaint is just latest example of its escalating battle with Microsoft — a duel that figures to shape the future direction of personal computing.
With its search engine already established as the Web's most popular gateway, Google has been offering an array of additional services that could become the building blocks for a Web-based computing platform that lessens the need for Microsoft's products.
Besides e-mail and instant messaging, Google also is distributing word processing and spreadsheet programs aimed at the Office suite of software that has long been one of Microsoft's biggest cash cows.
Google has been able to offer most of its services free because it makes so much money from the ads that it serves up alongside its search results and other content published by the thousands of Web sites that belong to Google's network.
Hoping to siphon away some of that revenue, Microsoft has invested heavily in its own search engine, which still ranks a distant third behind Google and Yahoo Inc. (Nasdaq:YHOO - news)
Microsoft engineered Vista so its desktop search and Internet search engine would operate independently in an effort to avoid legal problems, said Brad Smith, the company's general counsel.
"If we were creating a feature in Windows and somehow requiring people to jump from our feature to our Internet search, then I could at least understand an antitrust argument being raised," Smith said.
Google Chairman Eric Schmidt has been a longtime critic of Microsoft's business tactics. After raising antitrust concerns about Microsoft in his previous jobs at Sun Microsystems Inc. and Novell Inc., Schmidt again has been on the attack as he steers Google.
Last year, the Mountain View-based company reached out to the Justice Department to raise alarms about how the latest version of Microsoft's Web browser threatened to make it more difficult for computer users to install the toolbars of competing search engines. Although regulators decided not to intervene, Microsoft subsequently modified the way Explorer handled the selection of search toolbars.
Before putting its most recent misgivings on paper, Google began discussing the desktop search issue with authorities last year.
Those talks were apparently touched upon during a hearing in March when the Justice Department said it was investigating a claim that Microsoft had violated its antitrust settlement. Without identifying the complaining party, the Justice Department said the grievances were related to "middleware," or software that links different computer programs.
Google filed its written complaint just a few days after Microsoft publicly urged antitrust regulators to scrutinize Google's planned $3.1 billion acquisition of online ad service DoubleClick Inc. Microsoft contends the deal will give Google too much power over the rapidly growing online ad market. The Federal Trade Commission has opened a formal inquiry into the matter.
___
AP Business Writers Jessica Mintz in Seattle and Christopher S. Rugaber in Washington contributed to this report.
In a 49-page document filed April 18 with the U.S. Justice Department and state attorneys general, Google alleged that the latest version of Microsoft's Windows operating system impairs the performance of "desktop search" programs that find data stored on a computer's hard drive.
The Vista operating system, which became widely available in January, includes a desktop search function that competes with a free program Google introduced in 2004. Several other companies also offer desktop search applications.
Besides bogging down competing programs, Google alleged Microsoft had made it too complicated to turn off the desktop search feature built into Vista.
With its allegations, Google hopes to show that Microsoft isn't complying with a 2002 settlement of an antitrust case that concluded the world's largest software maker had leveraged the Windows operating system to throttle competition.
The consent decree requires Redmond, Wash.-based Microsoft to ensure its rivals can build products that run smoothly on Windows — something that Google says isn't happening.
"The search boxes built throughout Vista are hard-wired to Microsoft's own desktop search product, with no way for users to choose an alternate provider," Google spokesman Ricardo Reyes said in a statement issued Monday.
In its own statement, Microsoft said it already has made more than a dozen changes to address regulators' concerns about Vista and pledged to address any other legitimate problems. "While we don't believe there are any compliance concerns with desktop search, we've also told officials we are committed to going the extra mile to resolve this issue," Microsoft spokesman Jack Evans said. Justice Department spokesman Eric Ablin declined to comment Monday, citing confidentiality concerns.
Although he wouldn't discuss Google's allegations, Connecticut Attorney General Richard Blumenthal confirmed that several states are taking a hard look at whether Vista is affecting the effectiveness of programs that aren't made by Microsoft.
"We really have reached a turning point in the process and expect to make a decision on how to proceed by the end of the week," Blumenthal said in a Monday interview.
Describing the Vista complaints as "troublesome," California Attorney General Jerry Brown said he has been in touch with the Justice Department, other state attorneys general and technology industry representatives in an effort to resolve the issue.
"Our goal is to provide consumers using the Vista operating system easier access to competing features," Brown said in a statement.
In a story Sunday, The New York Times reported that the state attorneys general are more inclined to press Microsoft to revamp Vista than the Justice Department.
A court hearing to review Microsoft's adherence with the consent decree is scheduled June 26.
Google's complaint is just latest example of its escalating battle with Microsoft — a duel that figures to shape the future direction of personal computing.
With its search engine already established as the Web's most popular gateway, Google has been offering an array of additional services that could become the building blocks for a Web-based computing platform that lessens the need for Microsoft's products.
Besides e-mail and instant messaging, Google also is distributing word processing and spreadsheet programs aimed at the Office suite of software that has long been one of Microsoft's biggest cash cows.
Google has been able to offer most of its services free because it makes so much money from the ads that it serves up alongside its search results and other content published by the thousands of Web sites that belong to Google's network.
Hoping to siphon away some of that revenue, Microsoft has invested heavily in its own search engine, which still ranks a distant third behind Google and Yahoo Inc. (Nasdaq:YHOO - news)
Microsoft engineered Vista so its desktop search and Internet search engine would operate independently in an effort to avoid legal problems, said Brad Smith, the company's general counsel.
"If we were creating a feature in Windows and somehow requiring people to jump from our feature to our Internet search, then I could at least understand an antitrust argument being raised," Smith said.
Google Chairman Eric Schmidt has been a longtime critic of Microsoft's business tactics. After raising antitrust concerns about Microsoft in his previous jobs at Sun Microsystems Inc. and Novell Inc., Schmidt again has been on the attack as he steers Google.
Last year, the Mountain View-based company reached out to the Justice Department to raise alarms about how the latest version of Microsoft's Web browser threatened to make it more difficult for computer users to install the toolbars of competing search engines. Although regulators decided not to intervene, Microsoft subsequently modified the way Explorer handled the selection of search toolbars.
Before putting its most recent misgivings on paper, Google began discussing the desktop search issue with authorities last year.
Those talks were apparently touched upon during a hearing in March when the Justice Department said it was investigating a claim that Microsoft had violated its antitrust settlement. Without identifying the complaining party, the Justice Department said the grievances were related to "middleware," or software that links different computer programs.
Google filed its written complaint just a few days after Microsoft publicly urged antitrust regulators to scrutinize Google's planned $3.1 billion acquisition of online ad service DoubleClick Inc. Microsoft contends the deal will give Google too much power over the rapidly growing online ad market. The Federal Trade Commission has opened a formal inquiry into the matter.
___
AP Business Writers Jessica Mintz in Seattle and Christopher S. Rugaber in Washington contributed to this report.
Monday, June 04, 2007
McAfee Study Finds 4 Percent of Search Results Malicious
"The State of Search Engine Safety," a recent study by McAfee's SiteAdvisor group, has some classic good news and bad news for Internet surfers. Using several automated techniques, the SiteAdvisor study determined that 4 percent of the query results offered by the major search engines lead to potentially dangerous Web sites, and the total for sponsored links is nearly twice as high at 7 percent. The good news, however, is that the number of potentially dangerous search engine links has declined by roughly 20 percent from May 2006, when the SiteAdvisor group released its initial survey.
"We're encouraged to see some improvement in search engine safety this year. But with four out of five Web site visits starting with a search engine query, consumers are still exposed to hundreds of millions of risky searches per month," said Tim Dowling, vice president, Consumer Growth Initiatives, McAfee SiteAdvisor. "In fact, an active search engine user, one that performs more than 10 searches per day, is likely to visit a dangerous site at least once a day."
Internet analyst Greg Sterling of Sterling Market Intelligence said that the threat of hitting a risky site, particularly if it is a sponsored link, could become a problem for search engines. "It's definitely a potential concern," he said. "It's a question of how widespread the problem is in reality, and second, [whether it rises] to a level of publicity that makes it something that has to be addressed head-on."
Evaluating Search Engines
The "Search Engine Safety" study was compiled by testing the links offered by the Internet's five largest search engines: Google, Yahoo, MSN, AOL, and Ask. Using several sources, McAfee compiled a list of 2,300 search terms and ran them through the various search engines. The company then assessed the relative safety of the links produced on the first five results pages of each search engine.
For each site, McAfee ran several tests: signing up for newsletters to check for an increase in spam; inspecting available downloads for malware, including spyware, Trojan horses, and viruses; testing each linked site for possible security exploits; and testing outgoing links for similar problems. McAfee said in its report that it has examined over eight million sites for potential problems, a total that represents more than 90 percent of all Web traffic.
The study concluded that AOL currently offers the safest search results, with Google second. Yahoo, with more than 5 percent of its links rated "red" or "yellow," offered the highest number of potentially risky sites and also was the only search engine to show an increase in link risk since the SiteAdvisor group's last survey.
Surprising Results
One of the more surprising results in the survey was the fact that it can be more dangerous to search for online music than it is for sexually explicit materials. The SiteAdvisor team found that 19.1 percent of the searches in the category of "digital music" led to risky sites, compared to just 9.4 percent for adult search terms.
In fact, the category of "adult search terms" did not even make the top 10 most dangerous categories, unless one includes the No. 10 entry, "popular brunettes."
However, it is worth pointing out that, unlike many other categories, the risk of stumbling across a dangerous Web site while searching for adult content has increased over the past six months. The risk is growing particularly quickly in the category of sponsored links, where the percentage of dangerous sites rose from 13.3 percent to 22.9 percent.
The survey's authors took pains to point out that while some categories pose greater risk than adult searches, the risk of hitting a dangerous site while searching for nonadult content is roughly half what it is when searching for adult material.
"We're encouraged to see some improvement in search engine safety this year. But with four out of five Web site visits starting with a search engine query, consumers are still exposed to hundreds of millions of risky searches per month," said Tim Dowling, vice president, Consumer Growth Initiatives, McAfee SiteAdvisor. "In fact, an active search engine user, one that performs more than 10 searches per day, is likely to visit a dangerous site at least once a day."
Internet analyst Greg Sterling of Sterling Market Intelligence said that the threat of hitting a risky site, particularly if it is a sponsored link, could become a problem for search engines. "It's definitely a potential concern," he said. "It's a question of how widespread the problem is in reality, and second, [whether it rises] to a level of publicity that makes it something that has to be addressed head-on."
Evaluating Search Engines
The "Search Engine Safety" study was compiled by testing the links offered by the Internet's five largest search engines: Google, Yahoo, MSN, AOL, and Ask. Using several sources, McAfee compiled a list of 2,300 search terms and ran them through the various search engines. The company then assessed the relative safety of the links produced on the first five results pages of each search engine.
For each site, McAfee ran several tests: signing up for newsletters to check for an increase in spam; inspecting available downloads for malware, including spyware, Trojan horses, and viruses; testing each linked site for possible security exploits; and testing outgoing links for similar problems. McAfee said in its report that it has examined over eight million sites for potential problems, a total that represents more than 90 percent of all Web traffic.
The study concluded that AOL currently offers the safest search results, with Google second. Yahoo, with more than 5 percent of its links rated "red" or "yellow," offered the highest number of potentially risky sites and also was the only search engine to show an increase in link risk since the SiteAdvisor group's last survey.
Surprising Results
One of the more surprising results in the survey was the fact that it can be more dangerous to search for online music than it is for sexually explicit materials. The SiteAdvisor team found that 19.1 percent of the searches in the category of "digital music" led to risky sites, compared to just 9.4 percent for adult search terms.
In fact, the category of "adult search terms" did not even make the top 10 most dangerous categories, unless one includes the No. 10 entry, "popular brunettes."
However, it is worth pointing out that, unlike many other categories, the risk of stumbling across a dangerous Web site while searching for adult content has increased over the past six months. The risk is growing particularly quickly in the category of sponsored links, where the percentage of dangerous sites rose from 13.3 percent to 22.9 percent.
The survey's authors took pains to point out that while some categories pose greater risk than adult searches, the risk of hitting a dangerous site while searching for nonadult content is roughly half what it is when searching for adult material.
Monday, May 14, 2007
Best Buy, 'Geek Squad' sued over videotaping
A technician on a service call at a home is arrested after a woman is taped while in the shower.
By Ashley Surdin, Times Staff Writer
A woman and her mother sued Best Buy and its "Geek Squad" computer repair team Wednesday, claiming they were legally responsible for dispatching a technician who allegedly videotaped the daughter taking a shower.The suit, filed in Los Angeles County Superior Court on behalf of Sarah Vasquez, 22, and her mother, Natalie Fornaciari, 46, both from city of Industry, alleges that Geek Squad technician Hao Kuo Chi, 26, placed his cellphone in Vasquez's bathroom during a computer service call March 4 and recorded her showering.
Chi was arrested the same day on suspicion of using a camera to view a person without their consent and of annoying or molesting a child under 18, both misdemeanors, said Sheriff's Sgt. Bob Skudlarski.The family said that they relied on the national chain to screen and train agents before sending them into people's homes.They also relied on the Geek Squad's brochure, which promised to provide "agents you can trust.""Businesses need to do a better job of screening the employees whom they send to their customers' homes," said attorney Gloria Allred, who is representing the family.A Best Buy spokeswoman said she learned of the lawsuit shortly after it was filed Wednesday."Best Buy was not informed of this action prior to being contacted by the media today," the company said in a statement. "Obviously, we intend to cooperate fully with any investigation into this matter."According to the suit, Chi came to the family's home last month for a scheduled computer service appointment. After starting to work, he asked to use the bathroom and was shown to one shared by Vasquez and her 13-year-old sister, Kelly Rocha, the lawsuit said.Vasquez later showered in the same bathroom. When she stepped out of the stall, she noticed a cellphone propped up on her cluttered sink, the suit said. The phone was covered in a leather case; a small camera with a red, blinking light was sticking out, she said.Suspicious, Vasquez left the bathroom to tell her sister Kelly and when she returned, the phone was gone. Kelly then found the phone in her bedroom. Believing the phone was programmed to record her as well, she removed its memory chip and she and Vasquez took it to a Verizon store to see what was on it."You could see him on the video setting it up," Vasquez said. "I was shocked."The sisters called their stepfather, who reported Chi to police, and he was arrested at their house.The family is seeking compensatory and punitive damages for alleged fraud, negligent misrepresentation and hiring, invasion of privacy, intentional infliction of emotional distress and breach of warrant.
Written by: By Ashley Surdin, Times Staff Writer
By Ashley Surdin, Times Staff Writer
A woman and her mother sued Best Buy and its "Geek Squad" computer repair team Wednesday, claiming they were legally responsible for dispatching a technician who allegedly videotaped the daughter taking a shower.The suit, filed in Los Angeles County Superior Court on behalf of Sarah Vasquez, 22, and her mother, Natalie Fornaciari, 46, both from city of Industry, alleges that Geek Squad technician Hao Kuo Chi, 26, placed his cellphone in Vasquez's bathroom during a computer service call March 4 and recorded her showering.
Chi was arrested the same day on suspicion of using a camera to view a person without their consent and of annoying or molesting a child under 18, both misdemeanors, said Sheriff's Sgt. Bob Skudlarski.The family said that they relied on the national chain to screen and train agents before sending them into people's homes.They also relied on the Geek Squad's brochure, which promised to provide "agents you can trust.""Businesses need to do a better job of screening the employees whom they send to their customers' homes," said attorney Gloria Allred, who is representing the family.A Best Buy spokeswoman said she learned of the lawsuit shortly after it was filed Wednesday."Best Buy was not informed of this action prior to being contacted by the media today," the company said in a statement. "Obviously, we intend to cooperate fully with any investigation into this matter."According to the suit, Chi came to the family's home last month for a scheduled computer service appointment. After starting to work, he asked to use the bathroom and was shown to one shared by Vasquez and her 13-year-old sister, Kelly Rocha, the lawsuit said.Vasquez later showered in the same bathroom. When she stepped out of the stall, she noticed a cellphone propped up on her cluttered sink, the suit said. The phone was covered in a leather case; a small camera with a red, blinking light was sticking out, she said.Suspicious, Vasquez left the bathroom to tell her sister Kelly and when she returned, the phone was gone. Kelly then found the phone in her bedroom. Believing the phone was programmed to record her as well, she removed its memory chip and she and Vasquez took it to a Verizon store to see what was on it."You could see him on the video setting it up," Vasquez said. "I was shocked."The sisters called their stepfather, who reported Chi to police, and he was arrested at their house.The family is seeking compensatory and punitive damages for alleged fraud, negligent misrepresentation and hiring, invasion of privacy, intentional infliction of emotional distress and breach of warrant.
Written by: By Ashley Surdin, Times Staff Writer
YAHOO GOES UNLIMITED EMAIL STORAGE
SAN FRANCISCO: Yahoo plans to offer unlimited e-mail storage to its roughly quarter of a billion users, starting in May.
The world's biggest e-mail service said Tuesday that it would scrap its free e-mail storage limit of one gigabyte, or about a billion bytes of data, responding to explosive growth in attachment sizes as people share ever more photos, music and videos via e-mail.
Microsoft has a two gigabyte free e-mail storage limit, while Google caps its Gmail service at 2.8 gigabytes.
"We are giving them no reason to ever have to delete old e-mails," David Filo, co-founder of Yahoo, said in a telephone interview. "You can keep stuff forever."
Officials said the decision to remove e-mail storage limits reflects the plunging cost of storage as new personal computers store up to a trillion bytes of data and owners of 80-gigabyte iPods can carry 100 hours of video in their pockets.
By contrast, when Yahoo first introduced its e-mail service a little under a decade ago, it capped individual storage at four megabytes per user. At that time, an "ultra high-density" floppy disk for personal computers then held 144 megabytes.
"People should think about e-mail as something where they are archiving their lives," said Filo, who remains active in managing technical operations at the Sunnyvale, California, company and carries the honorific title of Chief Yahoo.
Once it begins in May, the transition to unlimited storage should take a month, said John Kremer, vice president of Yahoo Mail.
"We have been closely monitoring average usage. We are comfortable that our users are far under one gig, on average," Kremer said. "What we see are an increasing number of rich media files as consumers send more photos."
One caveat Yahoo makes is that the offer is for personal use and subject to guidelines against abuse that apply to Yahoo Mail. No one can build a business giving away unlimited storage to other consumers using Yahoo Mail, executives said.
Two countries - China and Japan - are excluded. "We will continue working with these markets on their storage plans," Kremer said in a statement. Yahoo is a minority owner with partner Softbank in Yahoo Japan and a part owner with Alibaba of the Yahoo business in China.
Filo said Yahoo was looking at lifting caps on storage for other services such as its Flickr photo-sharing service. "We are looking at those on a case-by-case basis," he said.
It's a far cry from when giving away two megabytes of data was considered a big deal, said David Nakayama, Yahoo's group vice president of engineering and developer of RocketMail, which Yahoo acquired and relaunched as Yahoo Mail in 1997.
In a posting to Yahoo's corporate blog, he said that capacity when Yahoo Mail started was 200 gigabytes for all customers.
"I remember getting in a room to plan our RocketMail launch over a decade ago and worrying that our original plan of a two megabyte quota wasn't enough, and that we needed to be radical and DOUBLE the storage to four megabyte per account!" he wrote.
The world's biggest e-mail service said Tuesday that it would scrap its free e-mail storage limit of one gigabyte, or about a billion bytes of data, responding to explosive growth in attachment sizes as people share ever more photos, music and videos via e-mail.
Microsoft has a two gigabyte free e-mail storage limit, while Google caps its Gmail service at 2.8 gigabytes.
"We are giving them no reason to ever have to delete old e-mails," David Filo, co-founder of Yahoo, said in a telephone interview. "You can keep stuff forever."
Officials said the decision to remove e-mail storage limits reflects the plunging cost of storage as new personal computers store up to a trillion bytes of data and owners of 80-gigabyte iPods can carry 100 hours of video in their pockets.
By contrast, when Yahoo first introduced its e-mail service a little under a decade ago, it capped individual storage at four megabytes per user. At that time, an "ultra high-density" floppy disk for personal computers then held 144 megabytes.
"People should think about e-mail as something where they are archiving their lives," said Filo, who remains active in managing technical operations at the Sunnyvale, California, company and carries the honorific title of Chief Yahoo.
Once it begins in May, the transition to unlimited storage should take a month, said John Kremer, vice president of Yahoo Mail.
"We have been closely monitoring average usage. We are comfortable that our users are far under one gig, on average," Kremer said. "What we see are an increasing number of rich media files as consumers send more photos."
One caveat Yahoo makes is that the offer is for personal use and subject to guidelines against abuse that apply to Yahoo Mail. No one can build a business giving away unlimited storage to other consumers using Yahoo Mail, executives said.
Two countries - China and Japan - are excluded. "We will continue working with these markets on their storage plans," Kremer said in a statement. Yahoo is a minority owner with partner Softbank in Yahoo Japan and a part owner with Alibaba of the Yahoo business in China.
Filo said Yahoo was looking at lifting caps on storage for other services such as its Flickr photo-sharing service. "We are looking at those on a case-by-case basis," he said.
It's a far cry from when giving away two megabytes of data was considered a big deal, said David Nakayama, Yahoo's group vice president of engineering and developer of RocketMail, which Yahoo acquired and relaunched as Yahoo Mail in 1997.
In a posting to Yahoo's corporate blog, he said that capacity when Yahoo Mail started was 200 gigabytes for all customers.
"I remember getting in a room to plan our RocketMail launch over a decade ago and worrying that our original plan of a two megabyte quota wasn't enough, and that we needed to be radical and DOUBLE the storage to four megabyte per account!" he wrote.
Thursday, May 10, 2007
Outrage Continues Over Vista Upgrade Program
Julie Marto of Medfield, Massachusetts, purchased a Dell Inspiron notebook running Windows XP last October. Through a program called Express Upgrade, she was promised a free copy of Windows Vista when the operating system became commercially available. It's been five months since Vista went on sale January 30. Marto is still waiting and steaming mad.
"I've done everything I can to get my Vista upgrade including e-mailing a request to Michael Dell himself," Marto says. She says she never received a reply from Michael Dell.
Marto isn't alone. Since PC World originally reported problems back in March with the Vista upgrade program, people have continued to send us e-mail and post complaints to our community forums citing paperwork nightmares, Vista upgrade disc no-shows, and long hold times when trying to contact vendors or third-party companies handling the upgrades.
One company handling the Vista Express Upgrades, ModusLink, acknowledges some problems persist, but maintains most customers have received their Vista upgrade discs by now. Dell complaints have been filtering into PC World, but can also be found by scanning the company's support forum.
In one Dell support forum a company representative offers an apology and the statement: "As of April 30, we have shipped approximately 80 percent of the upgrades. We expect the bulk of the remaining orders to ship by May 15, and all scheduled orders to be shipped should be completed by the end of May, barring any unforeseen additional delays."
Root of the Problem
Upgrade problems began when consumers purchased a new PC late last year. That's when computer makers enticed people to buy new systems preloaded with Windows XP prior to Vista's release by promising a free or reduced-cost Vista upgrade when the OS became commercially available.
When a PC was purchased, the new owner received a Microsoft Certificate of Authenticity number. The upgrade process was supposed to be simple: When Vista went on sale, all a customer had to do was visit a special upgrade Web site and enter their COA number to confirm their eligibility to receive a Vista upgrade disc in the mail. Finally, new owners were directed to mail or fax in their proof of purchase (Dell, however, waived this step).
"I was told it would be an easy process," says William Bond, of Tampa, Florida. But, he says, the process has been anything but simple. Bond purchased a Hewlett-Packard Pavilion desktop in November at Circuit City and is still waiting for his Vista upgrade disc from ModusLink, the company handling the program for HP.
Bond says he has been asked repeatedly for his proof of purchase. "I must [have] e-mailed, faxed, and mailed that proof of purchase five times by now," he says, but ModusLink still hasn't acknowledged receipt. "I'm exasperated," Bond says.
New Issues Delay Vista Upgrade Discs
ModusLink, which is processing Vista upgrade requests for people who bought Acer, Fujitsu, Gateway, HP, and Toshiba computers, says the company is very sensitive to the fact that customers are frustrated. "We are doing the best we can," says Christine Pothier, the company's marketing communications manager.
When PC World spoke to Pothier in early April she said the issues with handling extremely large volumes of Vista upgrade requests had been remedied by hiring extra staff. She now says that new issues are delaying shipment of some Vista upgrade discs.
Pothier says the remaining delays stem from customers whose Vista upgrade orders included a declined credit card (some PC makers made their customers pay the shipping cost of the Vista upgrade disc), address changes, and incomplete or erroneous shipment information. Dell echoed the same issues on its message boards.
Initially, problems delivering Vista upgrades in a timely manner, Pothier says, were because PC vendors were four to eight weeks late in sending ModusLink the Vista upgrade discs. "We are just the middlemen here," she says. "There was nothing we could do."
Vendors Tight-Lipped on Delays
HP declined to comment when asked about the delay, simply offering a statement that it had issued on February 9: "During the past few weeks HP has received e-mails and phone calls from many customers concerning the ordering process for the Express Upgrade kit for Windows Vista. We are aware of these problems and are working on an aggressive schedule with the fulfillment vendor and the software product supplier to resolve these issues."
Richard Black, director of marketing for Acer, says most of the company's shipping delays have been resolved. "There were some missteps on our side and on Microsoft's and ModusLink's," Black says. "These are the kinds of problems you do your best to resolve when you have to sort through hundreds of thousands of orders in a matter of months," he says.
Says ModusLink's Pothier: "Is it possible customers have had to resend things and are still not happy? Yes, and I apologize for that." She says ModusLink is doing the best it can to resolve issues with the "few remaining" people who haven't received their Vista upgrade yet.
What Now?
Keep an eye on PC World s Windows Vista & XP coverage to see how the upgrade rollout progresses. If you're one of the unlucky PC owners still pulling your hair out waiting for a Vista disc, we want to hear about it.
Written by: Tom Spring, PC World
Thursday, May 10, 2007 7:00 AM PDT
"I've done everything I can to get my Vista upgrade including e-mailing a request to Michael Dell himself," Marto says. She says she never received a reply from Michael Dell.
Marto isn't alone. Since PC World originally reported problems back in March with the Vista upgrade program, people have continued to send us e-mail and post complaints to our community forums citing paperwork nightmares, Vista upgrade disc no-shows, and long hold times when trying to contact vendors or third-party companies handling the upgrades.
One company handling the Vista Express Upgrades, ModusLink, acknowledges some problems persist, but maintains most customers have received their Vista upgrade discs by now. Dell complaints have been filtering into PC World, but can also be found by scanning the company's support forum.
In one Dell support forum a company representative offers an apology and the statement: "As of April 30, we have shipped approximately 80 percent of the upgrades. We expect the bulk of the remaining orders to ship by May 15, and all scheduled orders to be shipped should be completed by the end of May, barring any unforeseen additional delays."
Root of the Problem
Upgrade problems began when consumers purchased a new PC late last year. That's when computer makers enticed people to buy new systems preloaded with Windows XP prior to Vista's release by promising a free or reduced-cost Vista upgrade when the OS became commercially available.
When a PC was purchased, the new owner received a Microsoft Certificate of Authenticity number. The upgrade process was supposed to be simple: When Vista went on sale, all a customer had to do was visit a special upgrade Web site and enter their COA number to confirm their eligibility to receive a Vista upgrade disc in the mail. Finally, new owners were directed to mail or fax in their proof of purchase (Dell, however, waived this step).
"I was told it would be an easy process," says William Bond, of Tampa, Florida. But, he says, the process has been anything but simple. Bond purchased a Hewlett-Packard Pavilion desktop in November at Circuit City and is still waiting for his Vista upgrade disc from ModusLink, the company handling the program for HP.
Bond says he has been asked repeatedly for his proof of purchase. "I must [have] e-mailed, faxed, and mailed that proof of purchase five times by now," he says, but ModusLink still hasn't acknowledged receipt. "I'm exasperated," Bond says.
New Issues Delay Vista Upgrade Discs
ModusLink, which is processing Vista upgrade requests for people who bought Acer, Fujitsu, Gateway, HP, and Toshiba computers, says the company is very sensitive to the fact that customers are frustrated. "We are doing the best we can," says Christine Pothier, the company's marketing communications manager.
When PC World spoke to Pothier in early April she said the issues with handling extremely large volumes of Vista upgrade requests had been remedied by hiring extra staff. She now says that new issues are delaying shipment of some Vista upgrade discs.
Pothier says the remaining delays stem from customers whose Vista upgrade orders included a declined credit card (some PC makers made their customers pay the shipping cost of the Vista upgrade disc), address changes, and incomplete or erroneous shipment information. Dell echoed the same issues on its message boards.
Initially, problems delivering Vista upgrades in a timely manner, Pothier says, were because PC vendors were four to eight weeks late in sending ModusLink the Vista upgrade discs. "We are just the middlemen here," she says. "There was nothing we could do."
Vendors Tight-Lipped on Delays
HP declined to comment when asked about the delay, simply offering a statement that it had issued on February 9: "During the past few weeks HP has received e-mails and phone calls from many customers concerning the ordering process for the Express Upgrade kit for Windows Vista. We are aware of these problems and are working on an aggressive schedule with the fulfillment vendor and the software product supplier to resolve these issues."
Richard Black, director of marketing for Acer, says most of the company's shipping delays have been resolved. "There were some missteps on our side and on Microsoft's and ModusLink's," Black says. "These are the kinds of problems you do your best to resolve when you have to sort through hundreds of thousands of orders in a matter of months," he says.
Says ModusLink's Pothier: "Is it possible customers have had to resend things and are still not happy? Yes, and I apologize for that." She says ModusLink is doing the best it can to resolve issues with the "few remaining" people who haven't received their Vista upgrade yet.
What Now?
Keep an eye on PC World s Windows Vista & XP coverage to see how the upgrade rollout progresses. If you're one of the unlucky PC owners still pulling your hair out waiting for a Vista disc, we want to hear about it.
Written by: Tom Spring, PC World
Thursday, May 10, 2007 7:00 AM PDT
Tuesday, April 24, 2007
At NASA, Windows Vista Isn't Ready For Launch
Space agency among the growing list of federal agencies that have put a temporary hold on Windows Vista rollouts.
The National Aeronautics and Space Administration is the latest federal agency to put a hold on PC upgrades to Windows Vista. NASA has decided against deploying Microsoft's five-month-old temporary bans on Vista.
NASA has set January 2008 as a "target" for beginning the transition from Windows XP to Vista, according to a spokesman for the federal agency, which has approximately 60,000 Windows PCs.
NASA typically waits until a service pack is released for any new operating system to ensure stability, the spokesman says. (Microsoft has not indicated if or when it will release a service pack for Vista.) The interim will also be used to ensure that NASA's applications are compatible with Vista and that its PCs meet the hardware requirements needed to run the operating system.
In a meeting with IT professionals and user-group representatives last week on Microsoft's campus, CEO Steve Ballmer rejected an assertion by a NASA computer scientist that Vista has been banned by most sectors of the federal government.
"Vista has been anything but banned from most parts of the U.S. federal government," Ballmer said, adding that he anticipated near-term adoption in "a number" of government accounts. He stopped short, however, of naming any government agencies that are in the process of deploying Vista or about to do so.
Written by John Foley
The National Aeronautics and Space Administration is the latest federal agency to put a hold on PC upgrades to Windows Vista. NASA has decided against deploying Microsoft's five-month-old temporary bans on Vista.
NASA has set January 2008 as a "target" for beginning the transition from Windows XP to Vista, according to a spokesman for the federal agency, which has approximately 60,000 Windows PCs.
NASA typically waits until a service pack is released for any new operating system to ensure stability, the spokesman says. (Microsoft has not indicated if or when it will release a service pack for Vista.) The interim will also be used to ensure that NASA's applications are compatible with Vista and that its PCs meet the hardware requirements needed to run the operating system.
In a meeting with IT professionals and user-group representatives last week on Microsoft's campus, CEO Steve Ballmer rejected an assertion by a NASA computer scientist that Vista has been banned by most sectors of the federal government.
"Vista has been anything but banned from most parts of the U.S. federal government," Ballmer said, adding that he anticipated near-term adoption in "a number" of government accounts. He stopped short, however, of naming any government agencies that are in the process of deploying Vista or about to do so.
Written by John Foley
Mac vulnerability may also affect Windows
It turns out that the vulnerability isn't in Apple's Safari web browser after all, but in the interaction between QuickTime and Java.That's not an academic issue, as it means that using an alternative browser such as Firefox gives no protection against the exploit. While we are waiting for a fix from Apple, disabling Java in whichever browser you favour seems to be a reasonable precaution. If you need to use a web site that requires Java, decide whether you trust the site before turning it back on, and don't forget to disable it again when you've finished.The other point is that QuickTime is also installed on a lot of Windows PCs. So it seems likely that the bad quys are trying very hard to replicate Dino Dai Zovi's work, and they'll now be looking very closely at QuickTime and Java, especially on Windows.One potential problem is that QuickTime and Java could be working as intended, but Dai Zovi has found a way of using a facility in a way that the designers didn't envisage. Such vulnerabilities can be difficult to patch without breaking legitimate software.Dai Zovi's exploit is an attractive one, as no user interaction is required beyond opening a malicious web page (much like the recent ANI flaw that led Microsoft to release an early patch). Although people are more cautious about clicking on links in emails, it would be easy to plant the URL in blog comments and other places on the web.People who complain that the CanSecWest competition rules were relaxed when participants were unable to gain access without user activity are missing the point. Sure, the fact that Mac OS X withstood network-based probing is a good thing, but following hyperlinks is an everyday action and people simply don't critically evaluate every link before they click.In my book, any vulnerability that can be invisibly exploited via a web page calls for prompt attention. Users shouldn't have to wait for 'in the wild' exploits before the risk is taken seriously by the vendor.
Article Written by: Stephen Withers
Article Written by: Stephen Withers
Monday, April 16, 2007
Microsoft Lawyer Rebuts 'Vista Ready' Gripes
'Vista capable' information was not misleading, despite recent consumer complaints, top attorney says.
Written by: Martyn Williams, IDG News Service
Thursday, April 12, 2007 07:00 AM PDT
Microsoft's top lawyer said today that he is happy with the information the company provided about its Vista operating system, and its compatibility with existing PCs, ahead of the software's launch in January.
Last week, a class-action lawsuit was brought against the software maker claiming it unfairly labeled some PCs "Windows Vista Capable" when they could only run the most basic version of the operating system and not support more advanced versions that offer some of the most heavily-promoted features such as media center and advanced graphics.
"I actually don't think there have been a lot of problems that consumers have encountered although I think there are a few lawyers and law firms that have pursued an action that are presenting such a picture," said Brad Smith, a senior vice president at Microsoft and the company's general counsel, during a news conference at the Foreign Correspondents' Club of Japan in Tokyo.
"I actually feel good about the information that we provided," he said.
Systems, Software Vary
The lawsuit, which was filed in the U.S. District Court for the Western District of Washington, alleges that "a large number" of PCs that sported "Vista Capable" labels were only capable of running the Home Basic version of Vista.
Smith disputed that claim.
"Most of the PCs are able to run the kinds of versions like our home premium version that have virtually all of the bells and whistles," he said. "Even the machines that are not able to run something like Home Premium are able to run a version that provides many if not most of the major advances that are important to consumers."
There is fairly wide gap between PCs that are "Vista Capable" versus those that are "Premium Ready," according to information on Microsoft's Web site.
"Vista Capable" requires a PC with a processor running at a clock speed of 800MHz or faster, 512MB of memory, and a DirectX 9-capable graphics processor. But "Premium Ready" calls for at least a 32-bit or 64-bit processor running at 1GHz, 1GB of memory, DirectX 9 graphics with a WDDM (Windows display driver model) driver, 128MB of graphics memory, and other requirements like a 40GB hard drive, DVD-ROM drive and Internet access.
The lawsuit seeks class action status and says the size of the class likely exceeds 10,000 people
Written by: Martyn Williams, IDG News Service
Thursday, April 12, 2007 07:00 AM PDT
Microsoft's top lawyer said today that he is happy with the information the company provided about its Vista operating system, and its compatibility with existing PCs, ahead of the software's launch in January.
Last week, a class-action lawsuit was brought against the software maker claiming it unfairly labeled some PCs "Windows Vista Capable" when they could only run the most basic version of the operating system and not support more advanced versions that offer some of the most heavily-promoted features such as media center and advanced graphics.
"I actually don't think there have been a lot of problems that consumers have encountered although I think there are a few lawyers and law firms that have pursued an action that are presenting such a picture," said Brad Smith, a senior vice president at Microsoft and the company's general counsel, during a news conference at the Foreign Correspondents' Club of Japan in Tokyo.
"I actually feel good about the information that we provided," he said.
Systems, Software Vary
The lawsuit, which was filed in the U.S. District Court for the Western District of Washington, alleges that "a large number" of PCs that sported "Vista Capable" labels were only capable of running the Home Basic version of Vista.
Smith disputed that claim.
"Most of the PCs are able to run the kinds of versions like our home premium version that have virtually all of the bells and whistles," he said. "Even the machines that are not able to run something like Home Premium are able to run a version that provides many if not most of the major advances that are important to consumers."
There is fairly wide gap between PCs that are "Vista Capable" versus those that are "Premium Ready," according to information on Microsoft's Web site.
"Vista Capable" requires a PC with a processor running at a clock speed of 800MHz or faster, 512MB of memory, and a DirectX 9-capable graphics processor. But "Premium Ready" calls for at least a 32-bit or 64-bit processor running at 1GHz, 1GB of memory, DirectX 9 graphics with a WDDM (Windows display driver model) driver, 128MB of graphics memory, and other requirements like a 40GB hard drive, DVD-ROM drive and Internet access.
The lawsuit seeks class action status and says the size of the class likely exceeds 10,000 people
Wireless Spectrum Gets Crowded
The use of multiple radios, or wireless transmitters, will push the adoption of mobile technologies, but will require industry coordination and careful construction, an Intel executive said Monday in Beijing.
"Radios are everywhere and yet we do very little with them," said Kevin Kahn, Intel senior fellow and director of its Communications Technology Lab, in a speech at the Intel Developer Forum (IDF). "If anyone other than the geeks among us are going to use this stuff, then it means that we need ease of use."
By 2009, each mobile platform will handle six or more radios for applications such as Wi-Fi, WiMax, 3G cellular, UWB (Ultra Wide Band), Bluetooth, digital TV and GPS (Global Positioning System).
Kahn said that the biggest problem is interference between the different radios, which exist on chips that are measured in square millimeters and sometimes use adjacent spectrum.
"Simultaneous operations are a fairly widespread problem," he said.
For example, this kind of spectrum conflict led to the Bluetooth standard being adjusted so that it Bluetooth could coexist with Wi-Fi, he said. Cooperation between different technology standards in different spectrums would be critical to their development. "We're going to have to work across the industry to put the hooks in to coordinate and provide this kind of advanced performance."
Kahn believes the solution lies in creating parallel modules for each radio standard, such as Wi-Fi and WiMax.
On the device level, the problem is solved by timing the use of the radios "so that they are never physically doing operations at the same time, even though the user never notices."
Looking to the future, Kahn said "Sixty GHz is the next chunk of unlicensed spectrum," and predicted that it would come into wide use by 2011 or 2012. He described it as likely being used for a "next generation personal area network (PAN)."
It is a "very large piece of spectrum," but "the difficult part is that 60GHz is very high frequency. Not surprisingly, building radio to run up there is more difficult. Doing that cost effectively will take a little while," Kahn said.
"Because it is so high, it tends to be very directional. We deal mostly with omnidirectional radio systems. When you get to very high frequencies, the signals in order to get good performance typically become much more directional, and we may have to use antenna steering techniques."
"Radios are everywhere and yet we do very little with them," said Kevin Kahn, Intel senior fellow and director of its Communications Technology Lab, in a speech at the Intel Developer Forum (IDF). "If anyone other than the geeks among us are going to use this stuff, then it means that we need ease of use."
By 2009, each mobile platform will handle six or more radios for applications such as Wi-Fi, WiMax, 3G cellular, UWB (Ultra Wide Band), Bluetooth, digital TV and GPS (Global Positioning System).
Kahn said that the biggest problem is interference between the different radios, which exist on chips that are measured in square millimeters and sometimes use adjacent spectrum.
"Simultaneous operations are a fairly widespread problem," he said.
For example, this kind of spectrum conflict led to the Bluetooth standard being adjusted so that it Bluetooth could coexist with Wi-Fi, he said. Cooperation between different technology standards in different spectrums would be critical to their development. "We're going to have to work across the industry to put the hooks in to coordinate and provide this kind of advanced performance."
Kahn believes the solution lies in creating parallel modules for each radio standard, such as Wi-Fi and WiMax.
On the device level, the problem is solved by timing the use of the radios "so that they are never physically doing operations at the same time, even though the user never notices."
Looking to the future, Kahn said "Sixty GHz is the next chunk of unlicensed spectrum," and predicted that it would come into wide use by 2011 or 2012. He described it as likely being used for a "next generation personal area network (PAN)."
It is a "very large piece of spectrum," but "the difficult part is that 60GHz is very high frequency. Not surprisingly, building radio to run up there is more difficult. Doing that cost effectively will take a little while," Kahn said.
"Because it is so high, it tends to be very directional. We deal mostly with omnidirectional radio systems. When you get to very high frequencies, the signals in order to get good performance typically become much more directional, and we may have to use antenna steering techniques."
IRS Warns of Tax Phishing Scheme
The U.S. Internal Revenue Service is warning taxpayers to be wary of e-mail messages that provide links to supposedly free tax-filing services endorsed by the agency.
The warning comes just before the IRS income tax filing deadline Tuesday. The IRS warned taxpayers of e-mails sent by Web sites "masquerading" as members of the Free File Alliance, a program allowing some taxpayers to file online for free. The only place to access the Free File program is on the IRS.gov site, the IRS said in a statement.
The IRS is investigating allegations that some Web sites claiming to be Free File partners are taking taxpayers' personal information, then depositing the returns into different bank accounts, the IRS said in a news release. The scam is a form of a phishing scam, in which fake e-mails purporting to be from banks or online retailers ask recipients for account numbers and other personal information.
After taxpayers complete their forms, the fake Free Filing site changes the bank account number that the tax refund goes to, said Paul Henry, vice president of technology at Secure Computing Corp., a cybersecurity products vendor.
"They're literally hijacking your tax return," Henry said.
In another scam, Henry got an e-mail recently saying he could speed up his tax return by depositing it into his credit card account. The e-mail asked for his credit card number and his personal identification number.
Henry expects tax scams will be prominent this week, as more people look to file taxes online than ever before. Then, after the tax filing deadline passes, he predicted there will be phishing e-mails claiming to be from the IRS, saying the recipient's filing had an error or the recipient is owed more of a refund than was claimed.
"That typically runs all the way through June," Henry said. "It's a long tax phishing season again this year."
In addition, scammers could take advantage of Microsoft DNS (Domain Name System) server vulnerability, announced last week, to redirect Web browsers from legitimate sites to phishing or other scam sites, Henry said. Taxpayers and other people doing business online should be especially careful that they're going to legitimate sites, he said.
Last week, the Computer & Communications Industry Association warned taxpayers of Web sites with IRS in the domain name that aren't affiliated with the U.S. government. Some commercial sites may be charging taxpayers for services they can get free at IRS.gov, the trade group said.
Henry gave this advice to taxpayers:
-- The IRS typically does not communicate by e-mail. If you have questions about an e-mail you received, don't click on the link or paste the link in a browser. Instead, call the IRS. "The IRS does not have every citizens' e-mail address," he said. "The IRS typically works only through mail."
-- Don't visit tax advice sites not associated with the IRS. Some sites say they offer free advice or free filing services, then charge customers.
-- Make sure computer security software is up to date.
The IRS noted that Free File is available for taxpayers with an adjusted gross income of US$52,000 or less. Ninety-five million of the 136 million U.S. taxpayers qualify for Free File.
The warning comes just before the IRS income tax filing deadline Tuesday. The IRS warned taxpayers of e-mails sent by Web sites "masquerading" as members of the Free File Alliance, a program allowing some taxpayers to file online for free. The only place to access the Free File program is on the IRS.gov site, the IRS said in a statement.
The IRS is investigating allegations that some Web sites claiming to be Free File partners are taking taxpayers' personal information, then depositing the returns into different bank accounts, the IRS said in a news release. The scam is a form of a phishing scam, in which fake e-mails purporting to be from banks or online retailers ask recipients for account numbers and other personal information.
After taxpayers complete their forms, the fake Free Filing site changes the bank account number that the tax refund goes to, said Paul Henry, vice president of technology at Secure Computing Corp., a cybersecurity products vendor.
"They're literally hijacking your tax return," Henry said.
In another scam, Henry got an e-mail recently saying he could speed up his tax return by depositing it into his credit card account. The e-mail asked for his credit card number and his personal identification number.
Henry expects tax scams will be prominent this week, as more people look to file taxes online than ever before. Then, after the tax filing deadline passes, he predicted there will be phishing e-mails claiming to be from the IRS, saying the recipient's filing had an error or the recipient is owed more of a refund than was claimed.
"That typically runs all the way through June," Henry said. "It's a long tax phishing season again this year."
In addition, scammers could take advantage of Microsoft DNS (Domain Name System) server vulnerability, announced last week, to redirect Web browsers from legitimate sites to phishing or other scam sites, Henry said. Taxpayers and other people doing business online should be especially careful that they're going to legitimate sites, he said.
Last week, the Computer & Communications Industry Association warned taxpayers of Web sites with IRS in the domain name that aren't affiliated with the U.S. government. Some commercial sites may be charging taxpayers for services they can get free at IRS.gov, the trade group said.
Henry gave this advice to taxpayers:
-- The IRS typically does not communicate by e-mail. If you have questions about an e-mail you received, don't click on the link or paste the link in a browser. Instead, call the IRS. "The IRS does not have every citizens' e-mail address," he said. "The IRS typically works only through mail."
-- Don't visit tax advice sites not associated with the IRS. Some sites say they offer free advice or free filing services, then charge customers.
-- Make sure computer security software is up to date.
The IRS noted that Free File is available for taxpayers with an adjusted gross income of US$52,000 or less. Ninety-five million of the 136 million U.S. taxpayers qualify for Free File.
Thursday, March 08, 2007
Microsoft takes a 'Patch Tuesday' break
Microsoft has no new security updates planned for Tuesday, despite at least five zero-day vulnerabilities that are waiting to be fixed.
In a note on its Web site Thursday, Microsoft said it won't release any security bulletins, yet it will release several updates that are not related to security. The second Tuesday of the month is Microsoft's scheduled patch release day.
Also on Tuesday, Microsoft will go ahead with an updated release of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers and is pushed out monthly.
The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year. Many computer systems don't have that change programmed in and require patching.
Microsoft occasionally has months when it has not released security updates. The last time Microsoft did not offer security updates as part of its monthly update cycle was September 2005, the company said.
"Microsoft continues to investigate potential and existing vulnerabilities in an effort to help protect our customers," a company representative said on Thursday. "Creating security updates that effectively and comprehensively fix vulnerabilities is an extensive process involving a series of sequential steps."
Still, the lack of security updates also means that cybercrooks have more time to exploit known security vulnerabilities. There are five known zero-day holes in Microsoft products, according to eEye Digital Security. Microsoft has warned that a bug in Word is being exploited in attacks. The company has said it is working on a fix.
Written By Joris Evers Staff Writer, CNET News.com -->
Published: March 8, 2007, 11:51 AM PST
In a note on its Web site Thursday, Microsoft said it won't release any security bulletins, yet it will release several updates that are not related to security. The second Tuesday of the month is Microsoft's scheduled patch release day.
Also on Tuesday, Microsoft will go ahead with an updated release of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers and is pushed out monthly.
The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year. Many computer systems don't have that change programmed in and require patching.
Microsoft occasionally has months when it has not released security updates. The last time Microsoft did not offer security updates as part of its monthly update cycle was September 2005, the company said.
"Microsoft continues to investigate potential and existing vulnerabilities in an effort to help protect our customers," a company representative said on Thursday. "Creating security updates that effectively and comprehensively fix vulnerabilities is an extensive process involving a series of sequential steps."
Still, the lack of security updates also means that cybercrooks have more time to exploit known security vulnerabilities. There are five known zero-day holes in Microsoft products, according to eEye Digital Security. Microsoft has warned that a bug in Word is being exploited in attacks. The company has said it is working on a fix.
Written By Joris Evers Staff Writer, CNET News.com -->
Published: March 8, 2007, 11:51 AM PST
Daylight saving change proves thorny for businesses
With the early move to daylight saving time taking place this weekend, businesses not yet ready for the change are finding themselves in a race against the clock.
With many large companies still struggling to patch their computer systems, a backlog has emerged for customers trying to get help. In some cases, IT workers have been waiting three or four hours to get telephone support from Microsoft, whose Exchange Server serves as the official calendar for many of the world's largest businesses.
Aiming to shorten that wait, Microsoft has boosted the number of people addressing the time change issue. Earlier Thursday, the company opened up a "situation room" devoted to monitoring customer issues and providing support to the software maker's largest customers. The main situation room will be in Redmond, Wash., with centers in Texas, North Carolina and India overseeing things in the off-hours. Microsoft has also added more than 200 workers versed in Exchange and Outlook to its phone lines.
"The teams are working hard," said Rich Kaplan, the Microsoft vice president in charge of handling issues related to the early arrival of daylight saving time. "Everyone is going to be here through the weekend."
Thanks to a federal law aimed at reducing energy costs, daylight saving time starts three weeks earlier and runs one week later in the fall. However, without an update, many computers and digital gadgets can't automatically adjust to the new time, potentially wreaking havoc on corporate scheduling for the next three weeks.
The issue harks back to Y2K, when there were years of fretting over the fact that many computer programs were designed to enter years in only two digits, meaning that the 2000 might be mistaken for 1900. In the end, years of planning meant that there were no major crises and far fewer headaches than had been predicted.
With the daylight saving issue, the potential impact is seen as less, but there has also been far less preparation than there was for Y2K.
"The Y2K thing had tons of press," said Kaplan, who also managed Microsoft's efforts on that changeover. "Even if you didn't read the paper or go online or watch the news, you knew about Y2K because people talked about it."
And though the law mandating the change was signed in mid-2005, many of the necessary patches have been available only in recent weeks or months. With Windows, Microsoft was ready with patches last year, but waited until November, after the fall time change, to make them publicly available. But it only recently released automated tools for businesses to manage time change issues in Exchange. And customers have also had a significant number of challenges getting those patches to work, particularly if they are not applied in exactly the recommended order.
"The order that things are patched is important," Kaplan said.
Though both tech companies and corporate tech departments were later to the game than with Y2K, businesses are largely prepared, Kaplan said. Kaplan said that call volumes seemed to peak on Monday and have dropped since, as more companies now see themselves as ready.
"I can tell you, the wait times are unpredictable," Kaplan said, but added that the company has also added an option for large businesses to leave their call-back information and details of their issue and get a return phone call once an engineer is available. Microsoft has also expanded an online chat forum where users can query experts online. Initially running for 12 hours a day, Microsoft made the call to expand that to 15 hours a day.
While solutions are available, they aren't always cheap. Support calls to Microsoft about this issue are free, but the company is charging $4,000 to companies that need patches for products that are no longer widely supported.
Most large businesses are doing the necessary work--and shouldering any necessary costs. A big question mark, though, is what will happen Monday when small- and midsize-business workers arrive in the office and begin noticing the effects of the time change.
The most widespread of the problems that have been anticipated have been around scheduling. While people are advised to double check any meeting times for the next three weeks, the problems there aren't expected to be catastrophic, though there may be double-booked conference rooms, missed appointments and other scheduling issues. But there are other potential issues, particularly where computers are used to automate manufacturing processes or are required to record time-sensitive sales data, such as stock trading.
In manufacturing, there could be particularly thorny issues if only a portion of PCs properly make the switch to daylight saving time.
"If some change and others don't, you're going to have batching operations out of sequence," said David Milman, CEO of computer support company Rescuecom, which helps individuals and small businesses manage PC problems.
For some people, particularly home users or small businesses, the issue may hardly register.
"I talked to many people who said 'The time isn't right on my computer now; I don't care,'" Milman said.
The daylight saving challenges are not without precedent. In countries like Israel and Brazil, the time change differs each year. In many cases, that means that companies have to manually adjust their computers' clocks.
"There are lots of people who deal with this already," Kaplan said. Indeed, Microsoft had initially planned on updating Windows to adjust to the time change, but leaving it to individual users to make sure their calendar items were correct during the four additional weeks of daylight saving time.
It is not clear whether this year's exercise will have to be repeated. Congress gave itself an out to re-evaluate the expanded daylight saving time after two years.
"Stay tuned," Kaplan said.
One thing that is clear, Kaplan said, is the need for the technology industry to be clearer early on about the implications such changes can have.
"I do think at a high level, the technology industry was not engaged enough," he said. "Moving forward, as decisions are made that affect the infrastructure, we should work to make sure that we understand the impact."
With many large companies still struggling to patch their computer systems, a backlog has emerged for customers trying to get help. In some cases, IT workers have been waiting three or four hours to get telephone support from Microsoft, whose Exchange Server serves as the official calendar for many of the world's largest businesses.
Aiming to shorten that wait, Microsoft has boosted the number of people addressing the time change issue. Earlier Thursday, the company opened up a "situation room" devoted to monitoring customer issues and providing support to the software maker's largest customers. The main situation room will be in Redmond, Wash., with centers in Texas, North Carolina and India overseeing things in the off-hours. Microsoft has also added more than 200 workers versed in Exchange and Outlook to its phone lines.
"The teams are working hard," said Rich Kaplan, the Microsoft vice president in charge of handling issues related to the early arrival of daylight saving time. "Everyone is going to be here through the weekend."
Thanks to a federal law aimed at reducing energy costs, daylight saving time starts three weeks earlier and runs one week later in the fall. However, without an update, many computers and digital gadgets can't automatically adjust to the new time, potentially wreaking havoc on corporate scheduling for the next three weeks.
The issue harks back to Y2K, when there were years of fretting over the fact that many computer programs were designed to enter years in only two digits, meaning that the 2000 might be mistaken for 1900. In the end, years of planning meant that there were no major crises and far fewer headaches than had been predicted.
With the daylight saving issue, the potential impact is seen as less, but there has also been far less preparation than there was for Y2K.
"The Y2K thing had tons of press," said Kaplan, who also managed Microsoft's efforts on that changeover. "Even if you didn't read the paper or go online or watch the news, you knew about Y2K because people talked about it."
And though the law mandating the change was signed in mid-2005, many of the necessary patches have been available only in recent weeks or months. With Windows, Microsoft was ready with patches last year, but waited until November, after the fall time change, to make them publicly available. But it only recently released automated tools for businesses to manage time change issues in Exchange. And customers have also had a significant number of challenges getting those patches to work, particularly if they are not applied in exactly the recommended order.
"The order that things are patched is important," Kaplan said.
Though both tech companies and corporate tech departments were later to the game than with Y2K, businesses are largely prepared, Kaplan said. Kaplan said that call volumes seemed to peak on Monday and have dropped since, as more companies now see themselves as ready.
"I can tell you, the wait times are unpredictable," Kaplan said, but added that the company has also added an option for large businesses to leave their call-back information and details of their issue and get a return phone call once an engineer is available. Microsoft has also expanded an online chat forum where users can query experts online. Initially running for 12 hours a day, Microsoft made the call to expand that to 15 hours a day.
While solutions are available, they aren't always cheap. Support calls to Microsoft about this issue are free, but the company is charging $4,000 to companies that need patches for products that are no longer widely supported.
Most large businesses are doing the necessary work--and shouldering any necessary costs. A big question mark, though, is what will happen Monday when small- and midsize-business workers arrive in the office and begin noticing the effects of the time change.
The most widespread of the problems that have been anticipated have been around scheduling. While people are advised to double check any meeting times for the next three weeks, the problems there aren't expected to be catastrophic, though there may be double-booked conference rooms, missed appointments and other scheduling issues. But there are other potential issues, particularly where computers are used to automate manufacturing processes or are required to record time-sensitive sales data, such as stock trading.
In manufacturing, there could be particularly thorny issues if only a portion of PCs properly make the switch to daylight saving time.
"If some change and others don't, you're going to have batching operations out of sequence," said David Milman, CEO of computer support company Rescuecom, which helps individuals and small businesses manage PC problems.
For some people, particularly home users or small businesses, the issue may hardly register.
"I talked to many people who said 'The time isn't right on my computer now; I don't care,'" Milman said.
The daylight saving challenges are not without precedent. In countries like Israel and Brazil, the time change differs each year. In many cases, that means that companies have to manually adjust their computers' clocks.
"There are lots of people who deal with this already," Kaplan said. Indeed, Microsoft had initially planned on updating Windows to adjust to the time change, but leaving it to individual users to make sure their calendar items were correct during the four additional weeks of daylight saving time.
It is not clear whether this year's exercise will have to be repeated. Congress gave itself an out to re-evaluate the expanded daylight saving time after two years.
"Stay tuned," Kaplan said.
One thing that is clear, Kaplan said, is the need for the technology industry to be clearer early on about the implications such changes can have.
"I do think at a high level, the technology industry was not engaged enough," he said. "Moving forward, as decisions are made that affect the infrastructure, we should work to make sure that we understand the impact."
Wednesday, February 14, 2007
"IPod doctors" repair critical damage
NEW YORK - Doctors are often lauded as miracle workers, but even the most skilled have patients they can't help. Demetrios Leontaris keeps a picture of one on his cell phone organizer
Tapping at his keypad, he smiles as he pulls up a picture of the ill-fated patient: an iPod Nano left badly bruised after being run over by a car. While it still played, attempting to repair the casing could have broken the device.
A self-styled iPod Doctor, the affable Leontaris is a full-time iPod resuscitator, part of a cottage industry catering to music devotees whose musical companions have fallen ill, usually from mistreatment.
Aaron Vronko, co-founder of iPodmods.com, chuckles when recalling some of the grisly injuries he's seen. Some devices have been slammed in car doors, another was partially melted when left too close to a light bulb. Still others have unwittingly been made into rather expensive chew toys for dogs. Some are sent through washing machines.
For the grieving, the third-party repair shops offer hope. Even the most earnest-looking iPod owner would be too sheepish to try to exchange a water-logged iPod. In one such case, Vronko notes, the familiar whirr of the spinning hard drive took on more ominous sound: "You could hear it swishing around in there. There wasn't much we could do."
Apple Inc., maker of the popular music players, doesn't, for example, accept exchanges on iPods under warranty if their screens have been cracked or if it's clear they've been dropped. Customers can purchase a warranty extension that tacks a second year onto their coverage; the cost varies depending on the model.
The entrepreneurs have stepped in for those hoping to repair their iPods rather than buy new. Leontaris began repairing iPods and other digital music players about three years ago after he bought a used iPod online only to find it didn't work.
While Leontaris has long had an interest in tinkering with electronics he also has a well-ingrained entrepreneurial sense. As a child in Union, N.J., where he still lives, Leontaris and his brother would charge a dollar to haul groceries upstairs when their building's elevator went out.
"We were poor growing up so you didn't just throw it out and get a new one," the 32-year-old said. "If the VCR broke it was going to be another few months before we got one."
So the idea that people would want to repair portable music players — iPods range from about $80 to $350 — seemed logical to Leontaris.
He set up his Web site, http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10uqkt80u/*http://www.nycipoddoctor.com, to draw customers from nearby New York City. Leontaris most often brings his SUV-cum-workshop to the customer, many of whom wait in the passenger seat, watching as he goes to work on their ailing device.
One customer, Tausif Husain, 38, of Queens, N.Y., recently watched as Leontaris gave a scratched video iPod a facelift by replacing the front and the back covers. Leontaris searched his cache of impossibly small screwdrivers — kept in what was once a cup holder — and placed the back plate of the now disjoined iPod over the windshield's defrost vents. The heat from the vents loosened the adhesive that helps hold some of the device's parts in place. Husain had a new protective case at the ready so the iPod wouldn't again be scarred by keys and loose change. "This is going to be a collector's item," he joked of the newly pristine iPod.
Leontaris said customers are often surprisingly happy to have their personal DJs back in working order. "It makes people happy." Adding to their sense of satisfaction: Leontaris' one-year guarantee.
As iPods and its competitors shed their girth and the devices rely on ever-smaller components, Leontaris expects his job will grow more difficult. "They're getting more complex. I'm probably going to be obsolete as time goes on."
For now, though, he has found a business that enables him to help support his wife and three children, charging $45 and up to replace a battery and $59 and up for a new screen, for example.
Others have carved out a business as well. Web sites likes http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10pm7vodt/*http://www.iPodResQ.com and Vronko's http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10p1fsg95/*http://www.ipodmods.com have sprung up for those looking to inject new life into their iPods.
Vronko, 24, founded iPodMods in Kalamazoo, Mich., with a friend after studying business in college; they set up the Web site in 2004. It has drawn customers from more than 65 countries.
With 90 million iPods sold, Vronko sees a growing pool of potential customers.
"We've gone from five a week to 500," he said. "Within a week of the model debuting, we get a phone call saying someone dropped it and broke the screen."
While the repairs could mean fewer iPods are sold, third-party repairers say iPod owners are more likely to feel confident about later buying a new iPod knowing there are options should an accident occur or the warranty expire.
Apple doesn't make repairs to products outside the warranty except to replace the rechargeable batteries. It will offer a 10 percent discount for trading in a broken iPod for a new one. Many third-party repair services buy broken iPods for parts.
Apple declined to comment on the role of third-party iPod repair.
"I think honestly they kind of happily ignore us," Vronko said.
Meanwhile, customers have posted recommendations for Web sites that do repairs in user forums on Apple's Web site.
Not all customers want to repair their iPods. Dan Williams, an 18-year-old college freshman in Akron, Ohio, has a nearly two-year-old iPod that's had difficulty retaining its charge since he dropped it. While he'd consider trying to have it repaired, he confessed to wanting to trade up to more storage capacity for a burgeoning music collection.
"I'm probably just going to go get a new one," he said.
And of course there are music lovers who might have difficulty facing a gloomy prognosis. Vronko recalled a man who was listening to his iPod while doing yard work and didn't realize he dropped it until after he'd run over it with the lawnmower.
"I don't think we did a lot for it," Vronko said. "We refunded his shipping to him and sent it to a metal recycler."
On the Net:
http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10uqkt80u/*http://www.nycipoddoctor.com
http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10pm7vodt/*http://www.iPodResQ.com
http://www.ipodmods.com
Written by TIM PARADIS, AP Business Writer Tue Feb 13, 2:10 PM ET
Tapping at his keypad, he smiles as he pulls up a picture of the ill-fated patient: an iPod Nano left badly bruised after being run over by a car. While it still played, attempting to repair the casing could have broken the device.
A self-styled iPod Doctor, the affable Leontaris is a full-time iPod resuscitator, part of a cottage industry catering to music devotees whose musical companions have fallen ill, usually from mistreatment.
Aaron Vronko, co-founder of iPodmods.com, chuckles when recalling some of the grisly injuries he's seen. Some devices have been slammed in car doors, another was partially melted when left too close to a light bulb. Still others have unwittingly been made into rather expensive chew toys for dogs. Some are sent through washing machines.
For the grieving, the third-party repair shops offer hope. Even the most earnest-looking iPod owner would be too sheepish to try to exchange a water-logged iPod. In one such case, Vronko notes, the familiar whirr of the spinning hard drive took on more ominous sound: "You could hear it swishing around in there. There wasn't much we could do."
Apple Inc., maker of the popular music players, doesn't, for example, accept exchanges on iPods under warranty if their screens have been cracked or if it's clear they've been dropped. Customers can purchase a warranty extension that tacks a second year onto their coverage; the cost varies depending on the model.
The entrepreneurs have stepped in for those hoping to repair their iPods rather than buy new. Leontaris began repairing iPods and other digital music players about three years ago after he bought a used iPod online only to find it didn't work.
While Leontaris has long had an interest in tinkering with electronics he also has a well-ingrained entrepreneurial sense. As a child in Union, N.J., where he still lives, Leontaris and his brother would charge a dollar to haul groceries upstairs when their building's elevator went out.
"We were poor growing up so you didn't just throw it out and get a new one," the 32-year-old said. "If the VCR broke it was going to be another few months before we got one."
So the idea that people would want to repair portable music players — iPods range from about $80 to $350 — seemed logical to Leontaris.
He set up his Web site, http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10uqkt80u/*http://www.nycipoddoctor.com, to draw customers from nearby New York City. Leontaris most often brings his SUV-cum-workshop to the customer, many of whom wait in the passenger seat, watching as he goes to work on their ailing device.
One customer, Tausif Husain, 38, of Queens, N.Y., recently watched as Leontaris gave a scratched video iPod a facelift by replacing the front and the back covers. Leontaris searched his cache of impossibly small screwdrivers — kept in what was once a cup holder — and placed the back plate of the now disjoined iPod over the windshield's defrost vents. The heat from the vents loosened the adhesive that helps hold some of the device's parts in place. Husain had a new protective case at the ready so the iPod wouldn't again be scarred by keys and loose change. "This is going to be a collector's item," he joked of the newly pristine iPod.
Leontaris said customers are often surprisingly happy to have their personal DJs back in working order. "It makes people happy." Adding to their sense of satisfaction: Leontaris' one-year guarantee.
As iPods and its competitors shed their girth and the devices rely on ever-smaller components, Leontaris expects his job will grow more difficult. "They're getting more complex. I'm probably going to be obsolete as time goes on."
For now, though, he has found a business that enables him to help support his wife and three children, charging $45 and up to replace a battery and $59 and up for a new screen, for example.
Others have carved out a business as well. Web sites likes http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10pm7vodt/*http://www.iPodResQ.com and Vronko's http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10p1fsg95/*http://www.ipodmods.com have sprung up for those looking to inject new life into their iPods.
Vronko, 24, founded iPodMods in Kalamazoo, Mich., with a friend after studying business in college; they set up the Web site in 2004. It has drawn customers from more than 65 countries.
With 90 million iPods sold, Vronko sees a growing pool of potential customers.
"We've gone from five a week to 500," he said. "Within a week of the model debuting, we get a phone call saying someone dropped it and broke the screen."
While the repairs could mean fewer iPods are sold, third-party repairers say iPod owners are more likely to feel confident about later buying a new iPod knowing there are options should an accident occur or the warranty expire.
Apple doesn't make repairs to products outside the warranty except to replace the rechargeable batteries. It will offer a 10 percent discount for trading in a broken iPod for a new one. Many third-party repair services buy broken iPods for parts.
Apple declined to comment on the role of third-party iPod repair.
"I think honestly they kind of happily ignore us," Vronko said.
Meanwhile, customers have posted recommendations for Web sites that do repairs in user forums on Apple's Web site.
Not all customers want to repair their iPods. Dan Williams, an 18-year-old college freshman in Akron, Ohio, has a nearly two-year-old iPod that's had difficulty retaining its charge since he dropped it. While he'd consider trying to have it repaired, he confessed to wanting to trade up to more storage capacity for a burgeoning music collection.
"I'm probably just going to go get a new one," he said.
And of course there are music lovers who might have difficulty facing a gloomy prognosis. Vronko recalled a man who was listening to his iPod while doing yard work and didn't realize he dropped it until after he'd run over it with the lawnmower.
"I don't think we did a lot for it," Vronko said. "We refunded his shipping to him and sent it to a metal recycler."
On the Net:
http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10uqkt80u/*http://www.nycipoddoctor.com
http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10pm7vodt/*http://www.iPodResQ.com
http://www.ipodmods.com
Written by TIM PARADIS, AP Business Writer Tue Feb 13, 2:10 PM ET
Pop-up Blocker Problem Found in Firefox
A flaw in the pop-up blocker of the open-source browser Firefox could allow an attacker to access local files, according to security analysts.
The flaw, however, does not affect Firefox 2.0, the latest version of the browser, but version 1.5.0.9, according to Beyond Security, which credited the find to Michal Zalewski.
The attack could occur if a user manually allows a pop-window to appear. The browser normally blocks access to local files, but when a pop-up is manually allowed, "normal URL permission checks are bypassed," Beyond Security said.
To make the hack work, however, a malicious file containing the exploit code would have to already be on the system, the advisory said. The file could be planted on the system by enticing a user to click on a link that would download the file.
The malicious file could then enable access to other files, which could be transferred to a remote server. Mozilla Corp., the distributor of Firefox, could not immediately comment on the report.
Written by: Jeremy Kirk, IDG News Service Thu Feb 8, 2:00 PM ET
The flaw, however, does not affect Firefox 2.0, the latest version of the browser, but version 1.5.0.9, according to Beyond Security, which credited the find to Michal Zalewski.
The attack could occur if a user manually allows a pop-window to appear. The browser normally blocks access to local files, but when a pop-up is manually allowed, "normal URL permission checks are bypassed," Beyond Security said.
To make the hack work, however, a malicious file containing the exploit code would have to already be on the system, the advisory said. The file could be planted on the system by enticing a user to click on a link that would download the file.
The malicious file could then enable access to other files, which could be transferred to a remote server. Mozilla Corp., the distributor of Firefox, could not immediately comment on the report.
Written by: Jeremy Kirk, IDG News Service Thu Feb 8, 2:00 PM ET
New hack simplifies high-definition video copying
San Francisco (IDGNS) - A hacker claims to have discovered a cryptographic key that can be used to circumvent copy restrictions on HD DVD and Blu-ray movies.
The key, which was published Sunday on the Doom9.org discussion forum, is a further step toward undermining the next-generation AACS (Advanced Access Content System) encryption system used to copy-protect high-definition media.
The hacker, going by the name of Arnezami, said he discovered the key by examining what was happening in his computer's memory while it processed an HD DVD video.
A spokeswoman for the group that sets the AACS specification, called the AACS Licensing Administrator, said Arnezami's claims were being investigated but declined to provide further comment.
In late December, a different hacker, named Muslix64, posted a software program that could decrypt high-definition movies. Users needed to first enter another type of encryption key, called the "volume key," for the software to work. More than 100 of these volume keys have since popped up, allowing users to freely copy such films as King Kong, Mission: Impossible and Jarhead.
The publication of this latest key, called a processing key, gives users a much easier way to figure out the volume keys they need in order to make movie copies with the HDDVDBackup software, according to Arnezami.
Introduced in April 2005, AACS is supported by media and technology companies such as Microsoft, Matsushita Electric Industrial Co. (Panasonic), Sony, Toshiba, The Walt Disney Co., and Warner Bros.
The encryption system is designed to be more robust than the CSS (content scrambling system) encryption scheme used by DVDs, which was completely cracked in late 1999.
Written by Robert McMillan Wed Feb 14, 10:01 AM ET
The key, which was published Sunday on the Doom9.org discussion forum, is a further step toward undermining the next-generation AACS (Advanced Access Content System) encryption system used to copy-protect high-definition media.
The hacker, going by the name of Arnezami, said he discovered the key by examining what was happening in his computer's memory while it processed an HD DVD video.
A spokeswoman for the group that sets the AACS specification, called the AACS Licensing Administrator, said Arnezami's claims were being investigated but declined to provide further comment.
In late December, a different hacker, named Muslix64, posted a software program that could decrypt high-definition movies. Users needed to first enter another type of encryption key, called the "volume key," for the software to work. More than 100 of these volume keys have since popped up, allowing users to freely copy such films as King Kong, Mission: Impossible and Jarhead.
The publication of this latest key, called a processing key, gives users a much easier way to figure out the volume keys they need in order to make movie copies with the HDDVDBackup software, according to Arnezami.
Introduced in April 2005, AACS is supported by media and technology companies such as Microsoft, Matsushita Electric Industrial Co. (Panasonic), Sony, Toshiba, The Walt Disney Co., and Warner Bros.
The encryption system is designed to be more robust than the CSS (content scrambling system) encryption scheme used by DVDs, which was completely cracked in late 1999.
Written by Robert McMillan Wed Feb 14, 10:01 AM ET
MySpace teen suit dismissed by Texas court
NEW YORK (Reuters) - News Corp.'s MySpace said on Wednesday a federal court dismissed a negligence lawsuit filed by the family of a teenage girl who was a victim of an adult sex predator she met on the popular Internet social network.
Judge Sam Sparks of the U.S. District Court for the Western district of Texas granted MySpace's motion to dismiss charges for negligence and fraud and negligent misrepresentation.
MySpace separately faces several other lawsuits filed by families of teenage girl victims of predators on the service.
Judge Sam Sparks of the U.S. District Court for the Western district of Texas granted MySpace's motion to dismiss charges for negligence and fraud and negligent misrepresentation.
MySpace separately faces several other lawsuits filed by families of teenage girl victims of predators on the service.
NY, Calif more likely identity theft targets: study
NEW YORK (Reuters) - New Yorkers, especially around New York City, and Californians, especially around Los Angeles, are more likely to be targets of identity theft, according to a new study.
The study released Wednesday by ID Analytics Inc., a San Diego fraud security firm, found that New York, California and Nevada have the highest incidence of attempted identity theft, while Wyoming, Vermont and Montana have the lowest rates.
Three other Western states ranked in the top 10 in fraud attempts: Arizona (4), Oregon (7) and Washington (9).
Among states with large populations, Illinois ranked 5th, Michigan 8th, Texas 10th, New Jersey 12th, Florida 14th, Pennsylvania 36th, and Ohio 46th.
Urban areas had higher fraud rates because larger populations make it easier for criminals to "operate under the radar," according to Stephen Coggeshall, chief technology officer at ID Analytics.
"With respect to income," he added, "(fraud) rates are elevated at the high and low income ranges, and lower in middle income levels. In New York, for example, that could help explain some rates, and why there appear to be 'pockets' of fraud."
The study was released two weeks after Javelin Strategy & Research, a Pleasanton, California firm, said identity theft cost Americans $49.3 billion last year, an 11.5 percent drop that might reflect increased vigilance.
It said people with incomes above $150,000 were among those most at risk.
ID Analytics studied incidents from January 2003 to June 2006, including attempted thefts as well as reported crimes, using data collected from clients and public sources.
It said 10 percent to 15 percent of fraud attempts involve stolen identities of actual consumers, while the balance involved criminals creating identities with real and false data.
According to the study, Manhattan residents with zip codes beginning with "100" were four times as likely to be targeted. Next were Brooklyn, New York residents with 112 codes, and Detroit residents with 482 codes.
The next four zip codes were in the Bronx, Manhattan and Nassau County, New York, followed by the 948 code in Contra Costa County, near San Francisco, and Los Angeles' 900 code.
Of the top 50 codes, two-thirds were in New York and California.
Some findings appeared unusual.
The fraud rate in one zip code for Floral Park, New York was 63.3 times the national average, which Coggeshall attributed to an unexplained surge in 2005.
That rate dwarfed the next highest rate, 12.3 times the national average, in the zip code for Faulkton, South Dakota -- population 703.
Coggeshall said the data suggested that for consumers, "it's important to be aware of your general level of identity risk."
Experts urge consumers not to divulge personal data in response to unsolicited communications. They also recommend consumers notify financial services providers and file fraud alerts with credit bureaus if they suspect identity theft.
Written By Jonathan Stempel Wed Feb 14, 10:42 AM ET
The study released Wednesday by ID Analytics Inc., a San Diego fraud security firm, found that New York, California and Nevada have the highest incidence of attempted identity theft, while Wyoming, Vermont and Montana have the lowest rates.
Three other Western states ranked in the top 10 in fraud attempts: Arizona (4), Oregon (7) and Washington (9).
Among states with large populations, Illinois ranked 5th, Michigan 8th, Texas 10th, New Jersey 12th, Florida 14th, Pennsylvania 36th, and Ohio 46th.
Urban areas had higher fraud rates because larger populations make it easier for criminals to "operate under the radar," according to Stephen Coggeshall, chief technology officer at ID Analytics.
"With respect to income," he added, "(fraud) rates are elevated at the high and low income ranges, and lower in middle income levels. In New York, for example, that could help explain some rates, and why there appear to be 'pockets' of fraud."
The study was released two weeks after Javelin Strategy & Research, a Pleasanton, California firm, said identity theft cost Americans $49.3 billion last year, an 11.5 percent drop that might reflect increased vigilance.
It said people with incomes above $150,000 were among those most at risk.
ID Analytics studied incidents from January 2003 to June 2006, including attempted thefts as well as reported crimes, using data collected from clients and public sources.
It said 10 percent to 15 percent of fraud attempts involve stolen identities of actual consumers, while the balance involved criminals creating identities with real and false data.
According to the study, Manhattan residents with zip codes beginning with "100" were four times as likely to be targeted. Next were Brooklyn, New York residents with 112 codes, and Detroit residents with 482 codes.
The next four zip codes were in the Bronx, Manhattan and Nassau County, New York, followed by the 948 code in Contra Costa County, near San Francisco, and Los Angeles' 900 code.
Of the top 50 codes, two-thirds were in New York and California.
Some findings appeared unusual.
The fraud rate in one zip code for Floral Park, New York was 63.3 times the national average, which Coggeshall attributed to an unexplained surge in 2005.
That rate dwarfed the next highest rate, 12.3 times the national average, in the zip code for Faulkton, South Dakota -- population 703.
Coggeshall said the data suggested that for consumers, "it's important to be aware of your general level of identity risk."
Experts urge consumers not to divulge personal data in response to unsolicited communications. They also recommend consumers notify financial services providers and file fraud alerts with credit bureaus if they suspect identity theft.
Written By Jonathan Stempel Wed Feb 14, 10:42 AM ET
Subscribe to:
Posts (Atom)
